Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #31  
Old November 26th, 2018, 12:36 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
I was just going over what you said to do above and I messed up. When I ran Frst I hit scan and then hit fix when scan was done, when I should have just hit fix. Do you want me to do it right before we move forward?

sorry
kuzzz
Reply With Quote


  #32  
Old November 26th, 2018, 12:39 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
and yes that file is familiar it's about identifying mushrooms.
Reply With Quote
  #33  
Old November 26th, 2018, 06:13 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
What you messed up ? I do not fully understand,what messed you up ? But no problem. We are solve to together. You can ımplement ,the instructions last I gave you.
--------------
C:\Users\Dodi's\AppData\Roaming\.backup.dm

Is this file a Norton Security with Backup file?
Reply With Quote
  #34  
Old November 26th, 2018, 08:41 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
I don't think it''s a Norton back up I never set norton up to do backups. ok I'll do your last instructions now and post the logs
Reply With Quote
  #35  
Old November 26th, 2018, 09:25 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/26/18
Scan Time: 12:06 PM
Log File: b46ad870-f1b6-11e8-b2b8-74d435fad756.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.8031
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dodis-PC\Dodi's

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 253997
Threats Detected: 6
Threats Quarantined: 6
Time Elapsed: 8 min, 30 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
PUP.Optional.WinYahoo.TskLnk, C:\USERS\DODI'S\APPDATA\LOCAL\{8F95B9C9-AB3D-D571-C6A5-F099E2CD0C01}, Quarantined, [714], [484244],1.0.8031

File: 5
PUP.Optional.WinYahoo.TskLnk, C:\USERS\DODI'S\APPDATA\LOCAL\{8F95B9C9-AB3D-D571-C6A5-F099E2CD0C01}\tali, Quarantined, [714], [484244],1.0.8031
PUP.Optional.WinYahoo.TskLnk, C:\Users\Dodi's\AppData\Local\{8F95B9C9-AB3D-D571-C6A5-F099E2CD0C01}\info.dat, Quarantined, [714], [484244],1.0.8031
PUP.Optional.WinYahoo.TskLnk, C:\Users\Dodi's\AppData\Local\{8F95B9C9-AB3D-D571-C6A5-F099E2CD0C01}\install.log, Quarantined, [714], [484244],1.0.8031
PUP.Optional.WinYahoo.TskLnk, C:\Users\Dodi's\AppData\Local\{8F95B9C9-AB3D-D571-C6A5-F099E2CD0C01}\Sqlite3.dll, Quarantined, [714], [484244],1.0.8031
PUP.Optional.WinYahoo.TskLnk, C:\Users\Dodi's\AppData\Local\{8F95B9C9-AB3D-D571-C6A5-F099E2CD0C01}\uninst.dat, Quarantined, [714], [484244],1.0.8031

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
Reply With Quote
  #36  
Old November 26th, 2018, 09:27 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2018 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/26/2018 11:51:42 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/26/2018 11:52:19 AM
Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)
Reply With Quote
  #37  
Old November 27th, 2018, 06:29 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Hi kuzzz,

Please do this,

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop
  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad
If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

================================================== =

ESET Online Scanner:

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.
  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Delete found harmful. Place a checkmark at Delete application's data on close, click Finish and close the program.
Don't forget to re-enable previously switched-off protection software!

