Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows anti virus master cannot enter windows advanced options window


  • This topic is locked This topic is locked
55 replies to this topic

#1 xxgraywolf

xxgraywolf

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:07:02 PM

Posted 12 February 2014 - 01:04 AM

Iread the self help for this virus, created a disk of rem vims to use on the infected computer, but i cannot enter safe mode or DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Greg Roberts at 22:01:04 on 2014-02-11
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.29 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\object browser\object browser-bg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Object Browser: {11111111-1111-1111-1111-110311281150} - c:\program files\object browser\Object Browser-bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [YTDownloader] "c:\program files\ytdownloader\YTDownloader.exe" /boot
mRun: [BrowserSafeguard] "c:\program files\browsersafeguard\BrowserSafeguard.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1386219125656
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6BDB17C2-D063-4C8C-98F0-E677AD4860B2} : DHCPNameServer = 192.168.0.1 205.171.3.25
AppInit_DLLs= 
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys --> c:\windows\system32\drivers\lsnfd.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-2-1 40776]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-12-12 13464]
.
=============== Created Last 30 ================
.
2014-02-12 04:07:00 -------- d-----w- c:\documents and settings\greg roberts\local settings\application data\Object Browser
2014-02-12 04:06:06 -------- d-----w- c:\program files\Object Browser
2014-02-12 03:33:54 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8dfff302-d913-43c2-9686-4544e6aa913c}\mpengine.dll
2014-02-10 09:01:48 7760024 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-10 08:58:56 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-02-10 08:58:31 0 ----a-w- c:\documents and settings\greg roberts\TempWmicBatchFile.bat
2014-02-10 08:52:38 -------- d-----w- c:\documents and settings\greg roberts\local settings\application data\BrowserSafeguard
2014-02-10 08:05:34 -------- d-----w- c:\documents and settings\all users\application data\SearchModule
2014-02-10 08:05:00 -------- d-----w- c:\documents and settings\greg roberts\local settings\application data\Installer
2014-02-10 08:04:48 -------- d-----w- c:\program files\common files\Goobzo
2014-02-10 08:02:42 -------- d-----w- c:\documents and settings\greg roberts\local settings\application data\CrashRpt
2014-02-06 07:12:31 -------- d-----w- c:\documents and settings\greg roberts\application data\FreeFileViewer
2014-02-06 07:00:00 -------- d-----w- c:\documents and settings\greg roberts\local settings\application data\FreeFileViewer
2014-02-06 06:56:47 -------- d-----w- c:\program files\File Type Assistant
2014-02-06 06:55:21 -------- d-----w- c:\program files\FreeFileViewer
2014-02-06 06:47:40 -------- d-----w- c:\documents and settings\greg roberts\application data\mysearchdial
2014-02-02 02:27:09 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-02 02:24:09 -------- d-----w- c:\documents and settings\greg roberts\application data\Malwarebytes
2014-02-02 02:23:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-02-02 01:54:51 -------- d-----w- c:\program files\iWin.com
2014-02-02 01:51:22 -------- d-----w- c:\documents and settings\all users\application data\iWin Games
2014-01-28 07:03:38 -------- d-----w- C:\Games
2014-01-28 07:01:56 -------- d-----w- c:\documents and settings\all users\application data\PogoDGC
2014-01-20 06:30:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2014-01-20 06:29:53 -------- d-----w- c:\program files\Windows Media Connect 2
2014-01-20 06:25:58 -------- d-----w- c:\windows\system32\LogFiles
2014-01-15 04:11:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-15 04:11:23 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2014-02-06 06:54:36 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
============= FINISH: 22:11:16.26 ===============
use the disk and continue instructions what can I do.

