Malicious website blocked

n201mw · October 26, 2014

Last night I started getting warnings saying malicious website blocked. Some say fff5ee and others are just ip addresses all outbound. I would appreciate any help getting rid of this.

Thanks,

Mike

n201mw · October 26, 2014

Forgot to add these. Thanks again!

Addition.txt

FRST.txt

Maniac · October 26, 2014

Hello n201mw and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall the following programs:

BitTorrentBar Toolbar

McAfee Security Scan Plus

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Threat Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
fixlog log

n201mw · October 26, 2014

I've been trying to uninstall the bittorrent toolbar but it wont let me. I go through the control panel and uninstall but nothing happens. It isn't a program I use and I checked in internet explorer and it shows as an add on but it is disabled.

Maniac · October 27, 2014

It is okay. Please proceed further.

n201mw · October 27, 2014

Where is the fixlist file I'm supposed to download?

Maniac · October 27, 2014

Sorry! Here you go.

fixlist.txt

n201mw · October 27, 2014

Here is the malewarebytes scan I did last night. The one from this evening showed nothing.

Scan History.txt

n201mw · October 27, 2014

I tried just copy and past on both the scan history and the fixlog but it wouldn't work.

Fixlog.txt

n201mw · October 27, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2014
Ran by Mike at 2014-10-26 20:29:17 Run:1
Running from C:\Users\Mike\Downloads
Loaded Profile: Mike (Available profiles: Mike)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3884504756-1791863042-2517121777-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate19042012
URLSearchHook: HKLM-x32 - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
URLSearchHook: HKCU - BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
FF DefaultSearchEngine: WebSearch+
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: WebSearch+
2014-10-25 18:01 - 2014-10-25 18:01 - 00000028 _____ () C:\Windows\SysWOW64\u
2014-10-25 18:00 - 2014-10-25 18:00 - 00070656 _____ () C:\Windows\system32\mjkdmo.dll
2014-10-25 18:00 - 2014-10-25 18:00 - 00003858 _____ () C:\Windows\System32\Tasks\{DAEF0EFC-005A-2EDB-A0DC-00AAD64259E6}
2014-10-25 18:00 - 2014-10-25 18:00 - 00000000 _____ () C:\Windows\system32\brtfxul.dll
2014-10-25 18:26 - 2011-09-18 21:46 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\BitTorrent
C:\Users\Mike\AppData\Local\Temp\GLF16A1.EXE
C:\Users\Mike\AppData\Local\Temp\GLF1C8C.EXE
End
*****************

"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Windows\SysWOW64\u => Moved successfully.
C:\Windows\system32\mjkdmo.dll => Moved successfully.
C:\Windows\System32\Tasks\{DAEF0EFC-005A-2EDB-A0DC-00AAD64259E6} => Moved successfully.
Could not move "C:\Windows\system32\brtfxul.dll" => Scheduled to move on reboot.
C:\Users\Mike\AppData\Roaming\BitTorrent => Moved successfully.
C:\Users\Mike\AppData\Local\Temp\GLF16A1.EXE => Moved successfully.
C:\Users\Mike\AppData\Local\Temp\GLF1C8C.EXE => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-26 20:33:37)<=

C:\Windows\system32\brtfxul.dll => Is moved successfully.
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/25/2014
Scan Time: 5:21:55 PM
Logfile: Scan History.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.25.05
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mike

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328801
Time Elapsed: 38 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 8
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [fdecf127c4b8b77fdb703a6e788aac54],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AC6240AE-33B6-40D3-8683-31BBE86049A0}, Quarantined, [fdecf127c4b8b77fdb703a6e788aac54],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\CLASSES\Conduit.Engine, Quarantined, [fdecf127c4b8b77fdb703a6e788aac54],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Conduit.Engine, Quarantined, [fdecf127c4b8b77fdb703a6e788aac54],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AC6240AE-33B6-40D3-8683-31BBE86049A0}, Quarantined, [fdecf127c4b8b77fdb703a6e788aac54],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [fdecf127c4b8b77fdb703a6e788aac54],
PUP.Optional.ConduitTB.A, HKU\S-1-5-21-3884504756-1791863042-2517121777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [fdecf127c4b8b77fdb703a6e788aac54],
PUP.Optional.ConduitTB.A, HKU\S-1-5-21-3884504756-1791863042-2517121777-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [fdecf127c4b8b77fdb703a6e788aac54],

