Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

clicking to ads in IE Firefox FB

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

clicking to ads in IE Firefox FB

Unread postby doby108 » May 20th, 2013, 11:37 pm

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 1/24/2013 8:55:01 PM
System Uptime: 5/19/2013 8:59:22 AM (36 hours ago)
.
Motherboard: LENOVO | | INVALID
Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz | U3E1 | 2901/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 884 GiB total, 833.005 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22.974 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP21: 4/29/2013 11:49:46 AM - Scheduled Checkpoint
RP22: 5/7/2013 11:43:18 AM - Scheduled Checkpoint
RP23: 5/15/2013 9:21:02 AM - Windows Update
RP24: 5/16/2013 11:59:02 AM - Installed Java 7 Update 21
RP25: 5/19/2013 8:56:27 AM - Quitado VAFPlayer
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Amazon Browser App
Amazon Kindle
Bing Bar
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Energy Management
FreeRide Games
FreeScreenSharing
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Officejet 6700 Product Improvement Study
HP Update
I.R.I.S. OCR
Intel AppUp(SM) center
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Intelligent Touchpad
Java 7 Update 13 (64-bit)
Java 7 Update 21
Java Auto Updater
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo Photos
Lenovo PowerDVD10
Lenovo YouCam
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Nitro Pro 7
Onekey Theater
Power2Go
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Software Version Updater
Spotify
SugarSync Manager
Synaptics Pointing Device Driver
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
UserGuide
WhiteSmoke New Toolbar
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)
Windows Mobile Device Updater Component
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
5/19/2013 7:03:04 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.104. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.
5/17/2013 11:43:25 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by suzanne at 20:25:15 on 2013-05-20
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8048.3831 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RTFTrack.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Users\suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
C:\Users\suzanne\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe
C:\Windows\System32\WWAHost.exe
C:\windows\WinStore\WSHost.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\splwow64.exe
C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
C:\Program Files\WindowsApps\E046963F.LenovoSupport_1.2.5.0_x86__k1h2ywk1493x8\Support.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wwahost.exe
C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_30.2.313.0_neutral__v10z8vjag6ke6\HP.Workflow.FleetApp.exe
C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20623_x64__8wekyb3d8bbwe\glcnd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Zune\Zune.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\windows\system32\wwahost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3289847
uDefault_Page_URL = hxxp://lenovo13.msn.com
uURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
mURLSearchHooks: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
mWinlogon: Userinit = userinit.exe
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: WhiteSmoke New Toolbar: {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke New Toolbar: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll
uRun: [Spotify] "C:\Users\suzanne\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [HP Officejet 6700 (NET)] "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN31D9QJ8D05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
uRun: [FreeScreenSharing] "C:\Users\suzanne\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\suzanne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E690A86B-52E8-4FD5-A6AF-355A9C142872} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB8E4E4F-6AF1-4F65-B18C-184059DF669A} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB8E4E4F-6AF1-4F65-B18C-184059DF669A}\C41627279772370286F6573756 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [SynLenovoGestureMgr] "C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT32898 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 16&UM=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\FreeRide Games\npExentControl.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
FF - plugin: C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\np-mswmp.dll
FF - plugin: C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-05-10 22:36; eoppnrqmocgit@fmwplidnapyokntwh.net; C:\Program Files (x86)\Mozilla Firefox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net
FF - ExtSQL: 2013-05-10 22:36; {739df940-c5ee-4bab-9d7e-270894ae687a}; C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-10-24 645952]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2012-10-24 39008]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-17 731688]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-10-24 1091520]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-10-24 1112000]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-5-2 135952]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-10-24 166720]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-7-16 216072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-7-16 69640]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-6-19 1646608]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-24 365376]
R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2012-10-24 56136]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE [2012-1-25 240408]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-10-24 110592]
R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-10-24 825344]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-10-24 55848]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-8-12 342528]
R3 NETwNe64;@oem43.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-8-19 4273192]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-10-24 683664]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\Drivers\rtsuvc.sys [2012-10-24 8227216]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-31 43832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE [2012-1-25 192792]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-7-17 162344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2012-10-24 315536]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2012-10-24 102376]
.
=============== Created Last 30 ================
.
2013-05-20 15:19:58 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{796E3EAF-30E6-4DDC-B123-027A131B3988}\mpengine.dll
2013-05-19 15:52:51 9460464 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-05-17 16:18:56 193712 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10203.bin
2013-05-16 19:00:23 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-15 16:10:34 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-05-15 16:10:33 112872 ----a-w- C:\windows\System32\consent.exe
2013-05-15 16:10:20 861184 ----a-w- C:\windows\System32\drivers\http.sys
2013-05-15 16:10:19 2382336 ----a-w- C:\windows\SysWow64\esent.dll
2013-05-15 16:10:18 2851840 ----a-w- C:\windows\System32\esent.dll
2013-05-15 16:10:16 6987528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-05-13 14:47:30 -------- d-----w- C:\SearchProtect
2013-05-11 05:38:13 -------- d-----w- C:\Users\suzanne\AppData\Local\SwvUpdater
2013-05-11 05:37:55 -------- d-----w- C:\Program Files (x86)\Conduit
2013-05-11 05:37:53 -------- d-----w- C:\Users\suzanne\AppData\Local\Conduit
2013-05-11 05:37:53 -------- d-----w- C:\Program Files (x86)\WhiteSmoke_New
2013-05-11 05:37:39 -------- d-----w- C:\Users\suzanne\AppData\Local\CRE
2013-05-11 05:37:16 -------- d-----w- C:\Users\suzanne\AppData\Roaming\player
2013-05-11 05:36:38 -------- d-----w- C:\Users\suzanne\AppData\Local\DownloadTerms
2013-05-11 05:36:30 -------- d-----w- C:\ProgramData\Tarma Installer
.
==================== Find3M ====================
.
2013-05-07 20:07:50 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 20:07:50 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-04-16 02:34:44 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-04-13 17:54:48 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-04-13 17:54:48 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-09 23:17:44 2242048 ----a-w- C:\windows\System32\wininet.dll
2013-04-09 23:17:36 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-04-09 23:16:58 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-04-09 22:30:26 1767424 ----a-w- C:\windows\SysWow64\wininet.dll
2013-04-09 22:29:44 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-04-09 05:33:02 489576 ----a-w- C:\windows\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\windows\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\windows\System32\audiodg.exe
2013-04-09 05:27:43 284424 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-04-09 05:20:02 86280 ----a-w- C:\windows\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\windows\System32\kdvm.dll
2013-04-09 05:17:57 1829408 ----a-w- C:\windows\System32\ntdll.dll
2013-04-09 04:52:07 816128 ----a-w- C:\windows\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\windows\System32\Robocopy.exe
2013-04-09 04:52:06 804352 ----a-w- C:\windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\windows\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\windows\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\windows\System32\wpncore.dll
2013-04-09 04:51:20 13648384 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2013-04-09 04:51:17 595456 ----a-w- C:\windows\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05 10116096 ----a-w- C:\windows\System32\twinui.dll
2013-04-09 04:51:03 3552768 ----a-w- C:\windows\System32\tquery.dll
2013-04-09 04:50:53 414720 ----a-w- C:\windows\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\windows\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\windows\System32\schedsvc.dll
2013-04-09 04:50:03 96256 ----a-w- C:\windows\System32\mssprxy.dll
2013-04-09 04:50:03 745984 ----a-w- C:\windows\System32\mssvp.dll
2013-04-09 04:50:03 2107904 ----a-w- C:\windows\System32\mssrch.dll
2013-04-09 04:50:02 65024 ----a-w- C:\windows\System32\msscntrs.dll
2013-04-09 04:50:02 435200 ----a-w- C:\windows\System32\mssph.dll
2013-04-09 04:50:02 13824 ----a-w- C:\windows\System32\msshooks.dll
2013-04-09 04:49:54 1444864 ----a-w- C:\windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45 281088 ----a-w- C:\windows\System32\mfreadwrite.dll
2013-04-09 04:49:36 817152 ----a-w- C:\windows\System32\kerberos.dll
2013-04-09 04:49:33 210432 ----a-w- C:\windows\System32\iuilp.dll
2013-04-09 04:49:16 50176 ----a-w- C:\windows\System32\fmifs.dll
2013-04-09 04:49:16 231936 ----a-w- C:\windows\System32\fhengine.dll
2013-04-09 04:49:09 172544 ----a-w- C:\windows\System32\dwmredir.dll
2013-04-09 04:49:06 196096 ----a-w- C:\windows\System32\dmvdsitf.dll
2013-04-09 04:48:43 2303488 ----a-w- C:\windows\System32\authui.dll
2013-04-09 04:48:42 785408 ----a-w- C:\windows\System32\audiosrv.dll
2013-04-09 04:48:42 169472 ----a-w- C:\windows\System32\AudioEndpointBuilder.dll
2013-04-09 04:48:34 419840 ----a-w- C:\windows\System32\intl.cpl
2013-04-09 02:35:13 4038144 ----a-w- C:\windows\System32\win32k.sys
2013-04-09 02:34:49 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-04-09 02:34:42 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys
2013-04-09 02:34:30 95744 ----a-w- C:\windows\System32\drivers\hidbth.sys
2013-04-09 02:33:41 60416 ----a-w- C:\windows\System32\drivers\ndproxy.sys
2013-04-09 02:33:05 623104 ----a-w- C:\windows\System32\drivers\srv2.sys
2013-04-09 02:32:02 805376 ----a-w- C:\windows\System32\drivers\PEAuth.sys
2013-04-09 02:31:14 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
2013-04-09 02:31:01 83456 ----a-w- C:\windows\System32\drivers\wanarp.sys
2013-04-08 23:44:25 123880 ----a-w- C:\windows\SysWow64\wscapi.dll
2013-04-08 23:39:14 1408896 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-04-08 23:37:29 426024 ----a-w- C:\windows\SysWow64\AudioEng.dll
2013-04-08 23:37:29 324368 ----a-w- C:\windows\SysWow64\AudioSes.dll
2013-04-08 21:52:16 670208 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16 302592 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:16 171008 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52:16 106496 ----a-w- C:\windows\SysWow64\Robocopy.exe
2013-04-08 21:52:06 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-04-04 23:30:17 503080 ----a-w- C:\windows\System32\ci.dll
2013-03-30 18:16:05 1403784 ----a-w- C:\windows\System32\winload.efi
2013-03-30 18:16:05 1267424 ----a-w- C:\windows\System32\winload.exe
2013-03-28 22:09:09 1093880 ----a-w- C:\windows\System32\winresume.exe
2013-03-28 22:09:04 1217328 ----a-w- C:\windows\System32\winresume.efi
2013-03-15 22:05:34 298456 ----a-w- C:\windows\System32\rsaenh.dll
2013-03-15 22:05:16 252928 ----a-w- C:\windows\SysWow64\rsaenh.dll
2013-03-02 10:57:48 337128 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\windows\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\windows\System32\drivers\storport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\windows\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\windows\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\windows\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 246784 ----a-w- C:\windows\SysWow64\ubpm.dll
.
============= FINISH: 20:25:53.61 ===============
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm
Advertisement
Register to Remove