Attached Files


xxgraywolf

BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 12 February 2014 - 07:23 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:07:02 PM

Posted 13 February 2014 - 12:33 AM

Hi Marius My name is greg thank you very much for youir assistance i will try my best to do things as you have perscribed however I'm not very good with these computers and my wife even less and it's her computer that I hope you can fix. ?would it be easier for you to have remote access to my computer, although trying to reach you this evenning made me think my computer is infected also.
for now however i followed your inst. and downloaded GMER but when i reached the part to uncheck the box IAT/EAT and show all which I did'nt find A window dropped that said GMER has found system modifications caused by rootkit activity, with a check box for ok Seems you said that would happen but I was stopped at that window and could not go ahead. I think I followed your direction at least I hope so .
As this is our first communication I hope you will bear with me and not become discouraged with my lack of skills Im a generation before all this tech. but I'll try not to dissapoint.
Be assured I will check daily for any communication from you and from now on I will be as brief as possible in my response, so as not to bore you.

Edited by xxgraywolf, 13 February 2014 - 12:37 AM.

xxgraywolf

#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 13 February 2014 - 09:06 AM

Hi there,

 

we don´t do remote sessions here. If you aren´t allowed to proceed with gmer, try the following:

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:07:02 PM

Posted 13 February 2014 - 05:58 PM

Hi TB-Psychotic

       I'm not sure which name you would like me to use.

       I did reconfigure the control panel to receive E-mail notifications I don't know how to change that so we can converce thru the forum posts, I'll do what ever you require if i know how to do it.

       I downloaded the mbar file as you requested and the file stated no malware discovered, however I could not find a place when the scan completed to attach a log because I could not find the log, but the mbar is stored in my desktop as you requested.

       As a footnote I'm not sure how to attach things to answer your needs hopefully i will figure it out as we go along.

       I did not do the clean as you told me not to but according to the program there was nothing to fix anyway. If you help me out maybe I can find that log you wanted to review. As always thank you for hanging in there with me.


xxgraywolf

#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 14 February 2014 - 03:05 AM

Let´s get rid of the malware first

 

 

