Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Removal [Solved]

Started by Renita123 , May 04 2015 02:48 PM

  • This topic is locked This topic is locked

#16
Renita123
Posted 12 May 2015 - 10:05 AM

Renita123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015
Ran by Renita at 2015-05-12 09:35:51 Run:1
Running from C:\Users\Renita\Desktop
Loaded Profiles: Renita (Available profiles: Renita & QBDataServiceUser21)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses: 
HKU\S-1-5-21-3026445660-3059579512-81386765-1000\...\MountPoints2: O - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3026445660-3059579512-81386765-1000\...\MountPoints2: {34f5116b-4b37-11e3-ac06-f04da2da6240} - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3026445660-3059579512-81386765-1000\...\MountPoints2: {5b4495a7-adfa-11e0-82bd-f04da2da6240} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3026445660-3059579512-81386765-1000\...\MountPoints2: {adeb7974-0218-11e4-8232-f04da2da6240} - "O:\WD SmartWare.exe" autoplay=true
URLSearchHook: HKU\S-1-5-21-3026445660-3059579512-81386765-1000 - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {FD44EDF6-5F68-43B1-BF57-03FE9B8B6565} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3026445660-3059579512-81386765-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-3026445660-3059579512-81386765-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3026445660-3059579512-81386765-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\Users\Renita\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpalkkou.dll
C:\Users\Renita\AppData\Local\Temp\Quarantine.exe
C:\Users\Renita\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Renita\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Renita\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Renita\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Renita\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe No File
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll No File
CustomCLSID: HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Renita\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {85D2A057-ADCB-4967-A1F0-EE56185BFAC6} - \SymformServicesRestart No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:E138854D
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot: 
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34f5116b-4b37-11e3-ac06-f04da2da6240}" => Key deleted successfully.
HKCR\CLSID\{34f5116b-4b37-11e3-ac06-f04da2da6240} => Key not found. 
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b4495a7-adfa-11e0-82bd-f04da2da6240}" => Key deleted successfully.
HKCR\CLSID\{5b4495a7-adfa-11e0-82bd-f04da2da6240} => Key not found. 
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adeb7974-0218-11e4-8232-f04da2da6240}" => Key deleted successfully.
HKCR\CLSID\{adeb7974-0218-11e4-8232-f04da2da6240} => Key not found. 
HKU\S-1-5-21-3026445660-3059579512-81386765-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FD44EDF6-5F68-43B1-BF57-03FE9B8B6565}" => Key deleted successfully.
HKCR\CLSID\{FD44EDF6-5F68-43B1-BF57-03FE9B8B6565} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => Key not found. 
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => Key deleted successfully.
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
HKU\S-1-5-21-3026445660-3059579512-81386765-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. 
"C:\Users\Renita\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpalkkou.dll" => File/Directory not found.
C:\Users\Renita\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Renita\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}" => Key deleted successfully.
"HKU\S-1-5-21-3026445660-3059579512-81386765-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85D2A057-ADCB-4967-A1F0-EE56185BFAC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85D2A057-ADCB-4967-A1F0-EE56185BFAC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SymformServicesRestart" => Key deleted successfully.
C:\ProgramData\TEMP => ":E138854D" ADS removed successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{2B832EFA-430A-4A9A-B27D-4E1372442AD6} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-3026445660-3059579512-81386765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3026445660-3059579512-81386765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => Removed 348.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 09:37:42 ====

  • 0

Advertisements

#17
Naathim
Posted 12 May 2015 - 02:42 PM

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
OK. The fix went fine, time to deploy some additional scanners.



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.



ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
  • 0

#18
Renita123
Posted 15 May 2015 - 04:03 PM

Renita123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I am doing the ESET scann now.
 
