Jump to content

Not finding malware

katiemoran1

By katiemoran1
in Resolved Malware Removal Logs

 Share

Recommended Posts

katiemoran1

katiemoran1

Posted
  • Author
Posted

I ran Emisoft and here are the results. Now that I did that, my disk space is at 25-30%.  I haven't seen it below 99 in a long time, so that's good.  Can you look at the log and tell me what I should do about that User03960945?  That was one of the users I had never heard of that had copies of all my files in it.  I tried to delete it. 

eset924.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Those executables are installation files for ZoneAlarm, there is no reason to keep them or the unknown user. Did you buy this PC second hand..?

Continue..

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me see that log in your reply, also tell me if there are any remaining issues or concerns...

Thanks,

Kevin

fixlist.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

That log has no contents, can you use reply #28 again... When that completes do the following:

Download Portable Windows Repair (all in one) from one of the following:

www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html

https://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Unzip the contents into a newly created folder on your desktop.

Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode

Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

From the main GUI do the following:

Select Tab 5 to make Registry backup, use the recommended option...

user posted image

When complete select "Repairs" tab, from there select "Open Repairs" tab..

From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab....

user posted image

When complete re-boot your system to Normal mode, see if there is any improvement...

Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt
 
Post those logs, also check to see if updates work now..
Link to post
Share on other sites
katiemoran1

katiemoran1

Posted
  • Author
Posted

Zemana ran and these are the results.  Should I repair?

Zemana AntiMalware 2.74.2.150 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2018/9/27
Operating System       : Windows 8.1 64-bit
Processor              : 2X Intel(R) Pentium(R) CPU G2020 @ 2.90GHz
BIOS Mode              : UEFI
CUID                   : 126EA662F131175486404F
Scan Type              : System Scan
Duration               : 100m 7s
Scanned Objects        : 410566
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Security Center Disabled
Status             : Scanned
Object             : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Potentially Unwanted Modification
Cleaning Action    : Repair
Related Objects    :
                Registry Entry - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\DelayedAutoStart = disabled

CovenantEyesProxy (61335)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CD4431B0ED261DFB58DA34C3FB4999AA6085AC16\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CD4431B0ED261DFB58DA34C3FB4999AA6085AC16\Blob =

5C0000000100000004000000000800001900000001000000100000002C4214FE5D0E3FB2BD90AA93C7FCE7030F00000001000000200000002CE97A8BD9FAE57A0B6C35876C33B94DBED83E950A5B7D63F4C360770D17D38103000000010

0000014000000CD4431B0ED261DFB58DA34C3FB4999AA6085AC1614000000010000001400000070BB8B0976518F06CBCA1B7067D024A6704A1479040000000100000010000000FA60822FB8322FDB1D6DE7562340E55A20000000010000

00230300003082031F30820207A0030201020204F26453D7300D06092A864886F70D01010B05003031310B30090603550406130255533122302006035504030C19436F76656E616E744579657350726F78792028363133333529301E170

D3137303930343033333030325A170D3230303630313033333030325A3031310B30090603550406130255533122302006035504030C19436F76656E616E744579657350726F7879202836313333352930820122300D06092A864886F70D

01010105000382010F003082010A0282010100ADF34B03F3F1FFA92F7B2EE31FFA0C1A92C477C148C051F1F09FB627A99D207654A65D63F35B35461985A3B2CB0DF059EF0EE22919CFC077F9B964A9058692CCBF23C4F70CC4B6B67EF8B

F6E3AC02D2AB9AABB4A531F1941882DEAFD1CB1D11B4C8789CAB50FE25F51AEB84027D0C38EA0B0B36D79350E60F3D47A8FA2D94D68C84FC854648FBB3DDD6E2BCB11C29A0831C400059FFCD125EB1B74794C503CC1FAE40BE6271C5155

A1F1653E263D90E6F1B27D175AD39E3BA35E1C4B85CE629527EBE6C0783A93E5FF534390C4D71BBE44F0DDE8D54FA951331D331927E3416E7501AFCCFEA4BF1729CB985A1152A9EB4FBD8261C568323FD0BEE8C7FB6506B50203010001A

33F303D300F0603551D130101FF040530030101FF300B0603551D0F040403020204301D0603551D0E0416041470BB8B0976518F06CBCA1B7067D024A6704A1479300D06092A864886F70D01010B050003820101001C29EA62AEA10F881E

9DC28F6577D23CFC41847494E751EC453AB6EDB34DD838E099572432760CFA42492F38829F5C177736F29ABFBE08A9CF7952CA0636B79BE89542AA3150E782049C29A95496723D09F7A88867A98F9BDFF758F28980DB84313C718445295

0242C76F1211ABD95226E30A1237C595ADBE1597FB8A42CCAB6BB9452DDA233C8354527D08E016221A01683A86B941AADC1F8A027A3455AEDA44294F12E6D1141C043EE5572F192AEA17B08B11F772A2CD8ACD15CF435FF52F9F7E7AD05

AA57729FE96E9BF93AD604A370BA3A8631D8A0B68CA4209AC44842CE39A45E0B4E4B50AADBE080D6929A8ABC451DB4276D614E6F27EF47BACC83E5BC

CovenantEyesProxy (35924)
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\81E6AB2CE80AC89F2FCFC15505F857C04EB3DFA2\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\81E6AB2CE80AC89F2FCFC15505F857C04EB3DFA2\Blob =

190000000100000010000000C9DE311F85F06A03DC610E6E8749D4C50F0000000100000020000000AD53A71ED23753DCAC3CB1F512F5DA7C3BEEF9AB766DF99DD5F182887C7B49BD03000000010000001400000081E6AB2CE80AC89F2FC

FC15505F857C04EB3DFA2140000000100000014000000A44B708CCA841B271A660736C91D296274807EE92000000001000000230300003082031F30820207A0030201020204A8103AD4300D06092A864886F70D01010B05003031310B30

090603550406130255533122302006035504030C19436F76656E616E744579657350726F78792028333539323429301E170D3137303432353133353934325A170D3230303132313133353934325A3031310B30090603550406130255533

122302006035504030C19436F76656E616E744579657350726F7879202833353932342930820122300D06092A864886F70D01010105000382010F003082010A0282010100A5C4F98E428141C3AE8D37A142E31E362A2D573D6E36C52996

D5A43FE3FA210A67FB92BCC76C33F8E701197F6013F956C1351CCB8959485B3836C6EB3E19731C2CE0DD8BA3FD42298401D508D77B7702130BB3B0ECC3BB6D934E5D057EFAC84E83167F912ED922ABB518BEF443D3896FDDD16B61C2E93

F2EE2226F4197883C79618FAA12DA31A6AA94A0F080719541D60C7B9B8F583BDCE8AF7F9B29596FE8013A261216A0FBDDE2C386822122B8244D9C490097C926BEE9BF0BB26349C2C51FBCAA0D9446FE4B450199D612F4FAC3BF952BD5AF

7709049ED63AD209EC897188AA4D023A197BF96EBE10D3B5993F95AA5A94289FB6E10230D6A94DABD83A7D250203010001A33F303D300F0603551D130101FF040530030101FF300B0603551D0F040403020204301D0603551D0E0416041

4A44B708CCA841B271A660736C91D296274807EE9300D06092A864886F70D01010B050003820101004296D158EBC9FFDDF7D773D5971E923F565FD6CDADDE7B2BE38A940CEE4C3A29D24CB9941001872E3750B492E71ECAB4D1DE7830E8

049BEB9E32DE84F3DD6643027518D820CBB12506F61B1DCB9B4267E13AC5D9F92CDC4B4C53CE3898D6C0ABFCFD8D00DE987238216CC19CBF86DAE102FCFCBAD10E063A5B47ECCCE965B8B830E973387FB394B2172443A0F79007F762308

300BA0B96AEE163EF495DED5B4FC3960E93F00E8EC2A9014669F091DAC0B5C93B009EE905130EDCF38971BF81BD8490798441E5C20DEA3B4C96C94B476DB718C8BAAA67B238D531EFFC4BAA39A6FA7D9DBDB8A2B636D6AAA8E5F7D519CD

56CACFB84E0E9F90254D9F6122A1B675

 

_Windows_Repair_Log.txt

Link to post
Share on other sites
  • 2 weeks later...
kevinf80

kevinf80

Posted
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.