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:07:02 PM

Posted 14 February 2014 - 11:27 PM

Hi: well I done as you requested and managed to run the combo fix scan,but in order to do that I ended up placing my anti virus program in the trash. After I send this post i will reload microsoft security essentials I hope that is ok to do C:\ComboFix.txtComboFix 14-02-14.01 - Greg Roberts 02/14/2014 20:51:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.382 [GMT -7:00]
Running from: c:\documents and settings\Greg Roberts\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Greg Roberts\Local Settings\Temporary Internet Files\RightSurf_iels
.
.
((((((((((((((((((((((((( Files Created from 2014-01-15 to 2014-02-15 )))))))))))))))))))))))))))))))
.
.
2014-02-13 21:19 . 2014-02-13 21:19 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\Identities
2014-02-13 19:03 . 2014-02-13 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-13 18:48 . 2014-02-13 18:48 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-13 17:50 . 2014-02-13 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\MySearchDial
2014-02-12 04:07 . 2014-02-15 02:11 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\Object Browser
2014-02-12 04:06 . 2014-02-12 04:06 -------- d-----w- c:\program files\Object Browser
2014-02-10 08:58 . 2014-02-10 08:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-02-10 08:58 . 2014-02-10 09:01 0 ----a-w- c:\documents and settings\Greg Roberts\TempWmicBatchFile.bat
2014-02-10 08:52 . 2014-02-10 08:52 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\BrowserSafeguard
2014-02-10 08:05 . 2014-02-10 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SearchModule
2014-02-10 08:05 . 2014-02-10 08:05 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\Installer
2014-02-10 08:04 . 2014-02-12 03:20 -------- d-----w- c:\program files\Common Files\Goobzo
2014-02-10 08:02 . 2014-02-10 08:02 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\CrashRpt
2014-02-06 07:12 . 2014-02-06 07:15 -------- d-----w- c:\documents and settings\Greg Roberts\Application Data\FreeFileViewer
2014-02-06 07:00 . 2014-02-06 07:00 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\FreeFileViewer
2014-02-06 06:58 . 2014-02-06 06:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2014-02-06 06:56 . 2014-02-06 07:08 -------- d-----w- c:\program files\File Type Assistant
2014-02-06 06:55 . 2014-02-06 06:56 -------- d-----w- c:\program files\FreeFileViewer
2014-02-06 06:47 . 2014-02-06 06:50 -------- d-----w- c:\documents and settings\Greg Roberts\Application Data\mysearchdial
2014-02-02 02:27 . 2014-02-13 19:03 107224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-02 02:24 . 2014-02-02 02:24 -------- d-----w- c:\documents and settings\Greg Roberts\Application Data\Malwarebytes
2014-02-02 02:23 . 2014-02-02 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-02 01:54 . 2014-02-02 02:12 -------- d-----w- c:\program files\iWin.com
2014-02-02 01:51 . 2014-02-02 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2014-01-28 07:03 . 2014-01-28 07:03 -------- d-----w- C:\Games
2014-01-28 07:01 . 2014-01-28 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PogoDGC
2014-01-20 06:32 . 2008-04-14 12:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2014-01-20 06:30 . 2008-04-14 12:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2014-01-20 06:29 . 2014-01-20 06:29 -------- d-----w- c:\program files\Windows Media Connect 2
2014-01-20 06:25 . 2014-01-20 06:27 -------- d-----w- c:\windows\system32\drivers\UMDF
2014-01-20 06:25 . 2014-01-20 06:25 -------- d-----w- c:\windows\system32\LogFiles
2014-01-20 05:48 . 2014-01-20 05:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 06:54 . 2013-12-12 21:03 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-02-05 23:26 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2014-02-05 03:29 . 2014-01-15 04:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 03:29 . 2014-01-15 04:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2013-12-05 06:51 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 03:13 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2004-08-04 12:00 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
.
RUnknown SASKUTIL;SASKUTIL; [x]
S1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys --> c:\windows\system32\drivers\lsnfd.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [12/12/2013 2:03 PM 13464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3CFCDD32
*Deregistered* - mbamchameleon
*Deregistered* - MpKsl3cfcdd32
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-15 03:29]
.
2014-02-15 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2014-02-06 01:24]
.
2014-02-15 c:\windows\Tasks\Object Browser-codedownloader.job
- c:\program files\Object Browser\Object Browser-codedownloader.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\Object Browser-enabler.job
- c:\program files\Object Browser\Object Browser-enabler.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\Object Browser-firefoxinstaller.job
- c:\program files\Object Browser\Object Browser-firefoxinstaller.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\Object Browser-updater.job
- c:\program files\Object Browser\Object Browser-updater.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-413027322-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
2014-02-15 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-413027322-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
2014-02-15 c:\windows\Tasks\User_Feed_Synchronization-{9E92E58B-AA55-4B1F-AD1C-2813B75F7687}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2014-02-15 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2004-08-04 12:00]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
HKLM-Run-YTDownloader - c:\program files\YTDownloader\YTDownloader.exe
HKLM-Run-BrowserSafeguard - c:\program files\Browsersafeguard\BrowserSafeguard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-14 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-02-14 21:04:00
ComboFix-quarantined-files.txt 2014-02-15 04:03
.
Pre-Run: 10,847,006,720 bytes free
Post-Run: 12,622,487,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8D0899D9FEC6573B224693A6C5C7B831
8F558EB6672622401DA993E1E865C861
I hope I've done this right I await your next instructions THANK YOU
xxgraywolf

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 17 February 2014 - 06:14 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:07:02 PM

Posted 17 February 2014 - 08:13 PM

Hello this time I'm not doing so well, I cannot download CFScript.txt,nor can I drag it to combo fix .so I stopped as you have instructed until I find out what I've done wrong,or better still what I need to do wright I'm sorry I tried It just does"nt work I will wait to hear back rather than do something wrong.
xxgraywolf

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 18 February 2014 - 05:10 AM

OK, why can´t you download it? Explain the issue, please.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:07:02 PM

Posted 18 February 2014 - 11:38 PM

In your post combo scripting I tried to bring up the cf scripy.txt that was in bold type to no avail. I then went to the picture window and tryed to drag the document to the combo fix cat ,each time i tryed I got a circle with a slash thru it like as in don't Yesterday I checked and the combo fix the mbar were both in my desktop following your post today. I wondered why I could not perform the function so I went back to my desktop to open the software and check it for errors and the combo fix ,the mbar as well as the shortcuts were gone.
I tried to reload combo fix and in so doing I got a window saying error saving webpage, after the download ,contained in the window it said this webpage could not be saved.
I don't think I left anything out that I can think of, curios tho, why did those items disapper from my desktop file ?
I hope that is all you need for us to continue, THANK YOU
xxgraywolf