Regards
Reply With Quote
  #38  
Old November 27th, 2018, 11:16 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
I've ran the two software programs. You said to have ESET to delete found threats but what it is calling threats some of which are licensed programs that I have used for many years. Will I still be able to use after ESET does it's clean after closing?
Reply With Quote
  #39  
Old November 27th, 2018, 11:17 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
C:\Program Files (x86)\Freemake\Freemake Video Downloader\SetupUpdate.exe a variant of Win32/Freemake.A potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\burnsetup_v4.40.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\expressburn.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\uninst.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\ProgramData\InstallMate\{36E0103B-1DC9-D89C-EE65-19F432CCE146}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\ProgramData\InstallMate\{4E1B13CC-A0E1-48FA-7E03-A4DC4A37E2B1}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\ProgramData\InstallMate\{5B5B8F51-56D0-A5B2-934B-52ED5F777E2C}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\ProgramData\InstallMate\{722D478E-0433-8438-B2C1-000E7601B6F3}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\ProgramData\InstallMate\{FE325A09-1538-F07A-C683-1105FA1EAB74}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\Users\All Users\InstallMate\{36E0103B-1DC9-D89C-EE65-19F432CCE146}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\Users\All Users\InstallMate\{4E1B13CC-A0E1-48FA-7E03-A4DC4A37E2B1}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\Users\All Users\InstallMate\{5B5B8F51-56D0-A5B2-934B-52ED5F777E2C}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\Users\All Users\InstallMate\{722D478E-0433-8438-B2C1-000E7601B6F3}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\Users\All Users\InstallMate\{FE325A09-1538-F07A-C683-1105FA1EAB74}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\Users\Dodi's\Downloads\FreemakeVideoConverterSe tup.exe a variant of Win32/Freemake.A potentially unwanted application
C:\Users\Dodi's\Downloads\FreemakeVideoDownloaderS etup(1).exe a variant of Win32/Freemake.A potentially unwanted application
C:\Users\Dodi's\Downloads\FreemakeVideoDownloaderS etup.exe a variant of Win32/Freemake.A potentially unwanted application
C:\Users\Dodi's\Downloads\SOFTWARE\expressburn-4-42-2011-08-22.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Dodi's\Downloads\SOFTWARE\OffercastInstal ler_AVR_U-0051-01-P_.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
Autostart locations a variant of Win32/Toolbar.Conduit.J potentially unwanted application,a variant of Win32/Toolbar.Conduit.H potentially unwanted application unable to open
Reply With Quote
  #40  
Old November 27th, 2018, 11:18 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
RogueKiller Anti-Malware V13.0.14.0 (x64) [Nov 27 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Dodi's [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Standard Scan, Scan -- Date : 2018/11/27 12:09:59 (Duration : 00:24:44)
Switches : -refid 3

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> XX - System Policies
[PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System|ConsentPromptBehaviorAd min -- 0 -> Found
[PUM.Policies (Potentially Malicious)] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System|ConsentPromptBehaviorAd min -- 0 -> Found
>>>>>> XX - Explorer Advanced
[PUM.StartMenu (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-1448708669-323945309-3416342945-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced|Start_ShowMyGames -- 0 -> Found
[PUM.StartMenu (Potentially Malicious)] (X86) HKEY_USERS\S-1-5-21-1448708669-323945309-3416342945-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced|Start_ShowMyGames -- 0 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1 (Potentially Malicious)] (folder) eSupport.com -- C:\Users\Dodi's\AppData\Local\eSupport.com -> Found
[PUP.Gen1 (Potentially Malicious)] (folder) eSupport.com -- C:\Users\Dodi's\AppData\Local\eSupport.com -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Reply With Quote
  #41  
Old November 28th, 2018, 07:56 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
Files infected with Conduit.J will be deleted.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off if exist "%temp%\log.txt" del "%temp%\log.txt"  

for %%g in (  

"C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\burnsetup_v4.40.exe" "C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\expressburn.exe "
 "C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\uninst.exe " 

"C:\Users\Dodi's\Downloads\SOFTWARE\expressburn-4-42-2011-08-22.exe"
 "C:\Users\Dodi's\Downloads\SOFTWARE\OffercastInstal ler_AVR_U-0051-01-P_.exe " 

  ) do ( 

del /a/f/q %%g >nul 2>&1 if exist %%g echo.%%~g>>"%temp%\log.txt" ) 

 for %%g in (  

"C:\Users\Dodi's\AppData\Local\eSupport.com"
 "C:\ProgramData\InstallMate"
"C:\Users\All Users\InstallMate"

  ) do ( 

rd /s/q %%g >nul 2>&1 

if exist %%g echo.%%~g>>"%temp%\log.txt" 

)  

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" 

) else echo.Deleted Successfully !!  

pause del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.
Reply With Quote
  #42  
Old November 28th, 2018, 09:22 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
I had ESET clean all but my freemake premium