Registry Values: 2
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{30F9B915-B755-4826-820B-08FBA6BD249D}, Conduit Engine , Quarantined, [fdecf127c4b8b77fdb703a6e788aac54]
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [4b9e0117116bc86e84c72c7cea18f20e],

Registry Data: 0
(No malicious items detected)

Folders: 22
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\apps, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\AddedAppDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\DefualtImages, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\DetectedAppDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\EngineFirstTimeDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\NewSearchProtectorDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\NewSearchProtectorDialog\images, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog\images, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorDialog\Images, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\UntrustedAddedAppDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\UntrustedAppApprovalDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\UntrustedAppPendingDialog, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\emailnotifier, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\weather, Quarantined, [80698b8d592382b4608333c4eb17d030],

Files: 101
PUP.Optional.ConduitTB.A, C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll, Quarantined, [fdecf127c4b8b77fdb703a6e788aac54],
PUP.Optional.OpenCandy, C:\Users\Mike\Downloads\doubleTwistSetup(1).exe, Quarantined, [40a99c7c8fed2a0c457172e0ff061de3],
PUP.Optional.OpenCandy, C:\Users\Mike\Downloads\doubleTwistSetup(2).exe, Quarantined, [ca1f66b23f3d53e396208ec432d337c9],
PUP.Optional.OpenCandy, C:\Users\Mike\Downloads\doubleTwistSetup.exe, Quarantined, [2dbc35e36319999dcaecafa348bd16ea],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\searchplugins\conduit.xml, Quarantined, [8861f6228af204324124490521e26e92],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\appsMetaData.json, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\getAppsContextMenu.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\languagePack.json, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\LocalSettings.txt, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\postAppsContextMenu.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\searchInNewTabData.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\ServiceMap.json, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\ThirdPartyComponents.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\toolbarContextMenu.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\unsharedAppsContextMenu.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\UserAdditionalComponents.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\apps\list.json, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\DialogsAPI.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\excanvas.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\generalDialogStyle.css, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\PIE.htc, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\RoundedCorners.css, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\RoundedCornersIE9.css, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\settings.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\version.txt, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\AddedAppDialog\app-added.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\AddedAppDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\DefualtImages\icon.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\DetectedAppDialog\app-2go.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\DetectedAppDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\EngineFirstTimeDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\EngineFirstTimeDialog\right-click.gif, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\NewSearchProtectorDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\NewSearchProtectorDialog\SearchProtector.css, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\NewSearchProtectorDialog\SearchProtector.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\NewSearchProtectorDialog\images\ok-button.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\NewSearchProtectorDialog\images\separation-line.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\NewSearchProtectorDialog\images\warning.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog\bubble.css, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog\bubble.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog\images\information.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorDialog\SearchProtector.css, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorDialog\SearchProtector.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorDialog\Images\info.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorDialog\Images\ok-on.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\SearchProtectorDialog\Images\ok.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images\divider.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\UntrustedAddedAppDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\UntrustedAppApprovalDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\UntrustedAppPendingDialog\main.html, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\emailnotifier\acc, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___news_google_nl_news_cf=all_ned=us_hl=en_topic=h_num=3_output=rss_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___feeds_reuters_com_reuters_topNews_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___feeds_reuters_com_reuters_topNews_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___news_google_nl_news_cf=all_ned=fr_hl=fr_topic=h_num=3_output=rss_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___news_google_nl_news_cf=all_ned=fr_hl=fr_topic=h_num=3_output=rss_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___news_google_nl_news_cf=all_ned=us_hl=en_topic=h_num=3_output=rss_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___news_google_nl_news_pz=1_cf=all_ned=nl_nl_hl=nl_topic=h_num=3_output=rss_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___news_google_nl_news_pz=1_cf=all_ned=nl_nl_hl=nl_topic=h_num=3_output=rss_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___rss_cbc_ca_lineup_latest_xml_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___rss_cbc_ca_lineup_latest_xml_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___rss_cnn_com_rss_cnn_latest_rss_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___rss_news_yahoo_com_rss_world_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___rss_news_yahoo_com_rss_world_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___worldpress_org_feeds_topstories_xml_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___worldpress_org_feeds_topstories_xml_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\feed\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\weather\forecast_en.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\CT2790392\weather\history.xml, Quarantined, [80698b8d592382b4608333c4eb17d030],
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"), Replaced,[82670d0bf08cb086abd8f76b13f28c74]
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\prefs.js, Good: (), Bad: (user_pref("CT2790392.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q="), Replaced,[09e09484b2ca102694f0d88a917456aa]
PUP.Optional.BrandThunder.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "http://home.brandthunder.com/mlbtwins/?newtab"), Replaced,[fbee47d1017b0a2ccf31c59fa3625da3]

