Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.06.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16428 Cheryl :: ANNA-PC [administrator] 12/6/2013 8:27:45 AM mbam-log-2013-12-06 (08-27-45).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 392960 Time elapsed: 1 hour(s), 41 minute(s), 48 second(s) Memory Processes Detected: 2 C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> 2544 -> Delete on reboot. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> 3436 -> Delete on reboot. Memory Modules Detected: 5 C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Local\Temp\ct3306061\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot. Registry Keys Detected: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|TBHostSupport (PUP.Optional.Conduit) -> Data: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Cheryl\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin -> Quarantined and deleted successfully. HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.conduit.com?SearchSource=10&CUI=UN21164629399232691&UM=2&ctid=CT3306061 -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN21164629399232691&UM=2&UP=SP3E1A2582-5D92-4DF5-B1A9-CCD417136EE0) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 28 C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Temp\ct3306061 (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Local\Temp\ct3306061\plugins (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Local\Temp\ct3306061\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Temp\ct3306061\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Temp\ct3306061\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\TBHostSupport (PUP.Optional.Conduit) -> Delete on reboot. Files Detected: 86 C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IRDBEIB\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPS40MST\connect_dlc_5[3].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKWNO2XG\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKWNO2XG\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKWNO2XG\Connect_DLC_5[2].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MKWNO2XG\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2LWK0XV\conduitinstaller[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2LWK0XV\Connect_DLC_5[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully. C:\Users\Cheryl\AppData\Local\Temp\ct3306061\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Delete on reboot. C:\Users\Cheryl\AppData\Local\TBHostSupport\TBHostSupport.dll (PUP.Optional.Conduit) -> Delete on reboot. (end)