kuzzz
Reply With Quote
  #43  
Old November 28th, 2018, 09:26 PM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
12:45:01 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.22.0
# EOSSerial=571491fb142ac34fa30db708e4f03afa
# end=init
# utc_time=2018-11-27 20:44:59
# local_time=2018-11-27 12:44:59 (-0800, Pacific Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
12:47:00 Updating
12:47:00 Update Init
12:47:02 Update Download
12:48:41 esets_scanner_reload returned 0
12:48:41 g_uiModuleBuild: 39535
12:48:41 Update Finalize
12:48:41 Call m_esets_charon_send
12:48:41 Call m_esets_charon_destroy
12:48:42 Updated modules version: 39535
12:48:52 Call m_esets_charon_setup_create
12:48:52 Call m_esets_charon_create
12:48:52 m_esets_charon_create OK
12:48:52 Call m_esets_charon_start_send_thread
12:48:52 Call m_esets_charon_setup_set
12:48:52 m_esets_charon_setup_set OK
12:48:52 Scanner engine: 39535
11:54:31 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.22.0
# EOSSerial=571491fb142ac34fa30db708e4f03afa
# engine=39535
# end=finished
# bannerClicked=0
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2018-11-28 19:54:30
# local_time=2018-11-28 11:54:30 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton Security'
# compatibility_mode=3615 16777213 100 100 0 1280053 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 121307746 294978320 0 0
# scanned=268493
# found=32
# cleaned=12
# scan_time=4714
sh=CE18C7BEE9E562FE4056E007BEB360CCB601C98D ft=1 fh=0000000000000000 vn="a variant of Win32/Freemake.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Freemake\Freemake Video Downloader\SetupUpdate.exe"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{36E0103B-1DC9-D89C-EE65-19F432CCE146}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{4E1B13CC-A0E1-48FA-7E03-A4DC4A37E2B1}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{5B5B8F51-56D0-A5B2-934B-52ED5F777E2C}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{722D478E-0433-8438-B2C1-000E7601B6F3}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{FE325A09-1538-F07A-C683-1105FA1EAB74}\_Setupx.dll"
sh=02340518A6D1479CFE6EBEE7B76D4841C496B3FF ft=1 fh=0000000000000000 vn="a variant of Win32/Freemake.A potentially unwanted application" ac=I fn="C:\Users\Dodi's\Downloads\FreemakeVideoDownloa derSetup.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application,a variant of Win32/Toolbar.Conduit.H potentially unwanted application (unable to open)" ac=I fn="${Startup}"
sh=C85DDA97D2921D5A612913F8A6F40C6D6900E209 ft=1 fh=0000000000080670 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (deleted)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\burnsetup_v4.40.exe"
sh=1418EA88B7B8BC9C9CBB139B2C8C21BB4101F2C7 ft=1 fh=0000000000132c04 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\expressburn.exe"
sh=D3A2C2087C291E14F451EBC4A41D26D0EAA8C374 ft=1 fh=0000000000132c04 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\uninst.exe"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{36E0103B-1DC9-D89C-EE65-19F432CCE146}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{4E1B13CC-A0E1-48FA-7E03-A4DC4A37E2B1}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{5B5B8F51-56D0-A5B2-934B-52ED5F777E2C}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{722D478E-0433-8438-B2C1-000E7601B6F3}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{FE325A09-1538-F07A-C683-1105FA1EAB74}\_Setupx.dll"
sh=28B09A9C0D22E91B023F5C592E53B6121C4A6CA0 ft=1 fh=00000000000f6cb0 vn="a variant of Win32/Freemake.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Dodi's\Downloads\FreemakeVideoConvert erSetup.exe"
sh=406701A1FF2557B3D84890B32AD6C9C9BB2EEAE7 ft=1 fh=00000000000f6e28 vn="a variant of Win32/Freemake.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Dodi's\Downloads\FreemakeVideoDownloa derSetup(1).exe"
sh=1F7F59E84C3535D35FEE802A597FAD9B2EAE1BE8 ft=1 fh=00000000000a0470 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted)" ac=C fn="C:\Users\Dodi's\Downloads\SOFTWARE\expressbur n-4-42-2011-08-22.exe"
sh=86CF23AF19391F5CE58964320D72DFD864F64742 ft=1 fh=00000000000df940 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Dodi's\Downloads\SOFTWARE\OffercastIn staller_AVR_U-0051-01-P_.exe"
11:54:36 Call m_esets_charon_send
11:54:36 Call m_esets_charon_destroy
Reply With Quote
  #44  
Old November 28th, 2018, 09:53 PM
olgun52's Avatar
olgun52 olgun52 is offline
Malware Removal Team
 
Join Date: Feb 2014
O/S: Windows 10 Pro
Location: Europa
Posts: 2,029
The freemake files are false positive. So no problem for them. Are there any problems?


EDİT: Did you deleted files found with Eset , you? I guess I didn't ask for deletion.



You just need to do the operations I gave.


Did you run the Fix.bat file?

Last edited by olgun52; November 28th, 2018 at 10:05 PM.
Reply With Quote
  #45  
Old November 29th, 2018, 02:26 AM
kuzzz's Avatar
kuzzz kuzzz is offline
CTH Subscriber
 