Physical Sectors: 0
(No malicious items detected)

(end)
==== End of Fixlog ====

n201mw · October 27, 2014

This was the one from tonight incase you needed it

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/26/2014
Scan Time: 7:50:36 PM
Logfile: scan history1.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.26.08
Rootkit Database: v2014.10.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mike

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325221
Time Elapsed: 26 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"), Replaced,[dc74bb5e0577ed49b0cc392a798c2ed2]
PUP.Optional.Conduit.A, C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\prefs.js, Good: (), Bad: (user_pref("CT2790392.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q="), Replaced,[d977d9408def55e1205dbfa41aeb51af]

Physical Sectors: 0
(No malicious items detected)

(end)

Maniac · October 28, 2014

Thanks!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

n201mw · October 29, 2014

ComboFix 14-10-27.01 - Mike 10/28/2014 22:17:27.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4063.2427 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-29 )))))))))))))))))))))))))))))))
.
.
2014-10-29 03:29 . 2014-10-29 03:29   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-10-26 19:34 . 2014-10-27 01:33   --------   d-----w-   C:\FRST
2014-10-25 23:31 . 2014-10-29 03:22   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFA7520D-DE56-44AB-A69E-D88D46655D1D}\offreg.dll
2014-10-25 22:21 . 2014-10-29 03:11   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-25 22:20 . 2014-10-25 22:20   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-25 22:20 . 2014-10-25 22:20   --------   d-----w-   c:\programdata\Malwarebytes
2014-10-25 22:20 . 2014-10-01 16:11   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-10-25 22:20 . 2014-10-01 16:11   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-10-25 22:20 . 2014-10-01 16:11   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-10-25 03:58 . 2014-10-14 19:59   11627712   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFA7520D-DE56-44AB-A69E-D88D46655D1D}\mpengine.dll
2014-10-16 04:14 . 2014-09-29 00:58   3198976   ----a-w-   c:\windows\system32\win32k.sys
2014-10-16 04:12 . 2014-09-18 02:00   3241472   ----a-w-   c:\windows\system32\msi.dll
2014-10-16 04:12 . 2014-09-18 01:32   2363904   ----a-w-   c:\windows\SysWow64\msi.dll
2014-10-16 04:12 . 2014-09-04 05:23   424448   ----a-w-   c:\windows\system32\rastls.dll
2014-10-16 04:12 . 2014-09-04 05:04   372736   ----a-w-   c:\windows\SysWow64\rastls.dll
2014-10-16 04:12 . 2014-07-17 01:39   3221504   ----a-w-   c:\windows\SysWow64\mstscax.dll
2014-10-16 04:12 . 2014-07-17 02:07   3722240   ----a-w-   c:\windows\system32\mstscax.dll
2014-10-16 04:12 . 2014-07-17 02:07   681984   ----a-w-   c:\windows\system32\termsrv.dll
2014-10-16 04:12 . 2014-07-17 02:07   1118720   ----a-w-   c:\windows\system32\mstsc.exe
2014-10-16 04:12 . 2014-07-17 01:39   1051136   ----a-w-   c:\windows\SysWow64\mstsc.exe
2014-10-01 16:51 . 2014-09-25 02:08   371712   ----a-w-   c:\windows\system32\qdvd.dll
2014-10-01 16:51 . 2014-09-25 01:40   519680   ----a-w-   c:\windows\SysWow64\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-26 05:07 . 2012-04-13 20:47   701104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-26 05:07 . 2011-05-18 15:40   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 08:01 . 2009-10-26 02:18   103265616   ----a-w-   c:\windows\system32\MRT.exe
2014-10-02 20:53 . 2009-10-26 02:19   278152   ------w-   c:\windows\system32\MpSigStub.exe
2014-09-19 22:51 . 2010-06-24 17:33   23256   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-25 00:25   2048   ----a-w-   c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-25 00:25   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-29 01:55   404480   ----a-w-   c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 01:55   311808   ----a-w-   c:\windows\SysWow64\gdi32.dll
2014-08-09 13:38 . 2014-04-15 00:33   13792   ----a-w-   c:\windows\system32\drivers\semav6thermal64ro.sys
2014-08-01 11:53 . 2014-09-18 14:39   1031168   ----a-w-   c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-18 14:39   793600   ----a-w-   c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-07-21 78184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49   98304   ----a-w-   c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ESETOlmarikOlmascoCleaner;ESET Olmarik/Olmasco Cleaner;c:\windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys;c:\windows\SYSNATIVE\Drivers\ESETOlmarikOlmascoCleaner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsne64.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 05:07]
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 13:33]
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 13:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-29 11106408]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-09-29 1833576]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {26E1BEAF-C1A1-482B-8714-08844F1BCF7F} - hxxp://69.129.176.78:2001/webviewer.cab
DPF: {3AA1C0E3-DA98-4BB4-91AE-D3BC61178240} - hxxp://69.129.176.78:2001/GVersionMan.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,ce,b7,ef,7e,08,f5,d8,51,3e,cb,02,7f,10,ad,c7,3e,29,87,34,c1,e3,3f,
   c4,e0,03,53,8b,49,e2,e9,b0,29,01,ae,24,a3,2d,66,28,65,7c,5c,33,ee,8d,48,09,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-28 22:33:44
ComboFix-quarantined-files.txt 2014-10-29 03:33
.
Pre-Run: 372,346,732,544 bytes free
Post-Run: 375,341,707,264 bytes free
.
- - End Of File - - FCA16F0A33E1B2857A852056FA06BD0D

n201mw · October 29, 2014

Saw windows defender was on so I shut it off and ran it again.