Renita
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/15/2015
Scan Time: 3:17:16 PM
Logfile: Malwarebytes scan log.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.15.05
Rootkit Database: v2015.05.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Renita
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 422675
Time Elapsed: 23 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Enabled
Heuristics: Disabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#19
Renita123
Posted 18 May 2015 - 09:17 AM

Renita123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=08d0a2d8b5185e4ab63021a363d339e3
# engine=23870
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-16 08:07:45
# local_time=2015-05-16 02:07:45 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 0 102981687 0 0
# scanned=350865
# found=149
# cleaned=0
# scan_time=79677
sh=886271A59B6E513DE79B853354A67CB9D0B6F9E0 ft=1 fh=e47de79839fbeae1 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Ask\APN-Stub\AD5\APNIC.dll.vir"
sh=19ABED924F5E4119D9EBFD9DD7BF69C79904506B ft=1 fh=ee623ebd11056392 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Renita\Downloads\KeyFinderInstaller.exe"
sh=D8CC99E55B13E0965239AFE51F49996537A17DA7 ft=1 fh=3044abf3494d8a5c vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Users\Renita\Dropbox\prismpsetup.exe"
sh=89219C4E77EA8025CADD22402B5488AC16A7DB7F ft=1 fh=4a8914328a8b3943 vn="Win32/InstallCore.BL potentially unwanted application" ac=I fn="C:\Users\Renita\Dropbox\VideoConverterSetup.exe"
sh=3F8C252FB23BA08DFD22ADB9629EAE59CFA6B272 ft=1 fh=82bd1f5134a53deb vn="Win32/Toolbar.Conduit.S potentially unwanted application" ac=I fn="C:\Users\Renita\Dropbox\video_downloader.exe"
sh=02BF65A36379C255942FF7B97B1DBDB4BF55B115 ft=1 fh=868d601d593f63a5 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Renita\Dropbox\Downloads\mediawidgettrialtype40setup.exe"
sh=EBC38664FF465DDFEB5801630A910CFF93542643 ft=1 fh=f8f150d8a90f918b vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Users\Renita\Dropbox\Downloads\switchsetup.exe"
sh=1248AAB8268616C0FCE8DB838DF102A1B6765CA0 ft=1 fh=bb1f3b8f6887bae3 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\Renita\Links\Downloads\cnet2_6305_Vista_Win7_PG537_zip.exe"
sh=30B843D04116D79B8CA789AA5774B025805348CF ft=1 fh=f8c0307fdde4b037 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Renita\Links\Downloads\FoxitReader514.0104_enu_Setup.exe"
sh=49113F82A4049A75B7CEA541EFCF6A17B3766974 ft=1 fh=64fdada71fec5c03 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="C:\Users\Renita\Links\Downloads\setup.exe"
sh=070C25554B0F86C5E50051FEE4995EAA1EC09F7D ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Renita\Links\Downloads\WeatherBugSetup.msi"
sh=6930F3649B5FE5A8619E2672CA7F2999E321EC23 ft=1 fh=cdf2fa58d43a863f vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_FoxTabVideoConverter\VideoConverter.exe"
sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\zoek_backup\C_PROGRA~2_VideoConverter\VideoConverter.exe"
sh=58919D5F584AE2B4B1706B30D7EF7C79B887A553 ft=1 fh=a94663f442fd1ae0 vn="Win32/Toolbar.AskSBar potentially unwanted application" ac=I fn="F:\My Documents\Nero-8.3.2.1_eng_trial.exe"
sh=C1B755A9A8BEE27E121FB334F967A7698DF0590A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\My Documents\STUFF\BARTPEwithcheckdisk.iso"
sh=78F8980B24C0B8C867B1AE9D77F6975AC96623BF ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.BQ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 10.zip"
sh=F5FD2953FD61A8210C4296936766B16DED7D5BEA ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 11.zip"
sh=A77BAA8DFAF35DF36D4F628D6D247C6EE0E0FD6E ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 12.zip"
sh=040D1A93B74804E46225B3BDEE18DFBEFF6E29E5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.E potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 14.zip"
