Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Protection file problem.


  • Please log in to reply
16 replies to this topic

#1 34BLEEP00XX

34BLEEP00XX

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 01 May 2017 - 06:44 PM

I need file called acedrv07.sys digitally signed version for Windows 7 64-bit.

 

I am getting these annoying errors on event viewer:

 

Error type: Warning  Source:WMI  Code:63

Message:

A provider, InvProv, has been registered in the Windows Management Instrumentation namespace Root\cimv2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

 

Error type: Error Source: WMI code:10

Message:

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error type: Error Source: Service control Manager Code: 7026

The following startup - or bootdrive does not loaded:

acedrv07

 

Error type: Error Source: Service control Manager Code: 7000

Service eapihdrv can not be started

Loading of this driver is blocked.


Edited by hamluis, 01 May 2017 - 07:31 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 01 May 2017 - 07:20 PM

Oh. I need to tell this little story here. It is fun: I tried once to open one really suspicious looking attachment file from my E-mail. I did not open. My F-Secure said this error: File Invoice59589.zip can't be opened because it contains malware. So my protection seems to be working.



#3 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 01 May 2017 - 07:37 PM

I don't think that my PC is infected. This is more of Driver errors / Missing files.



#4 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 01 May 2017 - 08:33 PM

Hmm. Should I try that Rkill program for scanning my services?



#5 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 06 May 2017 - 05:29 PM

Can ANYONE help me here?



#6 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 07 May 2017 - 03:43 PM

I think I go to windows 7 forums to ask some help. This problem seems to be REALLY tricky to solve.



#7 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 07 May 2017 - 08:33 PM

Just downloaded that PC Hunter tool. OH geez what a program. It is really useful. Like Windows Taskmanager on Steroids.



#8 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:41 AM

Posted 08 May 2017 - 05:48 AM

I don't know for sure if that is a legit program or not.  When did you install.....if you know...Protect Software GmbH ?

 

Several security programs describe it as a pup or a more malicious program. See Protect Software GmbH Analysis - herdProtect

 

If you think it is a legit program then probably the easiest solution is to uninstall the program and then reinstall.

 

I suggest scanning the computer before doing that just in case it is a pup or worse.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • download Malwarebytes to your desktop.
  • Double-click mb3-setup-1878.1878-3.0.6.1469.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 08 May 2017 - 06:42 AM

Thanks for answering. There is a problem: That JRT tool removes legit programs from my computer so I can't run it.

That Acedrv07.sys error is related to Magix Music Maker 12 XXL program which is for windows XP. It uses that driver for protection software.

 

OH. One more thing: I can run the tools but I don't press clean button if I see legit programs on detection list but I will post logs with my own analysis.


Edited by 34BLEEP00XX, 08 May 2017 - 06:44 AM.


#10 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 08 May 2017 - 06:49 AM

My AdwCleaner LOG:

 

# AdwCleaner v6.046 - Logfile created 08/05/2017 at 14:47:12
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Jaakko - JAAKKO-PC
# Running from : C:\Users\Jaakko\Desktop\NewAirCraft\adwcleaner_6.046.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\Jaakko\AppData\Local\slimware utilities inc Legit Program
Folder Found:  C:\Users\Jaakko\AppData\Local\SlimWare Utilities Inc Legit Program
Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Legit Program
Folder Found:  C:\Program Files (x86)\SlimCleaner Legit Program


***** [ Files ] *****

File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk WTF. This is a sound codec adjusting program. Duh.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  SlimCleaner Run


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  HKU\S-1-5-21-1209243964-3735521587-2092069385-1000\Software\SlimWare Utilities Inc Legit
Key Found:  HKCU\Software\SlimWare Utilities Inc Legit
Key Found:  HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.Legit
Key Found:  [x64] HKCU\Software\SlimWare Utilities Inc Legit
Key Found:  [x64] HKLM\SOFTWARE\Tarma Installer Legit
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [codec Settings UAC Manager] Again that sound codec. Legit.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [2544 Bytes] - [25/04/2017 01:32:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [2442 Bytes] - [25/04/2017 22:54:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [2338 Bytes] - [08/05/2017 14:47:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2411 Bytes] ##########

 

If you find my previous thread the same programs appeared there and I explained to that helper what those programs do.

 

One more advice to all here: That Filehippo tool is bit obsolete nowadays. I recommend Glary Utilities 5 and Software Update Pro by same company. Also that Secunia PSI is REALLY good tool.

 

If there is NO way to solve that missing file I will contact to Magix Support and get that Unlockmaster program for bypassing that protection driver. That can do it. I know.


Edited by 34BLEEP00XX, 08 May 2017 - 07:02 AM.


#11 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:41 AM

Posted 08 May 2017 - 07:30 AM

I wouldn't allow any of those programs on my computer. But it is YOUR computer to do as you wish.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 08 May 2017 - 07:40 AM

Yeah yeah. I know. But if you want some links to proof they are legit I can provide them here:

 

Traymenu.exe:

http://www.file.net/process/traymenu.exe.html

 

Slimcomputer and Slimware:

http://slimcomputer.com/

 

There you go. Some info about those files.

 

On last run that JRT tool removed my online chat client program. DUH.


Edited by 34BLEEP00XX, 08 May 2017 - 07:41 AM.


#13 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 08 May 2017 - 08:02 AM

I got to go so I won't be late. My bank closes in 28 minutes. Yikes. See ya.



#14 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 10 May 2017 - 06:38 PM

I am back and STILL needing help for that missing protection file problem.



#15 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:41 PM

Posted 11 May 2017 - 07:56 AM

I can't turn my virus protection on and my computer can't re-install it. Help.


Edited by hamluis, 11 May 2017 - 08:16 AM.
Merged topics - Hamluis.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users