ComboFix 14-10-27.01 - Mike 10/28/2014 23:07:23.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4063.2058 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-29 )))))))))))))))))))))))))))))))
.
.
2014-10-29 04:17 . 2014-10-29 04:17   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-10-29 03:56 . 2014-10-14 19:59   11627712   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{033725BC-907D-4A7A-9A21-3651BAECC195}\mpengine.dll
2014-10-26 19:34 . 2014-10-27 01:33   --------   d-----w-   C:\FRST
2014-10-25 22:21 . 2014-10-29 04:04   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-25 22:20 . 2014-10-25 22:20   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-25 22:20 . 2014-10-25 22:20   --------   d-----w-   c:\programdata\Malwarebytes
2014-10-25 22:20 . 2014-10-01 16:11   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-10-25 22:20 . 2014-10-01 16:11   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-10-25 22:20 . 2014-10-01 16:11   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-10-16 04:14 . 2014-09-29 00:58   3198976   ----a-w-   c:\windows\system32\win32k.sys
2014-10-16 04:12 . 2014-09-18 02:00   3241472   ----a-w-   c:\windows\system32\msi.dll
2014-10-16 04:12 . 2014-09-18 01:32   2363904   ----a-w-   c:\windows\SysWow64\msi.dll
2014-10-16 04:12 . 2014-09-04 05:23   424448   ----a-w-   c:\windows\system32\rastls.dll
2014-10-16 04:12 . 2014-09-04 05:04   372736   ----a-w-   c:\windows\SysWow64\rastls.dll
2014-10-16 04:12 . 2014-07-17 01:39   3221504   ----a-w-   c:\windows\SysWow64\mstscax.dll
2014-10-16 04:12 . 2014-07-17 02:07   3722240   ----a-w-   c:\windows\system32\mstscax.dll
2014-10-16 04:12 . 2014-07-17 02:07   681984   ----a-w-   c:\windows\system32\termsrv.dll
2014-10-16 04:12 . 2014-07-17 02:07   1118720   ----a-w-   c:\windows\system32\mstsc.exe
2014-10-16 04:12 . 2014-07-17 01:39   1051136   ----a-w-   c:\windows\SysWow64\mstsc.exe
2014-10-01 16:51 . 2014-09-25 02:08   371712   ----a-w-   c:\windows\system32\qdvd.dll
2014-10-01 16:51 . 2014-09-25 01:40   519680   ----a-w-   c:\windows\SysWow64\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-26 05:07 . 2012-04-13 20:47   701104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-26 05:07 . 2011-05-18 15:40   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 08:01 . 2009-10-26 02:18   103265616   ----a-w-   c:\windows\system32\MRT.exe
2014-10-02 20:53 . 2009-10-26 02:19   278152   ------w-   c:\windows\system32\MpSigStub.exe
2014-09-19 22:51 . 2010-06-24 17:33   23256   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-25 00:25   2048   ----a-w-   c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-25 00:25   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-29 01:55   404480   ----a-w-   c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 01:55   311808   ----a-w-   c:\windows\SysWow64\gdi32.dll
2014-08-09 13:38 . 2014-04-15 00:33   13792   ----a-w-   c:\windows\system32\drivers\semav6thermal64ro.sys
2014-08-01 11:53 . 2014-09-18 14:39   1031168   ----a-w-   c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-18 14:39   793600   ----a-w-   c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2009-07-21 78184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49   98304   ----a-w-   c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 ESETOlmarikOlmascoCleaner;ESET Olmarik/Olmasco Cleaner;c:\windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys;c:\windows\SYSNATIVE\Drivers\ESETOlmarikOlmascoCleaner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys;c:\windows\SYSNATIVE\drivers\iPodDrv.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsne64.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 05:07]
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 13:33]
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-28 13:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-29 11106408]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-09-29 1833576]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {26E1BEAF-C1A1-482B-8714-08844F1BCF7F} - hxxp://69.129.176.78:2001/webviewer.cab
DPF: {3AA1C0E3-DA98-4BB4-91AE-D3BC61178240} - hxxp://69.129.176.78:2001/GVersionMan.cab
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3884504756-1791863042-2517121777-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,ce,b7,ef,7e,08,f5,d8,51,3e,cb,02,7f,10,ad,c7,3e,29,87,34,c1,e3,3f,
   c4,e0,03,53,8b,49,e2,e9,b0,29,01,ae,24,a3,2d,66,28,65,7c,5c,33,ee,8d,48,09,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-28 23:22:18
ComboFix-quarantined-files.txt 2014-10-29 04:22
ComboFix2.txt 2014-10-29 03:33
.
Pre-Run: 375,250,149,376 bytes free
Post-Run: 374,796,890,112 bytes free
.
- - End Of File - - 38BE9CB22E1CE49287DC9B3058C8C429

Maniac · October 29, 2014

Step 1

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan button. Wait until is finished.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

Step 3

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
In your next reply, post the following log files:
- Junkware Removal Tool log
- AdwCleaner log
- ESET Online Scanner log

n201mw · October 29, 2014

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mike on Wed 10/29/2014 at 18:07:40.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT2790392
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2790392
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Mike\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Mike\appdata\locallow\bittorrentbar"
Successfully deleted: [Folder] "C:\Users\Mike\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Mike\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\bittorrentbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Empty Folder] C:\Users\Mike\appdata\local\{982E3F48-9CA1-499F-BE8E-D012D8143738}

~~~ FireFox

Successfully deleted: [File] C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\m7bmcd8q.default\searchplugins\ask-search.xml
Successfully deleted: [Folder] C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\m7bmcd8q.default\conduitcommon
Successfully deleted the following from C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\m7bmcd8q.default\prefs.js

user_pref("CT2790392..clientLogIsEnabled", true);
user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2790392.CTID", "CT2790392");
user_pref("CT2790392.CurrentServerDate", "19-9-2011");
user_pref("CT2790392.DialogsAlignMode", "LTR");
user_pref("CT2790392.DialogsGetterLastCheckTime", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.DownloadReferralCookieData", "");
user_pref("CT2790392.EMailNotifierPollDate", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedLastCount129313977501788460", 138);
user_pref("CT2790392.FeedPollDate129313974171006416", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313975698350231", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313976370850190", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313976648818968", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313977444757117", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313980389131455", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313980655381977", "Mon Sep 19 2011 13:18:48 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313980886163259", "Mon Sep 19 2011 13:18:48 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313981234756535", "Mon Sep 19 2011 13:18:48 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313983226631720", "Mon Sep 19 2011 13:18:48 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedPollDate129313983607725691", "Mon Sep 19 2011 13:18:48 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.FeedTTL129313974171006416", 10);
user_pref("CT2790392.FeedTTL129313977444757117", 15);
user_pref("CT2790392.FeedTTL129313980655381977", 5);
user_pref("CT2790392.FeedTTL129313981234756535", 5);
user_pref("CT2790392.FirstServerDate", "19-9-2011");
user_pref("CT2790392.FirstTime", true);
user_pref("CT2790392.FirstTimeFF3", true);
user_pref("CT2790392.FixPageNotFoundErrors", true);
user_pref("CT2790392.GroupingServerCheckInterval", 1440);
user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2790392.HasUserGlobalKeys", true);
user_pref("CT2790392.HomePageProtectorEnabled", false);
user_pref("CT2790392.Initialize", true);
user_pref("CT2790392.InitializeCommonPrefs", true);
user_pref("CT2790392.InstallationAndCookieDataSentCount", 1);
user_pref("CT2790392.InstallationType", "Unknown");
user_pref("CT2790392.InstalledDate", "Mon Sep 19 2011 13:18:49 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.IsGrouping", false);
user_pref("CT2790392.IsInitSetupIni", true);
user_pref("CT2790392.IsMulticommunity", false);
user_pref("CT2790392.IsOpenThankYouPage", true);
user_pref("CT2790392.IsOpenUninstallPage", true);
user_pref("CT2790392.IsProtectorsInit", true);
user_pref("CT2790392.LanguagePackLastCheckTime", "Mon Sep 19 2011 13:18:49 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2790392.LastLogin_3.6.0.10", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.LatestVersion", "3.6.0.10");
user_pref("CT2790392.Locale", "en");
user_pref("CT2790392.MCDetectTooltipHeight", "83");
user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2790392.MCDetectTooltipWidth", "295");
user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
user_pref("CT2790392.OriginalFirstVersion", "3.6.0.10");
user_pref("CT2790392.SearchEngineBeforeUnload", " ");
user_pref("CT2790392.SearchFromAddressBarIsInit", true);
user_pref("CT2790392.SearchInNewTabEnabled", true);
user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
user_pref("CT2790392.SearchInNewTabLastCheckTime", "Mon Sep 19 2011 13:18:48 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2790392.SearchProtectorEnabled", true);
user_pref("CT2790392.SearchProtectorToolbarDisabled", false);
user_pref("CT2790392.ServiceMapLastCheckTime", "Mon Sep 19 2011 13:18:46 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.SettingsLastCheckTime", "Mon Sep 19 2011 13:18:46 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.SettingsLastUpdate", "1313478218");
user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Mon Sep 19 2011 13:18:46 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2790392.UserID", "UN12822934660153062");
user_pref("CT2790392.WeatherNetwork", "");
user_pref("CT2790392.WeatherPollDate", "Mon Sep 19 2011 13:18:49 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.WeatherUnit", "C");
user_pref("CT2790392.alertChannelId", "1182482");