sh=10214D5A74429C7084D295CE7E313644306C46AF ft=0 fh=0000000000000000 vn="a variant of Win32/DealPly.F potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 15.zip"
sh=0074FFB81EE3394179C178E83763989AD6E4BAB2 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 16.zip"
sh=87939D152618BA271EFDB556D34F4C9FA459C0E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 17.zip"
sh=816030736A2E8E37E65EEC30531E31C99531F64B ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 94.zip"
sh=1AB3974947299CC2E6E56281F39C2E0C32A6F614 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 96.zip"
sh=80E042B2A4A9DA3DB72EF95C69D0304B59680D5F ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-14 090457\Backup files 97.zip"
sh=1757C13AF191B51CAB4B9F33CA9B551EA7A39B11 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-16 190005\Backup files 1.zip"
sh=851ED96A54E7DBA44771D3D055EF9B2D3CAE83DB ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-16 190005\Backup files 2.zip"
sh=E4F0506AF202E2C9D7D706C2676D265142CBF17E ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-22 190003\Backup files 1.zip"
sh=D49E10DCB605E8F41B769E9CA9BE3CD0FFEEF585 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-23 190004\Backup files 1.zip"
sh=3F372C7EF53502843C79BC9B1AB8CC332798D1BD ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-23 190004\Backup files 2.zip"
sh=16AF7087FCCEB5EBCD472A29097F6EBEE7FC8BDA ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-01-28 190008\Backup files 1.zip"
sh=03C2ECC04B75423EE7470F0AC31FD5478F67F072 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-02-02 190010\Backup files 1.zip"
sh=5550DC3197AB06FAFB130A5D78A07387229B2595 ft=0 fh=0000000000000000 vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-02-03 190011\Backup files 1.zip"
sh=769830E6319EADC4AFAA75EB6ABABFD8691F6770 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-02-06 190009\Backup files 1.zip"
sh=9BC88A08476BE63AB8BC7032A4F74B781B6FF4BC ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-02-12 190004\Backup files 1.zip"
sh=C47CCB86012E0D5D40F9E8D3B40C9EE889C297BA ft=0 fh=0000000000000000 vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-02-13 190007\Backup files 1.zip"
sh=173F98111751D909A58B9349DC8A441BC487A9CC ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-02-19 190009\Backup files 1.zip"
sh=D35BA7A5C8E6401E80C102776B438AA2E7AB5BE9 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-02-28 190003\Backup files 1.zip"
sh=713CEE5DADFF13CBDC3FD3B1F0F9C52590CBA734 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-03-02 190006\Backup files 1.zip"
sh=049CF4CEBA100CFB582BD30C33E521773FF97B40 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-03-17 190011\Backup files 1.zip"
sh=FC36CCACE6D02195D8887DA3A51BA21CF6A676D1 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-03-18 190023\Backup files 1.zip"
sh=FBD5EAE6F9D0AB0D01AFEE02981A7D2574B65D41 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-04-07 190009\Backup files 1.zip"
sh=3DB866BD1858D6CD535BF6762914F2BC418F38BD ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-04-07 190009\Backup files 2.zip"
sh=204CC0A9604DE824CAE14CEEF668C994142B12E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-04-22 190009\Backup files 1.zip"
sh=ADA471A2AD3DE7C596BB3CEB2478D1C7BD5A93B6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-04-23 190003\Backup files 1.zip"
sh=B7CB65EC407F7E697BDB2F9244C84E8C885B6898 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-04-27 190007\Backup files 1.zip"
sh=A7BF1E18D7081BB99E13F1F8F8DF1B3BB3352C4F ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-05-06 190013\Backup files 1.zip"
sh=400F3ED294942086C18B0A4D7E817A4A166BA1FE ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-01-14 090457\Backup Files 2014-05-14 190017\Backup files 2.zip"
sh=CD9B2ADC022828F8FC450B251135FE2E613C6E9F ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 116.zip"
sh=7FF8FA43B1B8B258EB277343CBBCB8C8E6207D67 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 117.zip"
