Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a248.e.akamai.net Technophobe and Airhead Please Help!


  • This topic is locked This topic is locked
12 replies to this topic

#1 DuskyMaidWeepsIntoPC

DuskyMaidWeepsIntoPC

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 10 February 2018 - 11:52 AM

This error message is appearing (a248.e.akamai.net certificate warning) I tried to fix it via advice from google, nothing worked. I found page on this site, and started to follow instructions. I ran CC cleaner? and then something called GMER which found Rootkit? then my PC crashed and now I'm stuck. The last thing I did was copy the log from GMER, can someone help me please, all my antivirus gubbins is off. 

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2018-02-11 00:09:35
Windows 6.2.9200  x64 
Running: Germer.exe
 
 
---- Services - GMER 2.2 ----
 
Service  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D1E295A-03DC-4A34-9144-C66BFEEA820C}\MpKslf7390739.sys (*** hidden *** )                    [SYSTEM] MpKslf7390739                                                                                                                                                                                                                                                       <-- ROOTKIT !!!
 
---- Registry - GMER 2.2 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStopTime                                                                                              0x02 0xA0 0xCF 0xC7 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration                                                                        23
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                                                          \??\C:\Users\admin\AppData\Local\Temp\_iu14D2N.tmp??\??\C:\Users\admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe??\??\C:\Users\admin\AppData\Local\Temp\~nsuA.tmp??\??\C:\Users\admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe??\??\C:\Users\admin\AppData\Local\Temp\~nsuA.tmp??
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                                          822102796
Reg      HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger@Start                                                                               1
Reg      HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger@Start                                                                             1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-2282976797-914681776-56622617-1001@SequenceNumber                                         24
Reg      HKLM\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-2282976797-914681776-56622617-1135@SequenceNumber                                         33
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a0d37a9556d6                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a0d37a9556d6@d896952c19ca                                                                   0xD5 0x62 0x5F 0xF2 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a0d37a9556d6@d9e2040e648b                                                                   0x49 0xA0 0x76 0x4D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\a0d37a9556d6@00e04c81cab7                                                                   0x6F 0xCD 0xDD 0x5A ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\3a-36-32-38-32-34@ClientLocalPort                                                     56742
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\3a-36-32-38-32-34@AddressCreationTimestamp                                            0xF0 0xCC 0x78 0x10 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\3a-36-32-38-32-34@NatDetectionTimestamp                                               0xF0 0xCC 0x78 0x10 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\3a-36-32-38-32-34@TeredoAddress                                                       2001:0:9d38:953c:28ed:8b9:8686:feda
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MpKslf7390739                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MpKslf7390739@Type                                                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MpKslf7390739@Start                                                                                                 1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MpKslf7390739@ErrorControl                                                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MpKslf7390739@ImagePath                                                                                             \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D1E295A-03DC-4A34-9144-C66BFEEA820C}\MpKslf7390739.sys
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MpKslf7390739@DeviceName                                                                                            MpKslf7390739
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MpKslf7390739@AllowedProcessName                                                                                    \Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MpKslf7390739                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                            10816
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                           8379
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}@Lease                                            2705
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}@LeaseObtainedTime                                3723
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}@T1                                               5075
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}@T2                                               6089
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}@LeaseTerminatesTime                              6428
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}@DhcpNetworkHint                                  4416D616370214D233D223
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@EnableDHCP                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@MTU                         0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@Domain                      
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@NameServer                  
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@RegistrationEnabled         1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@RegisterAdapterName         0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@UseZeroBroadcast            255
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpIPAddress               10.32.6.131
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpSubnetMask              255.255.248.0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpServer                  10.32.0.1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@Lease                       2799
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@LeaseObtainedTime           3628
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@T1                          5027
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@T2                          6077
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@LeaseTerminatesTime         6427
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@AddressType                 0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@IsServerNapAware            0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpConnForceBroadcastFlag  0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpNetworkHint             4416D61637023433D223
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpInterfaceOptions        0xFC 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpDomain                  site01.lan
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpNameServer              10.32.0.1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpDefaultGateway          10.32.0.1?
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpSubnetMaskOpt           255.255.248.0?
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpGatewayHardware         0x0A 0x20 0x00 0x01 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}\4416D61637023433D223@DhcpGatewayHardwareCount    1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{b2cc13f0-9a93-47eb-afc2-e629d1ac2545}@DhcpV6NetworkHint                               4416D616370214D233D223
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                                        0x9C 0xBE 0x4A 0xFD ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                                             0x9C 0x26 0x0F 0x5F ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                                              0x9C 0x56 0x86 0x9B ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@Group                                                                                                        Early-Launch
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@ImagePath                                                                                                    system32\drivers\wd\WdBoot.sys
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WdBoot@Start                                                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WdBoot                                                                                                              
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WdFilter@ImagePath                                                                                                  system32\drivers\wd\WdFilter.sys
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WdFilter@Start                                                                                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WdFilter                                                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WinDefend@Start                                                                                                     2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WinDefend                                                                                                           
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@Rw                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\0@RwMask                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@Rw                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\1@RwMask                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@Rw                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\2@RwMask                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\3@Rw                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\3@RwMask                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\4@Rw                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\62\4@RwMask                                                                                                     0x64 0x62 0x03 0x00 ...
 