user_pref("CT2790392.backendstorage.pairingkey", "30313037453342434144373332414638324446454431303436354546443938363044313633353630");
user_pref("CT2790392.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
user_pref("CT2790392.backendstorage.uttorrents", "7B226275696C64223A32353534382C226C6162656C223A5B5D2C22746F7272656E7473223A5B5B22443130374343414336343741423337364644324239324
user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Mon Sep 19 2011 13:18:47 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.homepageProtectorEnableByLogin", true);
user_pref("CT2790392.initDone", true);
user_pref("CT2790392.isAppTrackingManagerOn", true);
user_pref("CT2790392.myStuffEnabled", true);
user_pref("CT2790392.myStuffPublihserMinWidth", 400);
user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
user_pref("CT2790392.searchProtectorEnableByLogin", true);
user_pref("CT2790392.testingCtid", "");
user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Mon Sep 19 2011 13:18:46 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Mon Sep 19 2011 13:18:49 GMT-0500 (Central Daylight Time)");
user_pref("CT2790392.usagesFlag", 1);
user_pref("CommunityToolbar.ConduitSearchList", " ");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"634515122457000000\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=CT2790392", "\"1313478218\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634515953213470000\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Mike\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m7bmcd8q.default\\conduitCommon\\modules\\3.6.0.10");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT2790392");
user_pref("CommunityToolbar.ToolbarsList2", "CT2790392");
user_pref("CommunityToolbar.ToolbarsList4", "CT2790392");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 19 2011 13:18:49 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.globalUserId", "700b1025-e419-40c0-88db-2852f86718f9");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Sep 19 2011 13:18:48 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Sep 19 2011 13:18:56 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Sep 19 2011 13:18:46 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "0696d49c-5a94-483d-80a1-b3a85bdd3bc2");
Emptied folder: C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\m7bmcd8q.default\minidumps [168 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/29/2014 at 18:11:39.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

n201mw · October 29, 2014

# AdwCleaner v3.311 - Report created 29/10/2014 at 18:19:05
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mike - LAPTOP
# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F8D3F4E-7C50-4D66-894D-E885900D8BF7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F265F887-CF6B-473A-846B-B0921B4E125D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{171C4362-F7AC-481E-B9ED-E29CCCA1EC67}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\DeviceVM
Key Deleted : HKLM\SOFTWARE\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v33.0 (x86 en-US)

[ File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\m7bmcd8q.default\prefs.js ]

Line Deleted : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"634515122457000000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=CT2790392", "\"1313478218\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634515953213470000\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Mike\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m7bmcd8q.default\\conduitCommon\\modules\\3.6.0.10");

-\\ Google Chrome v

[ File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4251 octets] - [29/10/2014 18:14:35]
AdwCleaner[s0].txt - [3993 octets] - [29/10/2014 18:19:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4053 octets] ##########

Maniac · October 29, 2014

Well done!

Please proceed further.

n201mw · October 30, 2014

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z   a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z   a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[3].7z   a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[4].7z   a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\FRST\Quarantine\C\Windows\system32\mjkdmo.dll.xBAD   a variant of MSIL/Injector.GAZ trojan   cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[1].7z   a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application   deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[2].7z   a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application   deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[3].7z   a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application   deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7[4].7z   a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application   deleted - quarantined

Maniac · October 31, 2014

Very good!

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

How are things now?

n201mw · November 3, 2014

I'm not getting those notifications anymore. Are we all done now?

Maniac · November 5, 2014

Sounds greet!

Last steps:

Step 1

Download OTL to your desktop and run it.
Click on CleanUp button.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Step 2

Please uninstall ESET Online Scanner .

Step 3

Some malware preventions:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing!

AdvancedSetup · February 8, 2015

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Malicious website blocked

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information