sh=D553A1AF7B641DE060C37D1A6A2E3B57799D8CE3 ft=0 fh=0000000000000000 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 118.zip"
sh=504F4BE9D31663A44157BDDCAF6982744A65C0C2 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.BQ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 20.zip"
sh=79DE04B6E98FA82E6C85FA319EEEEEC4475DD0A8 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.CH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 21.zip"
sh=FA690C10C47E31162F8A307C94A36C55C49B1D28 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 22.zip"
sh=0777902071776E083DC6534BAFC47A07F96F87EE ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 23.zip"
sh=4729814567877DB94B2DC0CFFBA06B4293BBC25F ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.E potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 25.zip"
sh=80C5A9A6291C69DE7E2B94D9E10B77C1E68765DB ft=0 fh=0000000000000000 vn="a variant of Win32/DealPly.F potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 26.zip"
sh=E6519427C346EAE5BFD3BDB71D59E6ADF798ED26 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-16 190008\Backup files 29.zip"
sh=21B1369288486A81713390B72B09600DD8698FA2 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-21 190004\Backup files 1.zip"
sh=557A055815F62661BE25A28321AE21639AAD4DC0 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-21 190004\Backup files 3.zip"
sh=0D0EB1B01DD811631C4AF02DDDAD76E76730F7FF ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-22 190015\Backup files 1.zip"
sh=9C00E15C56168E7A06886EB135468CBB101E9F47 ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-22 190015\Backup files 2.zip"
sh=4DB443E180C99D49E877495EBE5E67C8E4D074CB ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-27 190014\Backup files 3.zip"
sh=D674C3F43AD30AFBC206C6ED2AC74F7488C4CAFE ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-05-28 190017\Backup files 2.zip"
sh=8FB6176D7EBE33772430762E0BF7987EC2F826EE ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-06-01 190007\Backup files 1.zip"
sh=634E1B31A6B2638E1276D479B439E5391907F5B5 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-06-02 190003\Backup files 1.zip"
sh=0E771ADD54D8FB8BCBE0DB6AA01B3D8A304A368A ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-06-05 190014\Backup files 1.zip"
sh=F664E7102ED05F95CB3C459EB0788EA009CE8E04 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-06-09 190009\Backup files 1.zip"
sh=C2E8591D20D45C2A812923841DF4D9751C709C4E ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-06-12 190004\Backup files 1.zip"
sh=11CCB3211CB5D3B0E1045687F12A72B73F776E31 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-06-18 190009\Backup files 1.zip"
sh=BDE6B45ED1A7A31403794FD21B64AE04C6924A48 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-06-24 190010\Backup files 2.zip"
sh=AAC26F2BFADE0998E8717B2EE1E0104DC33FD7B5 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-05-16 190008\Backup Files 2014-06-26 190007\Backup files 5.zip"
sh=C786BDDD93088C630FDA70105F63D2C718F9F8D0 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 121.zip"
sh=BE649B06608D954CF888BC369BB29A58EE259121 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 122.zip"
sh=43670A4440E7C0665F6287E6BDCC6A8BEE6F70BA ft=0 fh=0000000000000000 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 123.zip"
sh=D28EB9902123F83791E9F78656E7352AF41B8462 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.BQ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 20.zip"
sh=C1CC049C1956EF08A6AF59407B8D6EE94574AFA3 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.CH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 21.zip"
sh=0F3FACD4C1B8DE5AA6687F47486BCBB825524508 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 22.zip"
sh=BDCA6C6B7D0E7CC36E4A6221EEBFA5BBCE08A752 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Babylon.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 23.zip"
