Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing services


  • Please log in to reply
18 replies to this topic

#1 DarinG

DarinG

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 11 December 2013 - 06:33 PM

I believe I had/have zero access.  I used eset special virus removal tool(s), Malwarebytes, adware cleaner, and RK. 

I seem to be missing some services now, and am having problems printing and opening quickbooks.  The app will load but hang.  My backups do not complete, and some windows updates will fail.  I have had to use system restore more than once cuz I keep running into dead ends and system corruption gets worse.  I have spent several hours online with quickbooks tec support, really don't know what all they did to try and remedy this but they didn't have any luck. BTY the quickbooks program seems to work properly under guest user account but not under my account.  Have ran sfc/scannow and windows repair .  Still no luck.   Any help would be appreciated. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Darin at 16:57:22 on 2013-12-11
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.7990.5541 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: System Shield *Disabled/Outdated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\CISVC.EXE
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\locator.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\FolderSize\FolderSize.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\perfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer, enhanced for Bing and MSN
BHO: AutorunsDisabled - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [Folder Size] C:\Program Files\FolderSize\FolderSize.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{48CA4558-D802-48E2-8AE4-2BF2D97C1B3D} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F0A09C2F-B877-4AE1-A4A3-A0CDF0444733} : NameServer = 8.8.8.8,8.8.4.4
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  DPPassFilter scecli
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-12-11 116000]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-10-29 52856]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-12-11 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-12-11 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-12-11 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2013-12-11 117024]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-12-10 30752]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 nm3;Microsoft Network Monitor 3 Driver;C:\Windows\System32\drivers\nm3.sys [2010-6-9 46392]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-12-11 3873784]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-9-30 57840]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-11-8 1168960]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-12-10 82160]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2013-5-19 145448]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-10-22 7142320]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-12-11 367200]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-1 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-16 646248]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-11-12 103576]
S3 ERmvrDrv;ESET standalone malware removal tool kernel-mode driver;C:\Windows\System32\drivers\ERKRmvrDrv.sys [2013-11-24 43608]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-10-30 1471352]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-11-8 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-6 25928]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-15 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-11-5 31800]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-11-12 204568]
S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkTMini.sys [2013-11-22 528256]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-20 59392]
S3 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-15 2533400]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-4-15 19968]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-16 1255736]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-11-22 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264]
S4 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-6 418376]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-6 701512]
S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-8-19 1248256]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S4 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2013-1-9 376832]
S4 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2013-1-9 293216]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S4 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2013-12-11 17:45:03 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE3F1B2E-EC75-4922-A9DE-688C0714DC11}\mpengine.dll
2013-12-11 12:42:05 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2013-12-11 12:42:01 1464096 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2013-12-11 12:42:00 198432 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys
2013-12-11 12:41:59 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys
2013-12-11 12:41:54 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys
2013-12-11 12:41:53 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys
2013-12-11 12:41:52 269600 ----a-w- C:\Windows\System32\drivers\snapman.sys
2013-12-11 12:41:51 116000 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2013-12-11 04:40:32 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2013-12-11 04:39:35 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2013-12-11 04:39:35 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
2013-12-11 04:39:35 26184 ----a-w- C:\Windows\System32\smrgdf.exe
2013-12-11 04:39:32 -------- d-----w- C:\ProgramData\ioloGovernor
2013-12-11 04:39:31 -------- d-----w- C:\Users\Darin\AppData\Roaming\ioloGovernor
2013-12-11 04:39:30 69000 ----a-w- C:\Windows\System32\offreg.dll
2013-12-11 04:39:30 56200 ----a-w- C:\Windows\SysWow64\offreg.dll
2013-12-11 04:38:52 30752 ----a-w- C:\Windows\System32\drivers\ElRawDsk.sys
2013-12-11 01:56:46 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
2013-12-11 01:56:40 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-12-11 00:36:35 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-11 00:36:35 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 00:36:34 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-11 00:36:33 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-11 00:28:44 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-11 00:28:44 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-11 00:28:43 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-11 00:28:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-11 00:28:40 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-11 00:28:35 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-11 00:28:35 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-11 00:28:20 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-11 00:28:20 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-11 00:28:19 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-11 00:28:19 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-10 23:43:40 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-10 23:43:40 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-10 23:43:40 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-10 23:43:40 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-10 23:43:40 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-10 23:43:40 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-10 23:43:40 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-10 23:43:40 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-10 13:38:53 56832 ----a-w- C:\Windows\SysWow64\Iyvu9_32.dll
2013-12-10 13:38:53 391168 ----a-w- C:\Windows\SysWow64\i263_32.drv
2013-12-10 13:38:53 27648 ----a-w- C:\Windows\SysWow64\ir50_lcs.dll
2013-12-10 13:38:53 143872 ----a-w- C:\Windows\SysWow64\iacenc.dll
2013-12-10 13:37:46 305152 ----a-w- C:\Windows\IsUninst.exe
2013-12-10 12:43:37 10285968 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-10 06:20:25 -------- d-----w- C:\Windows\Migration
2013-12-06 21:44:29 -------- d-----w- C:\Users\Darin\AppData\Roaming\Malwarebytes
2013-12-06 21:36:07 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-06 21:36:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-06 21:36:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-06 21:25:57 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62237492-95EB-42A6-92D6-545B1FEF68BD}\gapaengine.dll
2013-12-06 21:12:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-12-06 15:13:05 -------- d-----w- C:\Program Files\ESET
2013-12-06 12:52:48 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B1F99B5D-9CE7-47C9-B1F8-C1A02F0B289F}\mpengine.dll
2013-11-24 18:58:16 43608 ----a-w- C:\Windows\System32\drivers\ERKRmvrDrv.sys
2013-11-24 02:35:49 -------- d-----w- C:\ProgramData\Nuance
2013-11-24 00:16:16 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-11-23 02:30:01 -------- d-----w- C:\Users\Darin\AppData\Local\Apps
2013-11-22 22:02:59 -------- d-----w- C:\ProgramData\DeskShare
2013-11-22 22:02:50 -------- d-----w- C:\Users\Darin\AppData\Local\Spoon
2013-11-22 20:39:52 53248 ----a-w- C:\Windows\SysWow64\StkTProp.ax
2013-11-22 20:39:51 6921856 ----a-w- C:\Windows\System32\drivers\StkCPipe.sys
2013-11-22 20:39:51 528256 ----a-w- C:\Windows\System32\drivers\StkTMini.sys
2013-11-22 16:45:33 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
2013-11-22 16:45:33 224256 ----a-w- C:\Windows\System32\HPToneCtrls64.dll
2013-11-22 16:45:32 74336 ----a-w- C:\Windows\System32\AESTAR64.dll
2013-11-22 16:45:32 200288 ----a-w- C:\Windows\System32\AESTAC64.dll
2013-11-22 16:45:30 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2013-11-22 16:45:30 6085632 ----a-w- C:\Windows\System32\stlang64.dll
2013-11-22 16:45:30 1425408 ----a-w- C:\Windows\sttray64.exe
2013-11-22 16:45:30 14060544 ----a-w- C:\Windows\System32\idtcpl64.cpl
2013-11-22 16:41:48 255488 ----a-w- C:\Windows\System32\staco64.dll
2013-11-22 16:41:42 540160 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2013-11-22 16:41:41 656896 ------w- C:\Windows\System32\stapi64.dll
2013-11-22 16:41:41 450048 ----a-w- C:\Windows\System32\stcplx64.dll
2013-11-22 16:41:41 1988096 ----a-w- C:\Windows\System32\stapo64.dll
2013-11-22 16:40:42 -------- d-----w- C:\Program Files\IDT
2013-11-22 00:14:21 -------- d-----w- C:\TDSSKiller_Quarantine
2013-11-22 00:07:30 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-11-22 00:07:30 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-11-22 00:05:59 542272 ----a-w- C:\Program Files\Internet Explorer\pdm.dll
2013-11-22 00:05:59 400968 ----a-w- C:\Program Files\Internet Explorer\msdbg2.dll
2013-11-22 00:05:59 13824 ----a-w- C:\Windows\System32\mshta.exe
2013-11-22 00:05:59 105568 ----a-w- C:\Program Files\Internet Explorer\pdmproxy100.dll
2013-11-22 00:05:58 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2013-11-22 00:05:58 48128 ----a-w- C:\Windows\System32\imgutil.dll
2013-11-22 00:05:58 450560 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2013-11-22 00:05:58 142336 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-11-21 21:22:44 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-21 21:22:44 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-21 21:22:12 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-21 21:18:35 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-21 21:18:34 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-21 21:18:32 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-21 21:18:32 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-21 21:18:32 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-21 21:18:32 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-21 21:18:32 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-20 09:06:27 -------- d-----w- C:\Users\Darin\AppData\Local\ElevatedDiagnostics
2013-11-19 21:00:48 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-11-19 20:19:09 -------- d-----w- C:\Users\Darin\AppData\Local\CrashDumps
2013-11-19 14:40:37 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2013-11-19 14:39:51 -------- d-----w- C:\Users\Darin\AppData\Roaming\Intel Corporation
2013-11-17 09:54:22 -------- d-----w- C:\AdwCleaner
2013-11-17 09:39:38 -------- d-----w- C:\Program Files\Enigma Software Group
2013-11-14 04:50:14 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-11-14 01:03:45 -------- d-----w- C:\ProgramData\Roaming
2013-11-14 00:30:19 -------- d-----w- C:\Users\Darin\AppData\Roaming\hpqLog
2013-11-13 14:24:16 -------- d-----w- C:\Program Files\FolderSize
2013-11-13 04:27:36 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-11-13 04:27:36 103576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-11-13 03:10:13 -------- d-----w- C:\ProgramData\SSD Boost Manager
2013-11-12 06:08:12 -------- d-----w- C:\Users\Darin\AppData\Roaming\ESET
2013-11-12 06:08:12 -------- d-----w- C:\Users\Darin\AppData\Local\ESET
2013-11-12 05:58:33 -------- d-----w- C:\Windows\ERUNT
2013-11-12 04:20:04 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-12 01:15:08 -------- d-----w- C:\Program Files\Microsoft Network Monitor 3
.
==================== Find3M  ====================
.
2013-12-03 16:01:56 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-13 02:12:00 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2013-11-09 05:40:38 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-09 05:40:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-30 03:16:32 233472 ----a-w- C:\Windows\SysWow64\FsUsbExService.Exe
2013-10-30 03:16:30 37344 ----a-w- C:\Windows\SysWow64\FsUsbExDisk.Sys
2013-10-29 07:22:20 10488 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2013-10-29 07:22:20 10488 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2013-10-29 07:22:19 129784 ----a-w- C:\Windows\SysWow64\pxafs.dll
2013-10-29 07:22:19 116472 ----a-w- C:\Windows\SysWow64\pxcpyi64.exe
2013-10-29 07:22:18 52856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2013-10-29 07:22:18 118520 ----a-w- C:\Windows\SysWow64\pxinsi64.exe
2013-10-13 16:09:27 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-10-13 16:09:27 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-10-08 12:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-09-27 15:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 15:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-19 03:12:10 160256 ----a-w- C:\Windows\System32\iavlsp64.dll
2013-09-17 21:17:38 62136 ----a-w- C:\Windows\System32\drivers\epfwwfp.sys
2013-09-17 21:17:38 44120 ----a-w- C:\Windows\System32\drivers\EpfwLWF.sys
2013-09-17 21:17:38 239320 ----a-w- C:\Windows\System32\drivers\eamonm.sys
2013-09-17 21:17:38 239296 ----a-w- C:\Windows\System32\drivers\edevmon.sys
2013-09-17 21:17:38 220232 ----a-w- C:\Windows\System32\drivers\epfw.sys
2013-09-17 21:17:38 168256 ----a-w- C:\Windows\System32\drivers\ehdrv.sys
.
============= FINISH: 16:57:38.64 ===============
 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 14 December 2013 - 11:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download this program to your desktop.
Tweaking.com - Windows Repair 1.9.16
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Please let me know what problem persists.

p.s.
You account may be corrupted so think in terms of possibly having to recreate it.

#3 DarinG

DarinG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 16 December 2013 - 09:17 PM

I have finished the procedure.  Right away I Notice I cannot print and quickbooks problem has changed.  I will do more investigating and update you as I gather more information.  Would it be wise to uninstall and re install my printers.   



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 17 December 2013 - 09:35 AM

Yes re-install the printer.

#5 DarinG

DarinG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 18 December 2013 - 08:08 AM

Some things are better but still have some issues. 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 18 December 2013 - 08:21 AM

What are they?
I may be able to help.

#7 DarinG

DarinG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 19 December 2013 - 12:38 AM

I cannot print.  My quickbooks will only load and work under guest account.  eset network monitor shows constant attempt by svchost.exe upload to mediaplayer.browserupdater.org  on port 5036 and1900.  I have this blocked in my hosts file so it goes nowhere but I haven't figured out what it is doing. 

 

And I have about 706 of these errors in event log in the last 6 hours all are exactly alike

 

  Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          12/18/2013 11:16:32 PM
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          Darin-PC\Guest
Computer:      Darin-PC
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user Darin-PC\Guest SID (S-1-5-21-1142199218-2130304564-235577500-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-19T05:16:32.000000000Z" />
    <EventRecordID>541060</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>Darin-PC</Computer>
    <Security UserID="S-1-5-21-1142199218-2130304564-235577500-501" />
  </System>
  <EventData>
    <Data Name="param1">application-specific</Data>
    <Data Name="param2">Local</Data>
    <Data Name="param3">Activation</Data>
    <Data Name="param4">{8BC3F05E-D86B-11D0-A075-00C04FB68820}</Data>
    <Data Name="param5">{8BC3F05E-D86B-11D0-A075-00C04FB68820}</Data>
    <Data Name="param6">Darin-PC</Data>
    <Data Name="param7">Guest</Data>
    <Data Name="param8">S-1-5-21-1142199218-2130304564-235577500-501</Data>
    <Data Name="param9">LocalHost (Using LRPC)</Data>
  </EventData>
</Event>

Any ideas ,  There might be more problems that just haven't showed up yet.  IDK



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 19 December 2013 - 10:39 AM

Is this the issue you are dealing with?

http://malwaretips.com/blogs/update-media-player-virus/

#9 DarinG

DarinG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 19 December 2013 - 10:18 PM

I have seen this popup before but never downloaded it.  I do not see it anymore but that might be due to fact I have this Ip blocked in hosts file.  I started procedures and completed adware cleaner.  When I download jrt I get error message

 

7 zip sfx archive: error

Error during execution "c:\users\darin\appdata\local\temp\jrt\get.bat 

access is denied. 

 

I tried saving to desktop then to downloads  same error each time. 

I will wait for your response. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 20 December 2013 - 08:00 AM

When I download jrt I get error message

7 zip sfx archive: error
Error during execution "c:\users\darin\appdata\local\temp\jrt\get.bat
access is denied.


I never did have to Extract the tool. Did you get it from this site?

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Are you satisfied with this?
I do not see it anymore but that might be due to fact I have this Ip blocked in hosts file

I was thinking in the line of creating a Restore point.

Then remove the entry in the host file and let it run.

If there is any malware install then we can deal with it.
If all fails then you can restore your System.

What do you think?

#11 DarinG

DarinG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 20 December 2013 - 06:52 PM

 ok it seems to be sending and receiving info. I also noticed something else going on in my network.  Took a screenshot. I will attach to post.  I took this with browsers closeAttached File  screen shot 1.jpg   30.35KB   0 downloadsd.  Something is going on with svchost.


Edited by DarinG, 20 December 2013 - 06:53 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 21 December 2013 - 08:21 AM

I can't read the information.

 

Can you copy and paste it.



#13 DarinG

DarinG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 22 December 2013 - 12:20 PM

can't copy paste this data.  I took this screenshot and circled questionable data.  any other way I can send you jpg?  also I realized after allowing line in hosts file for mediaplayer.browserupdater.org then this new one showed up. Its next entry in my hosts file.  allowed it, now next line showing traffic symptoms.  I will past first few lines of my hosts file to help explain  if you want me to paste entire file let me know but its 4 or 5 hundred lines.

#652
### 127.0.0.1 mediaplayer.browserupdater.org # hosts anti-adware / pups
#   127.0.0.1 www.judgeporn.com # hosts anti-adware / pups
127.0.0.1 www.realgfporn.com # hosts anti-adware / pups
127.0.0.1 www.x3xtube.com # hosts anti-adware / pups
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups

 

 

Thank you



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:39 PM

Posted 22 December 2013 - 02:21 PM


can't copy paste this data. I took this screenshot and circled questionable data.

Just write the text and type it in your next reply.

===
The number sign in bold at the beginning of the hosts file shoud be removed.

### 127.0.0.1 mediaplayer.browserupdater.org # hosts anti-adware / pups
# 127.0.0.1 www.judgeporn.com # hosts anti-adware / pups

Do not remove this "# hosts anti-adware / pups"

Remove them and save the file.
===

#15 DarinG

DarinG
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 PM

Posted 23 December 2013 - 01:43 AM

I did this to temporaliary disable this line item,  earlier in my post I ask about mediaplayer.browserupdater.net and you advised to enable and so on wor the nest three lines.  It is my understanding that a # will cause os to ignore everything after on that line. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users