#12 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:07:02 PM

Posted 18 February 2014 - 11:55 PM

 following my post I was shutting down and I got a window that said someone else was using my computer and would i like to continue the shut down or something to that effect I shut It down and restarted it and again checked my desktop and the files and short cuts were back in the desktop does that mean something?


xxgraywolf

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 19 February 2014 - 07:27 AM

No, you have to download the cfscript.txt to your desktop. Then drag this file from your desktop into the combofix icon and release the mouse buttion, then.

Don´t try to drag the picture from the website.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:07:02 PM

Posted 19 February 2014 - 05:05 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg Roberts :: B-2C22F43FE1234 [administrator]

2/19/2014 12:27:17 PM
mbam-log-2014-02-19 (12-27-17).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243938
Time elapsed: 1 hour(s), 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\DynConIE (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\SocialBit\IE\SaveValet (PUP.Optional.SaveValet.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 16
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\MyStuffApps (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 52
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024985.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024981.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024982.dll (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024984.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024986.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024987.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024989.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024992.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020764.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020765.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020766.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020768.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021915.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021911.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021913.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021914.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021916.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021918.dll (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021922.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021923.exe (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023313.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023304.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023306.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023307.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023308.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023314.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023318.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023320.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023322.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP96\A0023345.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\info.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg Roberts :: B-2C22F43FE1234 [administrator]

2/19/2014 12:27:17 PM
mbam-log-2014-02-19 (12-27-17).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243938
Time elapsed: 1 hour(s), 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\DynConIE (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\SocialBit\IE\SaveValet (PUP.Optional.SaveValet.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 16
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\MyStuffApps (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 52
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024985.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024981.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024982.dll (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024984.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024986.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024987.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024989.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024992.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020764.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020765.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020766.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020768.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021915.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021911.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021913.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021914.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021916.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021918.dll (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021922.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021923.exe (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023313.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023304.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023306.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023307.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023308.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023314.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023318.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023320.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023322.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP96\A0023345.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\info.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg Roberts :: B-2C22F43FE1234 [administrator]

2/19/2014 12:27:17 PM
mbam-log-2014-02-19 (12-27-17).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243938
Time elapsed: 1 hour(s), 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\DynConIE (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\SocialBit\IE\SaveValet (PUP.Optional.SaveValet.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 16
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\MyStuffApps (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 52
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024985.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024981.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024982.dll (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024984.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024986.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024987.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024989.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024992.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020764.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020765.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020766.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020768.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021915.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021911.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021913.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021914.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021916.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021918.dll (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021922.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021923.exe (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023313.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023304.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023306.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023307.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023308.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023314.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023318.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023320.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023322.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP96\A0023345.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\info.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg Roberts :: B-2C22F43FE1234 [administrator]

2/19/2014 12:27:17 PM
mbam-log-2014-02-19 (12-27-17).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243938
Time elapsed: 1 hour(s), 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\DynConIE (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\SocialBit\IE\SaveValet (PUP.Optional.SaveValet.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 16
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\MyStuffApps (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 52
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024985.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024981.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024982.dll (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024984.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024986.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024987.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024989.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024992.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020764.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020765.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020766.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020768.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021915.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021911.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021913.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021914.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021916.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021918.dll (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021922.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021923.exe (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023313.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023304.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023306.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023307.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023308.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023314.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023318.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023320.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023322.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP96\A0023345.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\info.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg Roberts :: B-2C22F43FE1234 [administrator]

2/19/2014 12:27:17 PM
mbam-log-2014-02-19 (12-27-17).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243938
Time elapsed: 1 hour(s), 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\DynConIE (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\SocialBit\IE\SaveValet (PUP.Optional.SaveValet.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 16
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\MyStuffApps (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 52
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024985.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024981.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024982.dll (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024984.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024986.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024987.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024989.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024992.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020764.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020765.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020766.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020768.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021915.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021911.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021913.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021914.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021916.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021918.dll (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021922.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021923.exe (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023313.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023304.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023306.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023307.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023308.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023314.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023318.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023320.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023322.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP96\A0023345.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\info.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg Roberts :: B-2C22F43FE1234 [administrator]

2/19/2014 12:27:17 PM
mbam-log-2014-02-19 (12-27-17).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243938
Time elapsed: 1 hour(s), 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\DynConIE (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\SocialBit\IE\SaveValet (PUP.Optional.SaveValet.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 16
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\MyStuffApps (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 52
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024985.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024981.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024982.dll (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024984.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024986.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024987.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024989.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024992.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020764.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020765.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020766.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020768.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021915.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021911.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021913.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021914.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021916.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021918.dll (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021922.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021923.exe (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023313.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023304.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023306.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023307.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023308.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023314.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023318.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023320.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023322.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP96\A0023345.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\info.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg Roberts :: B-2C22F43FE1234 [administrator]

2/19/2014 12:27:17 PM
mbam-log-2014-02-19 (12-27-17).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243938
Time elapsed: 1 hour(s), 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\DynConIE (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\SocialBit\IE\SaveValet (PUP.Optional.SaveValet.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 16
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\MyStuffApps (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 52
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024985.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024981.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024982.dll (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024984.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024986.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024987.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024989.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024992.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020764.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020765.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020766.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020768.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021915.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021911.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021913.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021914.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021916.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021918.dll (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021922.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021923.exe (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023313.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023304.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023306.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023307.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023308.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023314.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023318.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023320.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023322.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP96\A0023345.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\info.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.19.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg Roberts :: B-2C22F43FE1234 [administrator]

2/19/2014 12:27:17 PM
mbam-log-2014-02-19 (12-27-17).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243938
Time elapsed: 1 hour(s), 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\DynConIE (PUP.Optional.DynConIE.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\SocialBit\IE\SaveValet (PUP.Optional.SaveValet.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0A2O0R1R1H2Z1S1G0H1F -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 16
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\MyStuffApps (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

Files Detected: 52
C:\Program Files\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024985.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024981.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024982.dll (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024984.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024986.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024987.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024989.exe (PUP.Optional.ObjectBrowser.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP106\A0024992.exe (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020764.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020765.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020766.exe (PUP.Optional.SearchDonkey.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP80\A0020768.exe (PUP.Optional.InternetUpdater.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021915.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021911.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021913.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021914.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021916.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021918.dll (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021922.exe (PUP.Optional.Sambreel.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP86\A0021923.exe (PUP.Optional.RightSurf.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023313.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023304.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023306.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023307.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023308.exe (PUP.Optional.OptimizerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023314.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023318.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023320.dll (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP95\A0023322.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6894EAA8-C933-461D-B133-73585B44A464}\RP96\A0023345.exe (PUP.Optional.ShopperPro.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\62.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\icons_2.2.15.1631\80.ico (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Application Data\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\info.dat (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\STTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\TTL.DAT (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\MySearchDial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3153924\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_CT3306061\ToolbarHiddenSettings\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Connect_DLC_5\Repository\conduit_CT3306061_en\ToolbarTranslation\data.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\cookies.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\Manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\page.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Greg Roberts\Local Settings\Application Data\Google\Chrome\User Data\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\static.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.695000 GHz
Memory total: 535834624, free: 101662720

Downloaded database version: v2014.02.13.09
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     02/13/2014 12:03:29
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
intelide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
cercsr6.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\ati2mtaa.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\el90xbc5.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\ac97intc.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvaa.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff823e0ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff823d14c8
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff823e0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8238f958, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff823e0ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff823d14c8, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CCBECCBE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 40114242
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 20547841536 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-40112503-40132503)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