sh=0187A22D60D93FD670D4608E8BD8E0853DE260B0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.DefaultTab.E potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 26.zip"
sh=F2D6287F72C00C19CB37C4BBF672AF6A17190BAC ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 27.zip"
sh=24FEE504F1157104FCE334773B29A08CF0347067 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-06-27 190008\Backup files 29.zip"
sh=E67CAF90A7693F145DEA993E69D93C10FC600B50 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-07-16 190014\Backup files 1.zip"
sh=5B969DB05093E40EE284975795BC2716C2655398 ft=0 fh=0000000000000000 vn="a variant of Win32/SoftonicDownloader.G potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-08-04 190012\Backup files 1.zip"
sh=1ACA458A1435ECC30AFA37743993200697E33472 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-08-12 190034\Backup files 1.zip"
sh=B2C31662EDA193988DE33FE5AF1D3B243D18BCAA ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-08-25 190005\Backup files 1.zip"
sh=3B4AB5D82DFAA7D6160620EC4A93435B36B2D6D4 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-09-02 190014\Backup files 2.zip"
sh=6E0F94ECC6FCBA861860D48E021E90A4C3C486A6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-09-03 190005\Backup files 1.zip"
sh=F2D2D24F22BDBA58E1E3559A5600267C93E29CFF ft=0 fh=0000000000000000 vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-09-03 190005\Backup files 3.zip"
sh=A8F9E8A072957D589763611101DCE4FD4051E6A7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-09-08 190010\Backup files 1.zip"
sh=98CBDC4AF7CB8AAE06B0932A8E7CAF2CDF6C5756 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-06-27 190008\Backup Files 2014-09-08 190010\Backup files 2.zip"
sh=22FCB7D907845A116E4543FB4EC1C8049937321D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 142833\Backup Files 2014-09-09 142833\Backup files 10.zip"
sh=A2CB1A9CBC8FE2F7E47074782D09A699C92F2913 ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 142833\Backup Files 2014-09-09 142833\Backup files 12.zip"
sh=007D58BDEB0BB8D3B23C0849379FD513A9E30EC7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 142833\Backup Files 2014-09-09 142833\Backup files 15.zip"
sh=1267B6A525B805F1DDAFD95C82DB2B7F625B512F ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 142833\Backup Files 2014-09-09 142833\Backup files 16.zip"
sh=A1BEA361201E6391C63C2AAB269CD15CC8BCFCD5 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 142833\Backup Files 2014-09-09 142833\Backup files 18.zip"
sh=CCCEF30A0C8714E5126D80E005E75F5B23D01D9A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 142833\Backup Files 2014-09-09 142833\Backup files 9.zip"
sh=3C254EC2FBBD2129EAEE7CC17D39D9E8D372851E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-09 190120\Backup files 10.zip"
sh=9936E2477AEE36C18B26B024CD6B4C98011524B5 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-09 190120\Backup files 118.zip"
sh=2FE18C941E4958FF795666EB3F2A5F29F24509FE ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-09 190120\Backup files 119.zip"
sh=675423A2EE0D05E5CF24B4669825AC081041E862 ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-09 190120\Backup files 12.zip"
sh=D9B83F9B7A62DBCCCBD4F3CA1501CCC8F231448B ft=0 fh=0000000000000000 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-09 190120\Backup files 120.zip"
sh=FFC22CF085EF2A2DF221B7F411F3BF767E8297E0 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-09 190120\Backup files 15.zip"
sh=F040964D3F55BC1E8D79BCB0ED2DC7B687D1655B ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-09 190120\Backup files 16.zip"
sh=4230B0A8F13BFA1250AB4E8A0A5A38B50740EE1B ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-09 190120\Backup files 18.zip"
sh=776C68050DA76F7ACE8E65A5011C3EB5CD96F376 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-09 190120\Backup files 9.zip"
sh=1C5807BA5736FAAB15D16B87D52A9BDD9CB29CC1 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.QB potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-09 190120\Backup Files 2014-09-14 190009\Backup files 1.zip"
sh=CD2F5DE9F88E105A1FFF7396D830CE96B6EF14BB ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-09-15 190007\Backup files 10.zip"
sh=E686C0FDBBEB1343108F775A42CB40D5632B6C4C ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-09-15 190007\Backup files 117.zip"
sh=1AC3A559E617BE02B40B55F53F2490FB287B501F ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-09-15 190007\Backup files 118.zip"
sh=BB15E546F429A7C6966B7328463E195B57CA1020 ft=0 fh=0000000000000000 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-09-15 190007\Backup files 119.zip"
sh=81A92A004E37B8E650C42D6C3AE676A9759A1245 ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-09-15 190007\Backup files 12.zip"
sh=A57EFDBD0C9A1ECEAEEC2EA2BBCEDECD2F82F9F1 ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-09-15 190007\Backup files 15.zip"
sh=476836949EAE38F21FA5BAA67EFE2A1332D1258C ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-09-15 190007\Backup files 16.zip"
sh=44BDFCAA9E458CC1569EA015EB025B6A8BF68FCF ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.BQ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-09-15 190007\Backup files 9.zip"
sh=4A2D95EFF17A4D61D8DB76258D7A064120BA677C ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-09-24 190010\Backup files 1.zip"
sh=5C530F76E694A859B119CB9D2FABF72E36426EFA ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-10-06 190009\Backup files 1.zip"
sh=C6769471D5DE7E41306B080843A10B82454E9DC9 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-09-15 190007\Backup Files 2014-10-07 190006\Backup files 1.zip"
sh=EF08DF4DA3DD2F73A251FB9F3D559E8A444A676D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-11-11 190005\Backup Files 2014-11-11 190005\Backup files 10.zip"
sh=6C3074710DC92038F84815A756ABB5A9E0E1CD5E ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-11-11 190005\Backup Files 2014-11-11 190005\Backup files 12.zip"
sh=CA7E08C1CB1C41CC907B44232C44A975C2B73B45 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-11-11 190005\Backup Files 2014-11-11 190005\Backup files 122.zip"
sh=0A3A8D4ACD09F769C3B067DBC5AE598FEBA2474D ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-11-11 190005\Backup Files 2014-11-11 190005\Backup files 123.zip"
sh=81028D2ECF578754807DCAC7FA7F926909A0BEA8 ft=0 fh=0000000000000000 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-11-11 190005\Backup Files 2014-11-11 190005\Backup files 124.zip"
sh=568C267756C0F7D8A336B7014970CB5AD4A6C2CA ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-11-11 190005\Backup Files 2014-11-11 190005\Backup files 16.zip"
sh=396D81E8B86C1BDEC3B1E81C1684F24BE83309B4 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-11-11 190005\Backup Files 2014-11-11 190005\Backup files 17.zip"
sh=A1AB8CABE97D25EAA72DBE98BDEDD8073A07039D ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.BQ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-11-11 190005\Backup Files 2014-11-11 190005\Backup files 9.zip"
sh=F2C5B55B04A16865F45633BB5BDC71D4D81129FD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2014-12-20 190014\Backup Files 2014-12-20 190014\Backup files 10.zip"
sh=2A5FB1327145AE0F090E79535F0EED5AE4E853A6 ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-12-20 190014\Backup Files 2014-12-20 190014\Backup files 12.zip"
sh=6CB2DAFAB8D421701F66CD359DCE37984B7665CD ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-12-20 190014\Backup Files 2014-12-20 190014\Backup files 122.zip"
sh=A89F3A55179F7F75DBFEEB3B45AD756F6BCD2819 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-12-20 190014\Backup Files 2014-12-20 190014\Backup files 123.zip"
sh=1CC7FA3C8B24DE2A7637E22CF8CD24A991F60F19 ft=0 fh=0000000000000000 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-12-20 190014\Backup Files 2014-12-20 190014\Backup files 124.zip"
sh=03B8017E1F87D2ED0B7C517D5C2B802A476628F6 ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-12-20 190014\Backup Files 2014-12-20 190014\Backup files 16.zip"
sh=27ACC2B9A56AE6CD397E4F308D49DE8602207EBF ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-12-20 190014\Backup Files 2014-12-20 190014\Backup files 17.zip"
sh=3FBD03C189DB971A0430381F77AE407ED1CCF31B ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.BQ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-12-20 190014\Backup Files 2014-12-20 190014\Backup files 8.zip"
sh=FF6CA7A230C29CDBEEA9B03A2E97DBCBFA945C83 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.QB potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2014-12-20 190014\Backup Files 2014-12-20 190014\Backup files 9.zip"
sh=54E0E070D2D5984B631D875CBC5F3AD45F83A185 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 10.zip"
sh=8A80D08247C2E2491DB3C6A1C9320F31C6075511 ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 12.zip"
sh=FDEC6BD5B33EE2E0E1E5FDFB8747B38BFD7803AD ft=0 fh=0000000000000000 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 15.zip"
sh=721C5C669A78FBB5989DCB55550C506920B21EDD ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 16.zip"
sh=04FDC54D4C1F39D273746F5F5FFC81A3B4FD0322 ft=0 fh=0000000000000000 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 17.zip"
sh=6447CE13CFC4B3C6F2F87B731B50CF77FB1A0C0D ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.BQ potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 8.zip"
sh=AC4C5ACE9B1AF10952095656A05C5496D99E2AFB ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 85.zip"
sh=E6554AA5CD8C4AEF5E66973621310EC974135A3D ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 86.zip"
sh=CFC5667513D6B7F83C4EB44A6E09A37FC93529CC ft=0 fh=0000000000000000 vn="a variant of Win32/AirAdInstaller.A potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 87.zip"
sh=5C50149CCD29A5DA714BD06310E7FF039CE3D876 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.QB potentially unwanted application" ac=I fn="L:\RENITA-2010\Backup Set 2015-01-09 190011\Backup Files 2015-01-09 190011\Backup files 9.zip"
sh=7099E5A909AD3F2F8A0D1BB82DB7FF6A75D888EB ft=1 fh=e7716feb3cae8df7 vn="a variant of Win32/InstallCore.BQ potentially unwanted application" ac=I fn="M:\Downloads\DownloadManagerSetup.exe"
sh=56EB3EF04114500196DAB3FBBCF49AEC69201723 ft=1 fh=8e4288645fbdb550 vn="a variant of Win32/InstallCore.QB potentially unwanted application" ac=I fn="M:\Downloads\Firefox_Setup.exe"
sh=BB6A52D7A451C34C5632D140A26581E3EFA28322 ft=1 fh=ba99589b10b0f9e6 vn="multiple threats" ac=I fn="M:\Downloads\reginout_setup.exe"
sh=63BE86D4178933401C9E4D115F4CC2BA4D09F694 ft=1 fh=dae1308d4514b982 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="M:\Downloads\U-0131-01-P_AVERY1_.exe"

  • 0

#20
Essexboy
Posted 19 May 2015 - 11:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Naat has had to dep[art for a few days and I will be taking over, whilst I read the thread and see what has been done. Could you let me know how the computer is behaving
  • 0

#21
Renita123
Posted 19 May 2015 - 11:34 AM

Renita123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I'm not seeing any issues anymore.


  • 0

#22
Essexboy
Posted 19 May 2015 - 12:37 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

Although I would recommend that you make a new backup set as the one you have has some adware in it

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#23
Renita123
Posted 20 May 2015 - 11:07 AM

Renita123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Thanks!  You and Naat were a big help!


  • 0

#24
Essexboy
Posted 20 May 2015 - 11:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It was our pleasure .. Enjoy :)
  • 0

#25
Essexboy
Posted 21 May 2015 - 09:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP