Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

clicking to ads in IE Firefox FB

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 23rd, 2013, 12:43 am

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ deleted successfully.
C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{739df940-c5ee-4bab-9d7e-270894ae687a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
File C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "WhiteSmoke New Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/?ctid=CT3289847&CUI=UN20356867831903416&UM=2&SearchSource=13" removed from browser.startup.homepage
C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\Plugins folder moved successfully.
C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\chrome\CT3289847\content\tb\al\wa folder moved successfully.
C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\chrome\CT3289847\content\tb\al folder moved successfully.
C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\chrome\CT3289847\content\tb folder moved successfully.
C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\chrome\CT3289847\content folder moved successfully.
C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\chrome\CT3289847 folder moved successfully.
C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\chrome folder moved successfully.
C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a} folder moved successfully.
C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\searchplugins\whitesmoke-new-customized-web-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
File C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
File C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{739DF940-C5EE-4BAB-9D7E-270894AE687A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}\ not found.
File C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
C:\SearchProtect\ffprotect folder moved successfully.
C:\SearchProtect folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Program Files (x86)\WhiteSmoke_New folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739DF940-C5EE-4BAB-9D7E-270894AE687A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739DF940-C5EE-4BAB-9D7E-270894AE687A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\conduit\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289847\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
Registry key hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\WhiteSmoke_New\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22DDB7DE-155B-47A9-8024-30357DF9D6C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22DDB7DE-155B-47A9-8024-30357DF9D6C1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{850EA215-F8F1-4224-9A60-E1C2B1D48575}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{850EA215-F8F1-4224-9A60-E1C2B1D48575}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke New Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\ not found.
Registry key HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\WhiteSmoke_New\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\ not found.
========== FILES ==========
C:\END moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
File\Folder C:\Program Files (x86)\conduit not found.
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
File\Folder C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\extensions\{739DF940-C5EE-4BAB-9D7E-270894AE687A} not found.
C:\Users\suzanne\Downloads\iLividSetup-r352-n-bf(1).exe moved successfully.
C:\Users\suzanne\Downloads\iLividSetup-r352-n-bf.exe moved successfully.
C:\Windows\Prefetch\ILIVIDSETUP-R352-N-BF(1).EXE-836CC980.pf moved successfully.
File\Folder C:\Program Files (x86)\WhiteSmoke_New not found.
File\Folder C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YLX2RYGO\whitesmokecss[1].cssD183C9CDB27F4B82124489F2C6D1FE83 not found.
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YLX2RYGO\whitesmokeTools[1].htm moved successfully.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\whitesmoke.css moved successfully.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img-gris.png moved successfully.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.jpg moved successfully.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.png moved successfully.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img2.jpg moved successfully.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-logo.png moved successfully.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-toolbar-new-gris.png moved successfully.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\temp\WhiteSmokeinfo.dfe moved successfully.
File\Folder C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\searchplugins\whitesmoke-new-customized-web-search.xml not found.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\_locales\en folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\_locales folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\sl folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\lib\jquery.alerts folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\lib folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\core folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\WEATHER folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\TWITTER folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\SEARCH folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\Optimizer folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\wa folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\menu\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\menu\img folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\menu\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\menu folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\gf\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\gf\img folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\gf\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\gf folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui\dlg folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ui folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\sp\spsd\images folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\sp\spsd folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\sp\spbd\images folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\sp\spbd folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\sp\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\sp folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\options\js\resources folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\options\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\options\images folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\options\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\options folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\msd folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\api folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ac\res folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ac\img folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ac\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\ac folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\aboutBox\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\aboutBox\images folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\aboutBox folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\Search\NewTabPages\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\Search\NewTabPages\img folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\Search\NewTabPages\html folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\Search\NewTabPages\css folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\Search\NewTabPages\API folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\Search\NewTabPages folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\Search\html folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\Search folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\plugins folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\js\toolbarAPI folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\js\tabs\back folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\js\tabs folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\js\options folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\js\lib folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\js folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0 folder moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage moved successfully.
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal moved successfully.
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\38JUYU6Z\search_conduit_com[1].htm moved successfully.
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4WBZ92YR\search_conduit_com[1].htm moved successfully.
C:\Users\suzanne\AppData\Local\Temp\ct3289847\conduit.xml moved successfully.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\temp\VAFMusic Conduitinfo.dfe moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\SearchInNewTab folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_en\ToolbarTranslation folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_en folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\ToolbarSettings folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\ToolbarLogin folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\DynamicDialogs folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847\AppsMetaData folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847 folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\RadioPlayer folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12 folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B} folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\plugins folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\MyStuffApps folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Logs folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\ExternalComponent folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\EmailNotifier folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\UninstallDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\DetectedAppDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\DefualtImages folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs\AddedAppDialog folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Dialogs folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons folder moved successfully.
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New folder moved successfully.
C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\CT3289847\conduit.xml moved successfully.
File\Folder C:\Windows\Prefetch\CONDUITINSTALLER.EXE not found.
File\Folder C:\Program Files (x86)\WhiteSmoke_New not found.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\WhiteSmoke folder moved successfully.
File\Folder C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New not found.
File\Folder C:\Program Files (x86)\Conduit not found.
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\VAFMusic Conduit folder moved successfully.
File\Folder C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847 not found.
File\Folder C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_en not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: suzanne
->Temp folder emptied: 686961065 bytes
->Temporary Internet Files folder emptied: 202626274 bytes
->Java cache emptied: 126289653 bytes
->FireFox cache emptied: 103826642 bytes
->Google Chrome cache emptied: 14488989 bytes
->Flash cache emptied: 916 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47537774 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 280238 bytes
RecycleBin emptied: 11853505 bytes

Total Files Cleaned = 1,139.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 05222013_213508

Files\Folders moved on Reboot...
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\suzanne\AppData\Local\Mozilla\Firefox\Profiles\hbxyif3l.default\Cache\_CACHE_001_ moved successfully.
C:\Users\suzanne\AppData\Local\Mozilla\Firefox\Profiles\hbxyif3l.default\Cache\_CACHE_002_ moved successfully.
C:\Users\suzanne\AppData\Local\Mozilla\Firefox\Profiles\hbxyif3l.default\Cache\_CACHE_003_ moved successfully.
C:\Users\suzanne\AppData\Local\Mozilla\Firefox\Profiles\hbxyif3l.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\suzanne\AppData\Local\Mozilla\Firefox\Profiles\hbxyif3l.default\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm
Advertisement
Register to Remove

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 23rd, 2013, 1:02 am

gary, i cannot figure out which antivirus i have and how to turn it off. win 8 is frustrating! can you help me? thanks suzanne
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 23rd, 2013, 4:57 am

Your AV is Windows Defender, which comes pre-installed on Windows 8, it's a considerable update on the old Windows Defender that came with Vista and Windows 7, and is really more like Microsoft Security Essentials.

This page ... http://www.eightforums.com/tutorials/21 ... s-8-a.html ... will show you how to disable it so you can run the E-Set scan ... Don't forget to re-enable Windows Defender as soon as you've finished scanning with E-Set.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 23rd, 2013, 1:21 pm

OTL Extras logfile created on: 5/21/2013 9:33:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\suzanne\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 76.71% Memory free
9.05 Gb Paging File | 7.14 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884.18 Gb Total Space | 832.78 Gb Free Space | 94.19% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.97 Gb Free Space | 91.90% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 289.15 Gb Free Space | 97.00% Space Free | Partition Type: NTFS

Computer Name: SUZLENOVO | User Name: suzanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Directory [Photo Show] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Photo Show.exe" -d "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1542C301-37AD-47A0-AC57-A30038E8D062}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1BD9F35E-B424-4C6B-AEBE-4DB3606574D2}" = lport=138 | protocol=17 | dir=in | app=system |
"{20F07990-C1C9-4003-BB47-FCA00C86D1EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{29DE7DCE-FF61-4264-85C4-9D09D0521AA4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38CF3C1B-AE35-4E0C-A111-0CF3B7D06757}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DA6474F-D35E-4B20-8723-292D6792520A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6FACCDD8-CEDB-4473-9378-7897530D7351}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C8F5001-FAB0-4050-BFAA-9E805F00FFB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0C8BF23-87FF-4082-BC9F-991EB8274F33}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1A7B86C-C42F-4F99-B548-1F73DFE1D6C1}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD98C393-1E90-4347-B70E-F4695555A869}" = rport=139 | protocol=6 | dir=out | app=system |
"{B5A1B8F9-F321-4602-BE90-8180BAE07D47}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BAE4BBC2-27A7-465E-9DB3-46DF9B557CC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C12B3618-BAC5-47BF-A8FE-91C14D0C81A0}" = rport=445 | protocol=6 | dir=out | app=system |
"{C61DCC9A-81A9-4406-A9B2-10F9B99FC321}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C981376E-0C57-4EB6-B111-D375F6703B0B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1548FAF-7B0D-42C1-967B-93537F75DDD6}" = lport=137 | protocol=17 | dir=in | app=system |
"{D2AB71C0-27B2-4FB1-9CD6-83F736DAE2D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D31A5A47-4AF2-4B5F-8A14-033F01A59F8E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D91111FE-8881-417C-933D-56FCF2BF5825}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7C5181C-61DF-4AE6-B479-126F193F9CDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFC8DCB7-582E-4BA5-B05C-83061E820F6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00543CA1-D5F2-4943-B37D-13FD4249B542}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe |
"{045F5129-2056-4128-A3B2-B543938331B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07090B11-4C3A-4210-9E62-7172425FEC88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0A896E38-64B1-4866-96D1-8D5EB5324930}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicatorcom.exe |
"{0B9EECEE-3A36-4008-8D47-6241FF029718}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{0C2A282B-4C6B-428C-99BF-9EA40289ED6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FB78483-762A-4309-B1DA-CA6E7EC06ED1}" = dir=out | name=@{microsoft.bingmaps_1.6.1528.2509_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{1ABC081A-7CE5-4B6B-A746-9D1D6E51C258}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C263E98-151D-4258-93BC-99303F989F30}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{20F4F7BE-73E2-42D8-AC32-45173CEFD1BE}" = dir=in | name=rara.com |
"{312378B9-4B6B-4936-A296-D8EEEAD4C493}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{3603CD96-F8AD-4AD5-8EF3-512105BDE1FB}" = dir=out | name=rara.com |
"{3797ACD0-8E0F-48E1-A43E-B83C5456EF12}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{37BEF025-38D6-4EA0-B1C2-058F96B39DE5}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"{38564E2C-D09C-4A02-B503-00EE669EDF5F}" = dir=out | name=powerdvd for lenovo idea |
"{3CBEC8C3-0554-4EA2-9AED-4CC7E4ED5626}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe |
"{47BE5E48-C983-429E-A6FB-4DB5978E22C7}" = dir=out | name=accuweather for windows 8 |
"{498F56FA-34E1-4919-88CB-817DA7834B90}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49AC666B-0A3F-4217-9AD0-224CEC07657F}" = dir=out | name=@{microsoft.zunevideo_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{49C9F3CB-84E6-4E85-BF1F-E0C3A4CAB00E}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{50D249A9-B5F0-48DA-9E68-2A396DEA77C7}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{518A583F-4EC5-4F4E-9D61-0DEB64ECE9E8}" = dir=out | name=hp printer control |
"{5CA0CD15-F8E5-4AA9-9153-3908B213193E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5CE11618-51E0-4926-9137-A1CFF5B95C5E}" = dir=out | name=skype |
"{5D24A197-AAF5-49C5-8E3E-F7A9633582B6}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{629A9515-057C-4F08-A34D-A7E948B5FA6A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{62BE1FF8-617B-4971-9F31-81429CA1038F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62EF16EA-B8BC-44A3-81FB-F4521BFA0B72}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{6FBC33DE-5269-4760-A56E-F64F9F7C38F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{702CBF50-F778-4833-BBB3-46D345F4A68F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70F180DE-3DEA-49DF-861E-A12D7AFBF27B}" = dir=out | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{710676D1-C183-4046-95CC-9C5504CC0362}" = dir=in | name=ebay |
"{75E35974-A187-4A2E-A078-8C60AE2A0E51}" = dir=out | name=evernote touch |
"{76DCA882-4600-486B-8FFA-863D16C6D0B0}" = dir=in | name=skype |
"{79347832-51F9-4AC5-BE0C-DBB05599131E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E64FDE2-5EBD-46BA-907F-44585D3ADF0F}" = dir=in | name=evernote touch |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{88F9B159-2304-40A5-B269-ACFBABAC7739}" = dir=out | name=@{microsoft.zunemusic_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{8B966AC8-AF91-4BE2-B5AB-2AF728499533}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BA5AD2F-4F8D-467C-9F3C-81F62289A17B}" = dir=out | name=ebay |
"{8D155684-7FEC-482A-9BCE-CDF344EACFFB}" = dir=in | name=mcafee security advisor for lenovo |
"{9AE77FA2-8144-473E-B380-C45ADEFD2C1D}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe |
"{9E265D69-3AB6-447C-9D7B-4899FDF963A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1446789-058E-44F9-B75B-73C07918AF84}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{A1508CA8-3E0A-44DC-A2C9-AE38E0092ADD}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\faxapplications.exe |
"{A1A507A2-6CC5-4E32-AF41-A5CDE5A991FF}" = dir=out | name=kindle |
"{A4051DA4-AE39-4CDE-9BF8-1B0E4D1242D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF1EAF10-CD78-4833-ACD2-D4DEC2AA8AC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B083DABB-D78C-48F2-AC5F-1A8982A8B941}" = dir=out | name=@{microsoft.bingfinance_2.0.0.275_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{B0F00CE7-4423-4E6E-BAE2-446FDE7B5671}" = dir=in | name=accuweather for windows 8 |
"{B21326B2-E18C-4369-8D56-DBB73FB519BF}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B302112C-A3F0-47EB-B30E-5AC3B0B42D17}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{BE0A0117-FBC2-46FD-8452-C872553439F8}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C4710BD9-F974-45A4-BA25-09DEB46650CC}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{C53A3676-4FAC-4874-9ED7-769500738A57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5AE134C-90A8-4FF0-A23A-939CA3F2ABFC}" = protocol=6 | dir=out | app=system |
"{CA5A1554-E59C-4035-874A-EF61465F40F4}" = dir=in | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{CD50B070-ED6D-4A0C-BBCD-FF779975E9D6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{D3EC9136-DDF9-47C0-BF09-24E88F1B814F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4B2312A-9FDD-4F78-BDFD-7FA1D326E0DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D90DCA64-1AD5-4493-B82B-4E32964D7E5C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{DD796C61-C7D4-4B00-8F64-5B6998E219AF}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\digitalwizards.exe |
"{E3863B39-DAA5-422E-8DBC-40DB98B9C7AD}" = dir=out | name=mcafee security advisor for lenovo |
"{E3D1C896-303F-4657-8021-AC86AD00437C}" = dir=out | name=lenovo support |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E856A476-F14A-4887-8C6A-70F8DC94232D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EA045792-71EB-4E43-BA6D-2B8DA8172E3A}" = dir=out | name=lenovo companion |
"{F1C533C6-1F1E-4CF8-9AE9-F794EA28BD68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F200CDCA-55B0-4D76-9C79-3649FBDF0F81}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\sendafax.exe |
"{F221D23E-ECC1-4510-A801-32CD79A7763D}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{FA38778A-0967-477C-BA1D-CCB58A6FFC54}" = dir=out | name=windows_ie_ac_001 |
"{FE7C200C-B9AA-4786-9036-D6B8DA42F617}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FEDF4992-2215-4333-BE12-22B0FB2D6A64}" = dir=in | name=hp printer control |
"{FF27E2A6-145F-4651-B0DC-2671478BE550}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"TCP Query User{210EFC14-AC0A-4841-B158-59872BD7AEA0}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe" = protocol=6 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe |
"TCP Query User{69E02641-EC48-4BE0-88E0-800057FD6612}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe" = protocol=6 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe |
"TCP Query User{C1E9C5F0-5E19-41A7-9D0D-EF09F11C5197}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe" = protocol=6 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe |
"TCP Query User{D29D3C0B-DAD8-4B78-822F-6F3A73331AA6}C:\users\suzanne\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\suzanne\appdata\roaming\spotify\spotify.exe |
"UDP Query User{847F9C29-5FFB-4D59-B0BC-5500311A7458}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe" = protocol=17 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe |
"UDP Query User{A94A3EFA-F8DC-4E6C-92AF-DAFA225E78B6}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe" = protocol=17 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe |
"UDP Query User{C5A65458-96E8-41C8-BDEB-331E5F63929F}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe" = protocol=17 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe |
"UDP Query User{DC153D89-7063-4261-8021-2524BF8FD01D}C:\users\suzanne\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\suzanne\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3165E4A6-D5DE-46B0-8597-D55E2B826B84}" = Rosetta Stone Ltd Services
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3611CA6C-5FCA-4900-A329-6A118123CCFC}" = Bing Bar
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B6BC189-D606-4BC7-9758-E6C364F76A55}" = Rosetta Stone TOTALe
"{6C26A305-4549-4A8A-9F03-25719C03B0FB}" = FreeRide Games
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}" = Onekey Theater
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{DD7D6D84-93AB-48CA-A759-94324E341CBA}" = Intelligent Touchpad
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E1AE0CB7-1333-4728-8520-CB3F88A252B4}" = HP Officejet 6700 Help
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"Lenovo Photos" = Lenovo Photos
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"SugarSync" = SugarSync Manager
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"WhiteSmoke_New Toolbar" = WhiteSmoke New Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"FreeScreenSharing" = FreeScreenSharing
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2013 1:33:06 PM | Computer Name = suzlenovo | Source = Application Error | ID = 1000
Description = Faulting application name: devmonsrv.exe, version: 2.5.0.244, time
stamp: 0x50220e70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xcf4 Faulting application
start time: 0x01ce2bcf9997d795 Faulting application path: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Faulting
module path: unknown Report Id: 8ab0b332-9c84-11e2-be83-84a6c8d0d6e3 Faulting package
full name: Faulting package-relative application ID:

Error - 4/16/2013 4:06:11 PM | Computer Name = suzlenovo | Source = ZuneDriver | ID = 80837
Description =

Error - 4/16/2013 4:06:41 PM | Computer Name = suzlenovo | Source = WPDMTPDriver | ID = 80836
Description =

Error - 5/1/2013 7:19:05 PM | Computer Name = suzlenovo | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.2.9200.16384, time
stamp: 0x5010891a Faulting module name: IWMSSvc.dll_unloaded, version: 0.0.0.0,
time stamp: 0x500706db Exception code: 0xc0000005 Fault offset: 0x000007fd30db3902
Faulting
process id: 0x69dc Faulting application start time: 0x01ce46c244d4e6f4 Faulting application
path: C:\windows\system32\WLANExt.exe Faulting module path: IWMSSvc.dll Report Id:
83fc5efe-b2b5-11e2-be85-84a6c8d0d6e3 Faulting package full name: Faulting package-relative
application ID:

Error - 5/3/2013 1:19:07 AM | Computer Name = suzlenovo | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.2.9200.16384, time
stamp: 0x5010891a Faulting module name: IWMSSvc.dll_unloaded, version: 0.0.0.0,
time stamp: 0x500706db Exception code: 0xc0000005 Fault offset: 0x000007fd2e9d8269
Faulting
process id: 0x8140 Faulting application start time: 0x01ce47bdb3b06f3f Faulting application
path: C:\windows\system32\WLANExt.exe Faulting module path: IWMSSvc.dll Report Id:
fa44c339-b3b0-11e2-be85-84a6c8d0d6e3 Faulting package full name: Faulting package-relative
application ID:

Error - 5/3/2013 9:48:01 PM | Computer Name = suzlenovo | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 5/11/2013 1:37:43 AM | Computer Name = suzlenovo | Source = CltMngSvc | ID = 1000
Description =

Error - 5/11/2013 1:38:05 AM | Computer Name = suzlenovo | Source = CltMngSvc | ID = 1000
Description =

Error - 5/13/2013 2:55:25 AM | Computer Name = suzlenovo | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.2.9200.16384, time
stamp: 0x5010891a Faulting module name: IWMSSvc.dll_unloaded, version: 0.0.0.0,
time stamp: 0x500706db Exception code: 0xc0000005 Fault offset: 0x000007fd39fa82d0
Faulting
process id: 0x7c2c Faulting application start time: 0x01ce4fa6cfc456b3 Faulting application
path: C:\windows\system32\WLANExt.exe Faulting module path: IWMSSvc.dll Report Id:
16191f8a-bb9a-11e2-be85-84a6c8d0d6e3 Faulting package full name: Faulting package-relative
application ID:

Error - 5/13/2013 10:47:28 AM | Computer Name = suzlenovo | Source = CltMngSvc | ID = 1000
Description =

[ System Events ]
Error - 3/9/2013 2:44:15 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7031
Description = The Windows Defender Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 3/24/2013 3:53:38 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 4/4/2013 12:48:29 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/4/2013 12:49:25 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/4/2013 1:58:41 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/4/2013 1:59:32 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/11/2013 12:35:42 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/11/2013 12:36:32 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/19/2013 3:52:54 PM | Computer Name = suzlenovo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 5/11/2013 1:38:13 AM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7034
Description = The Yontoo Desktop Updater service terminated unexpectedly. It has
done this 1 time(s).


< End of report >
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 23rd, 2013, 3:01 pm

Why have you posted me a .... Extras.txt .... log, I don't recall asking for one.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 23rd, 2013, 3:10 pm

Gary, please forgive me. I was confused. for better accuracy i needed to have waited until i could do all the steps together. when i came back to my computer this morning, i thought i had forgotten to send you the EXTRAS.txt log. thinking it was part of the OTL.exe log from last night. :-(

i had a heck of a time figuring out how to disable my win defender. but i did. i was in the process of having the esetsmartinstaller perform its scan... it had been at 99%... i walked away from my computer and it went into sleep mode stalling the scan process... i just restarted that scan, it appears it picked up where it left off...

sorry for my confusion...
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 23rd, 2013, 4:24 pm

ugh, if i go away from the computer for any length of time it times out. who do i stop it from doing this?
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 23rd, 2013, 5:04 pm

doby108 wrote:how do i stop it from doing this?


Hard to say without knowing exactly what is happening to cause it to time out.

If you can't get the E-Set scan to run to completion, please run another scan with SystemLook for me .....

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    conduit
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Also ... Please let me know how your computer is behaving now.





.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 23rd, 2013, 5:11 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 14:08 on 23/05/2013 by suzanne
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\Downloads\iLividSetup-r352-n-bf(1).exe --a---- 1488280 bytes [04:07 22/05/2013] [04:07 22/05/2013] 468BBE0DC83496CAD49597A47341C786
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\Downloads\iLividSetup-r352-n-bf.exe --a---- 1488280 bytes [04:07 22/05/2013] [04:07 22/05/2013] 468BBE0DC83496CAD49597A47341C786
C:\_OTL\MovedFiles\05222013_213508\C_Windows\Prefetch\ILIVIDSETUP-R352-N-BF(1).EXE-836CC980.pf --a---- 39990 bytes [04:07 22/05/2013] [04:07 22/05/2013] 023614948E7585A98906CE4B97775D70

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\05222013_213508\C_Program Files (x86)\WhiteSmoke_New\WhiteSmoke_NewToolbarHelper.exe --a---- 86816 bytes [10:10 10/04/2013] [10:10 10/04/2013] 943F313974A830D4634C73BEB8103F5E
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YLX2RYGO\whitesmokeTools[1].htm --a---- 8872 bytes [01:35 20/05/2013] [01:35 20/05/2013] F9099F6F1264DF680B02952A68559AED
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\whitesmoke.css --a---- 15259 bytes [21:23 21/02/2013] [21:23 21/02/2013] 5EF06091781C8D07BD85A071EA420E57
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img-gris.png --a---- 6104 bytes [18:53 16/10/2012] [18:53 16/10/2012] ECDA9D419EF846E066B16A51AC94AADE
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.jpg --a---- 5405 bytes [17:10 17/08/2012] [17:10 17/08/2012] 24A87BBB91F103F38E3DD4136C2EC358
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.png --a---- 5223 bytes [15:42 03/08/2012] [15:42 03/08/2012] 5F58552CF5DA329F3390D05C19B3A447
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img2.jpg --a---- 6885 bytes [16:47 01/08/2012] [16:47 01/08/2012] EFB7F860C1BC8F34C6A5E2BA0F6B36F8
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-logo.png --a---- 4134 bytes [15:42 03/08/2012] [15:42 03/08/2012] F0704EA722C449E60FC41C0BA822FA79
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-toolbar-new-gris.png --a---- 4080 bytes [19:46 30/01/2013] [19:46 30/01/2013] 19CE0ACD2D24AE259C66C25F2FAF652A
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\temp\WhiteSmokeinfo.dfe --a---- 34007 bytes [05:35 11/05/2013] [05:35 11/05/2013] 10FD084B22329F248F0F7DA4468D998D
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\searchplugins\whitesmoke-new-customized-web-search.xml --a---- 1102 bytes [16:56 12/05/2013] [16:56 12/05/2013] 6064425C644E99916DAD6B926796BB4E

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*conduit*"
C:\Users\suzanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\D4JRJWL4\storage.conduit[1].xml --a---- 13 bytes [01:35 20/05/2013] [01:35 20/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\suzanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\RMCA22KP\app.mam.conduit[1].xml --a---- 13 bytes [01:35 20/05/2013] [01:35 20/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Windows\Prefetch\CONDUITINSTALLER.EXE-ABD7B978.pf --a---- 50510 bytes [05:36 11/05/2013] [05:36 11/05/2013] D9E51ADE2227F1EA1E0857BC3435F6E2
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\ConduitAbstractionLayerBack.js --a---- 492148 bytes [04:58 14/05/2013] [04:58 14/05/2013] C7203025CB1929E0ECB9F75A24406246
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\ConduitAbstractionLayerFront.js --a---- 253522 bytes [04:58 14/05/2013] [04:58 14/05/2013] 3296CEFD0F8C176F6AA4D47756AC66C2
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\js\conduitEnv.js --a---- 93693 bytes [04:58 14/05/2013] [04:58 14/05/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\plugins\ConduitChromeApiPlugin.dll --a---- 838944 bytes [04:58 14/05/2013] [04:58 14/05/2013] 48E98CC51CB4A319C126F38E82467708
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [04:58 14/05/2013] [04:58 14/05/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [04:58 14/05/2013] [04:58 14/05/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\options\images\conduit-logo.png --a---- 3926 bytes [04:58 14/05/2013] [04:58 14/05/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_85_319_CT3198785_images_634921255359427985_24PX.png --a---- 9566 bytes [04:58 14/05/2013] [04:58 14/05/2013] F80E425848D8626F7724EAB789D9EF7D
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png --a---- 1599 bytes [04:58 14/05/2013] [04:58 14/05/2013] 55B66C958AB82120635B74D90F60DED6
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png --a---- 772 bytes [04:58 14/05/2013] [04:58 14/05/2013] 1805E8470C0EE167396751BA3E9B0AAA
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif --a---- 419 bytes [04:58 14/05/2013] [04:58 14/05/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif --a---- 950 bytes [04:58 14/05/2013] [04:58 14/05/2013] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_images_components_separator.gif --a---- 314 bytes [04:58 14/05/2013] [04:58 14/05/2013] 2E25133B02C7C430B953CC6B2C092010
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif --a---- 322 bytes [04:58 14/05/2013] [04:58 14/05/2013] 948781E4B6478290050ECA4423B89B1E
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_MarketPlace_97_5e6_9739aadc-99e3-4b66-8c1e-bc6ae6cd55e6_Appearance_634165981520378434_24x24.png --a---- 1458 bytes [04:58 14/05/2013] [04:58 14/05/2013] (Unable to calculate MD5)
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321.png --a---- 1666 bytes [04:58 14/05/2013] [04:58 14/05/2013] (Unable to calculate MD5)
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage --a---- 4096 bytes [04:58 14/05/2013] [04:58 14/05/2013] 0A8B3D5526219FD3AC8531633F2BC9BC
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal --a---- 3608 bytes [04:58 14/05/2013] [04:58 14/05/2013] 3CEB766EFA3693E7A84428B272EC9B9C
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\38JUYU6Z\search_conduit_com[1].htm --a---- 9689 bytes [18:25 21/05/2013] [18:25 21/05/2013] F7C567D81CA32D108D3B73E93D097A7F
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4WBZ92YR\search_conduit_com[1].htm --a---- 0 bytes [03:01 19/05/2013] [03:01 19/05/2013] D41D8CD98F00B204E9800998ECF8427E
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\ct3289847\conduit.xml --a---- 785 bytes [06:29 18/07/2012] [06:29 18/07/2012] 6ACD8B6E740CB1E9A9FA43F2087592C6
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\temp\VAFMusic Conduitinfo.dfe --a---- 950 bytes [05:35 11/05/2013] [05:35 11/05/2013] 946B38AE25917D9304E150709B8B435C
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_85_319_CT3198785_images_634921255359427985_24PX_png.png --a---- 9566 bytes [01:35 20/05/2013] [01:35 20/05/2013] F80E425848D8626F7724EAB789D9EF7D
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633317530166393750_gif.gif --a---- 364 bytes [01:35 20/05/2013] [01:35 20/05/2013] 5D91DC0F03311D8A8B439D1671B4DEBC
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633317530254831250_gif.gif --a---- 364 bytes [01:35 20/05/2013] [01:35 20/05/2013] 5D91DC0F03311D8A8B439D1671B4DEBC
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633317540102175000_gif.gif --a---- 336 bytes [01:35 20/05/2013] [01:35 20/05/2013] D9EC69B628205F8DCCEBB875B4DEF823
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633317621550925000_gif.gif --a---- 364 bytes [01:35 20/05/2013] [01:35 20/05/2013] 5D91DC0F03311D8A8B439D1671B4DEBC
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633863768206468750_gif.gif --a---- 564 bytes [01:35 20/05/2013] [01:35 20/05/2013] 90C509CAABEA90E776EC9655B6393CE5
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_634121172080562500_png.png --a---- 861 bytes [01:35 20/05/2013] [01:35 20/05/2013] 36C24D51FCF3E54ABE9744A12DFDADF5
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822_png.png --a---- 1599 bytes [01:35 20/05/2013] [01:35 20/05/2013] 55B66C958AB82120635B74D90F60DED6
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_images_634650152257339187_20PX_png.png --a---- 796 bytes [01:35 20/05/2013] [01:35 20/05/2013] 60FDE0212C965A36A119A888A592C6B8
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Skins_634650129545916287_png.png --a---- 230 bytes [01:35 20/05/2013] [01:35 20/05/2013] 78F259402DCEFE9A08E315C5FD013E61
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [01:35 20/05/2013] [01:35 20/05/2013] 99D5F75C338F2A877CBF891E0F18746E
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [01:35 20/05/2013] [01:35 20/05/2013] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [01:35 20/05/2013] [01:35 20/05/2013] A847C5F6CE2C700048749892DD2E0619
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [01:35 20/05/2013] [01:35 20/05/2013] FED9E00C76F647EE6A0B7CC684C89F0C
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [01:35 20/05/2013] [01:35 20/05/2013] 36BD416D16391EFAAAFB2C3C54EAE986
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [01:35 20/05/2013] [01:35 20/05/2013] 943ADFD9E0DF1507F7BC419802BF4303
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [01:35 20/05/2013] [01:35 20/05/2013] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [01:35 20/05/2013] [01:35 20/05/2013] 275C9DA2D536F18F528C80E050C3D705
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [01:35 20/05/2013] [01:35 20/05/2013] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [01:35 20/05/2013] [01:35 20/05/2013] 650731EEF807C292E699779B12CBE552
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [01:35 20/05/2013] [01:35 20/05/2013] 9B4D914888BCFFCBAE6757A0E450551C
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [01:35 20/05/2013] [01:35 20/05/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_eula_png.png --a---- 513 bytes [01:35 20/05/2013] [01:35 20/05/2013] F43944209A64CCD0C9B5A92743F0F787
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [01:35 20/05/2013] [01:35 20/05/2013] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [01:35 20/05/2013] [01:35 20/05/2013] A9E001CBC00B06B121DFBC80707F5298
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [01:35 20/05/2013] [01:35 20/05/2013] 995595D4C685D659E8F03CD0A287EDDF
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [01:35 20/05/2013] [01:35 20/05/2013] 464E244E7E2F27FB85E0C3AB69D72104
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [01:35 20/05/2013] [01:35 20/05/2013] 6427565C7105DC497287866100F260BB
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [01:35 20/05/2013] [01:35 20/05/2013] AE7C9F67594A84B096D225601ACB0B2A
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [01:35 20/05/2013] [01:35 20/05/2013] C3EBA0237D68F665AF6D663906221092
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif --a---- 392 bytes [01:35 20/05/2013] [01:35 20/05/2013] 5E7217A3357550F9749A095631F51015
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [01:35 20/05/2013] [01:35 20/05/2013] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png --a---- 617 bytes [01:35 20/05/2013] [01:35 20/05/2013] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [01:35 20/05/2013] [01:35 20/05/2013] 66018EAE0906C9831A821CAE5D1089BB
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_MarketPlace_97_5e6_9739aadc-99e3-4b66-8c1e-bc6ae6cd55e6_Appearance_634165981520378434_24x24_png.png --a---- 1458 bytes [01:35 20/05/2013] [01:35 20/05/2013] 8C80A43F15DA2CEAC258B1C451067FF3
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321_png.png --a---- 1666 bytes [01:35 20/05/2013] [01:35 20/05/2013] 672D1DFF2B0796954BCFA8C6A395C163
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3289847.xml --a---- 7037 bytes [01:35 20/05/2013] [02:59 21/05/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3289847.xml --a---- 5515 bytes [01:35 20/05/2013] [02:59 21/05/2013] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3289847.xml --a---- 6581 bytes [01:35 20/05/2013] [02:59 21/05/2013] 93DBA7DBB3A402F930076666BD7C539C
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3289847.xml --a---- 5514 bytes [01:35 20/05/2013] [02:59 21/05/2013] 16A75DAC853B7B226069A2F21C379531
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\CT3289847\conduit.xml --a---- 995 bytes [16:56 12/05/2013] [16:56 12/05/2013] ACB407D9405B2E5AB0B4E653CFF291CF
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\Plugins\npConduitFirefoxPlugin.dll --a---- 207136 bytes [17:19 14/05/2013] [17:19 14/05/2013] 58FD90C26D89DEFD2ED47206D3B4BD83