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 21st, 2013, 9:24 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 21st, 2013, 9:40 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi doby108

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 8, it may be necessary to right click some of the tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are definite signs of infection on your computer, and we'll need to remove the infection in sections. First we'll run a removal tool, and then we'll need to run some further scans to make sure we've got everything.

First ....

You have an old version of java on your computer which can be exploited even though you also have the latest version installed as well.

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java 7 Update 13 (64-bit)


Reboot your computer once it's uninstalled.

Next ....

Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next ....

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Finally ....

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    conduit
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • JRT.txt
  • OTL.txt
  • Extras.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 21st, 2013, 2:37 pm

Hi gary..... at this step
Shut down your protection software now to avoid potential conflicts.

dont know how to do this?

suzanne
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 21st, 2013, 5:13 pm

Since you only have Windows Defender running for protection, just run the scans and don't bother trying to disable WD, it shouldn't interfere with anything. The instructions for running JRT are "generic" and include the advice to disable your protection because some Anti-Virus products will interfere with the removal process.

You should be OK to run the scans without disabling WD, and then post me the logs please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 22nd, 2013, 12:11 am

Gary, i think something may have gotten downloaded. iLivid something. I thought it was the JRT download.
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 22nd, 2013, 12:12 am

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by suzanne on Tue 05/21/2013 at 21:08:43.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{506C8EA7-0506-4774-B260-757F1CAB2B41}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85F90F5D-7562-452B-AD15-C6FB24F68DF4}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}



~~~ Files

Failed to delete: [File] "C:\end"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\suzanne\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\suzanne\appdata\local\downloadterms"
Successfully deleted: [Folder] "C:\Users\suzanne\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\suzanne\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\suzanne\appdata\locallow\pricegong"
Failed to delete: [Folder] "C:\Program Files (x86)\conduit"
Failed to delete: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\user.js
Successfully deleted: [Folder] C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\smartbar
Failed to delete: [Folder] C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\extensions\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Successfully deleted the following from C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\prefs.js

user_pref("CT3289847.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN20356867831903416&UM=2&q=");
user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3289847.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPT
user_pref("CT3289847.installType", "conduitnsisintegration");
user_pref("CT3289847.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=15&CUI=UN203568678319034
user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2Fmessages%2FBlingItOn.BlingDaddy\",\"EB_MAIN_FRAME_TITLE\":\"Larry%20Lon
user_pref("CT3289847.search.searchAppId", "130068661007799818");
user_pref("CT3289847.search.searchCount", "1");
user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew.OurToolbar.com//xpi\"}");
user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New\"}");
user_pref("CT3289847.smartbar.CTID", "CT3289847");
user_pref("CT3289847.smartbar.Uninstall", "0");
user_pref("CT3289847.smartbar.homepage", true);
user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN20356867831903416&UM=2&SearchSource=13");
user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN20356867831903416&UM=2&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN20356867831903416&UM=2&SearchSource=13");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN20356867831903416&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource=61&CUI=UN20356867831903416&UM=2&UP=SPF90694CE-D12C-419D-93BA-
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN20356867831903416&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
user_pref("smartbar.homePageOwnerCTID", "CT3289847");
user_pref("smartbar.machineId", "MSL3QLEZ1DQX2LPSKTDNY9WWG6GMJX+RVJFMXBBVEIS5ODNQYGWJD6XUBEYGY5HAGQMMRB5NTTXT4HWD39NOPW");
Emptied folder: C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\minidumps [2 files]



~~~ Chrome

Failed to delete: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/21/2013 at 21:10:36.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 22nd, 2013, 12:40 am

OTL logfile created on: 5/21/2013 9:33:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\suzanne\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 76.71% Memory free
9.05 Gb Paging File | 7.14 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884.18 Gb Total Space | 832.78 Gb Free Space | 94.19% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.97 Gb Free Space | 91.90% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 289.15 Gb Free Space | 97.00% Space Free | Partition Type: NTFS

Computer Name: SUZLENOVO | User Name: suzanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/21 21:31:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\suzanne\Downloads\OTL.exe
PRC - [2013/05/21 21:08:14 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\suzanne\Downloads\JRT(1).exe
PRC - [2013/05/14 11:41:13 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/04/11 18:32:45 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 05:32:20 | 000,052,128 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PRC - [2013/04/04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\java.exe
PRC - [2013/02/12 14:34:08 | 001,199,000 | ---- | M] (Spotify Ltd) -- C:\Users\suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/09/19 22:55:29 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2012/08/08 11:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/08/08 11:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/08/03 03:57:48 | 002,265,424 | ---- | M] () -- C:\Users\suzanne\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
PRC - [2012/07/27 11:52:44 | 000,167,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2012/07/27 11:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2012/07/25 20:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/16 00:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/19 17:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2012/03/28 18:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2012/01/25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE


========== Modules (No Company Name) ==========

MOD - [2013/05/14 11:41:12 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/04/11 18:32:28 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/04 05:32:22 | 000,016,288 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
MOD - [2012/08/03 03:57:48 | 002,265,424 | ---- | M] () -- C:\Users\suzanne\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 22nd, 2013, 12:41 am

OTL Extras logfile created on: 5/21/2013 9:33:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\suzanne\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 76.71% Memory free
9.05 Gb Paging File | 7.14 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884.18 Gb Total Space | 832.78 Gb Free Space | 94.19% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.97 Gb Free Space | 91.90% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 289.15 Gb Free Space | 97.00% Space Free | Partition Type: NTFS

