Potential virus/malware on my cousins pc

View previous topic View next topic Go down

Potential virus/malware on my cousins pc

Post by BugginFot on Sun 08 Jun 2014, 3:04 am

So I booted up cousins laptop and it flashes some random windows for a split second but I can't tell what they are because it happens so fast.. I ran the adw cleaner and here is the log from it.

# AdwCleaner v3.212 - Report created 07/06/2014 at 09:56:53
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Russ - KYRA-1
# Running from : C:\Users\Russ\Downloads\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DatamngrCoordinator

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\DataMngr
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\BearShare Applications
Folder Deleted : C:\Program Files (x86)\Music Toolbar
Folder Deleted : C:\Program Files (x86)\SaveValet
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Users\Russ\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Russ\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Russ\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Russ\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Russ\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Russ_2\AppData\LocalLow\DataMngr
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\PC Optimizer Pro.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\Tasks\Digital Sites.job
File Deleted : C:\Windows\System32\Tasks\Digital Sites
File Deleted : C:\Windows\Tasks\PC Optimizer Pro Updates.job
File Deleted : C:\Windows\System32\Tasks\PC Optimizer Pro Updates

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BearShareIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493F-B0DA-6D2FC5E6429E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\pc optimizer pro
Key Deleted : HKLM\Software\systweak
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN32C~1.DLL
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MUSICT~1\Datamngr\mgrldr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\Wincert\WIN64C~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\MUSICT~1\Datamngr\x64\mgrldr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : [You must be registered and logged in to see this link.]
Deleted [Search Provider] : [You must be registered and logged in to see this link.]

*************************

AdwCleaner[R0].txt - [14844 octets] - [07/06/2014 09:56:05]
AdwCleaner[S0].txt - [11707 octets] - [07/06/2014 09:56:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11768 octets] ##########



  

BugginFot

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2011-02-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by Superdave on Sun 08 Jun 2014, 3:57 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Quarantine All" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)

*************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by BugginFot on Sun 08 Jun 2014, 9:47 am

Ok so after running malwarebytes and quarantining everything. I can't get back to the web page.. It says "unable to connect to proxy server"

BugginFot

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2011-02-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by Superdave on Sun 08 Jun 2014, 9:58 am

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size

Click Go and copy/paste the log (Result.txt) into your next post.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by BugginFot on Sun 08 Jun 2014, 10:02 am

Malwarebytes Anti-Malware
[You must be registered and logged in to see this link.]

Scan Date: 6/7/2014
Scan Time: 3:03:00 PM
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.07.06
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Russ

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293508
Time Elapsed: 13 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 4
PUP.Optional.GorillaPrice, C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe, 12372, Delete-on-Reboot, [eeb4f085fa814ee87a2cab0e81810ef2]
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice\WatGorp.exe, 2164, Delete-on-Reboot, [fea46114077439fdb9ecb0090df5f808]
PUP.Optional.InstallX, C:\Users\Russ\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe, 3640, Delete-on-Reboot, [1b87b6bfed8e71c56f2b8127c53d8d73]
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe, 3668, Delete-on-Reboot, [237f017438437eb8a3f6592c1ee4669a]

Modules: 0
(No malicious items detected)

