Zoltan 0 Posted September 22, 2016 Posted September 22, 2016 Hello. I thought id try and sort out my issue before formatting my drive. I have had massive issues with super slow boot up, security essentials not working, Updates were dissabled. Ran Eset and found 5 infected files. Seems to have fixed partially and still have major boot up issues. I also have a mass of red listed files that are corrupted or error opening. Here is the log. I have also tried to reinstall windows from a disc with the option of saving all my info but it freezes half way. Here is my log. Ive removed a ton of crypto machine keyeroors to fit in post. Many thanks in advance. Log Scan Log Version of virus signature database: 14157 (20160921) Date: 22/09/2016 Time: 2:19:22 AM Scanned disks, folders and files: Operating memory;C:\Boot sector;D:\Boot sector;C:\;D:\ Boot sector of disk C: - error opening [4] Boot sector of disk D: - error opening [4] C:\hiberfil.sys - error opening [4] C:\pagefile.sys - error opening [4] C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktop.cab - error opening [4] C:\ProgramData\Microsoft\Crypto\Keys\3351f3ab8688e90e4e22774c08cb45a2_812b595c-d160-4a20-9743-039483a2ebe9 - error opening [4] C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\febf5f517172ea1f9cc04ad5ef71aa30_812b595c-d160-4a20-9743-039483a2ebe9 - error opening [4] C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\feffbe9c48605b9052bedef20d245a0f_812b595c-d160-4a20-9743-039483a2ebe9 - error opening [4] C:\ProgramData\Microsoft\User Account Pictures\Admin.dat - error opening [4] C:\ProgramData\Microsoft\User Account Pictures\Test.dat - error opening [4] C:\ProgramData\TuneUp Software\TuneUp Utilities 2013\TTUSvclrt.tt - error opening [4] C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms - error opening [4] C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms - error opening [4] C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms - error opening [4] C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms - error opening [4] C:\Users\Admin\NTUSER.DAT - error opening [4] C:\Users\Admin\ntuser.dat.LOG1 - error opening [4] C:\Users\Admin\ntuser.dat.LOG2 - error opening [4] C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf - error opening [4] C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms - error opening [4] C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms - error opening [4] C:\Users\Admin\ntuser.ini - error opening [4] C:\Users\All Users\Microsoft\BingDesktop\Updater\BingDesktop.cab - error opening [4] C:\Users\All Users\Microsoft\Crypto\Keys\3351f3ab8688e90e4e22774c08cb45a2_812b595c-d160-4a20-9743-039483a2ebe9 - error opening [4] C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\00a442bfa0a08424647945d388800b2e_812b595c-d160-4a20-9743-039483a2ebe9 - error opening [4] C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\019aef55168e62c9122230e7965aa535_812b595c-d160-4a20-9743- C:\Users\All Users\Microsoft\User Account Pictures\Admin.dat - error opening [4] C:\Users\All Users\Microsoft\User Account Pictures\Test.dat - error opening [4] C:\Users\All Users\TuneUp Software\TuneUp Utilities 2013\TTUSvclrt.tt - error opening [4] C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0OTS0WAA\iCloud64[1].msi » MSI - archive damaged - the file could not be extracted. C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19NJCEYZ\iTunes64[3].msi » MSI - archive damaged - the file could not be extracted. C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F252QLD4\iTunes6464[2].msi » MSI - archive damaged - the file could not be extracted. C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9OGDUDL\iTunes64[1].msi » MSI - archive damaged - the file could not be extracted. C:\Users\Main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P9OGDUDL\QuickTime[1].msi » MSI - archive damaged - the file could not be extracted. C:\Users\Main\Downloads\FreeMP4VideoConverter.exe » INNO » {tmp}\OCSetupHlp.dll - is OK C:\Users\Main\Downloads\FreeMP4VideoConverter.exe » INNO » {tmp}\OCSetupHlpNonSearch.dll - is OK C:\Users\Main\Downloads\MicrosoftCameraCodecPack-x64.msi » MSI - archive damaged - the file could not be extracted. C:\Users\Test\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms - error opening [4] C:\Users\Test\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms - error opening [4] C:\Users\Test\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms - error opening [4] C:\Users\Test\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms - error opening [4] C:\Users\Test\NTUSER.DAT - error opening [4] C:\Users\Test\ntuser.dat.LOG1 - error opening [4] C:\Users\Test\ntuser.dat.LOG2 - error opening [4] C:\Users\Test\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf - error opening [4] C:\Users\Test\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms - error opening [4] C:\Users\Test\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms - error opening [4] C:\Users\Test\ntuser.ini - error opening [4] C:\Windows\Installer\2775f.msi » MSI » Binary.Reporter - is OK C:\Windows\Installer\2775f.msi » MSI » Binary.ICActs - is OK C:\Windows\Logs\CBS\CBS.log - error opening [4] C:\Windows\Logs\DPX\setupact.log - error opening [4] C:\Windows\Logs\DPX\setuperr.log - error opening [4] C:\Windows\Logs\Gwx\ConfigManager.log - error opening [4] C:\Windows\MEMORY.DMP - error opening [4] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4] C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4] C:\Windows\Panther\UnattendGC\diagerr.xml - error opening [4] C:\Windows\Panther\UnattendGC\diagwrn.xml - error opening [4] C:\Windows\Panther\UnattendGC\setupact.log - error opening [4] C:\Windows\Panther\UnattendGC\setuperr.log - error opening [4] C:\Windows\PLA\System\System Diagnostics.xml - error opening [4] C:\Windows\PLA\System\System Performance.xml - error opening [4] C:\Windows\security\database\secedit.sdb - error opening [4] C:\Windows\System32\restore\MachineGuid.txt - error opening [4] C:\Windows\System32\sysprep\Panther\IE\diagerr.xml - error opening [4] C:\Windows\System32\sysprep\Panther\IE\diagwrn.xml - error opening [4] C:\Windows\System32\sysprep\Panther\IE\setupact.log - error opening [4] C:\Windows\System32\sysprep\Panther\IE\setuperr.log - error opening [4] C:\Windows\System32\winevt\Logs\Application.evtx - error opening [4] C:\Windows\System32\winevt\Logs\HardwareEvents.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Internet Explorer.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Key Management Service.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Media Center.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application Server-Applications%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-CAPI2%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Compat-Appraiser%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-ClientUSBDevices%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx - error opening [4] C:\Windows\System32\winevt\Logs\OAlerts.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Security.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Setup.evtx - error opening [4] C:\Windows\System32\winevt\Logs\System.evtx - error opening [4] C:\Windows\System32\winevt\Logs\TuneUp.evtx - error opening [4] C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx - error opening [4] C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194\dnary.xsd - error opening [4] C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json - error opening [4] C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\utc.app.json - error opening [4] C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\telemetry.ASM-WindowsDefault.json - error opening [4] C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\utc.app.json - error opening [4] C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\telemetry.ASM-WindowsDefault.json - error opening [4] C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\utc.app.json - error opening [4] Number of scanned objects: 372145 Number of threats found: 0 Time of completion: 3:09:29 AM Total scanning time: 3007 sec (00:50:07) Notes: [4] Object cannot be opened. It may be in use by another application or operating system.
ESET Moderators Peter Randziak 1,186 Posted September 26, 2016 ESET Moderators Posted September 26, 2016 Hello Zoltan, please find more info about these errors in our KB article Blue or orange "error opening" notifications in Computer scan log Regards, P.R.
Administrators Marcos 5,468 Posted September 26, 2016 Administrators Posted September 26, 2016 The errors opening files are ok. They are being exclusively used by the operating system, another application or you didn't have sufficient rights to access them. If you are a paying user, you could contact Customer care and provide them with a Process monitor boot log for perusal.
solarman 0 Posted January 31, 2017 Posted January 31, 2017 I am new to ESET, I have ESET NOD32, ..everytime I scan I get error report on every file NOD is trying to scan...Im concerned I have a virus because Firefox crashes a lot and I get a blue screen with a message to restart....might be 2 different issues....I dont know...who can help, how do i know the scan is actually legit
Administrators Marcos 5,468 Posted January 31, 2017 Administrators Posted January 31, 2017 1 hour ago, solarman said: I am new to ESET, I have ESET NOD32, ..everytime I scan I get error report on every file NOD is trying to scan...Im concerned I have a virus because Firefox crashes a lot and I get a blue screen with a message to restart....might be 2 different issues....I dont know...who can help, how do i know the scan is actually legit Probably not on every file as only errors and detection records are logged by default. Please provide some examples of files with the full path that could not be scanned and are not already listed in the log above.
bodangles21 0 Posted February 1, 2017 Posted February 1, 2017 first scan i didnt run my scan under admin so i got a error message saying boot disk c -error opening . soo i looked that up ad found out how to run my scan under admin it scanned the boot disk which i suppose is good but i would have thought it would have had more access to other files and i wouldnt have got sooo many error opening messages. the main messages imy worried about are the microsoft/machinekey./rsa i read somewhere that there is ransome where that likes the microsoft macros and they would be turned off ? again im not computer wizz but im somewhat literate i well post pics if that will provide info that you need to help!! just dont want my computer and gunked up...
Administrators Marcos 5,468 Posted February 1, 2017 Administrators Posted February 1, 2017 Those files in the RSA folder are not related to ransomware but mainly to SSL/TLS secure communication. It's ok that you're getting those errors as the system prevents ESET as well as other applications from accessing them.
bodangles21 0 Posted February 1, 2017 Posted February 1, 2017 6 minutes ago, Marcos said: Those files in the RSA folder are not related to ransomware but mainly to SSL/TLS secure communication. It's ok that you're getting those errors as the system prevents ESET as well as other applications from accessing them. thank you for the help i just looked up the blue and orange open error help page it explained a little to me . i guess my real question is .. if i get a open error just because nod32 cant open it is there still a chance that it is infected? and if soo is there something i coud look for as to deciding if it could be threatening ? or is there a page that shows all these error openings that are threatening so i could look out for them
Pedson 0 Posted February 21, 2017 Posted February 21, 2017 What is the status of this post? I have not seen the above mentioned ..version 6.5?
Administrators Marcos 5,468 Posted February 21, 2017 Administrators Posted February 21, 2017 (edited) 17 hours ago, Pedson said: What is the status of this post? I have not seen the above mentioned ..version 6.5? It was mentioned elsewhere that Endpoint v6.5 and ERA v6.5 are going to be released soon. Stay tuned As for the errors opening certain files, you can use the filter feature to hide them in a scan log. Edited February 22, 2017 by Marcos Release date removed
Recommended Posts