Join Date: May 2003
O/S: Windows 7 64-bit
Location: california
Posts: 1,605
12:45:01 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.22.0
# EOSSerial=571491fb142ac34fa30db708e4f03afa
# end=init
# utc_time=2018-11-27 20:44:59
# local_time=2018-11-27 12:44:59 (-0800, Pacific Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
12:47:00 Updating
12:47:00 Update Init
12:47:02 Update Download
12:48:41 esets_scanner_reload returned 0
12:48:41 g_uiModuleBuild: 39535
12:48:41 Update Finalize
12:48:41 Call m_esets_charon_send
12:48:41 Call m_esets_charon_destroy
12:48:42 Updated modules version: 39535
12:48:52 Call m_esets_charon_setup_create
12:48:52 Call m_esets_charon_create
12:48:52 m_esets_charon_create OK
12:48:52 Call m_esets_charon_start_send_thread
12:48:52 Call m_esets_charon_setup_set
12:48:52 m_esets_charon_setup_set OK
12:48:52 Scanner engine: 39535
11:54:31 # product=EOS
# version=8
# flags=0
# esetonlinescanner_enu.exe=2.0.22.0
# EOSSerial=571491fb142ac34fa30db708e4f03afa
# engine=39535
# end=finished
# bannerClicked=0
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# sfx_checked=true
# utc_time=2018-11-28 19:54:30
# local_time=2018-11-28 11:54:30 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton Security'
# compatibility_mode=3615 16777213 100 100 0 1280053 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 121307746 294978320 0 0
# scanned=268493
# found=32
# cleaned=12
# scan_time=4714
sh=CE18C7BEE9E562FE4056E007BEB360CCB601C98D ft=1 fh=0000000000000000 vn="a variant of Win32/Freemake.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Freemake\Freemake Video Downloader\SetupUpdate.exe"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{36E0103B-1DC9-D89C-EE65-19F432CCE146}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{4E1B13CC-A0E1-48FA-7E03-A4DC4A37E2B1}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{5B5B8F51-56D0-A5B2-934B-52ED5F777E2C}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{722D478E-0433-8438-B2C1-000E7601B6F3}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=0000000000000000 vn="a variant of Win32/InstalleRex.T potentially unwanted application" ac=I fn="C:\Users\All Users\InstallMate\{FE325A09-1538-F07A-C683-1105FA1EAB74}\_Setupx.dll"
sh=02340518A6D1479CFE6EBEE7B76D4841C496B3FF ft=1 fh=0000000000000000 vn="a variant of Win32/Freemake.A potentially unwanted application" ac=I fn="C:\Users\Dodi's\Downloads\FreemakeVideoDownloa derSetup.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application,a variant of Win32/Toolbar.Conduit.H potentially unwanted application (unable to open)" ac=I fn="${Startup}"
sh=C85DDA97D2921D5A612913F8A6F40C6D6900E209 ft=1 fh=0000000000080670 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (deleted)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\burnsetup_v4.40.exe"
sh=1418EA88B7B8BC9C9CBB139B2C8C21BB4101F2C7 ft=1 fh=0000000000132c04 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\expressburn.exe"
sh=D3A2C2087C291E14F451EBC4A41D26D0EAA8C374 ft=1 fh=0000000000132c04 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Program Files (x86)\NCH Swift Sound\ExpressBurn\uninst.exe"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{36E0103B-1DC9-D89C-EE65-19F432CCE146}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{4E1B13CC-A0E1-48FA-7E03-A4DC4A37E2B1}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{5B5B8F51-56D0-A5B2-934B-52ED5F777E2C}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{722D478E-0433-8438-B2C1-000E7601B6F3}\_Setupx.dll"
sh=FA779F81801055DDA08B321C108A03AD7595C467 ft=1 fh=000000000000a000 vn="a variant of Win32/InstalleRex.T potentially unwanted application (cleaned by deleting)" ac=C fn="C:\ProgramData\InstallMate\{FE325A09-1538-F07A-C683-1105FA1EAB74}\_Setupx.dll"
sh=28B09A9C0D22E91B023F5C592E53B6121C4A6CA0 ft=1 fh=00000000000f6cb0 vn="a variant of Win32/Freemake.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Dodi's\Downloads\FreemakeVideoConvert erSetup.exe"
sh=406701A1FF2557B3D84890B32AD6C9C9BB2EEAE7 ft=1 fh=00000000000f6e28 vn="a variant of Win32/Freemake.A potentially unwanted application (cleaned by deleting)" ac=C fn="C:\Users\Dodi's\Downloads\FreemakeVideoDownloa derSetup(1).exe"
sh=1F7F59E84C3535D35FEE802A597FAD9B2EAE1BE8 ft=1 fh=00000000000a0470 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application (deleted)" ac=C fn="C:\Users\Dodi's\Downloads\SOFTWARE\expressbur n-4-42-2011-08-22.exe"
sh=86CF23AF19391F5CE58964320D72DFD864F64742 ft=1 fh=00000000000df940 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (cleaned by deleting)" ac=C fn="C:\Users\Dodi's\Downloads\SOFTWARE\OffercastIn staller_AVR_U-0051-01-P_.exe"
11:54:36 Call m_esets_charon_send
11:54:36 Call m_esets_charon_destroy
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 05:24 PM.