Computer Name: SUZLENOVO | User Name: suzanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Directory [Photo Show] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Photo Show.exe" -d "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1542C301-37AD-47A0-AC57-A30038E8D062}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{1BD9F35E-B424-4C6B-AEBE-4DB3606574D2}" = lport=138 | protocol=17 | dir=in | app=system |
"{20F07990-C1C9-4003-BB47-FCA00C86D1EC}" = lport=139 | protocol=6 | dir=in | app=system |
"{29DE7DCE-FF61-4264-85C4-9D09D0521AA4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38CF3C1B-AE35-4E0C-A111-0CF3B7D06757}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6DA6474F-D35E-4B20-8723-292D6792520A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6FACCDD8-CEDB-4473-9378-7897530D7351}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9C8F5001-FAB0-4050-BFAA-9E805F00FFB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0C8BF23-87FF-4082-BC9F-991EB8274F33}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1A7B86C-C42F-4F99-B548-1F73DFE1D6C1}" = rport=138 | protocol=17 | dir=out | app=system |
"{AD98C393-1E90-4347-B70E-F4695555A869}" = rport=139 | protocol=6 | dir=out | app=system |
"{B5A1B8F9-F321-4602-BE90-8180BAE07D47}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BAE4BBC2-27A7-465E-9DB3-46DF9B557CC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C12B3618-BAC5-47BF-A8FE-91C14D0C81A0}" = rport=445 | protocol=6 | dir=out | app=system |
"{C61DCC9A-81A9-4406-A9B2-10F9B99FC321}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C981376E-0C57-4EB6-B111-D375F6703B0B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1548FAF-7B0D-42C1-967B-93537F75DDD6}" = lport=137 | protocol=17 | dir=in | app=system |
"{D2AB71C0-27B2-4FB1-9CD6-83F736DAE2D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D31A5A47-4AF2-4B5F-8A14-033F01A59F8E}" = rport=137 | protocol=17 | dir=out | app=system |
"{D91111FE-8881-417C-933D-56FCF2BF5825}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7C5181C-61DF-4AE6-B479-126F193F9CDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFC8DCB7-582E-4BA5-B05C-83061E820F6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00543CA1-D5F2-4943-B37D-13FD4249B542}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicator.exe |
"{045F5129-2056-4128-A3B2-B543938331B7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07090B11-4C3A-4210-9E62-7172425FEC88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0A896E38-64B1-4866-96D1-8D5EB5324930}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\hpnetworkcommunicatorcom.exe |
"{0B9EECEE-3A36-4008-8D47-6241FF029718}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{0C2A282B-4C6B-428C-99BF-9EA40289ED6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FB78483-762A-4309-B1DA-CA6E7EC06ED1}" = dir=out | name=@{microsoft.bingmaps_1.6.1528.2509_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{1ABC081A-7CE5-4B6B-A746-9D1D6E51C258}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C263E98-151D-4258-93BC-99303F989F30}" = dir=out | name=@{microsoft.bingnews_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{20F4F7BE-73E2-42D8-AC32-45173CEFD1BE}" = dir=in | name=rara.com |
"{312378B9-4B6B-4936-A296-D8EEEAD4C493}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{3603CD96-F8AD-4AD5-8EF3-512105BDE1FB}" = dir=out | name=rara.com |
"{3797ACD0-8E0F-48E1-A43E-B83C5456EF12}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{37BEF025-38D6-4EA0-B1C2-058F96B39DE5}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"{38564E2C-D09C-4A02-B503-00EE669EDF5F}" = dir=out | name=powerdvd for lenovo idea |
"{3CBEC8C3-0554-4EA2-9AED-4CC7E4ED5626}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\devicesetup.exe |
"{47BE5E48-C983-429E-A6FB-4DB5978E22C7}" = dir=out | name=accuweather for windows 8 |
"{498F56FA-34E1-4919-88CB-817DA7834B90}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49AC666B-0A3F-4217-9AD0-224CEC07657F}" = dir=out | name=@{microsoft.zunevideo_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{49C9F3CB-84E6-4E85-BF1F-E0C3A4CAB00E}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{50D249A9-B5F0-48DA-9E68-2A396DEA77C7}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{518A583F-4EC5-4F4E-9D61-0DEB64ECE9E8}" = dir=out | name=hp printer control |
"{5CA0CD15-F8E5-4AA9-9153-3908B213193E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5CE11618-51E0-4926-9137-A1CFF5B95C5E}" = dir=out | name=skype |
"{5D24A197-AAF5-49C5-8E3E-F7A9633582B6}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{629A9515-057C-4F08-A34D-A7E948B5FA6A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{62BE1FF8-617B-4971-9F31-81429CA1038F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62EF16EA-B8BC-44A3-81FB-F4521BFA0B72}" = dir=out | name=@{microsoft.bingtravel_2.0.0.274_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{6FBC33DE-5269-4760-A56E-F64F9F7C38F1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{702CBF50-F778-4833-BBB3-46D345F4A68F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70F180DE-3DEA-49DF-861E-A12D7AFBF27B}" = dir=out | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{710676D1-C183-4046-95CC-9C5504CC0362}" = dir=in | name=ebay |
"{75E35974-A187-4A2E-A078-8C60AE2A0E51}" = dir=out | name=evernote touch |
"{76DCA882-4600-486B-8FFA-863D16C6D0B0}" = dir=in | name=skype |
"{79347832-51F9-4AC5-BE0C-DBB05599131E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E64FDE2-5EBD-46BA-907F-44585D3ADF0F}" = dir=in | name=evernote touch |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{88F9B159-2304-40A5-B269-ACFBABAC7739}" = dir=out | name=@{microsoft.zunemusic_1.3.59.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{8B966AC8-AF91-4BE2-B5AB-2AF728499533}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BA5AD2F-4F8D-467C-9F3C-81F62289A17B}" = dir=out | name=ebay |
"{8D155684-7FEC-482A-9BCE-CDF344EACFFB}" = dir=in | name=mcafee security advisor for lenovo |
"{9AE77FA2-8144-473E-B380-C45ADEFD2C1D}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe |
"{9E265D69-3AB6-447C-9D7B-4899FDF963A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1446789-058E-44F9-B75B-73C07918AF84}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{A1508CA8-3E0A-44DC-A2C9-AE38E0092ADD}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\faxapplications.exe |
"{A1A507A2-6CC5-4E32-AF41-A5CDE5A991FF}" = dir=out | name=kindle |
"{A4051DA4-AE39-4CDE-9BF8-1B0E4D1242D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF1EAF10-CD78-4833-ACD2-D4DEC2AA8AC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B083DABB-D78C-48F2-AC5F-1A8982A8B941}" = dir=out | name=@{microsoft.bingfinance_2.0.0.275_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{B0F00CE7-4423-4E6E-BAE2-446FDE7B5671}" = dir=in | name=accuweather for windows 8 |
"{B21326B2-E18C-4369-8D56-DBB73FB519BF}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B302112C-A3F0-47EB-B30E-5AC3B0B42D17}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{BE0A0117-FBC2-46FD-8452-C872553439F8}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C4710BD9-F974-45A4-BA25-09DEB46650CC}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{C53A3676-4FAC-4874-9ED7-769500738A57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5AE134C-90A8-4FF0-A23A-939CA3F2ABFC}" = protocol=6 | dir=out | app=system |
"{CA5A1554-E59C-4035-874A-EF61465F40F4}" = dir=in | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{CD50B070-ED6D-4A0C-BBCD-FF779975E9D6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{D3EC9136-DDF9-47C0-BF09-24E88F1B814F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4B2312A-9FDD-4F78-BDFD-7FA1D326E0DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D90DCA64-1AD5-4493-B82B-4E32964D7E5C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{DD796C61-C7D4-4B00-8F64-5B6998E219AF}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\digitalwizards.exe |
"{E3863B39-DAA5-422E-8DBC-40DB98B9C7AD}" = dir=out | name=mcafee security advisor for lenovo |
"{E3D1C896-303F-4657-8021-AC86AD00437C}" = dir=out | name=lenovo support |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E856A476-F14A-4887-8C6A-70F8DC94232D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EA045792-71EB-4E43-BA6D-2B8DA8172E3A}" = dir=out | name=lenovo companion |
"{F1C533C6-1F1E-4CF8-9AE9-F794EA28BD68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F200CDCA-55B0-4D76-9C79-3649FBDF0F81}" = dir=in | app=c:\program files\hp\hp officejet 6700\bin\sendafax.exe |
"{F221D23E-ECC1-4510-A801-32CD79A7763D}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{FA38778A-0967-477C-BA1D-CCB58A6FFC54}" = dir=out | name=windows_ie_ac_001 |
"{FE7C200C-B9AA-4786-9036-D6B8DA42F617}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FEDF4992-2215-4333-BE12-22B0FB2D6A64}" = dir=in | name=hp printer control |
"{FF27E2A6-145F-4651-B0DC-2671478BE550}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"TCP Query User{210EFC14-AC0A-4841-B158-59872BD7AEA0}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe" = protocol=6 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe |
"TCP Query User{69E02641-EC48-4BE0-88E0-800057FD6612}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe" = protocol=6 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe |
"TCP Query User{C1E9C5F0-5E19-41A7-9D0D-EF09F11C5197}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe" = protocol=6 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe |
"TCP Query User{D29D3C0B-DAD8-4B78-822F-6F3A73331AA6}C:\users\suzanne\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\suzanne\appdata\roaming\spotify\spotify.exe |
"UDP Query User{847F9C29-5FFB-4D59-B0BC-5500311A7458}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe" = protocol=17 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe |
"UDP Query User{A94A3EFA-F8DC-4E6C-92AF-DAFA225E78B6}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe" = protocol=17 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe |
"UDP Query User{C5A65458-96E8-41C8-BDEB-331E5F63929F}C:\users\suzanne\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe" = protocol=17 | dir=in | app=c:\users\suzanne\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe |
"UDP Query User{DC153D89-7063-4261-8021-2524BF8FD01D}C:\users\suzanne\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\suzanne\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3165E4A6-D5DE-46B0-8597-D55E2B826B84}" = Rosetta Stone Ltd Services
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3611CA6C-5FCA-4900-A329-6A118123CCFC}" = Bing Bar
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B6BC189-D606-4BC7-9758-E6C364F76A55}" = Rosetta Stone TOTALe
"{6C26A305-4549-4A8A-9F03-25719C03B0FB}" = FreeRide Games
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}" = Onekey Theater
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{DD7D6D84-93AB-48CA-A759-94324E341CBA}" = Intelligent Touchpad
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E1AE0CB7-1333-4728-8520-CB3F88A252B4}" = HP Officejet 6700 Help
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"Lenovo Photos" = Lenovo Photos
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"SugarSync" = SugarSync Manager
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"WhiteSmoke_New Toolbar" = WhiteSmoke New Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"FreeScreenSharing" = FreeScreenSharing
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2013 1:33:06 PM | Computer Name = suzlenovo | Source = Application Error | ID = 1000
Description = Faulting application name: devmonsrv.exe, version: 2.5.0.244, time
stamp: 0x50220e70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xcf4 Faulting application
start time: 0x01ce2bcf9997d795 Faulting application path: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
Faulting
module path: unknown Report Id: 8ab0b332-9c84-11e2-be83-84a6c8d0d6e3 Faulting package
full name: Faulting package-relative application ID:

Error - 4/16/2013 4:06:11 PM | Computer Name = suzlenovo | Source = ZuneDriver | ID = 80837
Description =

Error - 4/16/2013 4:06:41 PM | Computer Name = suzlenovo | Source = WPDMTPDriver | ID = 80836
Description =

Error - 5/1/2013 7:19:05 PM | Computer Name = suzlenovo | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.2.9200.16384, time
stamp: 0x5010891a Faulting module name: IWMSSvc.dll_unloaded, version: 0.0.0.0,
time stamp: 0x500706db Exception code: 0xc0000005 Fault offset: 0x000007fd30db3902
Faulting
process id: 0x69dc Faulting application start time: 0x01ce46c244d4e6f4 Faulting application
path: C:\windows\system32\WLANExt.exe Faulting module path: IWMSSvc.dll Report Id:
83fc5efe-b2b5-11e2-be85-84a6c8d0d6e3 Faulting package full name: Faulting package-relative
application ID:

Error - 5/3/2013 1:19:07 AM | Computer Name = suzlenovo | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.2.9200.16384, time
stamp: 0x5010891a Faulting module name: IWMSSvc.dll_unloaded, version: 0.0.0.0,
time stamp: 0x500706db Exception code: 0xc0000005 Fault offset: 0x000007fd2e9d8269
Faulting
process id: 0x8140 Faulting application start time: 0x01ce47bdb3b06f3f Faulting application
path: C:\windows\system32\WLANExt.exe Faulting module path: IWMSSvc.dll Report Id:
fa44c339-b3b0-11e2-be85-84a6c8d0d6e3 Faulting package full name: Faulting package-relative
application ID:

Error - 5/3/2013 9:48:01 PM | Computer Name = suzlenovo | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 5/11/2013 1:37:43 AM | Computer Name = suzlenovo | Source = CltMngSvc | ID = 1000
Description =

Error - 5/11/2013 1:38:05 AM | Computer Name = suzlenovo | Source = CltMngSvc | ID = 1000
Description =

Error - 5/13/2013 2:55:25 AM | Computer Name = suzlenovo | Source = Application Error | ID = 1000
Description = Faulting application name: WLANExt.exe, version: 6.2.9200.16384, time
stamp: 0x5010891a Faulting module name: IWMSSvc.dll_unloaded, version: 0.0.0.0,
time stamp: 0x500706db Exception code: 0xc0000005 Fault offset: 0x000007fd39fa82d0
Faulting
process id: 0x7c2c Faulting application start time: 0x01ce4fa6cfc456b3 Faulting application
path: C:\windows\system32\WLANExt.exe Faulting module path: IWMSSvc.dll Report Id:
16191f8a-bb9a-11e2-be85-84a6c8d0d6e3 Faulting package full name: Faulting package-relative
application ID:

Error - 5/13/2013 10:47:28 AM | Computer Name = suzlenovo | Source = CltMngSvc | ID = 1000
Description =

[ System Events ]
Error - 3/9/2013 2:44:15 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7031
Description = The Windows Defender Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 3/24/2013 3:53:38 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 4/4/2013 12:48:29 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/4/2013 12:49:25 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/4/2013 1:58:41 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/4/2013 1:59:32 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/11/2013 12:35:42 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/11/2013 12:36:32 PM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Bluetooth Device Monitor service.

Error - 4/19/2013 3:52:54 PM | Computer Name = suzlenovo | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 5/11/2013 1:38:13 AM | Computer Name = suzlenovo | Source = Service Control Manager | ID = 7034
Description = The Yontoo Desktop Updater service terminated unexpectedly. It has
done this 1 time(s).


< End of report >
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 22nd, 2013, 12:50 am

SystemLook 04.09.10 by jpshortstuff
Log created at 21:46 on 21/05/2013 by suzanne
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\suzanne\Downloads\iLividSetup-r352-n-bf(1).exe --a---- 1488280 bytes [04:07 22/05/2013] [04:07 22/05/2013] 468BBE0DC83496CAD49597A47341C786
C:\Users\suzanne\Downloads\iLividSetup-r352-n-bf.exe --a---- 1488280 bytes [04:07 22/05/2013] [04:07 22/05/2013] 468BBE0DC83496CAD49597A47341C786
C:\Windows\Prefetch\ILIVIDSETUP-R352-N-BF(1).EXE-836CC980.pf --a---- 39990 bytes [04:07 22/05/2013] [04:07 22/05/2013] 023614948E7585A98906CE4B97775D70

Searching for "*whitesmoke*"
C:\Program Files (x86)\WhiteSmoke_New\WhiteSmoke_NewToolbarHelper.exe --a---- 86816 bytes [10:10 10/04/2013] [10:10 10/04/2013] 943F313974A830D4634C73BEB8103F5E
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YLX2RYGO\whitesmokecss[1].css --a---- 3085 bytes [01:36 20/05/2013] [01:36 20/05/2013] D183C9CDB27F4B82124489F2C6D1FE83
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YLX2RYGO\whitesmokeTools[1].htm --a---- 8872 bytes [01:35 20/05/2013] [01:35 20/05/2013] F9099F6F1264DF680B02952A68559AED
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\whitesmoke.css --a---- 15259 bytes [21:23 21/02/2013] [21:23 21/02/2013] 5EF06091781C8D07BD85A071EA420E57
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img-gris.png --a---- 6104 bytes [18:53 16/10/2012] [18:53 16/10/2012] ECDA9D419EF846E066B16A51AC94AADE
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.jpg --a---- 5405 bytes [17:10 17/08/2012] [17:10 17/08/2012] 24A87BBB91F103F38E3DD4136C2EC358
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.png --a---- 5223 bytes [15:42 03/08/2012] [15:42 03/08/2012] 5F58552CF5DA329F3390D05C19B3A447
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img2.jpg --a---- 6885 bytes [16:47 01/08/2012] [16:47 01/08/2012] EFB7F860C1BC8F34C6A5E2BA0F6B36F8
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-logo.png --a---- 4134 bytes [15:42 03/08/2012] [15:42 03/08/2012] F0704EA722C449E60FC41C0BA822FA79
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-toolbar-new-gris.png --a---- 4080 bytes [19:46 30/01/2013] [19:46 30/01/2013] 19CE0ACD2D24AE259C66C25F2FAF652A
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\temp\WhiteSmokeinfo.dfe --a---- 34007 bytes [05:35 11/05/2013] [05:35 11/05/2013] 10FD084B22329F248F0F7DA4468D998D
C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\searchplugins\whitesmoke-new-customized-web-search.xml --a---- 1102 bytes [16:56 12/05/2013] [16:56 12/05/2013] 6064425C644E99916DAD6B926796BB4E

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*conduit*"
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\ConduitAbstractionLayerBack.js --a---- 492148 bytes [04:58 14/05/2013] [04:58 14/05/2013] C7203025CB1929E0ECB9F75A24406246
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\ConduitAbstractionLayerFront.js --a---- 253522 bytes [04:58 14/05/2013] [04:58 14/05/2013] 3296CEFD0F8C176F6AA4D47756AC66C2
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\js\conduitEnv.js --a---- 93693 bytes [04:58 14/05/2013] [04:58 14/05/2013] 9DB75E864BEA1C6855D203898ED5A7A2
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\plugins\ConduitChromeApiPlugin.dll --a---- 838944 bytes [04:58 14/05/2013] [04:58 14/05/2013] 48E98CC51CB4A319C126F38E82467708
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [04:58 14/05/2013] [04:58 14/05/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [04:58 14/05/2013] [04:58 14/05/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\tb\al\options\images\conduit-logo.png --a---- 3926 bytes [04:58 14/05/2013] [04:58 14/05/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_85_319_CT3198785_images_634921255359427985_24PX.png --a---- 9566 bytes [04:58 14/05/2013] [04:58 14/05/2013] F80E425848D8626F7724EAB789D9EF7D
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822.png --a---- 1599 bytes [04:58 14/05/2013] [04:58 14/05/2013] 55B66C958AB82120635B74D90F60DED6
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_BankImages_Facebook_Facebook.png --a---- 772 bytes [04:58 14/05/2013] [04:58 14/05/2013] 1805E8470C0EE167396751BA3E9B0AAA
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif --a---- 419 bytes [04:58 14/05/2013] [04:58 14/05/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif --a---- 950 bytes [04:58 14/05/2013] [04:58 14/05/2013] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_images_components_separator.gif --a---- 314 bytes [04:58 14/05/2013] [04:58 14/05/2013] 2E25133B02C7C430B953CC6B2C092010
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif --a---- 322 bytes [04:58 14/05/2013] [04:58 14/05/2013] 948781E4B6478290050ECA4423B89B1E
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_MarketPlace_97_5e6_9739aadc-99e3-4b66-8c1e-bc6ae6cd55e6_Appearance_634165981520378434_24x24.png --a---- 1458 bytes [04:58 14/05/2013] [04:58 14/05/2013] 8C80A43F15DA2CEAC258B1C451067FF3
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\toolbarImages\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321.png --a---- 1666 bytes [04:58 14/05/2013] [04:58 14/05/2013] 672D1DFF2B0796954BCFA8C6A395C163
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage --a---- 4096 bytes [04:58 14/05/2013] [04:58 14/05/2013] 0A8B3D5526219FD3AC8531633F2BC9BC
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal --a---- 3608 bytes [04:58 14/05/2013] [04:58 14/05/2013] 3CEB766EFA3693E7A84428B272EC9B9C
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\38JUYU6Z\search_conduit_com[1].htm --a---- 9689 bytes [18:25 21/05/2013] [18:25 21/05/2013] F7C567D81CA32D108D3B73E93D097A7F
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4WBZ92YR\search_conduit_com[1].htm --a---- 0 bytes [03:01 19/05/2013] [03:01 19/05/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\suzanne\AppData\Local\Temp\ct3289847\conduit.xml --a---- 785 bytes [06:29 18/07/2012] [06:29 18/07/2012] 6ACD8B6E740CB1E9A9FA43F2087592C6
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\temp\VAFMusic Conduitinfo.dfe --a---- 950 bytes [05:35 11/05/2013] [05:35 11/05/2013] 946B38AE25917D9304E150709B8B435C
C:\Users\suzanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\D4JRJWL4\storage.conduit[1].xml --a---- 13 bytes [01:35 20/05/2013] [01:35 20/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\suzanne\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\RMCA22KP\app.mam.conduit[1].xml --a---- 13 bytes [01:35 20/05/2013] [01:35 20/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_85_319_CT3198785_images_634921255359427985_24PX_png.png --a---- 9566 bytes [01:35 20/05/2013] [01:35 20/05/2013] F80E425848D8626F7724EAB789D9EF7D
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633317530166393750_gif.gif --a---- 364 bytes [01:35 20/05/2013] [01:35 20/05/2013] 5D91DC0F03311D8A8B439D1671B4DEBC
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633317530254831250_gif.gif --a---- 364 bytes [01:35 20/05/2013] [01:35 20/05/2013] 5D91DC0F03311D8A8B439D1671B4DEBC
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633317540102175000_gif.gif --a---- 336 bytes [01:35 20/05/2013] [01:35 20/05/2013] D9EC69B628205F8DCCEBB875B4DEF823
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633317621550925000_gif.gif --a---- 364 bytes [01:35 20/05/2013] [01:35 20/05/2013] 5D91DC0F03311D8A8B439D1671B4DEBC
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_633863768206468750_gif.gif --a---- 564 bytes [01:35 20/05/2013] [01:35 20/05/2013] 90C509CAABEA90E776EC9655B6393CE5
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_634121172080562500_png.png --a---- 861 bytes [01:35 20/05/2013] [01:35 20/05/2013] 36C24D51FCF3E54ABE9744A12DFDADF5
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Images_634650152028270822_png.png --a---- 1599 bytes [01:35 20/05/2013] [01:35 20/05/2013] 55B66C958AB82120635B74D90F60DED6
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_images_634650152257339187_20PX_png.png --a---- 796 bytes [01:35 20/05/2013] [01:35 20/05/2013] 60FDE0212C965A36A119A888A592C6B8
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_94_300_CT3007394_Skins_634650129545916287_png.png --a---- 230 bytes [01:35 20/05/2013] [01:35 20/05/2013] 78F259402DCEFE9A08E315C5FD013E61
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [01:35 20/05/2013] [01:35 20/05/2013] 99D5F75C338F2A877CBF891E0F18746E
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [01:35 20/05/2013] [01:35 20/05/2013] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [01:35 20/05/2013] [01:35 20/05/2013] A847C5F6CE2C700048749892DD2E0619
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [01:35 20/05/2013] [01:35 20/05/2013] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [01:35 20/05/2013] [01:35 20/05/2013] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [01:35 20/05/2013] [01:35 20/05/2013] 943ADFD9E0DF1507F7BC419802BF4303
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [01:35 20/05/2013] [01:35 20/05/2013] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [01:35 20/05/2013] [01:35 20/05/2013] 275C9DA2D536F18F528C80E050C3D705
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [01:35 20/05/2013] [01:35 20/05/2013] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [01:35 20/05/2013] [01:35 20/05/2013] 650731EEF807C292E699779B12CBE552
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [01:35 20/05/2013] [01:35 20/05/2013] 9B4D914888BCFFCBAE6757A0E450551C
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [01:35 20/05/2013] [01:35 20/05/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_eula_png.png --a---- 513 bytes [01:35 20/05/2013] [01:35 20/05/2013] F43944209A64CCD0C9B5A92743F0F787
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [01:35 20/05/2013] [01:35 20/05/2013] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [01:35 20/05/2013] [01:35 20/05/2013] A9E001CBC00B06B121DFBC80707F5298
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [01:35 20/05/2013] [01:35 20/05/2013] 995595D4C685D659E8F03CD0A287EDDF
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [01:35 20/05/2013] [01:35 20/05/2013] 464E244E7E2F27FB85E0C3AB69D72104
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [01:35 20/05/2013] [01:35 20/05/2013] 6427565C7105DC497287866100F260BB
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [01:35 20/05/2013] [01:35 20/05/2013] AE7C9F67594A84B096D225601ACB0B2A
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [01:35 20/05/2013] [01:35 20/05/2013] C3EBA0237D68F665AF6D663906221092
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif --a---- 392 bytes [01:35 20/05/2013] [01:35 20/05/2013] 5E7217A3357550F9749A095631F51015
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [01:35 20/05/2013] [01:35 20/05/2013] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png --a---- 617 bytes [01:35 20/05/2013] [01:35 20/05/2013] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [01:35 20/05/2013] [01:35 20/05/2013] 66018EAE0906C9831A821CAE5D1089BB
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_MarketPlace_97_5e6_9739aadc-99e3-4b66-8c1e-bc6ae6cd55e6_Appearance_634165981520378434_24x24_png.png --a---- 1458 bytes [01:35 20/05/2013] [01:35 20/05/2013] 8C80A43F15DA2CEAC258B1C451067FF3
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\CacheIcons\http___storage_conduit_com_MarketPlace_d2_909_d2d47f0a-2c1d-48a1-8dba-fdebac043909_Appearance_634726116365249321_png.png --a---- 1666 bytes [01:35 20/05/2013] [01:35 20/05/2013] 672D1DFF2B0796954BCFA8C6A395C163
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3289847.xml --a---- 7037 bytes [01:35 20/05/2013] [02:59 21/05/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3289847.xml --a---- 5515 bytes [01:35 20/05/2013] [02:59 21/05/2013] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3289847.xml --a---- 6581 bytes [01:35 20/05/2013] [02:59 21/05/2013] 93DBA7DBB3A402F930076666BD7C539C
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3289847.xml --a---- 5514 bytes [01:35 20/05/2013] [02:59 21/05/2013] 16A75DAC853B7B226069A2F21C379531
C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\CT3289847\conduit.xml --a---- 995 bytes [16:56 12/05/2013] [16:56 12/05/2013] ACB407D9405B2E5AB0B4E653CFF291CF
C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\Plugins\npConduitFirefoxPlugin.dll --a---- 207136 bytes [17:19 14/05/2013] [17:19 14/05/2013] 58FD90C26D89DEFD2ED47206D3B4BD83
C:\Windows\Prefetch\CONDUITINSTALLER.EXE-ABD7B978.pf --a---- 50510 bytes [05:36 11/05/2013] [05:36 11/05/2013] D9E51ADE2227F1EA1E0857BC3435F6E2