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\05222013_213508\C_Program Files (x86)\WhiteSmoke_New d------ [05:37 11/05/2013]
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\WhiteSmoke d------ [05:35 11/05/2013]
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New d------ [05:37 11/05/2013]

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*conduit*"
C:\_OTL\MovedFiles\05222013_213508\C_Program Files (x86)\Conduit d------ [05:37 11/05/2013]
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\VAFMusic Conduit d------ [05:35 11/05/2013]
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847 d------ [15:53 19/05/2013]
C:\_OTL\MovedFiles\05222013_213508\C_Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_en d------ [01:35 20/05/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ECF6440B-D6E1-5FD8-80CF-B9EDD89BC4F6}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_2.0.0.273_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Classes\ActivatableClasses\CLSID\{ECF6440B-D6E1-5FD8-80CF-B9EDD89BC4F6}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_2.0.0.273_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001_Classes\ActivatableClasses\CLSID\{ECF6440B-D6E1-5FD8-80CF-B9EDD89BC4F6}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001_Classes\ActivatableClasses\Package\Microsoft.BingSports_2.0.0.273_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"DisplayName"="WhiteSmoke New Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"HelpLink"="http://WhiteSmokeNew.OurToolbar.com/help"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"Publisher"="WhiteSmoke New"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"URLInfoAbout"="http://WhiteSmokeNew.OurToolbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"DisplayIcon"="C:\Program Files (x86)\WhiteSmoke_New\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"UninstallString"="C:\Program Files (x86)\WhiteSmoke_New\uninstall.exe toolbar"

Searching for "datamngr"
No data found.

Searching for "conduit"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 23rd, 2013, 5:20 pm

Seems we missed a couple of entries, (the rest of the things found by SystemLook are the encrypted files that OTL creates), we'll need to remove them.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Windows\Prefetch\CONDUITINSTALLER.EXE-ABD7B978.pf

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Trolltech]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

DON'T FORGET TO TELL ME HOW YOUR COMPUTER IS RUNNING NOW.



.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 23rd, 2013, 7:43 pm

========== FILES ==========
C:\Windows\Prefetch\CONDUITINSTALLER.EXE-ABD7B978.pf moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Trolltech\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05232013_164236
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 23rd, 2013, 7:53 pm

while in fb it does NOT appear to be diverting me to pop up ads. BUT in firefox clicking into gmail it diverted me an 'online background checks' (checkpeople.com) ad
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 23rd, 2013, 8:31 pm

it is still redirecting to ads... drats
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 24th, 2013, 1:12 am

OK, please run another scan with SystemLook for me .....

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *checkpeople*
    *trolltech*
    
    :folderfind
    *checkpeople*
    *trolltech*
    
    :Regfind
    checkpeople
    trolltech
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 24th, 2013, 1:22 am

SystemLook 04.09.10 by jpshortstuff
Log created at 22:18 on 23/05/2013 by suzanne
Administrator - Elevation successful

========== filefind ==========

Searching for "*checkpeople*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*checkpeople*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "checkpeople"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 391 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware