error messages with windows defender, hosts file & microsoft essential

stlette · 29 Aug 2014

Appreciate all the help Layback Bear and Jacee. I was about to reinstall windows 7. haven't reinstall since i bought the pc over 3 years ago. haven't had a problem until now. i do have a may 2014 backup with shadow protect.

andrew129260 · 30 Aug 2014

May I also suggest:

1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.

Attached Images

stlette · 31 Aug 2014

I ran the scan.
It's here https://copy.com/2iF7vjXfjnEdjTQ3.
It wouldn't let me paste it in the forum because there were too many characters.

andrew129260 · 31 Aug 2014

Remove the following:

On each item click action-remove

After removing the below items, restart the pc. Then run a new herdprotect scan and post a new log. You should be able to upload it using the paperclip on the forum with no trouble as many others have. I also suggest deleting this folder: c:\users\jim\desktop\_ycaao5.shr

This program looks like a back door trojan.

If an item you want to keep is there, or if you think the detection is false tell me about it.

This is info for the detected object:

http://www.herdprotect.com/infixpro....dcc645050.aspx

Code:

File path: 		c:\users\jim\appdata\roaming\thinstall\infixpro 3.36\40000055800002i\infixpro.exe
Publisher: 		
MD5: 			24c217a10a96eaa3a0a9bee5215f6386
SHA-1: 			bbfcdb0805463b1ad23dce09cbc725edcc645050
Created: 		6/29/2014 7:55:08 PM
Detections: 		10

Code:

File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\hypersnap.6.70.01\hypersnap_portable_6.70.01_en-de-fr-hu-pl-ru.paf.exe
Publisher: 		PortableAppZ.blogspot.com
MD5: 			add6f8939508c7771bb582ebd13c20a7
SHA-1: 			48c8c868b703b2c81355b146177c5503aaf0c14a
Created: 		8/30/2014 6:33:06 PM
Detections: 		13

Code:

File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\ie8.portable\ie8.exe
Publisher: 		Microsoft Corporation
MD5: 			b5be2cf02d6aaa8f1321b66e0ba44cfa
SHA-1: 			9e42724110cf0397a52bc406a165f84bf1dbf2da
Created: 		8/30/2014 6:33:06 PM
Detections: 		26

Code:

File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\your uninstaller! 2006 v5.0.0.335 (thinstalled).exe
Publisher: 		URSoft,Inc
MD5: 			6ef60de69848c8466740c1df33949170
SHA-1: 			ac15ae5676b8d25569ef7c934c5d6e60fee7576b
Created: 		8/30/2014 6:33:00 PM
Detections: 		5

Code:

File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\vista-shutdowntimer.exe
Publisher: 		Flo
MD5: 			379949e6e2c03c4da74e7c40a9e187e2
SHA-1: 			ca1477a5deaface9f4d09aadc59df67d4a867384
Created: 		8/30/2014 6:33:00 PM
Detections: 		4

Code:

File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\perfect uninstaller 6.3.3.2 portable.exe
Publisher: 		
MD5: 			af15f0981167fcd39099e2564f6082f9
SHA-1: 			69edcc830910d5a1655e1fdc9fb2e24fe5c231d8
Created: 		8/30/2014 6:33:00 PM
Detections: 		3

Code:

File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\jv16 powertools 2009 v1.9.0.598 portable.exe
Publisher: 		
MD5: 			baf9c85274d2125070afe365a1d039e7
SHA-1: 			f67722057efa5ca4e4f7be9cd573468e96357515
Created: 		8/30/2014 6:33:00 PM
Detections: 		5

Code:

File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\hjsplit.exe
Publisher: 		
MD5: 			8ae02e041e81cc74b539278169cade16
SHA-1: 			445669a2cdb90b08eec9149fc930c5ab681fac22
Created: 		8/30/2014 6:33:00 PM
Detections: 		5

Code:

File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\amazing photo editor 5.6 portable.exe
Publisher: 		
MD5: 			81af0fb447bcc94fba32f5f7f11dfcca
SHA-1: 			dd50dc1608831e4b62b7e2d25d85954e6097515a
Created: 		8/30/2014 6:33:00 PM
Detections: 		3

Code:

File path: 		c:\users\jim\desktop\_ycaao5.shr\js4aalyqaacrbqaakk.shr\nxiaajreaac0dgaajc.shr\-uqa.shr\advanced uninstaller pro v9.6 portable.exe
Publisher: 		
MD5: 			838aa8e64deeb52a64d940539640299e
SHA-1: 			3665ebb2688eb66d50005a6a4c8448bb72a1fd2b
Created: 		8/30/2014 6:32:59 PM
Detections: 		6

Where did you get winrar from?

Code:

File path: 		c:\program files\winrar\winrar.exe
Publisher: 		Alexander Roshal
MD5: 			495891843cb0bd7cab70ae6b97ba0660
SHA-1: 			ff7511f39bef3d174f1678e5e90f13821733f99c
Created: 		11/8/2013 11:31:15 AM
Detections: 		4

Jacee · 31 Aug 2014

Please download AdwCleaner by Xplode and save to your Desktop.

Step 1.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Step 2.
Using AdwCleaner v3: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

******Post both .txt logs

stlette · 31 Aug 2014

It's bedtime. I'll follow the above 2 steps tomorrow.

stlette · 01 Sep 2014

i restarted the pc. here's the new herdprotect scan log.

I also suggest deleting this folder: c:\users\jim\desktop\_ycaao5.shr

It's deleted.
________________

Using AdwCleaner v3: Scan & Clean:

i can't run step 2 until i know if it's safe to delete the below files.
i ran adwcleaner.exe. these files are legit -
C:\Program Files (x86)\NCH Software
C:\ProgramData\NCH Software
these files i'm not sure about.
C:\END
C:\Windows\System32\roboot64.exe
C:\ProgramData\Device

stlette · 01 Sep 2014

here's the 2nd adwcleaner scan log.

Jacee · 01 Sep 2014

I'd like you to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Jacee · 01 Sep 2014

stlette said:

Double click on the flush.bat file to run it. You may need to right click the .bat file and choose to run as Administrator.

Done. the pc restarted. i went to the windows\system32\drivers\etc folder and it's different. i don't see the hosts file that was there.

Copy/paste the Hosts.txt