Dave 0 Posted April 3, 2016 Share Posted April 3, 2016 LogScan LogVersion of virus signature database: 13274 (20160402)Date: 4/3/2016 Time: 2:20:56 PMScanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\Boot sector of disk C: - error opening [4]Boot sector of disk D: - error opening [4]C:\hiberfil.sys - error opening [4]C:\pagefile.sys - error opening [4]C:\ProgramData\Microsoft\Crypto\Keys\3d437992c9a6f048bc22a9e696037153_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\10ece545f1af38978de3bb4ab1921a61_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\345f3ad9475df9b40c35c2aea661e1af_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9fae34777dd6f5dcb77c31965e55c608_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab7068cfe5c354053edbec483a3d204a_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\ProgramData\Microsoft\User Account Pictures\Dave187.dat - error opening [4]C:\Users\182\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9158V559\url[1].htm - HTML/Refresh.BC trojan - cleaned by deleting [1]C:\Users\All Users\Microsoft\Crypto\Keys\3d437992c9a6f048bc22a9e696037153_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\10ece545f1af38978de3bb4ab1921a61_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\345f3ad9475df9b40c35c2aea661e1af_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9fae34777dd6f5dcb77c31965e55c608_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ab7068cfe5c354053edbec483a3d204a_e7c61dac-5d32-4467-bc32-257dd2e03583 - error opening [4]C:\Users\All Users\Microsoft\User Account Pictures\Dave187.dat - error opening [4]C:\Windows\Logs\CBS\CBS.log - error opening [4]C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]C:\Windows\Panther\UnattendGC\diagerr.xml - error opening [4]C:\Windows\Panther\UnattendGC\diagwrn.xml - error opening [4]C:\Windows\Panther\UnattendGC\setupact.log - error opening [4]C:\Windows\Panther\UnattendGC\setuperr.log - error opening [4]C:\Windows\PLA\System\System Diagnostics.xml - error opening [4]C:\Windows\PLA\System\System Performance.xml - error opening [4]C:\Windows\security\database\secedit.sdb - error opening [4]C:\Windows\System32\restore\MachineGuid.txt - error opening [4]C:\Windows\System32\sysprep\Panther\IE\diagerr.xml - error opening [4]C:\Windows\System32\sysprep\Panther\IE\diagwrn.xml - error opening [4]C:\Windows\System32\sysprep\Panther\IE\setupact.log - error opening [4]C:\Windows\System32\sysprep\Panther\IE\setuperr.log - error opening [4]C:\Windows\System32\winevt\Logs\Application.evtx - error opening [4]C:\Windows\System32\winevt\Logs\HardwareEvents.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Internet Explorer.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Key Management Service.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Media Center.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-API-Tracing%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppID%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Authentication User Interface%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-BitLocker-DrivePreparationTool%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-MTPEnum%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCache%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSync%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-DhcpNap%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapHost%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-EventCollector%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-FMS%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Folder Redirection%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Listener Service%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-IKE%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-International-RegionalOptionsControlPanel%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Iphlpsvc%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-MCT%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-NTLM%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-PeopleNearMe%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoostDriver%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Recovery%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\microsoft-windows-RemoteDesktopServices-RemoteDesktopSessionManager%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Audit-Configuration-Client%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ServerUSBDevices%4Admin.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ServerUSBDevices%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-VDRVROOT%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-VHDMP%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WFP%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-ClassInstaller%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-CompositeClassDriver%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Security.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Setup.evtx - error opening [4]C:\Windows\System32\winevt\Logs\System.evtx - error opening [4]C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx - error opening [4]C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194\dnary.xsd - error opening [4]Number of scanned objects: 73437Number of threats found: 1Number of cleaned objects: 1Time of completion: 2:22:11 PM Total scanning time: 75 sec (00:01:15) Notes:[1] Object has been deleted as it only contained the virus body.[4] Object cannot be opened. It may be in use by another application or operating system. Can anyone please help me fix this? Thanks Link to comment Share on other sites More sharing options...
Most Valued Members cyberhash 197 Posted April 3, 2016 Most Valued Members Share Posted April 3, 2016 Quickscan with .... hxxp://quickscan.bitdefender.com/Then maybe check with malwarebytes free version Link to comment Share on other sites More sharing options...
itman 1,754 Posted April 3, 2016 Share Posted April 3, 2016 According to this: hxxp://www.virusradar.com/en/HTML_Refresh/detail , the malware is actually located in a web page. What Eset removed was the URL reference to the malware that was located in the browser cache. I believe your PC is now clear of any malware. You can always post in the Eset forum malware removal area for further assistance and/or a second opinion. Link to comment Share on other sites More sharing options...
Recommended Posts