ComboFix 14-02-14.01 - Greg Roberts 02/14/2014  20:51:15.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.382 [GMT -7:00]
Running from: c:\documents and settings\Greg Roberts\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Greg Roberts\Local Settings\Temporary Internet Files\RightSurf_iels
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-15 to 2014-02-15  )))))))))))))))))))))))))))))))
.
.
2014-02-13 21:19 . 2014-02-13 21:19 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\Identities
2014-02-13 19:03 . 2014-02-13 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-13 18:48 . 2014-02-13 18:48 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-13 17:50 . 2014-02-13 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\MySearchDial
2014-02-12 04:07 . 2014-02-15 02:11 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\Object Browser
2014-02-12 04:06 . 2014-02-12 04:06 -------- d-----w- c:\program files\Object Browser
2014-02-10 08:58 . 2014-02-10 08:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-02-10 08:58 . 2014-02-10 09:01 0 ----a-w- c:\documents and settings\Greg Roberts\TempWmicBatchFile.bat
2014-02-10 08:52 . 2014-02-10 08:52 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\BrowserSafeguard
2014-02-10 08:05 . 2014-02-10 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SearchModule
2014-02-10 08:05 . 2014-02-10 08:05 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\Installer
2014-02-10 08:04 . 2014-02-12 03:20 -------- d-----w- c:\program files\Common Files\Goobzo
2014-02-10 08:02 . 2014-02-10 08:02 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\CrashRpt
2014-02-06 07:12 . 2014-02-06 07:15 -------- d-----w- c:\documents and settings\Greg Roberts\Application Data\FreeFileViewer
2014-02-06 07:00 . 2014-02-06 07:00 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\FreeFileViewer
2014-02-06 06:58 . 2014-02-06 06:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2014-02-06 06:56 . 2014-02-06 07:08 -------- d-----w- c:\program files\File Type Assistant
2014-02-06 06:55 . 2014-02-06 06:56 -------- d-----w- c:\program files\FreeFileViewer
2014-02-06 06:47 . 2014-02-06 06:50 -------- d-----w- c:\documents and settings\Greg Roberts\Application Data\mysearchdial
2014-02-02 02:27 . 2014-02-13 19:03 107224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-02 02:24 . 2014-02-02 02:24 -------- d-----w- c:\documents and settings\Greg Roberts\Application Data\Malwarebytes
2014-02-02 02:23 . 2014-02-02 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-02 01:54 . 2014-02-02 02:12 -------- d-----w- c:\program files\iWin.com
2014-02-02 01:51 . 2014-02-02 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2014-01-28 07:03 . 2014-01-28 07:03 -------- d-----w- C:\Games
2014-01-28 07:01 . 2014-01-28 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PogoDGC
2014-01-20 06:32 . 2008-04-14 12:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2014-01-20 06:30 . 2008-04-14 12:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2014-01-20 06:29 . 2014-01-20 06:29 -------- d-----w- c:\program files\Windows Media Connect 2
2014-01-20 06:25 . 2014-01-20 06:27 -------- d-----w- c:\windows\system32\drivers\UMDF
2014-01-20 06:25 . 2014-01-20 06:25 -------- d-----w- c:\windows\system32\LogFiles
2014-01-20 05:48 . 2014-01-20 05:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 06:54 . 2013-12-12 21:03 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-02-05 23:26 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2014-02-05 03:29 . 2014-01-15 04:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 03:29 . 2014-01-15 04:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2013-12-05 06:51 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 03:13 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2004-08-04 12:00 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
.
RUnknown SASKUTIL;SASKUTIL; [x]
S1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys --> c:\windows\system32\drivers\lsnfd.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [12/12/2013 2:03 PM 13464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3CFCDD32
*Deregistered* - mbamchameleon
*Deregistered* - MpKsl3cfcdd32
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-15 03:29]
.
2014-02-15 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2014-02-06 01:24]
.
2014-02-15 c:\windows\Tasks\Object Browser-codedownloader.job
- c:\program files\Object Browser\Object Browser-codedownloader.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\Object Browser-enabler.job
- c:\program files\Object Browser\Object Browser-enabler.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\Object Browser-firefoxinstaller.job
- c:\program files\Object Browser\Object Browser-firefoxinstaller.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\Object Browser-updater.job
- c:\program files\Object Browser\Object Browser-updater.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-413027322-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
2014-02-15 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-413027322-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
2014-02-15 c:\windows\Tasks\User_Feed_Synchronization-{9E92E58B-AA55-4B1F-AD1C-2813B75F7687}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2014-02-15 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2004-08-04 12:00]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
HKLM-Run-YTDownloader - c:\program files\YTDownloader\YTDownloader.exe
HKLM-Run-BrowserSafeguard - c:\program files\Browsersafeguard\BrowserSafeguard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-14 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-02-14  21:04:00
ComboFix-quarantined-files.txt  2014-02-15 04:03
.
Pre-Run: 10,847,006,720 bytes free
Post-Run: 12,622,487,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8D0899D9FEC6573B224693A6C5C7B831
8F558EB6672622401DA993E1E865C861ComboFix 14-02-14.01 - Greg Roberts 02/14/2014  20:51:15.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.382 [GMT -7:00]