Registry Keys: 87
PUP.Optional.SaveValet.A, HKLM\SOFTWARE\CLASSES\CLSID\{F0F12903-DE76-4DF7-BCDC-0A0689151189}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.SaveValet.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0F8BFBD-05D3-4ECB-B753-010DFB738018}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.SaveValet.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9F7412D3-8CC2-45E6-84CB-62BB22747E01}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.SaveValet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F7412D3-8CC2-45E6-84CB-62BB22747E01}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.SaveValet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0F8BFBD-05D3-4ECB-B753-010DFB738018}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.SaveValet.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F0F12903-DE76-4DF7-BCDC-0A0689151189}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.SaveValet.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F0F12903-DE76-4DF7-BCDC-0A0689151189}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.SaveValet.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F0F12903-DE76-4DF7-BCDC-0A0689151189}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.SaveValet.A, HKU\S-1-5-21-2917339763-2930850496-1051941103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F0F12903-DE76-4DF7-BCDC-0A0689151189}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.SaveValet.A, HKU\S-1-5-21-2917339763-2930850496-1051941103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F0F12903-DE76-4DF7-BCDC-0A0689151189}, Quarantined, [3f63175e186339fd0d8f274a28daf010],
PUP.Optional.BearshareTB.A, HKLM\SOFTWARE\CLASSES\BearshareIEHelper.DNSGuard, Quarantined, [a1011a5b403bd264a951ff7237cb48b8],
PUP.Optional.BearshareTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BearshareIEHelper.DNSGuard, Quarantined, [e2c07ff60a71cd6905f575fcd62cda26],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [049e3f369edd4fe749c29328cb37956b],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [2979a9ccaecdc6706ba06e4d11f142be],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [6e34066fbcbfe15531da29926f939769],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [2280e4911a611d19bc4f724927db21df],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [f9a9da9b1c5f76c02edd8635887a9967],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [1c866e078eed310567a4ead146bcf50b],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [fba74a2baecde2544dbe2d8e907227d9],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [8a184b2a90eb7cbaf912f9c206fc6d93],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [5a480174d8a393a366a504b74eb420e0],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [0a985d18671403332be07b40b84a4ab6],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [fca6cfa62d4e082e68a308b3b54d0ef2],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [b7eb3b3a0f6cac8adf2cf0cb6d95e51b],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [475b561f22591c1a17f4aa115fa3916f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [4161ff76710aad890407e5d6020025db],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [732f9adb5f1c68cebf4cba017989b947],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [efb37500dba02a0ce7248e2d35cdbe42],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [0c96aacb45362a0c83887348788a4cb4],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [376b581de299fb3b46c52695d230f709],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [dbc75c1907748aac50bb8d2eff036799],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [cad8d89d007b55e116f52794fc06bf41],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [9a08d69f37440d2903087c3fc53d54ac],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [01a10b6a700b85b1e8231aa1d230b848],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [89191164b4c7e452e2299724c2405ea2],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [e5bdbbba1764b97d709bd8e30df518e8],
PUP.Optional.GorillaPrice.A, HKLM\SOFTWARE\WOW6432NODE\GorillaPrice, Quarantined, [0c96185dd1aa42f4a0c6189bb949768a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [eeb43f36e29953e30704bdfeae544cb4],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [049e20552b50979f8f7ce0dbbc460cf4],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [dac83243bdbe85b1f2192596e121916f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [881af58045369e98ce3d29928b77f808],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [633f4a2be695092d4dbec1fab34f08f8],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [772bf77e582385b11bf0febdce34e51b],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [e3bf4233126992a458b36f4cdf2323dd],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [782ae98cb7c45adc8e7d803ba65cde22],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [8022d79ef5868ea8f01b3c7fa65c21df],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [c0e21362522944f28d7e93281ee454ac],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [f0b2d4a182f92e08a665ebd041c17888],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [e0c2670eb5c60630c8431f9cbf43e917],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [b1f11b5a4239a195e6259229956dc040],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [3e64b2c31665191d67a47447c9393dc3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [d5cd01743e3d5ed869a2c8f392709f61],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [188a522313680d29c942615a61a1c43c],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [2d7594e177044fe7c8435c5fbc46817f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [a8fae392215ade58be4d7546788a43bd],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [6042185df982a393d7341c9fe71b1ce4],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [c3df096c88f3c076a26910ab10f2d927],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [f2b03a3b7ffc8ea80ffcdcdf48baa25e],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [6d35b3c24932d660cb407a414ab8f808],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [980a72034932f83ed734d0eb4fb330d0],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [5d45e88d1e5d7abc6c9f6556a65c1ae6],
PUP.Optional.GorillaPrice, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GorillaPrice, Quarantined, [c3df89ec443777bfced9e2d747bb34cc],
PUP.Optional.Consumer.Input.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\consumerinput_update, Quarantined, [ddc592e32d4e4fe76aa23f7c91714fb1],
PUP.Optional.Consumer.Input.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\consumerinput_updatem, Quarantined, [7c26c0b5304b1f17c44977441de5cc34],
PUP.Optional.GorillaPrice, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GorillaPrice, Quarantined, [eeb4f085fa814ee87a2cab0e81810ef2],
PUP.Optional.GorillaPrice, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WatGorp, Quarantined, [fea46114077439fdb9ecb0090df5f808],
PUP.Optional.GorillaPrice.A, HKU\S-1-5-21-2917339763-2930850496-1051941103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GorillaPrice, Quarantined, [bfe3ea8b95e68ea8afb64370e61cd52b],
PUP.Optional.InstallX, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Yahoo! Companion, Quarantined, [1b87b6bfed8e71c56f2b8127c53d8d73],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2917339763-2930850496-1051941103-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [2e7444318dee51e55d07e6e99a69c739],
PUP.Optional.GorillaPrice.A, HKU\S-1-5-21-2917339763-2930850496-1051941103-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GorillaPrice, Quarantined, [1092ee87daa11a1c92d38e25ad55718f],
PUP.Optional.ArcadeParlor.A, HKU\S-1-5-21-2917339763-2930850496-1051941103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B74443DB-5A88-4583-860A-F0D06EF399E3}, Quarantined, [4b57fe77314a2214ca61c9bc9270aa56],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Consumer Input Installer, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{82025773-B1B0-497b-B942-0171A2E42C3C}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\CptUrlPassthru.HttpHeaders.1, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\CptUrlPassthru.HttpHeaders, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CptUrlPassthru.HttpHeaders, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CptUrlPassthru.HttpHeaders.1, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{294BC5A4-7157-4131-AB81-1DEC393D0F0A}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E98F6ADA-0655-45F4-9141-9F7A18C5B46B}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E98F6ADA-0655-45F4-9141-9F7A18C5B46B}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{294BC5A4-7157-4131-AB81-1DEC393D0F0A}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CONSUMERINPUTUPDATE.EXE, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CONSUMERINPUTUPDATE.EXE, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{95C8DE84-989C-4235-A5B1-84E8B6A4384A}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],