---- EOF - GMER 2.2 ----

Edited by hamluis, 10 February 2018 - 12:54 PM.
Moved from MRL to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,194 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:51 AM

Posted 10 February 2018 - 01:42 PM

When you used CCleaner did you check the box next to DNS Cache under the System heading? If not, do that...

check the box to flush the DNS Cache and then click on Run Cleaner in the bottom right corner.

 

Use the programs below to remove adware and remove malware if you haven't used one or more this week.

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 DuskyMaidWeepsIntoPC

DuskyMaidWeepsIntoPC
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 10 February 2018 - 02:25 PM

(When you used CCleaner did you check the box next to DNS Cache)

 

I'm not sure, but I did flush my DNS when following other advice on google, which did not help. Does the log I pasted, mean I have malware on my PC? The line below was the only one highlighted in red. Thank you for the advice I will try those tools and update you. :) I can't use malewarebytes, as I've already tried it. Should I delete GMER?

 

Service  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D1E295A-03DC-4A34-9144-C66BFEEA820C}\MpKslf7390739.sys (*** hidden *** )                    [SYSTEM] MpKslf7390739                                                                                                                                                                                                                                                       <-- ROOTKIT !!!



#4 DuskyMaidWeepsIntoPC

DuskyMaidWeepsIntoPC
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 10 February 2018 - 02:28 PM

Having used malewarebytes, does this mean I cant use either of the other two you suggested?



#5 buddy215

buddy215

  • Moderator
  • 13,194 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:51 AM

Posted 10 February 2018 - 03:40 PM

No...I was just trying to save you from duplicating scans you have already done.

 

Just as a double check on that item marked as a rootkit...which I think is possibly a false positive run a

scan using MBAR along with the other two scans...AdwCleaner and Eset.

 

Flush the DNS by checking that item in CCleaner and run CCleaner before doing the three scans. That will shorten

the scan times, too.

 

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 DuskyMaidWeepsIntoPC

DuskyMaidWeepsIntoPC
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 11 February 2018 - 12:45 AM

OK , will do, thank you.



#7 DuskyMaidWeepsIntoPC

DuskyMaidWeepsIntoPC
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 11 February 2018 - 01:57 AM

# AdwCleaner 7.0.8.0 - Logfile created on Sun Feb 11 06:50:15 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [944 B] - [2018/2/11 6:48:28]


#8 DuskyMaidWeepsIntoPC

DuskyMaidWeepsIntoPC
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 11 February 2018 - 05:24 AM

Log
Scan Log
Version of detection engine: 16763 (20180119)
Date: 11/02/2018  Time: 15:36:14
Scanned disks, folders and files: C:\Boot sector;C:\;D:\Boot sector;D:\
C:\Documents and Settings\admin\AppData\Local\Microsoft\Windows\UsrClass.dat - unable to open [4]
C:\Documents and Settings\admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4]
C:\Documents and Settings\admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4]
C:\Documents and Settings\admin\Local Settings\Microsoft\Windows\UsrClass.dat - unable to open [4]
C:\Documents and Settings\admin\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4]
C:\Documents and Settings\admin\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4]
C:\Documents and Settings\admin\NTUSER.DAT - unable to open [4]
C:\Documents and Settings\admin\ntuser.dat.LOG1 - unable to open [4]
C:\Documents and Settings\admin\ntuser.dat.LOG2 - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\edb.jtx - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\Windows.jfm - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat - unable to open [4]
C:\Documents and Settings\All Users\Microsoft\Windows\LfSvc\Geofence\S-1-5-21-2282976797-914681776-56622617-1135_S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Geofence.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter\NTUSER.DAT - unable to open [4]
C:\Documents and Settings\GeorgeCarter\ntuser.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter\ntuser.dat.LOG2 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Comms\UnistoreDB\store.jfm - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Comms\UnistoreDB\store.vol - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Comms\UnistoreDB\tmp.edb - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Comms\UnistoreDB\USS.jtx - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Google\Chrome\User Data\Default\Current Session - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Google\Chrome\User Data\Default\Current Tabs - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\UsrClass.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCache\V01.log - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCacheLock.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCoreDb.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCoreDb.jfm - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\edb.log - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\AppData\Roaming\Adobe\CoreSync\GUDE\gude-2018-02-11.log - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Application Data\Adobe\CoreSync\GUDE\gude-2018-02-11.log - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Desktop\New folder\iPhone X\windows-movie-maker-2016.exe » INNO » {pf32}\Windows Live\Photo Gallery\WinMovieMaker.exe - a variant of Win32/Hoax.MovieMaker.A application - cleaned by deleting [1]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Comms\UnistoreDB\store.jfm - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Comms\UnistoreDB\store.vol - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Comms\UnistoreDB\tmp.edb - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Comms\UnistoreDB\USS.jtx - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Google\Chrome\User Data\CrashpadMetrics.pma - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Google\Chrome\User Data\Default\Current Session - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Google\Chrome\User Data\Default\Current Tabs - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\Notifications\WPNPRMRY.tmp - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\UsrClass.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCache\V01.log - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCache\V01tmp.log - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCacheLock.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.LOG2 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCoreDb.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCoreDb.jfm - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\edb.log - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\NTUSER.DAT - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\ntuser.dat.LOG1 - unable to open [4]
C:\Documents and Settings\GeorgeCarter.COMPUTERCENTRIC\ntuser.dat.LOG2 - unable to open [4]
C:\hiberfil.sys - unable to open [4]
C:\pagefile.sys - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\client\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\client\AppvIsvStream64.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Flattener\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Flattener\AppvIsvStream64.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Integration\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Integration\AppvIsvStream64.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\AppvIsvStream64.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Office16\AppvIsvStream64.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\AppvIsvStream64.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\DW\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\EQUATION\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Source Engine\AppvIsvStream32.dll - unable to open [4]
C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\AppvIsvStream64.dll - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jtx - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - unable to open [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.jfm - unable to open [4]
C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat - unable to open [4]
C:\ProgramData\Microsoft\Windows\LfSvc\Geofence\S-1-5-21-2282976797-914681776-56622617-1135_S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Geofence.dat - unable to open [4]
C:\swapfile.sys - unable to open [4]
C:\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat - unable to open [4]
C:\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4]
C:\Users\admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4]
C:\Users\admin\Local Settings\Microsoft\Windows\UsrClass.dat - unable to open [4]
C:\Users\admin\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4]
C:\Users\admin\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4]
C:\Users\admin\NTUSER.DAT - unable to open [4]
C:\Users\admin\ntuser.dat.LOG1 - unable to open [4]
C:\Users\admin\ntuser.dat.LOG2 - unable to open [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\edb.jtx - unable to open [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\edbtmp.jtx - unable to open [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - unable to open [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.jfm - unable to open [4]
C:\Users\All Users\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat - unable to open [4]
C:\Users\All Users\Microsoft\Windows\LfSvc\Geofence\S-1-5-21-2282976797-914681776-56622617-1135_S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742\Geofence.dat - unable to open [4]
C:\Users\GeorgeCarter\NTUSER.DAT - unable to open [4]
C:\Users\GeorgeCarter\ntuser.dat.LOG1 - unable to open [4]
C:\Users\GeorgeCarter\ntuser.dat.LOG2 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Comms\UnistoreDB\store.jfm - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Comms\UnistoreDB\store.vol - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Comms\UnistoreDB\tmp.edb - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Comms\UnistoreDB\USS.jtx - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Google\Chrome\User Data\Default\Current Session - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Google\Chrome\User Data\Default\Current Tabs - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\UsrClass.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCache\V01.log - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Microsoft\Windows\WebCacheLock.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCoreDb.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCoreDb.jfm - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\edb.log - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\AppData\Roaming\Adobe\CoreSync\GUDE\gude-2018-02-11.log - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Application Data\Adobe\CoreSync\GUDE\gude-2018-02-11.log - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Comms\UnistoreDB\store.jfm - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Comms\UnistoreDB\store.vol - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Comms\UnistoreDB\tmp.edb - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Comms\UnistoreDB\USS.jtx - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Google\Chrome\User Data\CrashpadMetrics.pma - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Google\Chrome\User Data\Default\Current Session - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Google\Chrome\User Data\Default\Current Tabs - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\Notifications\WPNPRMRY.tmp - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\UsrClass.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCache\V01.log - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCache\V01tmp.log - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCache\WebCacheV01.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCache\WebCacheV01.jfm - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Microsoft\Windows\WebCacheLock.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCoreDb.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCoreDb.jfm - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ESEDatabase_CortanaCoreInstance\edb.log - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\NTUSER.DAT - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\ntuser.dat.LOG1 - unable to open [4]
C:\Users\GeorgeCarter.COMPUTERCENTRIC\ntuser.dat.LOG2 - unable to open [4]
C:\Windows\appcompat\Programs\Amcache.hve - unable to open [4]
C:\Windows\appcompat\Programs\Amcache.hve.LOG1 - unable to open [4]
C:\Windows\appcompat\Programs\Amcache.hve.LOG2 - unable to open [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - unable to open [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - unable to open [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - unable to open [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - unable to open [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - unable to open [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - unable to open [4]
C:\Windows\SoftwareDistribution\DataStore\DataStore.edb - unable to open [4]
C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm - unable to open [4]
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log - unable to open [4]
C:\Windows\System32\catroot2\edb.log - unable to open [4]
C:\Windows\System32\catroot2\edbtmp.log - unable to open [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - unable to open [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb.jfm - unable to open [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - unable to open [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb.jfm - unable to open [4]
C:\Windows\System32\config\BBI - unable to open [4]
C:\Windows\System32\config\BBI.LOG1 - unable to open [4]
C:\Windows\System32\config\BBI.LOG2 - unable to open [4]
C:\Windows\System32\config\DEFAULT - unable to open [4]
C:\Windows\System32\config\DEFAULT.LOG1 - unable to open [4]
C:\Windows\System32\config\DEFAULT.LOG2 - unable to open [4]
C:\Windows\System32\config\RegBack\DEFAULT - unable to open [4]
C:\Windows\System32\config\RegBack\SAM - unable to open [4]
C:\Windows\System32\config\RegBack\SECURITY - unable to open [4]
C:\Windows\System32\config\RegBack\SOFTWARE - unable to open [4]
C:\Windows\System32\config\RegBack\SYSTEM - unable to open [4]
C:\Windows\System32\config\SAM - unable to open [4]
C:\Windows\System32\config\SAM.LOG1 - unable to open [4]
C:\Windows\System32\config\SAM.LOG2 - unable to open [4]
C:\Windows\System32\config\SECURITY - unable to open [4]
C:\Windows\System32\config\SECURITY.LOG1 - unable to open [4]
C:\Windows\System32\config\SECURITY.LOG2 - unable to open [4]
C:\Windows\System32\config\SOFTWARE - unable to open [4]
C:\Windows\System32\config\SOFTWARE.LOG1 - unable to open [4]
C:\Windows\System32\config\SOFTWARE.LOG2 - unable to open [4]
C:\Windows\System32\config\SYSTEM - unable to open [4]
C:\Windows\System32\config\SYSTEM.LOG1 - unable to open [4]
C:\Windows\System32\config\SYSTEM.LOG2 - unable to open [4]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp - unable to open [4]
Boot sector of disk D: - unable to open [4]
Number of scanned objects: 295955
Number of threats found: 1
Number of cleaned objects: 1
Time of completion: 15:48:42  Total scanning time: 748 sec (00:12:28)
 
Notes:
[1] Object has been deleted as it only contained the virus body.
[4] Object cannot be opened. It may be in use by another application or operating system.


#9 DuskyMaidWeepsIntoPC

DuskyMaidWeepsIntoPC
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 11 February 2018 - 05:27 AM

I really have no idea whats happening at this point, I could not find any advanced setting buttons etc. The sites that were secure with the padlock yesterday are still all showing as not secure, how do I fix that? 



#10 buddy215

buddy215

  • Moderator
  • 13,194 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:51 AM

Posted 11 February 2018 - 06:27 AM

Start a new Topic in the malware removal forum by following the instructions below.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 DuskyMaidWeepsIntoPC

DuskyMaidWeepsIntoPC
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 11 February 2018 - 07:05 AM

Fanbar wont run its blocked?


Sorry FRST wont run its blocked?



#12 DuskyMaidWeepsIntoPC

DuskyMaidWeepsIntoPC
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 11 February 2018 - 07:36 AM

Link to new thread https://www.bleepingcomputer.com/forums/t/670432/a248eakamainet-sites-showing-as-non-secure/



#13 hamluis

hamluis

    Moderator


  • Moderator
  • 55,862 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:51 AM

Posted 11 February 2018 - 08:11 AM

New topic in MRL forum opened...this AII topic is now closed to avoid confusion.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users