Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run .EXE files in Windows Vista 64 Home Edition


  • Please log in to reply
22 replies to this topic

#1 korniceman3000

korniceman3000

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 17 May 2016 - 02:53 PM

Hi and thank you for reading my post.

 

I am unable to run any .exe program installation files on my laptop for any software I download, particularly newer .exe files. However, if I run the .exe files from something like a flash drive or external USB device, it works properly. I have also been experiencing high CPU load on my laptop, sometimes 100%. The task manager shows high CPU for PSANHost.exe *32, racagent.exe, dwm.exe, or taskmgr.exe even when nothing is running on the laptop. There are also moments when I run Chrome where the shockwave flash plugin will use enormous amounts of memory and CPU just to open a simple page on Yahoo. 

 

My operating system is Windows Vista 64 Home Edition on a brand new Acer Aspire laptop purchased in 2011 and just opened and used for the first time last week.

 

Please advise on what I can do to correct this issue. Any help is greatly appreciated.

Thank you and best regards



BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 22 May 2016 - 07:06 PM

Please run these tools. If you are unable to do so, then use and download Process Close and run the programs through the built in browser within the tool.

 

 

Adware Cleaner Scan.

 

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
  •  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

EgsT69u.png

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

6QJjV50.png

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

jdmyscF.jpg

Remove any infections found.

Then click on the icon in the pic below.

DOLGyto.jpg

Double click on the scan log, copy and paste here in your reply



#3 m_sabbir

m_sabbir

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:10 PM

Posted 23 May 2016 - 01:45 AM

InadequateInfirmity

THANK YOU SO MUCH GOOD ADVICE...I AM FEEL PROUD TO YOU.

#4 korniceman3000

korniceman3000
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 23 May 2016 - 02:58 PM

Hi InadequateInfirmity and thank you for the reply.

 

So far I've only had the time to run JRT Scan and AdwCleaner as I need to use my laptop atm. Both programs came up roughly negative aside from them removing Orbit Downloader which I don't think is the problem. I've had Orbit for many years on other computers and it has never given me any issues + I was unable to run any .EXE files prior to installing Orbit Downloader, Utorrent, etc. and all programs had to be installed from a flash drive, external usb hard drive. I was also able to install some programs from both the Desktop and C:\Users\Username\Downloads folder. However, AdwCleaner was not one of them and needed to be installed from a flash drive.

 

Please find the scan logs below for JRT Scan and AdwCleaner.

Thank you very much for your assistance. It is much appreciated.

- JTL

 

 

 

# AdwCleaner v5.117 - Logfile created 23/05/2016 at 15:06:07
# Updated 15/05/2016 by Xplode
# Database : 2016-05-23.3 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 1 (X64)
# Username : Justin Tak-Lee Leung - JUSTINTAK-LE-PC
# Running from : E:\ZZZZZ Acer\adwcleaner_5.117.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Convesoft
Folder Found : C:\Program Files (x86)\orbitdownloader
Folder Found : C:\Users\Justin Tak-Lee Leung\AppData\Roaming\GrabPro
Folder Found : C:\Users\Justin Tak-Lee Leung\AppData\Roaming\ProgSense
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Key Found : HKCU\Software\Convesoft
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\ProgSense
Key Found : HKCU\Software\csastats
Key Found : HKLM\SOFTWARE\Convesoft
Key Found : HKLM\SOFTWARE\Orbit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\Convesoft
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\Orbit
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\ProgSense
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\csastats
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Codec Settings UAC Manager
 
***** [ Web browsers ] *****
 
[C:\Users\Justin Tak-Lee Leung\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Justin Tak-Lee Leung\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\JTL\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\JTL\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [4420 bytes] - [23/05/2016 15:06:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4493 bytes] ##########
 
 
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows ™ Vista Home Premium x64 
Ran by Justin Tak-Lee Leung (Administrator) on Mon 05/23/2016 at 14:49:19.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 19 
 
Successfully deleted: C:\Program Files (x86)\orbitdownloader (Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6T0DL13Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH5A0GPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH3X34VN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKLFO03R (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_EN_SIG-7C653E7F.pf (File) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6T0DL13Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH5A0GPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH3X34VN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKLFO03R (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/23/2016 at 14:57:55.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#5 epicmedic

epicmedic

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 23 May 2016 - 09:05 PM

 

Hi InadequateInfirmity and thank you for the reply.

 

So far I've only had the time to run JRT Scan and AdwCleaner as I need to use my laptop atm. Both programs came up roughly negative aside from them removing Orbit Downloader which I don't think is the problem. I've had Orbit for many years on other computers and it has never given me any issues + I was unable to run any .EXE files prior to installing Orbit Downloader, Utorrent, etc. and all programs had to be installed from a flash drive, external usb hard drive. I was also able to install some programs from both the Desktop and C:\Users\Username\Downloads folder. However, AdwCleaner was not one of them and needed to be installed from a flash drive.

 

Please find the scan logs below for JRT Scan and AdwCleaner.

Thank you very much for your assistance. It is much appreciated.

- JTL

 

 

 

# AdwCleaner v5.117 - Logfile created 23/05/2016 at 15:06:07
# Updated 15/05/2016 by Xplode
# Database : 2016-05-23.3 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 1 (X64)
# Username : Justin Tak-Lee Leung - JUSTINTAK-LE-PC
# Running from : E:\ZZZZZ Acer\adwcleaner_5.117.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Convesoft
Folder Found : C:\Program Files (x86)\orbitdownloader
Folder Found : C:\Users\Justin Tak-Lee Leung\AppData\Roaming\GrabPro
Folder Found : C:\Users\Justin Tak-Lee Leung\AppData\Roaming\ProgSense
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Key Found : HKCU\Software\Convesoft
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\ProgSense
Key Found : HKCU\Software\csastats
Key Found : HKLM\SOFTWARE\Convesoft
Key Found : HKLM\SOFTWARE\Orbit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\Convesoft
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\Orbit
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\ProgSense
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\csastats
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Codec Settings UAC Manager
 
***** [ Web browsers ] *****
 
[C:\Users\Justin Tak-Lee Leung\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Justin Tak-Lee Leung\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\JTL\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\JTL\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [4420 bytes] - [23/05/2016 15:06:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4493 bytes] ##########
 
 
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows ™ Vista Home Premium x64 
Ran by Justin Tak-Lee Leung (Administrator) on Mon 05/23/2016 at 14:49:19.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 19 
 
Successfully deleted: C:\Program Files (x86)\orbitdownloader (Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6T0DL13Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH5A0GPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH3X34VN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKLFO03R (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_EN_SIG-7C653E7F.pf (File) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6T0DL13Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH5A0GPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH3X34VN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKLFO03R (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/23/2016 at 14:57:55.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Dude, the ridiculousness of this thread made me create an account

 

1. Why would you ask for help when you haven't even done all the scans? Especially seeing as how you haven't even run the most important one!!!! You can't do it "atm" because you need to use your laptop? You are either very young or very stupid, I'm sorry to say.

 

2. I don't care how polite you ask, you are seriously entitled. You are essentially asking the volunteers here to do your work for you. If you're that incapable and that busy... HIRE A PROFESSIONAL. Don't come on a forum pestering people who are actually trying to help people who can help themselves.



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 23 May 2016 - 09:32 PM

So far I've only had the time to run JRT Scan and AdwCleaner as I need to use my laptop atm.

 

All these scans work in unison, please complete them all and we will move from there.....



#7 korniceman3000

korniceman3000
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 24 May 2016 - 02:04 PM

Hi InadequateInfirmity and sorry for the long wait. My apologies for the inconvenience.

 

Please find the reports below. Not really sure why ZHPCleaner deleted a bunch of registries for Orion as that was from original factory pre-installed software included by Acer. Hope you don't mind that I re-copied all the previous reports into this post.

Thank you for the help.

Best regards,

JTL

 

 

# AdwCleaner v5.117 - Logfile created 23/05/2016 at 15:06:07

# Updated 15/05/2016 by Xplode
# Database : 2016-05-23.3 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 1 (X64)
# Username : Justin Tak-Lee Leung - JUSTINTAK-LE-PC
# Running from : E:\ZZZZZ Acer\adwcleaner_5.117.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Convesoft
Folder Found : C:\Program Files (x86)\orbitdownloader
Folder Found : C:\Users\Justin Tak-Lee Leung\AppData\Roaming\GrabPro
Folder Found : C:\Users\Justin Tak-Lee Leung\AppData\Roaming\ProgSense
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Key Found : HKCU\Software\Convesoft
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\ProgSense
Key Found : HKCU\Software\csastats
Key Found : HKLM\SOFTWARE\Convesoft
Key Found : HKLM\SOFTWARE\Orbit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\Convesoft
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\Orbit
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\ProgSense
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\csastats
Key Found : HKU\S-1-5-21-1172362308-1292186457-3035530639-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\074A36B543391D44FA16C62EBD65A59E
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\074A36B543391D44FA16C62EBD65A59E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\Codec Settings UAC Manager
 
***** [ Web browsers ] *****
 
[C:\Users\Justin Tak-Lee Leung\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Justin Tak-Lee Leung\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\JTL\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\JTL\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [4420 bytes] - [23/05/2016 15:06:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4493 bytes] ##########
 
 
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows ™ Vista Home Premium x64 
Ran by Justin Tak-Lee Leung (Administrator) on Mon 05/23/2016 at 14:49:19.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 19 
 
Successfully deleted: C:\Program Files (x86)\orbitdownloader (Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6T0DL13Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH5A0GPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH3X34VN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Justin Tak-Lee Leung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKLFO03R (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_EN_SIG-7C653E7F.pf (File) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6T0DL13Y (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PH5A0GPL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WH3X34VN (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XKLFO03R (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/23/2016 at 14:57:55.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Adware Removal Tool
 

[-] Deleted ->> File ->> C:\Program Files\JDownloader v2.0\themes\standard\org\jdownloader\images\fav\sendmyway.com.png
[-] Repaired ->> File ->> C:\Users\Justin Tak-Lee Leung\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 

~ ZHPCleaner v2016.5.21.68 by Nicolas Coolman (2016/05/21)
~ Run by Justin Tak-Lee Leung (Administrator)  (23/05/2016 21:27:37)
~ State version : 
~ Type : Repair
~ Report : C:\Users\Justin Tak-Lee Leung\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Justin Tak-Lee Leung\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows VISTA, 64-bit Service Pack 1 (Build 6001)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (59)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (5)
MOVED file: C:\Users\Justin Tak-Lee Leung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.speedtest.net_0.localstorage    =>PUP.Optional.ScriptHost
MOVED file: C:\Users\Justin Tak-Lee Leung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.speedtest.net_0.localstorage-journal    =>PUP.Optional.ScriptHost
MOVED folder: C:\Program Files (x86)\Convesoft  =>PUP.Optional.Convesoft
MOVED folder: C:\ProgramData\InstallMate  =>.Superfluous.Tarma
MOVED folder: C:\Users\Justin Tak-Lee Leung\AppData\Roaming\ProgSense  =>PUP.Optional.ProgSense
 
 
---\\  Registry ( Key, Value, Data) (12)
DELETED key*: HKEY_USERS\S-1-5-21-1172362308-1292186457-3035530639-1000\SOFTWARE\ProgSense []  =>PUP.Optional.ProgSense
DELETED key: HKCU\Software\ProgSense []  =>PUP.Optional.ProgSense
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0819FD5E10F6EA2A3B921BC9F7AD77C6 [C:\Program Files (x86)\Convesoft\Orion\Messenger.exe.config (Not File)]  =>PUP.Optional.Convesoft
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A7EEBDB5E32D7E2DBB15EC8C5AFE046 [01:\Software\Convesoft\Orion\{BDBEE7A0-23E5-2E7D-BD1B-E58C5CFA0E64}\ProgramMenuFolder (Not File)]  =>PUP.Optional.Convesoft
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D009C65F351FCDA3AB07AE5E4671059 [C:\Program Files (x86)\Convesoft\Orion\dte80a.olb (Not File)]  =>PUP.Optional.Convesoft
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1350BACF1217389E3B8B675B648EF20A [C:\Program Files (x86)\Convesoft\Orion\zh-tw\Messenger.resources.dll (Not File)]  =>PUP.Optional.Convesoft
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1361BCE0D8EB58B4E76191EF78A5BDF1 [C:\Program Files (x86)\Convesoft\Orion\log4net.dll (Not File)]  =>PUP.Optional.Convesoft
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0819FD5E10F6EA2A3B921BC9F7AD77C6 [C:\Program Files (x86)\Convesoft\Orion\Messenger.exe.config (Not File)]  =>PUP.Optional.Convesoft
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A7EEBDB5E32D7E2DBB15EC8C5AFE046 [01:\Software\Convesoft\Orion\{BDBEE7A0-23E5-2E7D-BD1B-E58C5CFA0E64}\ProgramMenuFolder (Not File)]  =>PUP.Optional.Convesoft
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D009C65F351FCDA3AB07AE5E4671059 [C:\Program Files (x86)\Convesoft\Orion\dte80a.olb (Not File)]  =>PUP.Optional.Convesoft
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1350BACF1217389E3B8B675B648EF20A [C:\Program Files (x86)\Convesoft\Orion\zh-tw\Messenger.resources.dll (Not File)]  =>PUP.Optional.Convesoft
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1361BCE0D8EB58B4E76191EF78A5BDF1 [C:\Program Files (x86)\Convesoft\Orion\log4net.dll (Not File)]  =>PUP.Optional.Convesoft
 
 
---\\  Summary of the elements found (4)
http://www.nicolascoolman.fr/?p=1120  =>PUP.Optional.ScriptHost
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Convesoft
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.ProgSense
 
 
---\\  Other deletions. (13)
~ Registry Keys Tracing deleted (13)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 658
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 17
 
 
~ End of clean in 00h01mn53s
~====================
ZHPCleaner-[R]-23052016-21_29_30.txt
ZHPCleaner-[S]-23052016-21_21_32.txt
 
 
 

Zemana AntiMalware 2.20.2.613 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/24
Operating System       : Windows Vista 64-bit
Processor              : 1X Intel® Core™2 Solo CPU  U3500 @ 1.40GHz
BIOS Mode              : Legacy
CUID                   : 006B3B72BA7C994FD0A3EE
Scan Type              : Smart Scan
Duration               : 8m 42s
Scanned Objects        : 11294
Detected Objects       : 5
Excluded Objects       : 30
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Internet Explorer Homepage
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Homepage
 
Internet Explorer Homepage
Status             : Scanned
Object             : http://global.acer.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Homepage
 
Internet Explorer Homepage
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer Homepage
 
Internet Explorer URL
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer URL
 
Internet Explorer URL
Status             : Scanned
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Internet Explorer URL
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 5
Reported as safe      : 0
Failed                : 0
 
 

Edited by korniceman3000, 24 May 2016 - 02:08 PM.


#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 24 May 2016 - 04:42 PM

How are things running now?

 

Malwarebytes Scan.

 

We need you to run MalwareBytes to get a log, please download the free version of MalwareBytes HERE

http://data-cdn.mbamupdates.com/web/mbam-setup-2.2.0.1024.exe  Alternate Link.

Save the file to somewhere you can easily find it. Double click the saved file to start the install, accept any security warnings that may appear, and after the install click the new desktop icon to start the program. We need to modify a couple of things with MalwareBytes before we use it so please follow the steps below.

  1. If the dashboard is not already displayed select it.
  2. Then select "Update Now" to get the latest database.

VSKiiIc.jpg

  1. Next we need to change a scanning option, select "Settings" on the main menu, then "Detection and Protection" on the left.
  2. Then select "Scan for rootkits" in the detection options, as well as the other two options already checked.

ZU4W2g2.jpg

  • Now return to Dashboard on the main menu and select "Scan Now" at the bottom of the screen.

nF8dOcq.jpg

  • Allow MalwareBytes to scan your system, it may take some time depending on what you have loaded onto your hard drive.

L8lsasM.jpg

When the scan is finished

  1. Click "Save Results"
  2. Then click on "Text file"

5x4JOvA.jpg

  • A window will then open allowing you to choose a name for the logfile and also allowing you to choose where to save it, save it to the desktop.
  • Please copy and paste the contents of this file in your next post.

 

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 esetonlinebtn.png
 

  •  Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Minitoolbox scan.

 

 

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

 

Security Check Scan.

 

Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.



#9 korniceman3000

korniceman3000
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 25 May 2016 - 03:18 PM

Hi InadequateInfirmity and thank you for the reply.

 

So far everything is running well. The only weird thing is some .exe files like adwcleaner and adware removal, winpatrol, winrar, etc. cannot run in the downloads or desktop and need to be run from a flash drive while others like mbam and jrt rum immediately. Also, when I right click on a .exe file, I get "%1" %* at the top of the scroll box instead of the word Open. Aside from that everything is ok. 

 

Also, can you please re-post the link for minitoolbox. It takes me to this thread: http://www.bleepingcomputer.com/forums/t/600160/google-chrome-infected-with-nexus6specsandcasescom/?link=http://download.bleepingcomputer.com/farbar/minitoolbox.exe&hash=d6fd717bec9f6247d07d978b8c7e5094

 

and the link http://download.bleepingcomputer.com/farbar/minitoolbox.exe says 404 - Not Found

 

Thanks in advance!

 

I will run all the tests once I get home and post the logs.

Thank you again for the help. It is greatly appreciated.

Best regards,

JTL


Edited by korniceman3000, 25 May 2016 - 03:24 PM.


#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 25 May 2016 - 05:24 PM

MiniToolBox Download.

 

Once the other logs are posted we will move on getting all issues resolved. :)



#11 korniceman3000

korniceman3000
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 26 May 2016 - 03:31 PM

Hi InadequateInfirmity and thank you for the reply.

 

Please find the logs you requested below. So far, everything is clean :). Aside from the ("%1" %*) in place of the word run and some .EXE files not running from the hard drive, everything works normally :) 

 

Thank you for the help. It is greatly appreciated.

Best regards,

JTL

 

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 5/25/2016
Scan Time: 6:50:21 PM
Logfile: Malwarebytes Anti-Malware 05.25.16.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.25.07
Rootkit Database: v2016.05.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 1
CPU: x64
File System: NTFS
User: Justin Tak-Lee Leung
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356731
Time Elapsed: 29 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
Broken.OpenCommand, HKCR\regfile\shell\open\command, "regedit.exe" "Good: (regedit.exe "Bad: ("regedit.exe" "%1"),,[ffffffffffffffffffffffffffffffff]")", %4, %5
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
ESET did not find anything :)

qRylibz.jpg
 
 
 
Minitoolbox Scan
 
 
MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Justin Tak-Lee Leung (administrator) on 26-05-2016 at 15:58:16
Running from "C:\Users\Justin Tak-Lee Leung\Downloads"
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X64)
Model: Aspire 4810T Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 5 entries.
 
========================= IP Configuration: ================================
 
Atheros AR8131 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
Intel® WiFi Link 5100 AGN = Wireless Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : JustinTak-Le-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
PPP adapter Broadband Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadband Connection
   Physical Address. . . . . . . . . : 
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 209.179.44.163(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 207.69.188.187
                                       207.69.188.186
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Wireless LAN adapter Wireless Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-22-FA-25-F9-22
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-1F-16-A0-29-D2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f497:f40c:d476:a27a%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.33(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, May 26, 2016 2:06:56 PM
   Lease Expires . . . . . . . . . . : Sunday, May 29, 2016 2:06:55 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{EDABC8D4-24A9-4DD0-997D-85D93BD590B2}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:cf45:bcba:2c67:3f7:2e4c:d35c(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2c67:3f7:2e4c:d35c%14(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{CAFCBE05-4DF0-4E5D-B519-4B60D1D6D667}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{EAF3892F-FA7B-47B4-97BE-8CCAA7DED09F}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 14:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 6TO4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 16:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:d1b3:2ca3::d1b3:2ca3(Preferred) 
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
   DNS Servers . . . . . . . . . . . : 207.69.188.187
                                       207.69.188.186
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  rns3.earthlink.net
Address:  207.69.188.187
 
Name:    google.com
Addresses:  2607:f8b0:4002:c09::8a
 172.217.1.206
 
 
 
Pinging google.com [216.58.217.78] with 32 bytes of data:
 
Reply from 216.58.217.78: bytes=32 time=47ms TTL=51
 
Reply from 216.58.217.78: bytes=32 time=47ms TTL=51
 
 
 
Ping statistics for 216.58.217.78:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 47ms, Maximum = 47ms, Average = 47ms
 
Server:  rns3.earthlink.net
Address:  207.69.188.187
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
Reply from 206.190.36.45: bytes=32 time=117ms TTL=52
 
Reply from 206.190.36.45: bytes=32 time=118ms TTL=52
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 117ms, Maximum = 118ms, Average = 117ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
 29 ........................... Broadband Connection
 11 ...00 22 fa 25 f9 22 ...... Intel® WiFi Link 5100 AGN
 10 ...00 1f 16 a0 29 d2 ...... Atheros AR8131 PCI-E Gigabit Ethernet Controller
  1 ........................... Software Loopback Interface 1
 13 ...00 00 00 00 00 00 00 e0  isatap.{EDABC8D4-24A9-4DD0-997D-85D93BD590B2}
 14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 12 ...00 00 00 00 00 00 00 e0  isatap.{CAFCBE05-4DF0-4E5D-B519-4B60D1D6D667}
 15 ...00 00 00 00 00 00 00 e0  isatap.{EAF3892F-FA7B-47B4-97BE-8CCAA7DED09F}
 30 ...00 00 00 00 00 00 00 e0  Microsoft ISATAP Adapter #4
 16 ...00 00 00 00 00 00 00 e0  6TO4 Adapter
 31 ...00 00 00 00 00 00 00 e0  Microsoft 6to4 Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.33   4245
          0.0.0.0          0.0.0.0         On-link    209.179.44.163     21
        127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
        127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
  127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
      192.168.1.0    255.255.255.0         On-link      192.168.1.33   4501
     192.168.1.33  255.255.255.255         On-link      192.168.1.33   4501
    192.168.1.255  255.255.255.255         On-link      192.168.1.33   4501
   209.179.44.163  255.255.255.255         On-link    209.179.44.163    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
        224.0.0.0        240.0.0.0         On-link      192.168.1.33   4502
        224.0.0.0        240.0.0.0         On-link    209.179.44.163     21
  255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
  255.255.255.255  255.255.255.255         On-link      192.168.1.33   4501
  255.255.255.255  255.255.255.255         On-link    209.179.44.163    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 31   1125 ::/0                     2002:c058:6301::c058:6301
  1    306 ::1/128                  On-link
 14     18 2001::/32                On-link
 14    266 2001:0:cf45:bcba:2c67:3f7:2e4c:d35c/128
                                    On-link
 31   1025 2002::/16                On-link
 31    281 2002:d1b3:2ca3::d1b3:2ca3/128
                                    On-link
 10    276 fe80::/64                On-link
 14    266 fe80::/64                On-link
 14    266 fe80::2c67:3f7:2e4c:d35c/128
                                    On-link
 10    276 fe80::f497:f40c:d476:a27a/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
 14    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/26/2016 02:05:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/26/2016 10:08:34 AM) (Source: Application Error) (User: )
Description: Faulting application iTunes.exe, version 11.2.2.3, time stamp 0x5383f31a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xfefad48a,
process id 0x105c, application start time 0xiTunes.exe0.
 
Error: (05/26/2016 09:30:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/25/2016 09:53:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2016 09:53:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2016 09:53:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2016 09:53:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2016 06:13:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2016 06:12:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/25/2016 06:12:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (05/26/2016 02:19:59 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\JUSTIN~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/26/2016 02:19:59 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\JUSTIN~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/26/2016 02:19:59 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\JUSTIN~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/26/2016 02:19:59 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\JUSTIN~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/26/2016 02:19:58 PM) (Source: Application Popup) (User: )
Description: \??\C:\Users\JUSTIN~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/26/2016 02:20:00 PM) (Source: Service Control Manager) (User: )
Description: eapihdrv%%1275
 
Error: (05/26/2016 02:19:59 PM) (Source: Service Control Manager) (User: )
Description: eapihdrv%%1275
 
Error: (05/26/2016 02:19:59 PM) (Source: Service Control Manager) (User: )
Description: eapihdrv%%1275
 
Error: (05/26/2016 02:19:59 PM) (Source: Service Control Manager) (User: )
Description: eapihdrv%%1275
 
Error: (05/26/2016 02:19:58 PM) (Source: Service Control Manager) (User: )
Description: eapihdrv%%1275
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2016-05-25 19:08:44.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-25 19:08:44.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-25 19:08:43.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-25 19:08:43.778
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-25 19:08:43.562
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-25 19:08:43.314
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-25 19:08:43.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-25 19:08:42.853
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-25 19:08:42.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-25 19:08:42.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
µTorrent (HKCU-x32\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM-x32\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour (HKLM-x32\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
CCleaner (HKLM-x32\...\CCleaner) (Version: 5.17 - Piriform)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM-x32\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
iTunes (HKLM-x32\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM-x32\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM-x32\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Native Instruments Kore Player (HKLM-x32\...\{FF600C37-6328-4348-A67A-3F85D8039604}) (Version: 2.1.1.8200 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}) (Version: 2.2.3.537 - Native Instruments) Hidden
Panda Free Antivirus (HKLM\...\{2F15F555-797C-4185-B909-2F724DE4E700}) (Version: 8.21.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\{2F15F555-797C-4185-B909-2F724DE4E700}) (Version: 8.21.00 - Panda Security) Hidden
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Sandboxie 5.10 (64-bit) (HKLM-x32\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 12.2.2.0 - Synaptics Incorporated)
Synaptics Pointing Device Driver (HKLM-x32\...\SynTPDeinstKey) (Version: 12.2.2.0 - Synaptics Incorporated)
The Glue (HKLM\...\The Glue_is1) (Version: 1.2.8 - )
The Glue (HKLM-x32\...\The Glue_is1) (Version: 1.2.8 - )
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 73%
Total physical RAM: 4024.86 MB
Available physical RAM: 1069.11 MB
Total Virtual: 8257.02 MB
Available Virtual: 4844.93 MB
 
========================= Partitions: =====================================
 
1 Drive c: (ACER) (Fixed) (Total:286.37 GB) (Free:186.33 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JUSTINTAK-LE-PC
 
Administrator            Guest                    JTL                      
JTLeung                  Justin Tak-Lee Leung     
 
 
**** End of log ****
 
 
Security Check Scan
 
 
SecurityCheck by glax24 & Severnyj v.1.4.0.40 [21.05.16]
WebSite: www.safezone.cc
DateLog: 25.05.2016 19:27:05
Path starting: C:\Users\Justin Tak-Lee Leung\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Justin Tak-Lee Leung
VersionXML: 2.96s-18.05.2016
___________________________________________________________________________
 
Windows Vista(6.0.6001) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 26.05.2009 00:06:54
LicenseStatus: Windows™ Vista, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [286.4 Gb] Used: [98.8 Gb] Free: [187.6 Gb]
------------------------------- [ Windows ] -------------------------------
Service Pack 1 Warning! Download Update
Possible re-activation of Windows will be needed.
Internet Explorer 7.0.6001.18000 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
Automatically download and notify of installation
Date install updates: 2016-05-25 00:41:49
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
Terminal Services (TermService) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
---------------------------- [ Antivirus_WMI ] ----------------------------
Panda Free Antivirus (disabled)
---------------------------- [ Firewall_WMI ] -----------------------------
Panda Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Panda Free Antivirus (disabled)
Windows Defender (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Panda Free Antivirus v.8.21.00
-------------------------- [ SecurityUtilities ] --------------------------
Sandboxie 5.10 (64-bit) v.5.10
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.7.42330 Warning! P2P-client.
--------------------------- [ AppleProduction ] ---------------------------
iTunes v.11.2.2.3 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe v.4.0.0.647
Panda Protection Service (NanoServiceMain) - The service is running
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe v.4.0.0.785
Panda Product Service (PSUAService) - The service is running
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe v.4.0.0.638
Panda Devices Agent (PandaAgent) - The service is running
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe v.1.3.7.0
C:\Program Files\Windows Defender\MSASCui.exe v.1.1.1600.0
Windows Defender (WinDefend) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
JDownloader 2 v.2.0 Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and AdwCleaner (by Xplode). Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!!
----------------------------- [ End of Log ] ------------------------------
 
 

 

.



#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 28 May 2016 - 09:06 AM

Scan & Clean With Ads Fix

 

  • Disable Windows Defender & Antivirus Prior To Running This Tool!!
  • Save Ads Fix to your desktop.
  • Right Click & Run As Administrator.
  • You will then be prompted to install Certificates.
  • Install then click OK.
  • Right Click & Run As Administrator Again.
  • Click Options then select Unlock the deletion.
  • Then click on clean.

Reset Host File

 

 

  • Click here to download RstHosts v2.0
  • Save the file to your desktop.
  • Right Click and Run as Administrator.
  • Click on Restaurer, then click OK at the prompt.
  • This will restore the default host file.
  • Next Click on Creer Un Rapport.
  • This will open a logfile, post that in your next reply.

 

 

Pre_Scan

 

Please download Pre_Scan.

Save it to your desktop.

Disable your antivirus, and windows defender.

Close All open work Pre_Scan will close all processes to run.

Right Click Run as Admin.

Allow completion, when it completes the program will reboot your machine and open a log.

Please post that log here in your next reply.

 

 

 

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

Ccleaner To disable Useless Startups.

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

CCleaner - Free Download - Piriform
kwLN4uv.png

Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up then under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task. Only disable items under the windows tab and scheduled task tab!

GjWwvEu.png

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

 

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.

Lxioao1.png

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png

Reboot the machine after.



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 28 May 2016 - 09:22 AM

Once you have completed the above scans, then you should install service pack 2 for the machine....

 

https://www.microsoft.com/en-us/download/details.aspx?id=17669


Edited by InadequateInfirmity, 28 May 2016 - 09:22 AM.


#14 korniceman3000

korniceman3000
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 31 May 2016 - 02:22 PM

Hi InadequateInfirmity and sorry about the late reply.

 

Had a bit of a problem getting several of the antivirus programs to work. For whatever reason, I cannot get 9 lab removal to work. I downloaded it, then installed, then updated, then rebooted then ran 9 lab and it would re-check and say it was up to date. However, whenever I run it, regardless of which scan, it would start for a few seconds, then show loading database, then it would say Unable to Load database. I tried uninstalling then reinstalling but it still does the same thing. Hope you won't mind advising I can fix this or what I might be doing wrong. Both Win defender and my antivirus are already disabled.

 

q5EDsnN.jpg

 

 

With AdsFix, after scanning, it leaves all these images on top of my user folders:

 

2a9nNys.jpg

 

I did manage to get Pre_Scan and Reset Host to work. Not entirely sure why Pre_Scan removed WD Quick Formatter.exe, WD SmartWare.exe from my external hard drive as they were legitimate files.

 

Please find the logs below.

 

-|x| RstHosts v2.0 - Rapport créé le 28/05/2016 à 20:00:17
-|x| Système d'exploitation : Windows ™ Vista Home Premium Service Pack 1 (64 bits)
-|x| Nom d'utilisateur : Justin Tak-Lee Leung - JUSTINTAK-LE-PC (Administrateur)
 
-|x|- Informations -|x|-
 
Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 02/11/2006 - 08:34:53
Date de modification : 28/05/2016 - 20:00:13
Date de dernier accès : 28/05/2016 - 20:00:13
 
-|x|- Contenu du fichier -|x|-
 
# Fichier Hosts créé par RstHosts
 
127.0.0.1       localhost
::1             localhost
 
-|x|- E.O.F - C:\RstHosts.txt - 655 bytes -|x|-
 
 
 
 
Pre_Scan
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_28.05.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 
¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 19:04:15
 
Updated 28/05/2016 | 20.05 by g3n-h@ckm@n
 
[Justin Tak-Lee Leung (Administrator)] - [JUSTINTAK-LE-PC]
SID = S-1-5-21-1172362308-1292186457-3035530639-1000
 
Boot: Normal boot
System : Windows ™ Vista Home Premium (64 bits)  Service Pack 1
ProcessorNameString : Intel® Core™2 Solo CPU    U3500  @ 1.40GHz
Identifier : Intel64 Family 6 Model 23 Stepping 10
CoreTemp : 36 Celsius - Max : 98 Celsius
 
Memory RAM = Total (MB) : 4121 | Free (MB) : 2743
Pagefile = Total (MB) : 8449 | Free (MB) : 7036
Virtual = Total (MB) : 4194 | Free (MB) : 4068
 
¤¤¤¤¤¤¤¤¤¤ # Components of starting up
 
 
¤¤¤¤¤¤¤¤¤¤¤ # Drives
 
F:\-> [Fixed] | [My Book] | Total : 1862.98 Go | Free : 40.22 Go -> NTFS [USB]
E:\-> [Removable] | [Lexar] | Total : 14.91 Go | Free : 7.08 Go -> FAT32 [USB]
C:\-> [Fixed] | [ACER] | Total : 286.37 Go | Free : 186.51 Go -> NTFS [ATA]
 
¤¤¤¤¤¤¤¤¤¤ # Windows updates
 
Last detection : 2016-05-28 18:15:41
Downloaded last ones : 2016-05-28 21:16:56
Installed last ones : 2016-05-25 00:41:49
Next search : 2016-05-29 12:07:49
 
Microsoft : +
 
Service Pack 2 not installed !!!
 
 
¤¤¤¤¤¤¤¤¤¤ # Sessions
 
C:\Windows\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\Justin Tak-Lee Leung
C:\Users\JTLeung
C:\Users\JTL
 
Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [28.05.2016 @ 19_02_26])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore
 
¤¤¤¤¤¤¤¤¤¤ # Browsers
 
IE : 7.0.6001.18000     (© Microsoft Corporation.)
FF : 43.0.1.5828     (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 49.0.2623.112     (Copyright 2015 Google Inc.)
 
¤¤¤¤¤¤¤¤¤¤ # FlashPlayer
 
 
���������� # Security
 
AV : Panda Free Antivirus Disabled
AS : Windows Defender Enabled
AM : Malwarebytes Anti-Malware   (2.3.173.0)     []
FW : Panda Firewall Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = stopped
AS: Windows Defender [Auto(2)] = Running
FW: Windows FireWall Service [Auto(2)] = Running
 
¤¤¤¤¤¤¤¤¤¤ # Stopped processes
 
1476 | [Owner :  |Parent : 760] - (.Microsoft Corporation - Microsoft Software Licensing Service.) - (6.0.6001.18000) = C:\Windows\System32\SLsvc.exe
1604 | [Owner : SYSTEM |Parent : 760] - (.Sandboxie Holdings, LLC - Sandboxie Service.) - (5.10.0.0) = C:\Program Files\Sandboxie\SbieSvc.exe
1896 | [Owner : SYSTEM |Parent : 760] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.0.6001.18511) = C:\Windows\System32\spoolsv.exe
1540 | [Owner : SYSTEM |Parent : 760] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.24) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1740 | [Owner : SYSTEM |Parent : 760] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe
1928 | [Owner : SYSTEM |Parent : 760] - (.Dritek System Inc. - Dritek WMI Service.) - (1.0.0.12) = C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1336 | [Owner : SYSTEM |Parent : 760] - (.Acer Incorporated - ePowerSvc.) - (4.2.3002.0) = C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
2096 | [Owner : SYSTEM |Parent : 760] - (.EgisTec Inc. - MyWinLocker Service.) - (3.1.44.0) = C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
2148 | [Owner : SYSTEM |Parent : 760] - (.NewTech Infosystems, Inc. - Backup Manager Module.) - (1.0.0.53) = C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
2220 | [Owner : SYSTEM |Parent : 760] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 SchedulerSvc NT Service.) - (5.1.2.610) = C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2248 | [Owner : SYSTEM |Parent : 760] - (.Acer Incorporated - ODDPwr service.) - (1.0.3006.0) = C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
2268 | [Owner : SYSTEM |Parent : 760] - (.Panda Security, S.L. - Agent Service.) - (1.3.7.0) = C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
2360 | [Owner : SYSTEM |Parent : 760] - (.Acer Incorporated - Raw Socket Service.) - (4.0.3001.8484) = C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
2444 | [Owner : SYSTEM |Parent : 760] - (.RaMMicHaeL - Unchecky Service.) - (0.4.3.0) = C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
2560 | [Owner : SYSTEM |Parent : 760] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.6001.16503) = C:\Windows\System32\SearchIndexer.exe
2788 | [Owner : SYSTEM |Parent : 760] - (.Intel Corporation - RAID Monitor.) - (8.8.0.1009) = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3648 | [Owner : Justin Tak-Lee Leung |Parent : 2556] - (.Microsoft Corporation - Windows Explorer.) - (6.0.6001.18164) = C:\Windows\explorer.exe
3740 | [Owner : Justin Tak-Lee Leung |Parent : 1360] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.0.6001.18551) = C:\Windows\System32\taskeng.exe
1552 | [Owner : Justin Tak-Lee Leung |Parent : 3648] - (.Microsoft Corporation - Windows Defender User Interface.) - (1.1.1600.0) = C:\Program Files\Windows Defender\MSASCui.exe
1940 | [Owner : Justin Tak-Lee Leung |Parent : 3648] - (.Intel Corporation - hkcmd Module.) - (7.14.10.1666) = C:\Windows\System32\hkcmd.exe
228 | [Owner : Justin Tak-Lee Leung |Parent : 3648] - (.Intel Corporation - persistence Module.) - (7.14.10.1666) = C:\Windows\System32\igfxpers.exe
2684 | [Owner : Justin Tak-Lee Leung |Parent : 3648] - (. - DefaultSettingEXE MFC Application.) - (1.0.4.0) = C:\Windows\PLFSetI.exe
3664 | [Owner : Justin Tak-Lee Leung |Parent : 3648] - (.Acer Incorporated - ODDPWR.) - (1.0.3006.0) = C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
2316 | [Owner : Justin Tak-Lee Leung |Parent : 3648] - (.Ruiware - WinPatrol Monitor.) - (33.6.2015.18) = C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
3952 | [Owner : Justin Tak-Lee Leung |Parent : 3648] - (.Sandboxie Holdings, LLC - Sandboxie Control.) - (5.10.0.0) = C:\Program Files\Sandboxie\SbieCtrl.exe
1404 | [Owner : Justin Tak-Lee Leung |Parent : 3148] - (.Dritek System Inc. - Launch Manager Keyboard Application.) - (2.0.2.586) = C:\Program Files (x86)\Launch Manager\LManager.exe
3432 | [Owner : Justin Tak-Lee Leung |Parent : 3148] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) - (1.0.0.53) = C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
3588 | [Owner : Justin Tak-Lee Leung |Parent : 3148] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) - (5.4.5.1) = C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
1568 | [Owner : Justin Tak-Lee Leung |Parent : 1404] - (.Dritek System Inc. - MMDx64Fx Application.) - (1.0.0.521) = C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
2824 | [Owner : Justin Tak-Lee Leung |Parent : 1084] - (.Intel Corporation - igfxext Module.) - (7.14.10.1666) = C:\Windows\System32\igfxext.exe
3932 | [Owner : Justin Tak-Lee Leung |Parent : 1084] - (.Intel Corporation - igfxsrvc Module.) - (7.14.10.1666) = C:\Windows\System32\igfxsrvc.exe
3816 | [Owner : Justin Tak-Lee Leung |Parent : 3620] - (.Acer Incorporated - ePowerTray.) - (4.2.3002.0) = C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
3984 | [Owner : Justin Tak-Lee Leung |Parent : 1084] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.0.6001.18000) = C:\Windows\System32\wbem\unsecapp.exe
4148 | [Owner : Justin Tak-Lee Leung |Parent : 1084] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.0.6001.18000) = C:\Windows\System32\wbem\unsecapp.exe
4192 | [Owner : SYSTEM |Parent : 1336] - (.Acer Incorporated - ePowerEvent.) - (4.2.3002.0) = C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
4240 | [Owner : Justin Tak-Lee Leung |Parent : 1084] - (.Intel Corporation - igfxext Module.) - (7.14.10.1666) = C:\Windows\System32\igfxext.exe
4280 | [Owner : Justin Tak-Lee Leung |Parent : 1084] - (.Intel Corporation - igfxsrvc Module.) - (7.14.10.1666) = C:\Windows\System32\igfxsrvc.exe
4504 | [Owner : Justin Tak-Lee Leung |Parent : 3648] - (.Microsoft Corporation - Windows Task Manager.) - (6.0.6001.18000) = C:\Windows\System32\taskmgr.exe
4588 | [Owner : Justin Tak-Lee Leung |Parent : 3648] - (.Image-Line - FL Studio engine launcher.) - (0.0.0.0) = C:\Program Files (x86)\Image-Line\FL Studio 7\FL.exe
5028 | [Owner : LOCAL SERVICE |Parent : 760] - (.Microsoft Corporation - wpffontcache_v0400.exe.) - (4.0.30319.1) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
2068 | [Owner : LOCAL SERVICE |Parent : 1348] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.0.6001.18000) = C:\Windows\System32\WUDFHost.exe
1228 | [Owner : SYSTEM |Parent : 2560] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.6001.16503) = C:\Windows\System32\SearchProtocolHost.exe
3436 | [Owner : SYSTEM |Parent : 2560] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.6001.16503) = C:\Windows\System32\SearchFilterHost.exe
976 | [Owner : SYSTEM |Parent : 760] - (.Microsoft Corporation - Windows Modules Installer.) - (6.0.6001.18000) = C:\Windows\servicing\TrustedInstaller.exe
 
¤¤¤¤¤¤¤¤¤¤ # Winlogon user
 
 
¤¤¤¤¤¤¤¤¤¤ # Winlogon machine
 
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> C:\Windows\SYSWOW64\userinit.exe,
 
¤¤¤¤¤¤¤¤¤¤ # SafeBoot
 
Safeboot Keys are O.K
 
Alternate shell is OK !
 
 
Repaired : [HKLM | Minimal\SRService] :  -> Service
Repaired : [HKLM | Minimal\sr.sys] :  -> FSFilter System Recovery
 
 
Repaired : [HKLM | Network\rdpcdd.sys] :  -> Driver
 
¤¤¤¤¤¤¤¤¤¤ # IFEO
 
 
¤¤¤¤¤¤¤¤¤¤ # Mountpoints2
 
 
 
¤¤¤¤¤¤¤¤¤¤ # Windows
 
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]~[] : @SYS:DoesNotExist
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
 
¤¤¤¤¤¤¤¤¤¤ # Security center
 
Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] :  -> C:\Windows\System32\ActionCenter.dll
 
 
 
¤¤¤¤¤¤¤¤¤¤ # Services
 
 
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Power]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Browser]~[Start] : 2 -> 3
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SppSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wwansvc]~[Start] :  -> 3
 
¤¤¤¤¤¤¤¤¤¤ # Internet Explorer
 
 
¤¤¤¤¤¤¤¤¤¤ # reparsepoint
 
 
 
¤¤¤¤¤¤¤¤¤¤ # Offsets
 
 
¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry
 
 
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1172362308-1292186457-3035530639-1000\$IU29H6B.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1172362308-1292186457-3035530639-1000\$RU29H6B.dll
Deleted : HKLM\Software\WOW6432Node\orbit
 
Moved to quarantine successfully : C:\install.exe
Moved to quarantine successfully  : F:\WD Quick Formatter.exe
Moved to quarantine successfully  : F:\WD SmartWare.exe
Moved to quarantine successfully : C:\install.res.2052.dll
Moved to quarantine successfully : C:\install.res.3082.dll
 
¤¤¤¤¤¤¤¤¤¤ # ADS
 
Deleted : @C:\ProgramData\Temp:3064D21D
Deleted : @C:\ProgramData\Temp:8750DCE4
Deleted : @C:\ProgramData\Temp:BB24555F
Deleted : @C:\ProgramData\Temp:DCAF903C
 
Prefetch -> cleaned
 
 
E:\ : Vaccinated (Vaccin created by Pre_Scan)
F:\ : Vaccinated (Vaccin created by Pre_Scan)
 
���������� | Hidden files
 
~ [Drive E:] : Hidden : 11 | Restored : 11
~ [Drive C:] : Hidden : 3 | Restored : 3
~ [Program Files] : Hidden : 65 | Restored : 65
~ [Users] : Hidden : 2 | Restored : 2
~ [Music] : Hidden : 2 | Restored : 2
~ [Desktop] : Hidden : 12 | Restored : 12
~ [Searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 50 | Restored : 50
~ [AppData] : Hidden : 9 | Restored : 9
 
 
¤¤¤¤¤¤¤¤¤¤ # Drives
 
 Disk: 0   Size=305G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    27-UNKNWN   12G   No    No         2,048   24,576,000
  1    1    07-NTFS    293G   Yes   No    24,578,048  600,561,664
 
¤¤¤¤¤¤¤¤¤¤
 
Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
 
End : 19:51:42
 
 
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 243
 
 
 
Can you please advise which of these startup program should be stopped in CCleaner. i'm not sure which ones are supposed to run and which ones aren't needed. Please advise.
 
 
No HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Codec Pack Update Checker "C:\Windows\system32\Codecs\UpdateChecker.exe"
Yes HKCU:Run SandboxieControl Sandboxie Holdings, LLC "C:\Program Files\Sandboxie\SbieCtrl.exe"
No HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKCU:Run WindowsWelcomeCenter Microsoft Corporation rundll32.exe oobefldr.dll,ShowWelcomeCenter
Yes HKCU:Run WinPatrol Ruiware C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
Yes HKLM:Run Acer Assist Launcher "C:\Program Files (x86)\Acer\Acer Assist\launcher.exe"
Yes HKLM:Run Acer ePower Management Acer Incorporated C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
No HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run BackupManagerTray NewTech Infosystems, Inc. "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
No HKLM:Run CarboniteSetupLite Carbonite, Inc. "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled
No HKLM:Run EgisTecLiveUpdate EgisTec Inc. "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IAAnotif Intel Corporation "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Yes HKLM:Run LanguageShortcut CyberLink "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
Yes HKLM:Run LManager Dritek System Inc. "C:\Program Files (x86)\Launch Manager\LManager.exe"
No HKLM:Run mcagent_exe "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
No HKLM:Run mwlDaemon EgisTec Inc. "C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe"
Yes HKLM:Run ODDPwr Acer Incorporated "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run PLFSetI C:\Windows\PLFSetI.exe
No HKLM:Run ProductUpdater "C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe"
Yes HKLM:Run PSUAMain Panda Security, S.L. "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
No HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
No HKLM:Run Skytel Realtek Semiconductor Corp. C:\Program Files\Realtek\Audio\HDA\Skytel.exe
No HKLM:Run SynTPEnh Synaptics Incorporated C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run VirtualCloneDrive Elaborate Bytes AG "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
Yes HKLM:Run Windows Defender Microsoft Corporation %ProgramFiles%\Windows Defender\MSASCui.exe -hide
No Startup Common Acer VCM.lnk Acer Incorporated C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe 
No Startup Common CodecPackTrayMenu.lnk C:\Windows\SysWOW64\Codecs\TrayMenu.exe 
Yes Startup User ERUNT AutoBackup.lnk
No Startup User Orion.lnk C:\PROGRA~2\CONVES~1\Orion\MESSEN~1.EXE 
 
 
 
Thank you for the help. It is much appreciated! Sorry about the late reply!
 

Edited by korniceman3000, 31 May 2016 - 02:23 PM.


#15 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 31 May 2016 - 03:47 PM

Leave these on with ccleaner, the rest can be disabled.

 

Yes HKCU:Run SandboxieControl Sandboxie Holdings, LLC "C:\Program Files\Sandboxie\SbieCtrl.exe"
Yes HKCU:Run WinPatrol Ruiware C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe
Yes HKLM:Run PSUAMain Panda Security, S.L. "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray

As far as 9-Lab it will not run on some machines for what ever reason.

 

Any issues now?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users