pmcaruso

CLOSED My emsisoft didn't protect me from uTorrent and mypcbackup files below

Recommended Posts

Please fix. I attach the requested documents.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013
Ran by Caroline (ATTENTION: The logged in user is not administrator) on PEGGY-PC on 14-11-2013 20:22:52
Running from C:\Users\Caroline\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAui.exe
(Emsisoft GmbH) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Western Digital) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\OAhlp.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent (1).exe
(Dropbox, Inc.) C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files\Online Armor\OAui.exe [7558464 2013-10-15] (Emsisoft GmbH)
HKLM\...\Run: [emsisoft anti-malware] - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-09-30] (Emsisoft GmbH)
HKLM\...\Run: [WD Drive Unlocker] - C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM\...\Run: [WD Quick View] - C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [719672 2012-01-20] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-03] (Facebook Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Caroline\Downloads\utorrent (1).exe [1141328 2013-11-02] (BitTorrent Inc.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-10-09] (Adobe Systems Incorporated)
MountPoints2: {f54d3da5-fd45-11e1-9492-806e6f6e6963} - E:\Autorun.exe
Startup: C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAEB67EE94D93CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://start.qone8.com/web/?type=ds&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://start.qone8.com/web/?type=ds&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://start.qone8.com/web/?type=ds&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188&q={searchTerms}
BHO: Price Finder - {6E89E1D3-C66F-41C4-A648-CD91544E99C3} - C:\Users\Peggy\AppData\Roaming\PriceFinder\PriceFinderHelper.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Peggy\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\ONLINE~1\oaevent.dll [1033968 2013-10-15] (Emsisoft GmbH)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======

CHR DefaultSearchURL: (Ask Search) - http://www.search.ask.com/web?p2=%5EAOF%5EYYYYYY%5EYY%5EUS&gct=&o=APN10523&tpid=OVO2V7&itbv=12.3.0.1000&doi=2013-10-07&apn_uid=F6ED6757-B8AF-46D6-963A-090256E57B19&apn_ptnrs=%5EAOF&apn_dtid=%5EYYYYYY%5EYY%5EUS&apn_dbr=ie_10.0.9200.16576&psv=&trgb=CR&q={searchTerms}
CHR DefaultSuggestURL: (Ask Search) - http://ss.websearch.ask.com/query?qsrc={qsrc}&li=ff&sstype=prefix&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SuperLyrics-16) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\incpbbmbclbkhjphicahojidkcabaajc\1.25.18_0
CHR Extension: (Google Wallet) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Peggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://start.qone8.com/?type=sc&ts=1383409190&from=tugs&uid=WDCXWD5000AAKS-75A7B2_WD-WMASY784918849188

========================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [4153784 2013-09-30] (Emsisoft GmbH)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-15] (Emsisoft GmbH)
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-15] (Emsisoft GmbH)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
S4 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [57944 2013-09-16] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [22056 2013-03-27] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [38248 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [14432 2013-03-27] (Emsisoft GmbH)
R3 cleanhlp; C:\EEK\Run\cleanhlp32.sys [50200 2013-11-14] (Emsisoft GmbH)
R1 OADevice; C:\Windows\system32\drivers\OADriver.sys [210360 2013-10-15] ()
R1 oahlpXX; C:\Windows\system32\drivers\oahlp32.sys [44984 2013-10-15] ()
R1 OAmon; C:\Windows\system32\drivers\OAmon.sys [34856 2013-10-15] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [31760 2013-10-15] (Emsisoft)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-14 20:24 - 2013-11-14 20:24 - 02252584 _____ (Premium Installer     ) C:\Users\Caroline\Downloads\Setup (2).exe
2013-11-14 20:22 - 2013-11-14 20:24 - 00013553 _____ C:\Users\Caroline\Downloads\FRST.txt
2013-11-14 20:22 - 2013-11-14 20:22 - 00000000 ____D C:\FRST
2013-11-14 20:21 - 2013-11-14 20:21 - 02252584 _____ (Premium Installer     ) C:\Users\Caroline\Downloads\Setup (1).exe
2013-11-14 20:21 - 2013-11-14 20:21 - 01090529 _____ (Farbar) C:\Users\Caroline\Downloads\FRST.exe
2013-11-14 19:40 - 2013-11-14 19:40 - 00000000 ____D C:\EEK
2013-11-14 19:37 - 2013-11-14 19:39 - 207015984 _____ C:\Users\Caroline\Downloads\EmsisoftEmergencyKit.exe
2013-11-14 06:27 - 2013-11-14 06:36 - 00007634 _____ C:\Windows\wininit.ini
2013-11-14 00:06 - 2013-11-14 04:19 - 00000000 ____D C:\Users\Caroline\Downloads\NCIS Season 5
2013-11-02 13:14 - 2013-11-02 13:15 - 00000000 ____D C:\Users\Peggy\Documents\Eliza Spanish 10th Grade
2013-11-02 13:11 - 2013-11-14 00:03 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\vlc
2013-11-02 13:04 - 2013-11-14 06:27 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-02 13:02 - 2013-11-02 13:02 - 24278649 _____ C:\Users\Caroline\Downloads\vlc-2.1.0-win32.exe
2013-11-02 12:43 - 2013-11-02 12:43 - 01141328 _____ (BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent (1).exe
2013-11-02 12:37 - 2013-11-02 12:37 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\Real
2013-11-02 12:36 - 2013-11-05 20:12 - 00000000 ____D C:\Users\Caroline\Downloads\BitTorrent-MobyInnocents-Free
2013-11-02 12:36 - 2013-11-02 12:36 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\Search Protection
2013-11-02 12:35 - 2013-11-02 12:35 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\uTorrent
2013-11-02 12:35 - 2013-11-02 12:35 - 00000000 ____D C:\ProgramData\Real
2013-11-02 12:34 - 2013-11-14 20:24 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\uTorrent
2013-11-02 12:34 - 2013-11-02 12:34 - 01141328 _____ (BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent.exe
2013-11-02 12:14 - 2013-11-02 12:14 - 00319376 _____ C:\Users\Caroline\Downloads\Setup.exe
2013-11-02 11:45 - 2013-11-02 11:45 - 00000884 __RSH C:\Users\Caroline\ntuser.pol
2013-11-02 11:21 - 2013-11-14 18:21 - 00001948 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job
2013-11-02 11:21 - 2013-11-02 11:21 - 00000000 ____D C:\Program Files\SuperLyrics-16
2013-11-02 11:20 - 2013-11-05 06:33 - 00000000 ____D C:\Program Files\MyPC Backup
2013-11-02 11:20 - 2013-11-02 11:20 - 00000884 __RSH C:\Users\Peggy\ntuser.pol
2013-11-02 11:20 - 2013-11-02 11:20 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\downquick
2013-11-02 11:20 - 2013-11-02 11:20 - 00000000 ____D C:\Program Files\Tuguu SL
2013-11-02 11:17 - 2013-11-02 11:17 - 00319384 _____ C:\Users\Caroline\Downloads\Setup_V2.exe
2013-10-27 20:29 - 2013-10-27 20:29 - 00023563 _____ C:\Users\Caroline\Downloads\FRANKLIN 2.odt
2013-10-26 14:15 - 2013-11-11 17:05 - 00000000 ____D C:\Users\Caroline\Documents\Computer
2013-10-26 14:15 - 2013-10-26 14:15 - 00000000 ____D C:\Users\Caroline\Documents\School
2013-10-26 14:13 - 2013-11-02 16:25 - 00000000 ____D C:\Users\Caroline\Documents\Various Family Members
2013-10-19 09:23 - 2013-10-19 09:23 - 00126464 _____ C:\Users\Caroline\Downloads\TELEPHONEDIRECTORYPAGE1Spring2013.xls

==================== One Month Modified Files and Folders =======

2013-11-14 20:24 - 2013-11-14 20:24 - 02252584 _____ (Premium Installer     ) C:\Users\Caroline\Downloads\Setup (2).exe
2013-11-14 20:24 - 2013-11-14 20:22 - 00013553 _____ C:\Users\Caroline\Downloads\FRST.txt
2013-11-14 20:24 - 2013-11-02 12:34 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\uTorrent
2013-11-14 20:22 - 2013-11-14 20:22 - 00000000 ____D C:\FRST
2013-11-14 20:21 - 2013-11-14 20:21 - 02252584 _____ (Premium Installer     ) C:\Users\Caroline\Downloads\Setup (1).exe
2013-11-14 20:21 - 2013-11-14 20:21 - 01090529 _____ (Farbar) C:\Users\Caroline\Downloads\FRST.exe
2013-11-14 20:14 - 2012-09-14 05:46 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2013-11-14 19:54 - 2013-03-25 07:20 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 19:40 - 2013-11-14 19:40 - 00000000 ____D C:\EEK
2013-11-14 19:39 - 2013-11-14 19:37 - 207015984 _____ C:\Users\Caroline\Downloads\EmsisoftEmergencyKit.exe
2013-11-14 19:30 - 2012-11-07 20:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 18:21 - 2013-11-02 11:21 - 00001948 _____ C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job
2013-11-14 18:20 - 2013-10-03 20:15 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-455000523-3201364494-1314838895-1003UA.job
2013-11-14 17:25 - 2012-09-12 20:58 - 02025901 _____ C:\Windows\WindowsUpdate.log
2013-11-14 06:36 - 2013-11-14 06:27 - 00007634 _____ C:\Windows\wininit.ini
2013-11-14 06:27 - 2013-11-02 13:04 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-14 06:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-11-14 06:25 - 2012-09-17 08:35 - 00000000 ____D C:\Program Files\Google
2013-11-14 04:19 - 2013-11-14 00:06 - 00000000 ____D C:\Users\Caroline\Downloads\NCIS Season 5
2013-11-14 02:53 - 2013-03-25 07:20 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 00:03 - 2013-11-02 13:11 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\vlc
2013-11-13 21:20 - 2013-10-03 20:15 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-455000523-3201364494-1314838895-1003Core.job
2013-11-11 17:05 - 2013-10-26 14:15 - 00000000 ____D C:\Users\Caroline\Documents\Computer
2013-11-10 18:34 - 2012-10-14 09:09 - 00000000 ____D C:\Program Files\Online Armor
2013-11-09 03:53 - 2009-07-13 23:34 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-09 03:53 - 2009-07-13 23:34 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-07 21:21 - 2012-09-24 18:49 - 00000000 ____D C:\Users\Caroline\Documents\Recipes
2013-11-05 20:12 - 2013-11-02 12:36 - 00000000 ____D C:\Users\Caroline\Downloads\BitTorrent-MobyInnocents-Free
2013-11-05 09:06 - 2013-07-19 19:37 - 00000000 ___RD C:\Users\Caroline\Dropbox
2013-11-05 09:06 - 2013-07-19 19:32 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Dropbox
2013-11-05 06:37 - 2010-11-20 16:01 - 00719716 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-05 06:33 - 2013-11-02 11:20 - 00000000 ____D C:\Program Files\MyPC Backup
2013-11-05 06:32 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-05 06:32 - 2009-07-13 23:39 - 00037554 _____ C:\Windows\setupact.log
2013-11-02 16:25 - 2013-10-26 14:13 - 00000000 ____D C:\Users\Caroline\Documents\Various Family Members
2013-11-02 13:15 - 2013-11-02 13:14 - 00000000 ____D C:\Users\Peggy\Documents\Eliza Spanish 10th Grade
2013-11-02 13:02 - 2013-11-02 13:02 - 24278649 _____ C:\Users\Caroline\Downloads\vlc-2.1.0-win32.exe
2013-11-02 12:43 - 2013-11-02 12:43 - 01141328 _____ (BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent (1).exe
2013-11-02 12:39 - 2010-11-20 16:48 - 00026826 _____ C:\Windows\PFRO.log
2013-11-02 12:37 - 2013-11-02 12:37 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\Real
2013-11-02 12:36 - 2013-11-02 12:36 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\Search Protection
2013-11-02 12:35 - 2013-11-02 12:35 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\uTorrent
2013-11-02 12:35 - 2013-11-02 12:35 - 00000000 ____D C:\ProgramData\Real
2013-11-02 12:34 - 2013-11-02 12:34 - 01141328 _____ (BitTorrent Inc.) C:\Users\Caroline\Downloads\utorrent.exe
2013-11-02 12:14 - 2013-11-02 12:14 - 00319376 _____ C:\Users\Caroline\Downloads\Setup.exe
2013-11-02 11:45 - 2013-11-02 11:45 - 00000884 __RSH C:\Users\Caroline\ntuser.pol
2013-11-02 11:45 - 2012-09-15 09:24 - 00000000 ____D C:\Users\Caroline
2013-11-02 11:21 - 2013-11-02 11:21 - 00000000 ____D C:\Program Files\SuperLyrics-16
2013-11-02 11:20 - 2013-11-02 11:20 - 00000884 __RSH C:\Users\Peggy\ntuser.pol
2013-11-02 11:20 - 2013-11-02 11:20 - 00000000 ____D C:\Users\Peggy\AppData\Roaming\downquick
2013-11-02 11:20 - 2013-11-02 11:20 - 00000000 ____D C:\Program Files\Tuguu SL
2013-11-02 11:20 - 2013-03-25 07:21 - 00002337 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-02 11:20 - 2012-09-12 21:10 - 00000000 ____D C:\Users\Peggy
2013-11-02 11:20 - 2009-07-13 21:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-02 11:17 - 2013-11-02 11:17 - 00319384 _____ C:\Users\Caroline\Downloads\Setup_V2.exe
2013-11-02 09:24 - 2012-09-28 21:57 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-27 20:29 - 2013-10-27 20:29 - 00023563 _____ C:\Users\Caroline\Downloads\FRANKLIN 2.odt
2013-10-26 14:15 - 2013-10-26 14:15 - 00000000 ____D C:\Users\Caroline\Documents\School
2013-10-19 09:23 - 2013-10-19 09:23 - 00126464 _____ C:\Users\Caroline\Downloads\TELEPHONEDIRECTORYPAGE1Spring2013.xls
2013-10-15 17:08 - 2012-10-14 09:09 - 00210360 _____ C:\Windows\system32\Drivers\OADriver.sys
2013-10-15 17:08 - 2012-10-14 09:09 - 00044984 _____ C:\Windows\system32\Drivers\oahlp32.sys
2013-10-15 17:08 - 2012-10-14 09:09 - 00034856 _____ (Emsisoft) C:\Windows\system32\Drivers\OAmon.sys
2013-10-15 17:08 - 2012-10-14 09:09 - 00031760 _____ (Emsisoft) C:\Windows\system32\Drivers\OAnet.sys
2013-10-15 16:51 - 2012-09-17 08:35 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-15 11:23 - 2012-09-18 17:39 - 00000000 ____D C:\Users\Peggy\Documents\Outlook Files

Files to move or delete:
====================
C:\ProgramData\hash.dat

Some content of TEMP:
====================
C:\Users\Caroline\AppData\Local\Temp\contentDATs.exe
C:\Users\Caroline\AppData\Local\Temp\D2M-Precheck.exe
C:\Users\Caroline\AppData\Local\Temp\Impressioner.exe
C:\Users\Caroline\AppData\Local\Temp\install_reader11_en_gtba_chra_dy_aih.exe
C:\Users\Caroline\AppData\Local\Temp\System.Data.SQLite.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-11-2013
Ran by Caroline at 2013-11-14 20:25:20
Running from C:\Users\Caroline\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall (Enabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

3M Products Update version 2012-05 for Microsoft Office 2010
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DownQuick (Version: 1.0.1)
Dropbox (HKCU Version: 2.0.26)
Emsisoft Anti-Malware (Version: 6.6)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 25.0.619.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Officejet Pro 8600 Product Improvement Study (Version: 25.0.619.0)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
I.R.I.S. OCR (Version: 12.3.4.0)
iCloud (Version: 3.0.2.163)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iTunes (Version: 11.1.1.11)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MyPC Backup  (Version: )
Online Armor 6.0 (Version: 6.0)
QuickTime (Version: 7.74.80.86)
SuperLyrics-16 (Version: 1.29.153.3)
The Sims™ 3 (Version: 1.0.631)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
WD Drive Utilities (Version: 1.0.3.3)
WD Security (Version: 1.0.3.3)
WD SmartWare (Version: 1.6.4.7)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.

==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-455000523-3201364494-1314838895-1003Core.job => C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-455000523-3201364494-1314838895-1003UA.job => C:\Users\Caroline\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\SuperLyrics-16-chromeinstaller.job => ?

==================== Loaded Modules (whitelisted) =============

2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-13 15:48 - 2013-03-13 15:48 - 24978944 _____ () C:\Users\Caroline\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-10-17 18:58 - 2013-10-08 19:01 - 00698832 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-17 18:58 - 2013-10-08 19:01 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-17 18:58 - 2013-10-08 19:02 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-17 18:58 - 2013-10-08 19:02 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-17 18:58 - 2013-10-08 19:01 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-17 18:58 - 2013-10-08 19:02 - 13584336 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2013 02:00:04 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/05/2013 06:33:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 02:00:02 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/02/2013 00:41:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2013 00:41:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730
Exception code: 0xc0000005
Fault offset: 0x00002c60
Faulting process id: 0xd40
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3

Error: (11/02/2013 09:23:01 AM) (Source: MsiInstaller) (User: Peggy-PC)
Description: Product: Oovoo Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome

Error: (11/02/2013 07:39:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2013 01:00:01 AM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (10/26/2013 09:49:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/26/2013 09:48:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: MSOSYNC.EXE, version: 14.0.6116.5000, time stamp: 0x4f1650b3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x58c
Faulting application start time: 0xMSOSYNC.EXE0
Faulting application path: MSOSYNC.EXE1
Faulting module path: MSOSYNC.EXE2
Report Id: MSOSYNC.EXE3

System errors:
=============
Error: (11/10/2013 09:57:58 AM) (Source: DCOM) (User: )
Description: "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding5{7AB36653-1796-484B-BDFA-E74F1DB7C1DC}

Error: (11/07/2013 06:23:41 AM) (Source: DCOM) (User: )
Description: "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding5{7AB36653-1796-484B-BDFA-E74F1DB7C1DC}

Error: (11/05/2013 06:32:45 AM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2013 00:41:11 PM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/02/2013 00:40:59 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (MyPC Backup) service failed to start due to the following error:
%%1053

Error: (11/02/2013 00:40:59 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.

Error: (11/02/2013 11:21:15 AM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/02/2013 11:21:03 AM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/27/2013 10:14:01 AM) (Source: DCOM) (User: )
Description: "C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding5{7AB36653-1796-484B-BDFA-E74F1DB7C1DC}

Error: (10/26/2013 09:48:36 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (11/10/2013 02:00:04 AM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/05/2013 06:33:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/03/2013 02:00:02 AM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/02/2013 00:41:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2013 00:41:04 PM) (Source: Application Error)(User: )
Description: DefaultTabSearch.exe0.0.0.05252e730DefaultTabSearch.exe0.0.0.05252e730c000000500002c60d4001ced7f2b10b44c5C:\Program Files\DefaultTab\DefaultTabSearch.exeC:\Program Files\DefaultTab\DefaultTabSearch.exef20c2358-43e5-11e3-8844-00219b1f4e42

Error: (11/02/2013 09:23:01 AM) (Source: MsiInstaller)(User: Peggy-PC)
Description: Product: Oovoo Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall:

Google Chrome(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/02/2013 07:39:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2013 01:00:01 AM) (Source: Windows Backup)(User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (10/26/2013 09:49:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/26/2013 09:48:36 AM) (Source: Application Error)(User: )
Description: MSOSYNC.EXE14.0.6116.50004f1650b3unknown0.0.0.000000000c00000050000000058c01ced25a6a561ad1C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXEunknownb0cd544c-3e4d-11e3-ac04-00219b1f4e42

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3317.18 MB
Available physical RAM: 1466.84 MB
Total Pagefile: 6632.64 MB
Available Pagefile: 3691.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1890.69 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.72 GB) (Free:196.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.78 GB) NTFS
Drive e: (Sims3) (CDROM) (Total:5.54 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End Of Log ========================

Share this post


Link to post
Share on other sites

Let's start by targeting Adware & Junkware in general.

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Confirm each time with OK.
  • You will be prompted to restart your computer. A text file will open in Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to your reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  • If you lose that log file for any reason, you can find it at C:\AdwCleaner on your computer.
Download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.

Share this post


Link to post
Share on other sites

That's a good start. Changing tools.

Download ComboFix from Link

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

!!! IMPORTANT !!! Save ComboFix to your Desktop

NOTE: ComboFix is an advanced utility, and is not like traditional automated tools. It will delete anything that it knows is bad without asking for confirmation, it will save backup copies in it's quarantine automatically, it will restart your computer, and it will produce a log that allows me to analyze and determine if there is anything left over. This log will not contain any personal information, or information about any of your documents, pictures, music, videos, etc. It only compiles information on which applications/drivers/etc were installed within the last 30 days, any applications that have certain properties that could be used for malicious purposes, and most of the load points on your system that can be abused by malicious software. If there is a false positive, and something gets deleted that should not, then I can write a script for ComboFix that will tell it to restore specific items that it deleted.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    See HERE for help

  • Double click on Combo-Fix & follow the prompts.
When finished, ComboFix will produce a log.

NOTE:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

3. If you get a message that states "illegal operation attempted on a registry key that has been marked for deletion" restart your computer.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites

I ran all the fixes.  The reports are all attached.  I was not permitted to attach the combofix log.  I am pasting it here:

 

COMBOFIX LOG:

 

<< INLINE LOG REMOVED BY MODERATOR >>

<< DO NOT COPY AND PASTE LOGS >>

Edited by ShadowPuterDude
Inline ComboFix log removed

Share this post


Link to post
Share on other sites

We need to use ComboFix to remove some stuff.

  • Make sure that the copy of ComboFix that you downloaded earlier is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
  • Download to your Desktop CFScript.txt (Attached below)

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
  • You should have both the ComboFix and CFScript.txt icons on your Desktop.
  • Now use your mouse to drag CFScript.txt on top of ComboFix

    CFScriptB-4.gif

  • Follow the prompts.
  • When it finishes, a log will be produced named c:\combofix.txt
  • Attach the new log generated by ComboFix to your next reply.
Note: DO NOT mouseclick combofix's window while it is running. That may cause it to stall.

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.