Registry Values: 1
PUP.Optional.InstallX, HKU\S-1-5-21-2917339763-2930850496-1051941103-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|InstallX Search Protect for Yahoo, "C:\Users\Russ\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe", Quarantined, [1b87b6bfed8e71c56f2b8127c53d8d73]

Registry Data: 0
(No malicious items detected)

Folders: 20
PUP.Optional.ArcadeParlor.A, C:\Users\Russ\AppData\Local\ArcadeParlor, Quarantined, [4b57fe77314a2214ca61c9bc9270aa56],
PUP.Optional.Consumer.Input.A, C:\Users\Russ\AppData\Local\Consumer Input, Quarantined, [237f98dd05769e9817816b1a0ff3d32d],
PUP.Optional.Consumer.Input.A, C:\Users\Russ\AppData\Local\Consumer Input\CrashReports, Quarantined, [237f98dd05769e9817816b1a0ff3d32d],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input, Delete-on-Reboot, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\CrashReports, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring, Delete-on-Reboot, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Install, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Offline, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Offline\{D5421049-2319-4FBA-B851-2C099F1F27EA}, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice, Delete-on-Reboot, [c5dde194601b94a2478899ecbb47f20e],
PUP.Optional.GorillaPrice, C:\Program Files (x86)\GorillaPrice, Delete-on-Reboot, [c8daf481e09b280e2ba598ed39c94ab6],
PUP.Optional.InstallX.A, C:\Users\Russ\AppData\Roaming\InstallX Search Protect for Yahoo, Delete-on-Reboot, [dbc7c9acff7cde587a7a1574c53d3ec2],

Files: 67
PUP.Optional.ShopAtHome.A, C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstaller_C107992671_D1_R92237.exe, Quarantined, [4959beb7e7945adc37d99dc5649db050],
PUP.Optional.Adpeak, C:\Users\Russ\AppData\Local\Temp\ScorpionSaverNew.exe, Quarantined, [059d185d0b7064d23d4e80bedd27629e],
PUP.Optional.InstallCore.A, C:\Users\Russ\AppData\Local\Temp\ICReinstall_MinecraftSetup.exe, Quarantined, [7131e09569123afc8cc8171d4ab6b44c],
PUP.Optional.SearchProtect.A, C:\Users\Russ\AppData\Local\Temp\nsj9A36.exe, Quarantined, [e7bb1b5a4932033300b6b873748d659b],
PUP.Optional.SearchProtect.A, C:\Users\Russ\AppData\Local\Temp\nspF1C9.exe, Quarantined, [bce690e5413ab28491256bc0bd4411ef],
PUP.Optional.SearchProtect.A, C:\Users\Russ\AppData\Local\Temp\nspF5C0.exe, Quarantined, [7e247ff6f18a75c1ad0942e9a25f35cb],
PUP.Optional.SearchProtect.A, C:\Users\Russ\AppData\Local\Temp\nst2DE9.exe, Quarantined, [5a4811645823ca6c9a1cbd6ee31eb54b],
PUP.Optional.RelevantKnowledge, C:\Users\Russ\AppData\Local\Temp\CSM1144.tmp, Quarantined, [bfe35124770475c1b18cd99b0ef64fb1],
PUP.Optional.SearchProtect.A, C:\Users\Russ\AppData\Local\Temp\nsu95E2.exe, Quarantined, [9012d69f85f67abc6452ff2c6a97bf41],
PUP.Optional.MindSpark.A, C:\Users\Russ\AppData\Local\Temp\mlmB749.tmp\UPDATER.EXE, Quarantined, [d5cd0570334891a5a917274c9c65a060],
PUP.Optional.Installcore, C:\Users\Russ\AppData\Local\Temp\is1242154493\813094_stp\HomePageDLL.dll, Quarantined, [980a33421764a096a61cf250679d07f9],
PUP.Optional.Installcore, C:\Users\Russ\AppData\Local\Temp\is357113909\196359807_stp\HomePageDLL.dll, Quarantined, [b6eccfa6de9dd066457da69c19eb52ae],
PUP.Optional.MySpeedDial.A, C:\Users\Russ\AppData\Local\Temp\is357113909\196359984_stp\Mysearchdial.exe, Quarantined, [b2f04035d4a7f83e9dfe54eb3aca26da],
PUP.Optional.RightSurf.A, C:\Users\Russ\AppData\Local\Temp\is357113909\196360021_stp\RightSurfSetup.exe, Quarantined, [2b77690c017a9a9c93547fbf1ce848b8],
PUP.Optional.RegCleanPro, C:\Users\Russ\AppData\Local\Temp\is357113909\196360023_stp\rcpsetup_adppi14_adppi14.exe, Quarantined, [950dd2a3dba08ea8bdd1ad8703fde11f],
PUP.Optional.Installcore, C:\Users\Russ\AppData\Local\Temp\is357113909\196792584_stp\HomePageDLL.dll, Quarantined, [f6ac6b0acfac0036cbf7b1919c68ce32],
PUP.Optional.RightSurf.A, C:\Users\Russ\AppData\Local\Temp\is357113909\196792713_stp\RightSurfSetup.exe, Quarantined, [732fcca9b3c8ad89499eba8459ab6f91],
PUP.Optional.Conduit.A, C:\Users\Russ\AppData\Local\Temp\nsu2573\SpSetup.exe, Quarantined, [d8ca037268139f971d898997d1308779],
PUP.Optional.ArcadeParlor.A, C:\Windows\Tasks\ArcadeParlor.job, Quarantined, [a3ffd69f1d5e280edada26be2fd439c7],
PUP.Optional.Consumer.Input.A, C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job, Quarantined, [cdd59cd9f784a88e8d1bdb0df310b54b],
PUP.Optional.Consumer.Input.A, C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job, Quarantined, [2181086db5c6a88e198f5b8d976c41bf],
PUP.Optional.GorillaPrice, C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe, Delete-on-Reboot, [eeb4f085fa814ee87a2cab0e81810ef2],
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice\WatGorp.exe, Delete-on-Reboot, [fea46114077439fdb9ecb0090df5f808],
PUP.Optional.InstallX, C:\Users\Russ\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.exe, Delete-on-Reboot, [1b87b6bfed8e71c56f2b8127c53d8d73],
PUP.Optional.ArcadeParlor.A, C:\Users\Russ\AppData\Local\ArcadeParlor\ap.config, Quarantined, [4b57fe77314a2214ca61c9bc9270aa56],
PUP.Optional.ArcadeParlor.A, C:\Users\Russ\AppData\Local\ArcadeParlor\broker.exe, Quarantined, [4b57fe77314a2214ca61c9bc9270aa56],
PUP.Optional.ArcadeParlor.A, C:\Users\Russ\AppData\Local\ArcadeParlor\removal.exe, Quarantined, [4b57fe77314a2214ca61c9bc9270aa56],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\CIuninstall.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\CIuninstall.ico, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\cookie-retriever.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\cpturlpassthru.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-host.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\dca.js, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\logger.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\mozjs185-1.0.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.ico, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.log, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\cinm-host.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\cookie-retriever.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe, Delete-on-Reboot, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\manifest.json, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\uninstall.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\uninstall.ico, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputCrashHandler.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdate.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdateBroker.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdateHelper.msi, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdateOnDemand.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_de.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_en.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_es-419.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_es.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_fr.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_ja.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_zh-CN.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\psmachine.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\psuser.dll, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0\ciie-3.2.0-12153.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0\MonitoringTool-3.2.1-888.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0\MonitoringTool-3.2.1-951.exe, Quarantined, [237f017438437eb8a3f6592c1ee4669a],
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice\config.dat, Quarantined, [c5dde194601b94a2478899ecbb47f20e],
PUP.Optional.GorillaPrice, C:\ProgramData\GorillaPrice\GorillaPrice.exe, Quarantined, [c5dde194601b94a2478899ecbb47f20e],
PUP.Optional.InstallX.A, C:\Users\Russ\AppData\Roaming\InstallX Search Protect for Yahoo\config.xml, Quarantined, [dbc7c9acff7cde587a7a1574c53d3ec2],
PUP.Optional.InstallX.A, C:\Users\Russ\AppData\Roaming\InstallX Search Protect for Yahoo\searchprotector.zip, Quarantined, [dbc7c9acff7cde587a7a1574c53d3ec2],
PUP.Optional.InstallX.A, C:\Users\Russ\AppData\Roaming\InstallX Search Protect for Yahoo\SearchProtectorMonitor.log, Delete-on-Reboot, [dbc7c9acff7cde587a7a1574c53d3ec2],

Physical Sectors: 0
(No malicious items detected)


(end)

BugginFot

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2011-02-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by BugginFot on Sun 08 Jun 2014, 10:05 am

MiniToolBox by Farbar Version: 23-01-2014
Ran by Russ (administrator) on 07-06-2014 at 17:04:02
Running from "C:\Users\Russ\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:8080

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8187SE Wireless LAN PCIE Network Adapter = Wireless Network Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=25.0.0.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kyra-1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8187SE Wireless LAN PCIE Network Adapter
Physical Address. . . . . . . . . : 00-26-B6-5C-D8-E1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8429:c38f:2cfd:8072%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 07, 2014 4:27:11 PM
Lease Expires . . . . . . . . . . : Sunday, June 08, 2014 4:27:17 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 218113718
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-56-5F-8C-00-26-6C-32-94-21
DNS Servers . . . . . . . . . . . : 192.168.0.1
205.171.2.25
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : PK5001Z
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-26-6C-32-94-21
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-19-BE-33-B1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::19be:33b1(Preferred)
Link-local IPv6 Address . . . . . : fe80::bd9f:b28e:dafd:2952%15(Preferred)
IPv4 Address. . . . . . . . . . . : 25.190.51.177(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Saturday, June 07, 2014 4:27:08 PM
Lease Expires . . . . . . . . . . : Sunday, June 07, 2015 4:29:15 PM
Default Gateway . . . . . . . . . : 2620:9b::1900:1
25.0.0.1
DHCP Server . . . . . . . . . . . : 25.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 410679753
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-56-5F-8C-00-26-6C-32-94-21
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{835C3889-6BBC-467B-A087-1929C18171EA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3856:22fc:3f57:fff4(Preferred)
Link-local IPv6 Address . . . . . : fe80::3856:22fc:3f57:fff4%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{D6BAD046-8556-4D20-B561-DD20CA83E337}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.PK5001Z:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:400f:800::1005
74.125.225.162
74.125.225.168
74.125.225.164
74.125.225.163
74.125.225.174
74.125.225.166
74.125.225.169
74.125.225.167
74.125.225.161
74.125.225.165
74.125.225.160


Pinging google.com [74.125.225.167] with 32 bytes of data:
Reply from 74.125.225.167: bytes=32 time=25ms TTL=57
Reply from 74.125.225.167: bytes=32 time=25ms TTL=57

Ping statistics for 74.125.225.167:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 206.190.36.45
98.139.183.24
98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=58ms TTL=53
Reply from 206.190.36.45: bytes=32 time=56ms TTL=53

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 56ms, Maximum = 58ms, Average = 57ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 26 b6 5c d8 e1 ......Realtek RTL8187SE Wireless LAN PCIE Network Adapter
11...00 26 6c 32 94 21 ......Realtek PCIe FE Family Controller
15...7a 79 19 be 33 b1 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 25.0.0.1 25.190.51.177 9256
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25
25.0.0.0 255.0.0.0 On-link 25.190.51.177 9256
25.190.51.177 255.255.255.255 On-link 25.190.51.177 9256
25.255.255.255 255.255.255.255 On-link 25.190.51.177 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.11 281
192.168.0.11 255.255.255.255 On-link 192.168.0.11 281
192.168.0.255 255.255.255.255 On-link 192.168.0.11 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 25.190.51.177 9256
224.0.0.0 240.0.0.0 On-link 192.168.0.11 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 25.190.51.177 9256
255.255.255.255 255.255.255.255 On-link 192.168.0.11 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 25.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 9020 ::/0 2620:9b::1900:1
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:90d7:3856:22fc:3f57:fff4/128
On-link
15 276 2620:9b::/96 On-link
15 276 2620:9b::19be:33b1/128 On-link
15 276 fe80::/64 On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3856:22fc:3f57:fff4/128
On-link
12 281 fe80::8429:c38f:2cfd:8072/128
On-link
15 276 fe80::bd9f:b28e:dafd:2952/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
15 276 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
0 9000 ::/0 2620:9b::1900:1
===========================================================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/07/2014 04:28:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 01:24:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17041, time stamp: 0x531807e4
Faulting module name: MSHTML.dll, version: 11.0.9600.17107, time stamp: 0x536855c9
Exception code: 0xc0000005
Fault offset: 0x00d8bbac
Faulting process id: 0x11e0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (06/07/2014 09:59:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 09:48:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2014 08:02:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 06:22:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/04/2014 02:12:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: GorillaPrice.exe, version: 0.0.0.0, time stamp: 0x52dd36a1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x7fc
Faulting application start time: 0xGorillaPrice.exe0
Faulting application path: GorillaPrice.exe1
Faulting module path: GorillaPrice.exe2
Report Id: GorillaPrice.exe3

Error: (06/04/2014 11:12:18 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 11.0.9600.17041 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 378

Start Time: 01cf800068354217

Termination Time: 57

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 591a8023-ec0b-11e3-99b5-00266c329421

Error: (06/04/2014 08:23:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2014 07:58:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/07/2014 04:26:58 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/07/2014 04:26:58 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/07/2014 04:23:13 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (06/07/2014 03:00:35 PM) (Source: Service Control Manager) (User: )
Description: The GorillaPrice service failed to start due to the following error:
%%1053

Error: (06/07/2014 03:00:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GorillaPrice service to connect.

Error: (06/07/2014 02:59:30 PM) (Source: Service Control Manager) (User: )
Description: The GorillaPrice service failed to start due to the following error:
%%1053

Error: (06/07/2014 02:59:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GorillaPrice service to connect.

Error: (06/07/2014 02:58:25 PM) (Source: Service Control Manager) (User: )
Description: The GorillaPrice service failed to start due to the following error:
%%1053

Error: (06/07/2014 02:58:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GorillaPrice service to connect.

Error: (06/07/2014 02:57:20 PM) (Source: Service Control Manager) (User: )
Description: The GorillaPrice service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 42%
Total physical RAM: 2812.17 MB
Available physical RAM: 1626.44 MB
Total Pagefile: 5622.52 MB
Available Pagefile: 3995.34 MB
Total Virtual: 4095.88 MB
Available Virtual: 3972.45 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:297.99 GB) (Free:259.13 GB) NTFS

========================= Users: ========================================

User accounts for \\KYRA-1

Administrator Guest Russ
Russ_2


**** End of log ****

BugginFot

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2011-02-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by Superdave on Sun 08 Jun 2014, 10:13 am

Can you access the internet now?

Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by BugginFot on Sun 08 Jun 2014, 11:12 am

It said there was no malware found after the scan..

BugginFot

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2011-02-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by Superdave on Sun 08 Jun 2014, 12:29 pm

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by BugginFot on Mon 09 Jun 2014, 9:03 am

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\Datamngr.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\IEBHO.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\Internet Explorer Settings.exe.vir a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application deleted - quarantined
C:\Program Files (x86)\OpenDownloaderManager\pcfixspeed.exe a variant of Win32/24x7Help.B potentially unwanted application deleted - quarantined
C:\Users\Russ\AppData\Local\Temp\468358541.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\Users\Russ\AppData\Local\Temp\is357113909\196360067_stp\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\Users\Russ\AppData\Local\Temp\is357113909\196792802_stp\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\Users\Russ\Downloads\Setup_ODM.exe Win32/AdWare.GorillaPrice.E application cleaned by deleting - quarantined

BugginFot

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2011-02-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by BugginFot on Mon 09 Jun 2014, 9:04 am

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=e60091c48d13624fb44dbeaab960c683
# engine=18618
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-08 05:38:06
# local_time=2014-06-08 11:38:06 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5343144 24279079 0 0
# scanned=29643
# found=0
# cleaned=0
# scan_time=1001
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=e60091c48d13624fb44dbeaab960c683
# engine=18618
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-08 06:58:41
# local_time=2014-06-08 12:58:41 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5347980 24283915 0 0
# scanned=118550
# found=14
# cleaned=14
# scan_time=4755
sh=EF0B8C8D8C3471EC4CA75E25F145EED3B419474E ft=1 fh=89ab8d8ff09d78c1 vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\apcrtldr.dll.vir"
sh=CD22B799743A92BEB237FC65437DCC7811A95A07 ft=1 fh=1877516d08b1fc61 vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\Datamngr.dll.vir"
sh=9140BFAFB716B5500A83E924EF3D7FAD541B51BA ft=1 fh=df719c7aa012ec8d vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\IEBHO.dll.vir"
sh=8CFDC6A6949EC7D220EBDB96929D810F0DBDCF74 ft=1 fh=d40293d09190ed58 vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\Internet Explorer Settings.exe.vir"
sh=6DA5153938B828F8402494BA1FF018ACA04C5424 ft=1 fh=2c776a3b0d217258 vn="a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Music Toolbar\Datamngr\x64\mgrldr.dll.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=CDDEED40804DC12E4B8AD9278FE2243C34DC99AE ft=1 fh=2dfac01ebd5f1b6e vn="a variant of Win32/24x7Help.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\OpenDownloaderManager\pcfixspeed.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Russ\AppData\Local\Temp\468358541.Uninstall\uninstaller.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Russ\AppData\Local\Temp\is357113909\196360067_stp\uninstaller.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Russ\AppData\Local\Temp\is357113909\196792802_stp\uninstaller.exe"
sh=9DA71A6943EFC12F4644D301CFB156056C31674E ft=1 fh=e9da6dbc6ee1fe82 vn="Win32/AdWare.GorillaPrice.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Russ\Downloads\Setup_ODM.exe"

BugginFot

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2011-02-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by Superdave on Mon 09 Jun 2014, 9:45 am

That's good. How's your computer running now? Any other issues before we clean up?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by BugginFot on Tue 10 Jun 2014, 11:17 am

It appears to be running normally and None of weird flashes are happening on startup anymore. Anything else left to do?

BugginFot

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2011-02-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by Superdave on Mon 16 Jun 2014, 5:24 am

Just a bit of cleanup. You may keep MBAM and AdwCleaner on your computer, if you wish. Update them and run them on a regular basis.

Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*******************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
*******************************************************
Go to Microsoft Windows Update and get all critical updates.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by BugginFot on Mon 16 Jun 2014, 8:08 am

Ok I will run those when I get home. Thanks for all the help Dave

BugginFot

Rookie Surfer
Rookie Surfer

Posts : 62
Joined : 2011-02-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: Potential virus/malware on my cousins pc

Post by Sponsored content Today at 4:22 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum