Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: error messages with windows defender, hosts file & microsoft essential

29 Aug 2014   #11
stlette

Windows 7 Ultimate x64
 
 

Appreciate all the help Layback Bear and Jacee. I was about to reinstall windows 7. haven't reinstall since i bought the pc over 3 years ago. haven't had a problem until now. i do have a may 2014 backup with shadow protect.


My System SpecsSystem Spec
.
30 Aug 2014   #12
andrew129260

Windows 10 Pro
 
 

May I also suggest:

1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.

Attached Images
My System SpecsSystem Spec
31 Aug 2014   #13
stlette

Windows 7 Ultimate x64
 
 

I ran the scan.
It's here https://copy.com/2iF7vjXfjnEdjTQ3.
It wouldn't let me paste it in the forum because there were too many characters.
My System SpecsSystem Spec
.

31 Aug 2014   #14
andrew129260

Windows 10 Pro
 
 

Remove the following:

On each item click action-remove

After removing the below items, restart the pc. Then run a new herdprotect scan and post a new log. You should be able to upload it using the paperclip on the forum with no trouble as many others have. I also suggest deleting this folder: c:\users\jim\desktop\_ycaao5.shr

This program looks like a back door trojan.

If an item you want to keep is there, or if you think the detection is false tell me about it.


This is info for the detected object:

http://www.herdprotect.com/infixpro....dcc645050.aspx

Code:
File path: 		c:\users\jim\appdata\roaming\thinstall\infixpro 3.36\40000055800002i\infixpro.exe
Publisher: 		
MD5: 			24c217a10a96eaa3a0a9bee5215f6386
SHA-1: 			bbfcdb0805463b1ad23dce09cbc725edcc645050
Created: 		6/29/2014 7:55:08 PM
Detections: 		10

Code:
File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\hypersnap.6.70.01\hypersnap_portable_6.70.01_en-de-fr-hu-pl-ru.paf.exe
Publisher: 		PortableAppZ.blogspot.com
MD5: 			add6f8939508c7771bb582ebd13c20a7
SHA-1: 			48c8c868b703b2c81355b146177c5503aaf0c14a
Created: 		8/30/2014 6:33:06 PM
Detections: 		13

Code:
File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\ie8.portable\ie8.exe
Publisher: 		Microsoft Corporation
MD5: 			b5be2cf02d6aaa8f1321b66e0ba44cfa
SHA-1: 			9e42724110cf0397a52bc406a165f84bf1dbf2da
Created: 		8/30/2014 6:33:06 PM
Detections: 		26

Code:
File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\your uninstaller! 2006 v5.0.0.335 (thinstalled).exe
Publisher: 		URSoft,Inc
MD5: 			6ef60de69848c8466740c1df33949170
SHA-1: 			ac15ae5676b8d25569ef7c934c5d6e60fee7576b
Created: 		8/30/2014 6:33:00 PM
Detections: 		5

Code:
File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\vista-shutdowntimer.exe
Publisher: 		Flo
MD5: 			379949e6e2c03c4da74e7c40a9e187e2
SHA-1: 			ca1477a5deaface9f4d09aadc59df67d4a867384
Created: 		8/30/2014 6:33:00 PM
Detections: 		4
Code:
File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\perfect uninstaller 6.3.3.2 portable.exe
Publisher: 		
MD5: 			af15f0981167fcd39099e2564f6082f9
SHA-1: 			69edcc830910d5a1655e1fdc9fb2e24fe5c231d8
Created: 		8/30/2014 6:33:00 PM
Detections: 		3

Code:
File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\jv16 powertools 2009 v1.9.0.598 portable.exe
Publisher: 		
MD5: 			baf9c85274d2125070afe365a1d039e7
SHA-1: 			f67722057efa5ca4e4f7be9cd573468e96357515
Created: 		8/30/2014 6:33:00 PM
Detections: 		5

Code:
File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\hjsplit.exe
Publisher: 		
MD5: 			8ae02e041e81cc74b539278169cade16
SHA-1: 			445669a2cdb90b08eec9149fc930c5ab681fac22
Created: 		8/30/2014 6:33:00 PM
Detections: 		5
Code:
File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\amazing photo editor 5.6 portable.exe
Publisher: 		
MD5: 			81af0fb447bcc94fba32f5f7f11dfcca
SHA-1: 			dd50dc1608831e4b62b7e2d25d85954e6097515a
Created: 		8/30/2014 6:33:00 PM
Detections: 		3

Code:
File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\advanced uninstaller pro v9.6 portable.exe
Publisher: 		
MD5: 			838aa8e64deeb52a64d940539640299e
SHA-1: 			3665ebb2688eb66d50005a6a4c8448bb72a1fd2b
Created: 		8/30/2014 6:32:59 PM
Detections: 		6

Where did you get winrar from?

Code:
File path: 		c:\program files\winrar\winrar.exe
Publisher: 		Alexander Roshal
MD5: 			495891843cb0bd7cab70ae6b97ba0660
SHA-1: 			ff7511f39bef3d174f1678e5e90f13821733f99c
Created: 		11/8/2013 11:31:15 AM
Detections: 		4
My System SpecsSystem Spec
31 Aug 2014   #15
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Please download AdwCleaner by Xplode and save to your Desktop.


Step 1.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Step 2.
Using AdwCleaner v3: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder


******Post both .txt logs
My System SpecsSystem Spec
31 Aug 2014   #16
stlette

Windows 7 Ultimate x64
 
 

It's bedtime. I'll follow the above 2 steps tomorrow.
My System SpecsSystem Spec
01 Sep 2014   #17
stlette

Windows 7 Ultimate x64
 
 

i restarted the pc. here's the new herdprotect scan log.
Quote:
I also suggest deleting this folder: c:\users\jim\desktop\_ycaao5.shr
It's deleted.
________________
Quote:
Using AdwCleaner v3: Scan & Clean:
i can't run step 2 until i know if it's safe to delete the below files.
i ran adwcleaner.exe. these files are legit -
C:\Program Files (x86)\NCH Software
C:\ProgramData\NCH Software
these files i'm not sure about.
C:\END
C:\Windows\System32\roboot64.exe
C:\ProgramData\Device


Attached Files
File Type: txt Scan_2014-9-1-11-16aaa.txt (38.3 KB, 2 views)
File Type: txt AdwCleaner[R0].txt (12.8 KB, 1 views)
My System SpecsSystem Spec
01 Sep 2014   #18
stlette

Windows 7 Ultimate x64
 
 

here's the 2nd adwcleaner scan log.


Attached Files
File Type: txt AdwCleaner11[11S0].txt (12.6 KB, 4 views)
My System SpecsSystem Spec
01 Sep 2014   #19
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
01 Sep 2014   #20
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote   Quote: Originally Posted by stlette View Post
Quote:
Double click on the flush.bat file to run it. You may need to right click the .bat file and choose to run as Administrator.
Done. the pc restarted. i went to the windows\system32\drivers\etc folder and it's different. i don't see the hosts file that was there.
Copy/paste the Hosts.txt
My System SpecsSystem Spec
Reply

 error messages with windows defender, hosts file & microsoft essential




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows Defender gave me a malware warning (file name = "hosts")
So... my Windows Defender gave me a warning earlier ago. It said I had an infected system file named "hosts". I already removed the file from my computer, but it can still be found on my history. Look: http://i.imgur.com/umsL5WX.png What is that malware about anyway? I know I already removed...
System Security
Hosts file ignored and replaced with hosts.original
Hello. I am trying to use the hosts file. However both pings and web addresses still bypass the hosts file. I noticed that there is another file in the C:\Windows\System32\drivers\etc directory called 'hosts.original'. When ever I delete this file, it reappears seconds later. I have made sure that...
General Discussion
Windows Defender and Windows Essential security
Are these one in the same or is Windows Defender a separate program? Would you have to be running both?
System Security
Cannot Install Microsoft Security Essential, error 0x80070645
Hello, My problem is with Microsoft Security Essential (MSE). I had some problems with Security Client while installing windows updates, which causes the updates not to be installed. Searching the Internet, I found that I have to re-install MSE. I tried to uninstall it. I got error about...
System Security
Windows 7 Answer File Error Messages
When I try to save my Answer File that I've created for my Windows 7 PC I press on Tools and then on Validate Answer File, it give me in the sector Validation a lot of errors. In my book (MCTS 70 - 680), they say that I need to change my settings. Now is my question: How and which settings do I...
Performance & Maintenance
Testing Microsoft Security Essentials + the Hosts file
More at: Testing Microsoft Security Essentials and the Hosts file - Computerworld Blogs
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:18.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App