Running from: c:\documents and settings\Greg Roberts\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Greg Roberts\Local Settings\Temporary Internet Files\RightSurf_iels
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-15 to 2014-02-15  )))))))))))))))))))))))))))))))
.
.
2014-02-13 21:19 . 2014-02-13 21:19 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\Identities
2014-02-13 19:03 . 2014-02-13 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-13 18:48 . 2014-02-13 18:48 52312 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-13 17:50 . 2014-02-13 17:50 -------- d-----w- c:\documents and settings\NetworkService\Application Data\MySearchDial
2014-02-12 04:07 . 2014-02-15 02:11 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\Object Browser
2014-02-12 04:06 . 2014-02-12 04:06 -------- d-----w- c:\program files\Object Browser
2014-02-10 08:58 . 2014-02-10 08:58 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-02-10 08:58 . 2014-02-10 09:01 0 ----a-w- c:\documents and settings\Greg Roberts\TempWmicBatchFile.bat
2014-02-10 08:52 . 2014-02-10 08:52 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\BrowserSafeguard
2014-02-10 08:05 . 2014-02-10 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SearchModule
2014-02-10 08:05 . 2014-02-10 08:05 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\Installer
2014-02-10 08:04 . 2014-02-12 03:20 -------- d-----w- c:\program files\Common Files\Goobzo
2014-02-10 08:02 . 2014-02-10 08:02 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\CrashRpt
2014-02-06 07:12 . 2014-02-06 07:15 -------- d-----w- c:\documents and settings\Greg Roberts\Application Data\FreeFileViewer
2014-02-06 07:00 . 2014-02-06 07:00 -------- d-----w- c:\documents and settings\Greg Roberts\Local Settings\Application Data\FreeFileViewer
2014-02-06 06:58 . 2014-02-06 06:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2014-02-06 06:56 . 2014-02-06 07:08 -------- d-----w- c:\program files\File Type Assistant
2014-02-06 06:55 . 2014-02-06 06:56 -------- d-----w- c:\program files\FreeFileViewer
2014-02-06 06:47 . 2014-02-06 06:50 -------- d-----w- c:\documents and settings\Greg Roberts\Application Data\mysearchdial
2014-02-02 02:27 . 2014-02-13 19:03 107224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-02 02:24 . 2014-02-02 02:24 -------- d-----w- c:\documents and settings\Greg Roberts\Application Data\Malwarebytes
2014-02-02 02:23 . 2014-02-02 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-02-02 01:54 . 2014-02-02 02:12 -------- d-----w- c:\program files\iWin.com
2014-02-02 01:51 . 2014-02-02 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2014-01-28 07:03 . 2014-01-28 07:03 -------- d-----w- C:\Games
2014-01-28 07:01 . 2014-01-28 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PogoDGC
2014-01-20 06:32 . 2008-04-14 12:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2014-01-20 06:30 . 2008-04-14 12:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2014-01-20 06:29 . 2014-01-20 06:29 -------- d-----w- c:\program files\Windows Media Connect 2
2014-01-20 06:25 . 2014-01-20 06:27 -------- d-----w- c:\windows\system32\drivers\UMDF
2014-01-20 06:25 . 2014-01-20 06:25 -------- d-----w- c:\windows\system32\LogFiles
2014-01-20 05:48 . 2014-01-20 05:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-06 06:54 . 2013-12-12 21:03 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2014-02-05 23:26 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:26 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:24 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2014-02-05 03:29 . 2014-01-15 04:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 03:29 . 2014-01-15 04:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 07:32 . 2013-12-05 06:51 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-01-04 03:13 . 2004-08-04 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2004-08-04 12:00 1172992 ----a-w- c:\windows\system32\msxml3.dll
2013-11-27 20:21 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
.
RUnknown SASKUTIL;SASKUTIL; [x]
S1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys --> c:\windows\system32\drivers\lsnfd.sys [?]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [12/12/2013 2:03 PM 13464]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3CFCDD32
*Deregistered* - mbamchameleon
*Deregistered* - MpKsl3cfcdd32
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-15 03:29]
.
2014-02-15 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2014-02-06 01:24]
.
2014-02-15 c:\windows\Tasks\Object Browser-codedownloader.job
- c:\program files\Object Browser\Object Browser-codedownloader.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\Object Browser-enabler.job
- c:\program files\Object Browser\Object Browser-enabler.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\Object Browser-firefoxinstaller.job
- c:\program files\Object Browser\Object Browser-firefoxinstaller.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\Object Browser-updater.job
- c:\program files\Object Browser\Object Browser-updater.exe [2014-02-12 04:06]
.
2014-02-15 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-413027322-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
2014-02-15 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-413027322-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-15 00:13]
.
2014-02-15 c:\windows\Tasks\User_Feed_Synchronization-{9E92E58B-AA55-4B1F-AD1C-2813B75F7687}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2014-02-15 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2004-08-04 12:00]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
HKLM-Run-YTDownloader - c:\program files\YTDownloader\YTDownloader.exe
HKLM-Run-BrowserSafeguard - c:\program files\Browsersafeguard\BrowserSafeguard.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-14 21:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-02-14  21:04:00
ComboFix-quarantined-files.txt  2014-02-15 04:03
.
Pre-Run: 10,847,006,720 bytes free
Post-Run: 12,622,487,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8D0899D9FEC6573B224693A6C5C7B831
8F558EB6672622401DA993E1E865C861

     I hope I got it right whats next?

FOLDER::
c:\documents and settings\NetworkService\Application Data\MySearchDial
c:\documents and settings\Greg Roberts\Local Settings\Application Data\Object Browser
c:\program files\Object Browser
c:\documents and settings\Greg Roberts\Local Settings\Application Data\BrowserSafeguard
c:\documents and settings\All Users\Application Data\SearchModule
c:\documents and settings\Greg Roberts\Local Settings\Application Data\Installer
c:\program files\Common Files\Goobzo
FILE::
c:\windows\system32\drivers\lsnfd.sys
c:\windows\Tasks\Object Browser-codedownloader.job
c:\windows\Tasks\Object Browser-enabler.job
c:\windows\Tasks\Object Browser-firefoxinstaller.job
c:\windows\Tasks\Object Browser-updater.job
DRIVER::
lsnfd
DDS::
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=
CLEARJAVACACHE::

     FOLDER::
c:\documents and settings\NetworkService\Application Data\MySearchDial
c:\documents and settings\Greg Roberts\Local Settings\Application Data\Object Browser
c:\program files\Object Browser
c:\documents and settings\Greg Roberts\Local Settings\Application Data\BrowserSafeguard
c:\documents and settings\All Users\Application Data\SearchModule
c:\documents and settings\Greg Roberts\Local Settings\Application Data\Installer
c:\program files\Common Files\Goobzo
FILE::
c:\windows\system32\drivers\lsnfd.sys
c:\windows\Tasks\Object Browser-codedownloader.job
c:\windows\Tasks\Object Browser-enabler.job
c:\windows\Tasks\Object Browser-firefoxinstaller.job
c:\windows\Tasks\Object Browser-updater.job
DRIVER::
lsnfd
DDS::
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0103&cd=2XzuyEtN2Y1L1QzutDtDtDyCyD0BzyyB0FzztC0BtBtAyEyBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=443349993&ir=
CLEARJAVACACHE::

(end)


xxgraywolf

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:02 AM

Posted 20 February 2014 - 07:49 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users