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
C:\Program Files (x86)\WhiteSmoke_New d------ [05:37 11/05/2013]
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\WhiteSmoke d------ [05:35 11/05/2013]
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New d------ [05:37 11/05/2013]

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*conduit*"
C:\Program Files (x86)\Conduit d------ [05:37 11/05/2013]
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\VAFMusic Conduit d------ [05:35 11/05/2013]
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847 d------ [15:53 19/05/2013]
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_en d------ [01:35 20/05/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ECF6440B-D6E1-5FD8-80CF-B9EDD89BC4F6}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_2.0.0.273_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Classes\ActivatableClasses\CLSID\{ECF6440B-D6E1-5FD8-80CF-B9EDD89BC4F6}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_2.0.0.273_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001_Classes\ActivatableClasses\CLSID\{ECF6440B-D6E1-5FD8-80CF-B9EDD89BC4F6}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001_Classes\ActivatableClasses\Package\Microsoft.BingSports_2.0.0.273_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"WebServerUrl"="http://WhiteSmokeNew.OurToolbar.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"Write us link"="asafh@whitesmokeinc.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"DisplayName"="WhiteSmoke New"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"HomePageUrl"="http://www.whitesmoke.com/landing_flash/?a=640&d=37&r=6525"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"RadioHelpUrl"="http://WhiteSmokeNew.OurToolbar.com/help/#2_5"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\WhiteSmoke_New]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}]
@="WhiteSmoke New API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
@="WhiteSmoke New Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{739df940-c5ee-4bab-9d7e-270894ae687a}]
"Name"="WhiteSmoke_New"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Toolbars]
"WhiteSmoke New Toolbar"="{739DF940-C5EE-4BAB-9D7E-270894AE687A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22DDB7DE-155B-47A9-8024-30357DF9D6C1}]
"AppPath"="C:\Program Files (x86)\WhiteSmoke_New"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22DDB7DE-155B-47A9-8024-30357DF9D6C1}]
"AppName"="WhiteSmoke_NewToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{850EA215-F8F1-4224-9A60-E1C2B1D48575}]
"AppName"="WhiteSmoke_NewAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"="WhiteSmoke New Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}]
@="WhiteSmoke New"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke New Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"DisplayName"="WhiteSmoke New Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"HelpLink"="http://WhiteSmokeNew.OurToolbar.com/help"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"Publisher"="WhiteSmoke New"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"URLInfoAbout"="http://WhiteSmokeNew.OurToolbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"DisplayIcon"="C:\Program Files (x86)\WhiteSmoke_New\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar]
"UninstallString"="C:\Program Files (x86)\WhiteSmoke_New\uninstall.exe toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"DisplayName"="WhiteSmoke New"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"DisplayTitle"="WhiteSmoke_New Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"Path"="C:\Program Files (x86)\WhiteSmoke_New"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"ToolbarHelperFileName"="C:\Program Files (x86)\WhiteSmoke_New\WhiteSmoke_NewToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"AutoUpdateHelperPath"="C:\Users\suzanne\AppData\Local\Conduit\CT3289847\WhiteSmoke_NewAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"BrowserSearchDisplayName"="WhiteSmoke New Customized Web Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"ProxyDllPath"="C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}]
@="WhiteSmoke New API Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
@="WhiteSmoke New Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}\InprocServer32]
@="C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"WebServerUrl"="http://WhiteSmokeNew.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"Write us link"="asafh@whitesmokeinc.com"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"DisplayName"="WhiteSmoke New"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"HomePageUrl"="http://www.whitesmoke.com/landing_flash/?a=640&d=37&r=6525"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"RadioHelpUrl"="http://WhiteSmokeNew.OurToolbar.com/help/#2_5"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\WhiteSmoke_New]

Searching for "datamngr"
No data found.

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ClientLog]
"ServiceUrl"="http://clientlog.conduit-services.com/log/putlog"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SearchApiByCountry]
"ServiceUrl"="http://c.api.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID&c=EB_COUNTRY_CODE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarInstallationUsage]
"ServiceUrl"="http://installationusage.conduit-services.com/api/InstallationUsage"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarLoginJson]
"ServiceUrl"="http://login.toolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSetupAPIByCountry]
"ServiceUrl"="http://c.setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847_CT3289847]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847_en]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\1866535854]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\2356016410]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\2427745194]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\2696842731]
"dbname"="conduit_CT3289847_en"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\3023038295]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\3585186725]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\36830594]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\3833220168]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\4093550648]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&amp;ctid=CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3289847"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.13.3.501/tbedrs.dll"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.501/tbedrs.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"="http://search.conduit.com?SearchSource=10&CUI=UN15396045426310295&UM=2&ctid=CT3289847"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{850EA215-F8F1-4224-9A60-E1C2B1D48575}]
"AppPath"="C:\Users\suzanne\AppData\Local\Conduit\CT3289847"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\Communicator]
"Url"="http://servicemap.conduit-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\Communicator]
"UsageUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"Server"="users.conduit.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"PlatformType"="ConduitToolbarMyStuff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"AutoUpdateHelperPath"="C:\Users\suzanne\AppData\Local\Conduit\CT3289847\WhiteSmoke_NewAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"IsConduitAppsToolbar"="FALSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New\toolbar]
"BrowserSearchURL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN15396045426310295&UM=2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar]
"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ClientLog]
"ServiceUrl"="http://clientlog.conduit-services.com/log/putlog"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\Configuration]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/?ctid=EB_TOOLBAR_ID&ver=EB_TOOLBAR_VERSION&client=ToolbarConfiguration"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SearchApiByCountry]
"ServiceUrl"="http://c.api.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID&c=EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE&ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarHiddenLoginJson]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarInstallationUsage]
"ServiceUrl"="http://installationusage.conduit-services.com/api/InstallationUsage"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarLoginJson]
"ServiceUrl"="http://login.toolbar.conduit-services.com/JsonLogin.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarSetupAPIByCountry]
"ServiceUrl"="http://c.setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847_CT3289847]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\conduit_CT3289847_en]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\1866535854]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\2356016410]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\2427745194]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\2696842731]
"dbname"="conduit_CT3289847_en"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\3023038295]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\3585186725]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\36830594]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\3833220168]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Repository\MetaData\4093550648]
"dbname"="conduit_CT3289847_CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=SB_CUI&UM=2&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings]
"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\FeatureProtector\BrowserSearch]
"URLFromService"="http://search.conduit.com?SearchSource=10&amp;ctid=CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\FeatureProtector\BrowserSearch]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\FeatureProtector\HomePage]
"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&amp;SearchSource=4&amp;ctid=CT3289847"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\FeatureProtector\HomePage]
"ConduitEnabled"="TRUE"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\MyStuff]
"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\MyStuff]
"ConduitEnable"="TRUE"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\RadioPlayer]
"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\Search\Settings]
"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\SearchInNewTab]
"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\SearchInNewTab]
"AboutTabsEnabledByConduit"="TRUE"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\SearchInNewTab]
"AboutTabsUsageUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\Update]
"ModuleURL"="http://ieupdate.conduit.com/ver6.13.3.501/tbedrs.dll"
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New\toolbar\Settings\Upgrade]
"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.13.3.501/tbedrs.dll"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 22nd, 2013, 12:51 am

Gary, was that everything? Suzanne
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 22nd, 2013, 1:34 am

Your OTL.txt log is not complete, is that all there is ?

Try running a scan again with OTL, and post me just the new OTL.txt log please.

In the meantime I'll be working through all the other logs to put a fix together, looks like there's a lot that needs removing.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 22nd, 2013, 1:45 am

I will attach the OTL log as soon as it is complete. ugh i dont like hearing that there is a lot that needs removing. this is my new computer. never have really had problems with virus's before. well it has been a long time. is it one virus with a lot attached to it? I am still a novice with win 8 and work usually through the desktop mode. I figured i contracted the virus in fb... any insight will help. appreciate your dedication! after i post the OTL log i will be heading to bed. and will do my best to get any further info to you tomorrow a.m. i do have appts though so i might be tomorrow evening. again, thanks oodles!
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby doby108 » May 22nd, 2013, 1:46 am

OTL logfile created on: 5/21/2013 10:41:03 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\suzanne\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 73.41% Memory free
9.05 Gb Paging File | 7.00 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 884.18 Gb Total Space | 832.70 Gb Free Space | 94.18% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 22.97 Gb Free Space | 91.90% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 289.15 Gb Free Space | 97.00% Space Free | Partition Type: NTFS

Computer Name: SUZLENOVO | User Name: suzanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/21 21:31:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\suzanne\Downloads\OTL.exe
PRC - [2013/05/14 11:41:13 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/04/11 18:32:45 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/04 05:32:20 | 000,052,128 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
PRC - [2013/04/04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\java.exe
PRC - [2013/02/12 14:34:08 | 001,199,000 | ---- | M] (Spotify Ltd) -- C:\Users\suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/08 11:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/08/08 11:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/08/03 03:57:48 | 002,265,424 | ---- | M] () -- C:\Users\suzanne\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe
PRC - [2012/07/27 11:52:44 | 000,167,024 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2012/07/27 11:52:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/07/16 00:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/19 17:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2012/03/28 18:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
PRC - [2012/01/25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE


========== Modules (No Company Name) ==========

MOD - [2013/05/14 11:41:12 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/04/11 18:32:28 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/04 05:32:22 | 000,016,288 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
MOD - [2012/08/03 03:57:48 | 002,265,424 | ---- | M] () -- C:\Users\suzanne\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/02/02 01:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/01/28 18:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/05 21:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/20 02:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/19 23:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/18 12:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/07/18 12:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/07/18 12:14:04 | 000,627,504 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/07/18 12:13:40 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/07/17 00:38:26 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/07/16 00:49:46 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)
SRV:64bit: - [2012/05/02 13:49:44 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2013/05/14 11:41:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/11 18:32:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/08 14:46:58 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/05 21:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/08 11:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/08/08 11:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/08/03 11:28:58 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/16 00:49:52 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/06/19 17:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2012/01/25 15:23:54 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/01/25 15:23:54 | 000,192,792 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE -- (BBSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/08 22:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/03/02 03:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 03:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/02 04:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/02/02 00:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/28 18:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 16:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/24 17:25:32 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/10/24 17:25:32 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 00:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/10/10 20:51:49 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2012/09/20 00:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 00:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/27 00:48:34 | 008,227,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2012/08/19 14:53:16 | 004,273,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012/08/15 23:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/15 23:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/20 14:47:55 | 008,982,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/17 00:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/07/17 00:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/07/14 17:36:30 | 000,825,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/07/09 13:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/04 12:31:40 | 000,055,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2012/07/02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 07:40:51 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/13 17:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2012/06/13 03:24:02 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/06/12 06:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 07:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 07:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/04/24 11:01:12 | 000,110,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV - [2012/08/02 15:57:30 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys -- (X5XSEx_Pr148)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A91BDA5F-D342-4A3A-B692-8F0B1D2CD6ED}
IE:64bit: - HKLM\..\SearchScopes\{A91BDA5F-D342-4A3A-B692-8F0B1D2CD6ED}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {85F90F5D-7562-452B-AD15-C6FB24F68DF4}
IE - HKLM\..\SearchScopes\{A91BDA5F-D342-4A3A-B692-8F0B1D2CD6ED}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001\..\SearchScopes,DefaultScope = {85F90F5D-7562-452B-AD15-C6FB24F68DF4}
IE - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3289847.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3289847&CUI=UN20356867831903416&UM=2&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: %7B739df940-c5ee-4bab-9d7e-270894ae687a%7D:10.16.2.509
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN20356867831903416&UM=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentControl,version=7.1.0.1: C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/16 11:59:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/16 11:59:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/08 12:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\suzanne\AppData\Roaming\mozilla\Extensions
[2013/05/19 08:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions
[2013/05/21 21:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/05/12 09:56:31 | 000,001,102 | ---- | M] () -- C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\searchplugins\whitesmoke-new-customized-web-search.xml
[2013/05/10 22:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/10 22:36:41 | 000,000,000 | ---D | M] (DownloadTerms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net
[2013/04/11 18:32:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/01 11:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/28 17:58:27 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0\

O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\suzanne\AppData\Local\DownloadTerms\temp.dat File not found
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001\..\Toolbar\WebBrowser: (WhiteSmoke New Toolbar) - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtsFT] C:\windows\RTFTrack.exe (Realtek semiconductor)
O4:64bit: - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001..\Run: [FreeScreenSharing] C:\Users\suzanne\AppData\Local\FreeScreenSharing\FreeScreenSharing.exe ()
O4 - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001..\Run: [HP Officejet 6700 (NET)] C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001..\Run: [Spotify] C:\Users\suzanne\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001..\Run: [Spotify Web Helper] C:\Users\suzanne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (ExentInf1 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E690A86B-52E8-4FD5-A6AF-355A9C142872}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB8E4E4F-6AF1-4F65-B18C-184059DF669A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/14 21:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/21 21:08:41 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/05/21 21:08:31 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/21 11:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/05/21 11:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/05/17 11:58:26 | 013,648,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll
[2013/05/17 11:58:24 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2013/05/17 11:58:24 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2013/05/17 11:58:22 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2013/05/17 11:58:22 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2013/05/17 11:58:21 | 010,789,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2013/05/17 11:58:21 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2013/05/17 11:58:21 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2013/05/17 11:58:20 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/05/17 11:58:19 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSAudDecMFT.dll
[2013/05/17 11:58:17 | 010,116,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2013/05/17 11:58:16 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSAudDecMFT.dll
[2013/05/17 11:58:16 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd_02_10ec.dll
[2013/05/17 11:58:15 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2013/05/17 11:58:15 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rsaenh.dll
[2013/05/17 11:58:14 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2013/05/17 11:58:14 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll
[2013/05/17 11:58:14 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll
[2013/05/17 11:58:14 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2013/05/17 11:58:14 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2013/05/17 11:58:14 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/05/17 11:58:14 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmredir.dll
[2013/05/17 11:58:13 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/05/17 11:58:13 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2013/05/17 11:58:13 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RecoveryDrive.exe
[2013/05/17 11:58:13 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll
[2013/05/17 11:58:13 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpncore.dll
[2013/05/17 11:58:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/05/17 11:58:13 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe
[2013/05/17 11:58:12 | 002,035,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/05/17 11:58:12 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2013/05/17 11:58:12 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2013/05/17 11:58:12 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/05/17 11:58:11 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2013/05/17 11:58:11 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2013/05/17 11:58:11 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll
[2013/05/17 11:58:11 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll
[2013/05/17 11:58:11 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll
[2013/05/17 11:58:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fhengine.dll
[2013/05/17 11:58:11 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dmvdsitf.dll
[2013/05/17 11:58:10 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll
[2013/05/17 11:58:10 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/05/17 11:58:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe
[2013/05/17 11:58:10 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll
[2013/05/17 11:58:10 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2013/05/17 11:58:10 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2013/05/17 11:58:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2013/05/17 11:58:10 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdvm.dll
[2013/05/17 11:58:09 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\intl.cpl
[2013/05/17 11:58:09 | 000,284,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spaceport.sys
[2013/05/17 11:58:09 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iuilp.dll
[2013/05/17 11:58:09 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dmvdsitf.dll
[2013/05/17 11:58:09 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdnet.dll
[2013/05/17 11:58:08 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/05/17 11:58:08 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll
[2013/05/17 11:58:07 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2013/05/17 11:58:07 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GenuineCenter.dll
[2013/05/17 11:58:07 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\intl.cpl
[2013/05/17 11:58:07 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll
[2013/05/17 11:58:07 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll
[2013/05/17 11:58:07 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys
[2013/05/17 11:58:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll
[2013/05/17 11:58:07 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fmifs.dll
[2013/05/17 11:58:07 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fmifs.dll
[2013/05/17 11:58:07 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll
[2013/05/17 11:58:07 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll
[2013/05/16 12:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/16 12:00:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/05/16 12:00:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/05/16 12:00:23 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/05/15 09:11:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/05/15 09:11:04 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll
[2013/05/15 09:11:04 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/05/15 09:11:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/05/15 09:11:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/05/15 09:11:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/05/15 09:10:36 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/05/15 09:10:33 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/05/15 09:10:19 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\esent.dll
[2013/05/15 09:10:18 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\esent.dll
[2013/05/15 09:10:16 | 006,987,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/05/13 07:47:30 | 000,000,000 | ---D | C] -- C:\SearchProtect
[2013/05/10 22:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/05/10 22:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_New
[2013/05/10 22:37:39 | 000,000,000 | ---D | C] -- C:\Users\suzanne\AppData\Local\CRE
[2013/05/10 22:37:16 | 000,000,000 | ---D | C] -- C:\Users\suzanne\AppData\Roaming\player
[2013/05/10 22:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/04/26 14:27:21 | 000,000,000 | ---D | C] -- C:\Users\suzanne\Documents\OneNote Notebooks

========== Files - Modified Within 30 Days ==========

[2013/05/21 22:41:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/21 22:33:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/21 20:10:45 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/05/21 20:10:45 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/05/21 20:10:45 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/05/21 20:09:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/21 12:49:01 | 000,000,364 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job
[2013/05/21 11:27:40 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/21 11:26:42 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/05/21 11:26:36 | 2455,777,279 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/21 11:24:36 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/05/20 20:23:52 | 000,001,409 | ---- | M] () -- C:\Users\suzanne\Desktop\dds - Shortcut.lnk
[2013/05/19 17:48:04 | 004,502,157 | ---- | M] () -- C:\Users\suzanne\Documents\rental lease rental housing assoc may 2013.pdf
[2013/05/19 08:59:45 | 000,422,912 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/05/18 16:32:55 | 000,458,526 | ---- | M] () -- C:\Users\suzanne\Documents\credit score.pdf
[2013/05/10 22:38:08 | 000,000,009 | ---- | M] () -- C:\END
[2013/05/07 13:07:50 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/05/07 13:07:50 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/27 09:42:53 | 000,002,294 | ---- | M] () -- C:\Users\suzanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/27 09:19:50 | 000,087,552 | ---- | M] () -- C:\Users\suzanne\Documents\nerium customer fill in.pub
[2013/04/27 09:19:25 | 000,089,088 | ---- | M] () -- C:\Users\suzanne\Documents\nerium business cards.pub
[2013/04/26 14:27:22 | 000,001,307 | ---- | M] () -- C:\Users\suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

========== Files Created - No Company Name ==========

[2013/05/21 11:24:36 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/05/20 20:23:52 | 000,001,409 | ---- | C] () -- C:\Users\suzanne\Desktop\dds - Shortcut.lnk
[2013/05/19 17:48:03 | 004,502,157 | ---- | C] () -- C:\Users\suzanne\Documents\rental lease rental housing assoc may 2013.pdf
[2013/05/19 08:59:36 | 000,422,912 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/05/18 16:32:55 | 000,458,526 | ---- | C] () -- C:\Users\suzanne\Documents\credit score.pdf
[2013/05/17 11:58:07 | 000,387,688 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/05/10 22:38:13 | 000,000,364 | ---- | C] () -- C:\windows\tasks\AmiUpdXp.job
[2013/05/10 22:36:28 | 000,000,009 | ---- | C] () -- C:\END
[2013/04/27 09:19:49 | 000,087,552 | ---- | C] () -- C:\Users\suzanne\Documents\nerium customer fill in.pub
[2013/04/27 09:19:25 | 000,089,088 | ---- | C] () -- C:\Users\suzanne\Documents\nerium business cards.pub
[2013/04/26 14:27:22 | 000,001,307 | ---- | C] () -- C:\Users\suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/04/02 19:13:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/27 09:51:01 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012/10/24 17:23:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012/08/12 18:18:00 | 000,597,244 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/08/12 18:17:38 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/08/12 18:17:37 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/07/25 13:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/08 11:26:49 | 000,000,000 | ---D | M] -- C:\Users\suzanne\AppData\Roaming\Dextronet
[2013/02/14 15:09:25 | 000,000,000 | ---D | M] -- C:\Users\suzanne\AppData\Roaming\Lenovo
[2013/04/27 08:40:56 | 000,000,000 | ---D | M] -- C:\Users\suzanne\AppData\Roaming\Nitro PDF
[2013/05/19 08:56:55 | 000,000,000 | ---D | M] -- C:\Users\suzanne\AppData\Roaming\player
[2013/05/21 11:28:11 | 000,000,000 | ---D | M] -- C:\Users\suzanne\AppData\Roaming\Spotify
[2013/02/14 22:58:54 | 000,000,000 | ---D | M] -- C:\Users\suzanne\AppData\Roaming\WebApp

========== Purity Check ==========



< End of report >
doby108
Regular Member
 
Posts: 71
Joined: May 20th, 2013, 11:11 pm

Re: clicking to ads in IE Firefox FB

Unread postby Gary R » May 22nd, 2013, 8:32 am

OK, lets get started cleaning your machine ...

First ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke New Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3289847&CUI=UN20356867831903416&UM=2&SearchSource=13"
[2013/05/21 21:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\suzanne\AppData\Roaming\mozilla\Firefox\Profiles\hbxyif3l.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/05/12 09:56:31 | 000,001,102 | ---- | M] () -- C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\searchplugins\whitesmoke-new-customized-web-search.xml
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\suzanne\AppData\Local\DownloadTerms\temp.dat File not found
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3100504464-3276129558-3364440376-1001\..\Toolbar\WebBrowser: (WhiteSmoke New Toolbar) - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not found
[2013/05/13 07:47:30 | 000,000,000 | ---D | C] -- C:\SearchProtect
[2013/05/10 22:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/05/10 22:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_New

:Reg
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\Software\conduit]
[-HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd]
[-HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1]
[-HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289847]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}]
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}]
[-hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\WhiteSmoke_New]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22DDB7DE-155B-47A9-8024-30357DF9D6C1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{850EA215-F8F1-4224-9A60-E1C2B1D48575}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739df940-c5ee-4bab-9d7e-270894ae687a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke New Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke_New]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
[-HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New]
[-HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\WhiteSmoke_New]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\WhiteSmoke_New]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\AppDataLow\Software\WhiteSmoke_New]
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3100504464-3276129558-3364440376-1001\Software\Trolltech]

:Files
C:\end
C:\ProgramData\tarma installer
C:\Program Files (x86)\conduit
C:\ProgramData\ask
C:\Users\suzanne\AppData\Roaming\mozilla\firefox\profiles\hbxyif3l.default\extensions\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
C:\Users\suzanne\Downloads\iLividSetup-r352-n-bf(1).exe
C:\Users\suzanne\Downloads\iLividSetup-r352-n-bf.exe
C:\Windows\Prefetch\ILIVIDSETUP-R352-N-BF(1).EXE-836CC980.pf
C:\Program Files (x86)\WhiteSmoke_New
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YLX2RYGO\whitesmokecss[1].cssD183C9CDB27F4B82124489F2C6D1FE83
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YLX2RYGO\whitesmokeTools[1].htm
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\whitesmoke.css
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img-gris.png
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.jpg
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.png
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img2.jpg
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-logo.png
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-toolbar-new-gris.png
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\temp\WhiteSmokeinfo.dfe
C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\searchplugins\whitesmoke-new-customized-web-search.xml 
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage
C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\38JUYU6Z\search_conduit_com[1].htm
C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4WBZ92YR\search_conduit_com[1].htm
C:\Users\suzanne\AppData\Local\Temp\ct3289847\conduit.xml
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\temp\VAFMusic Conduitinfo.dfe
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New
C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\hbxyif3l.default\CT3289847\conduit.xml
C:\Windows\Prefetch\CONDUITINSTALLER.EXE
C:\Program Files (x86)\WhiteSmoke_New
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\WhiteSmoke
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New
C:\Program Files (x86)\Conduit
C:\Users\suzanne\AppData\Local\Temp\DIQM\FlashPlayer_151\bin\VAFMusic Conduit
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_CT3289847
C:\Users\suzanne\AppData\LocalLow\WhiteSmoke_New\Repository\conduit_CT3289847_en

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • OTL fix log
  • E-Set log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware