Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

3rd party has access to my computer [Closed] [Solved]

Started by Gmr , Mar 14 2014 12:01 PM

This topic is locked

#1
Gmr

Posted 14 March 2014 - 12:01 PM

Member

Member
94 posts

I was told by a supposed HP representative that my computer has active third party connection to my computer. how can i verify this and then get rid of it?

#2
pystryker

Posted 15 March 2014 - 07:25 AM

Trusted Helper

Malware Removal
3,912 posts

Hello and welcome to Geeks to Go! My nickname is Pystryker

, and I will be helping you with your issue today.

Before we get started, I have a few things I need to go over with you

Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.

If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
Please read through my instructions carefully and completely before executing them.
Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
If possible, please have your original Windows installation disks handy, just in case.
If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we? :thumbsup:

Let's get a look at your system and see what's going on.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Download and Scan with FRST

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Step 2: Download and Scan with aswMBR

Please download aswMBR.exe to your desktop.
Double click the file to run it.
It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Click the Scan button to begin the scan.

Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
Click Exit

Things I need to see in your next post:

FRST Log

Additions.txt Log

aswMBR Log

#3
Gmr

Posted 16 March 2014 - 03:46 PM

Member

Topic Starter
Member
94 posts

Thank you for the help. Been working and not able to start the process yet. I will be soon though. Thx...again!

#4
pystryker

Posted 16 March 2014 - 05:07 PM

Trusted Helper

Malware Removal
3,912 posts

Thank you for the help. Been working and not able to start the process yet. I will be soon though. Thx...again!

#5
pystryker

Posted 16 March 2014 - 05:13 PM

Trusted Helper

Malware Removal
3,912 posts

Thank you for the help. Been working and not able to start the process yet. I will be soon though. Thx...again!

#6
pystryker

Posted 20 March 2014 - 05:28 AM

Trusted Helper

Malware Removal
3,912 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

#7
pystryker

Posted 21 March 2014 - 09:54 AM

Trusted Helper

Malware Removal
3,912 posts

User returned. :-)

#8
Gmr

Posted 21 March 2014 - 04:28 PM

Member

Topic Starter
Member
94 posts

How do I disable Microsoft Security Essentials?

#9
pystryker

Posted 21 March 2014 - 04:44 PM

Trusted Helper

Malware Removal
3,912 posts

This should do it. :thumbsup:

1. Find the Security Essentials icon in your System Tray (usually it's represented by a little green house with a flag on top). Right-click it and choose Open.

2. Click the Settings tab.

3. Click Real-time protection.

4. Uncheck the box next to Turn on real-time protection (recommended).

5. Click the Save changes button.

#10
Gmr

Posted 22 March 2014 - 12:17 PM

Member

Topic Starter
Member
94 posts

Here are the FRST log. i do not see the Additions log.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Gary (administrator) on GARY-0587134ADE on 22-03-2014 13:55:40
Running from C:\Documents and Settings\Gary\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
() C:\Program Files\Winamp\Winampa.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\WINDOWS\system32\ntvdm.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\bin\HPNetworkCommunicator.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\Winampa.exe [7680 2001-03-02] ()
HKLM\...\Run: [nmctxth] - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [UserFaultCheck] - %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Conime] - C:\WINDOWS\system32\conime.exe [27648 2008-08-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe"
HKU\S-1-5-21-725345543-57989841-1644491937-1003\...\Run: [HP Deskjet 3510 series (NET)] - C:\Program Files\HP\HP Deskjet 3510 series\bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-725345543-57989841-1644491937-1003\...\Run: [DW7] - "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
HKU\S-1-5-21-725345543-57989841-1644491937-1003\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\pmw\PMREMIND.EXE ()
Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\FrostWire On Startup.lnk
ShortcutTarget: FrostWire On Startup.lnk -> C:\Program Files\FrostWire\FrostWire.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
SearchScopes: HKCU - ${ChromeSearchCLSID} URL = http://search.yahoo....q={searchTerms}
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.27.35.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\ihbuv2g9.default-1394805210937
FF Homepage: www.yahoo.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\ihbuv2g9.default-1394805210937\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-03-14]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\Documents and Settings\Gary\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Documents and Settings\Gary\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (YouTube) - C:\Documents and Settings\Gary\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]
CHR Extension: (Google Search) - C:\Documents and Settings\Gary\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (avast! Online Security) - C:\Documents and Settings\Gary\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-15]
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\Gary\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Gary\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-15]

========================== Services (Whitelisted) =================

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-07-07] (Cisco Systems, Inc.)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)

==================== Drivers (Whitelisted) ====================

R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-01-20] (Thomson Inc.)
R2 pnarp; C:\WINDOWS\System32\DRIVERS\pnarp.sys [25392 2009-07-07] (Cisco Systems, Inc.)
R2 purendis; C:\WINDOWS\System32\DRIVERS\purendis.sys [26672 2009-07-07] (Cisco Systems, Inc.)
S3 catchme; \??\C:\DOCUME~1\Gary\LOCALS~1\Temp\catchme.sys [X]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-08-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-22 13:55 - 2014-03-22 13:55 - 00011511 _____ () C:\Documents and Settings\Gary\Desktop\FRST.txt
2014-03-22 13:52 - 2014-03-22 13:53 - 01145856 _____ (Farbar) C:\Documents and Settings\Gary\Desktop\FRST.exe
2014-03-21 18:44 - 2014-03-21 18:44 - 00000000 ____D () C:\Documents and Settings\Gary\Desktop\All Ithaca Folder
2014-03-16 14:38 - 2014-03-16 14:38 - 00039888 _____ () C:\Documents and Settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-16 14:25 - 2014-03-16 14:25 - 00000420 _____ () C:\WINDOWS\regopt.log
2014-03-16 14:24 - 2014-03-16 14:24 - 00000020 ___SH () C:\Documents and Settings\Nick\ntuser.ini
2014-03-15 14:18 - 2014-03-15 14:18 - 00039888 _____ () C:\Documents and Settings\Gary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-15 13:48 - 2014-03-15 13:48 - 00005120 _____ () C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-14 19:28 - 2014-03-22 13:55 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-14 19:21 - 2014-01-19 03:32 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-03-14 19:18 - 2014-03-14 19:18 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-03-14 19:18 - 2014-03-14 19:18 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-14 19:18 - 2014-03-14 19:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-14 19:17 - 2014-03-14 19:17 - 11125072 _____ (Microsoft Corporation) C:\Documents and Settings\Gary\Desktop\mseinstall.exe
2014-03-14 10:06 - 2014-03-14 10:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-14 10:05 - 2014-03-14 10:06 - 00004119 _____ () C:\WINDOWS\KB2934207.log
2014-03-14 10:00 - 2014-03-14 10:00 - 00000000 ____D () C:\Documents and Settings\Gary\Application Data\TeamViewer
2014-03-14 09:53 - 2014-03-14 09:53 - 00000000 ____D () C:\Documents and Settings\Gary\Desktop\Old Firefox Data
2014-03-14 09:31 - 2014-03-22 13:45 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-14 09:31 - 2014-03-14 19:16 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-12 19:24 - 2014-03-15 13:49 - 00139147 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 19:24 - 2014-03-12 19:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 19:23 - 2014-03-12 19:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 18:23 - 2014-03-12 19:24 - 00127513 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 18:22 - 2014-03-12 19:23 - 00129784 _____ () C:\WINDOWS\KB2930275.log
2014-03-11 19:01 - 2014-03-11 19:01 - 00000000 ____D () C:\Documents and Settings\Nick\Local Settings\Application Data\Kingsoft
2014-03-11 18:43 - 2014-03-22 13:48 - 00000360 _____ () C:\WINDOWS\Tasks\WpsUpdateTask_Nick.job
2014-03-11 18:42 - 2014-03-11 18:42 - 00000000 ____D () C:\Documents and Settings\Nick\Application Data\Kingsoft
2014-03-05 02:17 - 2014-03-05 02:17 - 00000000 ___RD () C:\Program Files\Skype
2014-03-05 02:17 - 2014-03-05 02:17 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-05 02:17 - 2014-03-05 02:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-03 20:11 - 2014-03-03 20:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel

==================== One Month Modified Files and Folders =======

2014-03-22 13:55 - 2014-03-22 13:55 - 00011511 _____ () C:\Documents and Settings\Gary\Desktop\FRST.txt
2014-03-22 13:55 - 2014-03-14 19:28 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-22 13:55 - 2012-04-18 21:19 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-22 13:53 - 2014-03-22 13:52 - 01145856 _____ (Farbar) C:\Documents and Settings\Gary\Desktop\FRST.exe
2014-03-22 13:51 - 2010-10-09 16:10 - 01806462 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-22 13:49 - 2010-10-09 11:58 - 00608094 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-22 13:48 - 2014-03-11 18:43 - 00000360 _____ () C:\WINDOWS\Tasks\WpsUpdateTask_Nick.job
2014-03-22 13:45 - 2014-03-14 09:31 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-22 13:45 - 2010-10-09 16:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-22 13:45 - 2010-10-09 12:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-22 13:45 - 2010-10-09 12:00 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-22 13:45 - 2008-08-21 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-22 01:40 - 2010-10-09 16:22 - 00032550 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-22 01:33 - 2013-12-25 17:39 - 00000360 _____ () C:\WINDOWS\Tasks\WpsUpdateTask_Matt.job
2014-03-22 01:29 - 2013-11-29 18:03 - 00000360 _____ () C:\WINDOWS\Tasks\WpsUpdateTask_Gary.job
2014-03-21 23:18 - 2012-05-19 12:48 - 00222174 _____ () C:\WINDOWS\setupapi.log
2014-03-21 19:29 - 2010-10-09 16:29 - 00000278 ___SH () C:\Documents and Settings\Gary\ntuser.ini
2014-03-21 19:13 - 2011-07-11 11:35 - 00000095 _____ () C:\WINDOWS\winamp.ini
2014-03-21 18:44 - 2014-03-21 18:44 - 00000000 ____D () C:\Documents and Settings\Gary\Desktop\All Ithaca Folder
2014-03-21 18:37 - 2012-09-24 19:57 - 00000000 ____D () C:\Documents and Settings\Gary\Desktop\Geeks to go
2014-03-20 16:49 - 2012-08-10 19:00 - 00018186 _____ () C:\WINDOWS\wmsetup.log
2014-03-20 16:49 - 2010-10-09 18:24 - 00000792 _____ () C:\Documents and Settings\Nick\Start Menu\Programs\Windows Media Player.lnk
2014-03-17 20:12 - 2012-09-01 19:36 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-17 19:22 - 2013-08-16 19:50 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-17 19:19 - 2011-01-16 19:58 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-17 18:36 - 2010-10-09 11:56 - 00000327 __RSH () C:\boot.ini
2014-03-17 18:36 - 2008-08-21 08:00 - 00000762 _____ () C:\WINDOWS\win.ini
2014-03-17 18:36 - 2008-08-21 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-16 14:38 - 2014-03-16 14:38 - 00039888 _____ () C:\Documents and Settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-16 14:25 - 2014-03-16 14:25 - 00000420 _____ () C:\WINDOWS\regopt.log
2014-03-16 14:25 - 2010-10-09 11:56 - 00001024 ____H () C:\WINDOWS\system32\config\userdiff.LOG
2014-03-16 14:24 - 2014-03-16 14:24 - 00000020 ___SH () C:\Documents and Settings\Nick\ntuser.ini
2014-03-16 14:24 - 2010-10-09 18:24 - 00000000 ____D () C:\Documents and Settings\Nick
2014-03-15 14:18 - 2014-03-15 14:18 - 00039888 _____ () C:\Documents and Settings\Gary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-03-15 13:49 - 2014-03-12 19:24 - 00139147 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-15 13:48 - 2014-03-15 13:48 - 00005120 _____ () C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-15 13:48 - 2012-08-12 19:17 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-03-15 13:15 - 2010-10-10 19:22 - 00000000 ____D () C:\Documents and Settings\Matt
2014-03-15 13:14 - 2010-10-09 16:29 - 00000000 ____D () C:\Documents and Settings\Gary
2014-03-15 13:07 - 2012-05-21 22:49 - 00000000 ____D () C:\Program Files\FileHippo.com
2014-03-15 00:12 - 2010-10-13 20:20 - 00000000 ___RD () C:\Documents and Settings\Gary\Desktop\gr stuff
2014-03-14 21:39 - 2010-11-27 01:39 - 00000000 ____D () C:\Documents and Settings\Nick\Application Data\Skype
2014-03-14 20:53 - 2010-11-27 01:39 - 00002701 _____ () C:\Documents and Settings\Nick\Desktop\Skype.lnk
2014-03-14 20:03 - 2011-02-23 23:48 - 00000000 ____D () C:\Documents and Settings\Nick\Application Data\skypePM
2014-03-14 19:18 - 2014-03-14 19:18 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-03-14 19:18 - 2014-03-14 19:18 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-14 19:18 - 2014-03-14 19:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-14 19:17 - 2014-03-14 19:17 - 11125072 _____ (Microsoft Corporation) C:\Documents and Settings\Gary\Desktop\mseinstall.exe
2014-03-14 19:16 - 2014-03-14 09:31 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-14 19:15 - 2013-10-15 18:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-03-14 19:06 - 2013-02-20 20:46 - 00000000 ____D () C:\WINDOWS\pss
2014-03-14 18:47 - 2012-05-21 00:34 - 00000180 _____ () C:\WINDOWS\setupact.log
2014-03-14 18:02 - 2012-05-18 18:07 - 00000000 __SHD () C:\WINDOWS\CSC
2014-03-14 10:06 - 2014-03-14 10:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-14 10:06 - 2014-03-14 10:05 - 00004119 _____ () C:\WINDOWS\KB2934207.log
2014-03-14 10:06 - 2012-05-21 00:34 - 01015396 _____ () C:\WINDOWS\iis6.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00907766 _____ () C:\WINDOWS\FaxSetup.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00442998 _____ () C:\WINDOWS\ocgen.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00417235 _____ () C:\WINDOWS\tsoc.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00301631 _____ () C:\WINDOWS\comsetup.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00283638 _____ () C:\WINDOWS\msmqinst.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00184042 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00159196 _____ () C:\WINDOWS\netfxocm.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00062832 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00050475 _____ () C:\WINDOWS\ocmsn.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00045682 _____ () C:\WINDOWS\msgsocm.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00045406 _____ () C:\WINDOWS\tabletoc.log
2014-03-14 10:06 - 2012-05-21 00:34 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-14 10:00 - 2014-03-14 10:00 - 00000000 ____D () C:\Documents and Settings\Gary\Application Data\TeamViewer
2014-03-14 09:53 - 2014-03-14 09:53 - 00000000 ____D () C:\Documents and Settings\Gary\Desktop\Old Firefox Data
2014-03-12 19:45 - 2011-11-29 22:46 - 00000000 ____D () C:\Documents and Settings\Nick\Desktop\Job Resumes'
2014-03-12 19:28 - 2012-06-10 06:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 19:28 - 2010-10-09 11:56 - 00187408 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-12 19:24 - 2014-03-12 19:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 19:24 - 2014-03-12 18:23 - 00127513 _____ () C:\WINDOWS\KB2929961.log
2014-03-12 19:24 - 2013-10-31 18:27 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-12 19:24 - 2012-05-21 00:35 - 00091550 _____ () C:\WINDOWS\updspapi.log
2014-03-12 19:24 - 2012-05-21 00:34 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-12 19:23 - 2014-03-12 19:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 19:23 - 2014-03-12 18:22 - 00129784 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 19:23 - 2012-06-10 06:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-12 18:55 - 2012-04-18 21:19 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-12 18:55 - 2011-05-29 13:19 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-11 19:01 - 2014-03-11 19:01 - 00000000 ____D () C:\Documents and Settings\Nick\Local Settings\Application Data\Kingsoft
2014-03-11 18:42 - 2014-03-11 18:42 - 00000000 ____D () C:\Documents and Settings\Nick\Application Data\Kingsoft
2014-03-11 01:29 - 2012-09-11 18:17 - 00000151 _____ () C:\WINDOWS\PhotoSnapViewer.INI
2014-03-08 00:48 - 2013-12-25 10:07 - 00154842 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-57989841-1644491937-1003-0.dat
2014-03-08 00:48 - 2013-07-16 23:13 - 00154842 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-08 00:41 - 2011-01-30 18:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-03-05 15:40 - 2013-02-26 16:08 - 00000000 ____D () C:\Documents and Settings\Nick\Application Data\BitTorrent
2014-03-05 02:17 - 2014-03-05 02:17 - 00000000 ___RD () C:\Program Files\Skype
2014-03-05 02:17 - 2014-03-05 02:17 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-03-05 02:17 - 2014-03-05 02:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-03-05 02:17 - 2010-11-27 01:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-03-03 20:11 - 2014-03-03 20:11 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel
2014-03-03 20:11 - 2010-10-21 10:24 - 00000000 ____D () C:\Documents and Settings\Alice
2014-03-03 20:11 - 2010-10-09 16:22 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-03 20:11 - 2010-10-09 16:14 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-03 20:11 - 2010-10-09 16:09 - 00000000 ____D () C:\WINDOWS\Registration
2014-03-03 20:10 - 2012-09-01 19:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-03 20:00 - 2011-08-31 05:18 - 00000000 ____D () C:\Documents and Settings\Gary\Desktop\INK
2014-02-28 21:41 - 2012-09-23 07:03 - 00000000 ____D () C:\Documents and Settings\Gary\Application Data\vlc
2014-02-25 21:59 - 1601-01-01 00:28 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-02-25 21:59 - 1601-01-01 00:28 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-02-24 16:24 - 2008-08-21 08:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 16:24 - 2008-08-21 08:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 07:46 - 2013-10-31 18:22 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 07:46 - 2010-10-09 16:10 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 07:46 - 2008-08-21 08:00 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 07:45 - 2013-10-31 18:23 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 07:45 - 2013-10-31 18:22 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 07:45 - 2013-10-31 18:22 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 07:45 - 2013-10-31 18:22 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 07:45 - 2013-10-31 18:22 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 07:45 - 2013-10-31 18:22 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 07:45 - 2013-10-31 18:22 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 07:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 07:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 07:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 07:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 07:45 - 2008-08-21 08:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 07:45 - 2008-08-21 08:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 00184320 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 07:45 - 2008-08-21 08:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 06:54 - 2008-08-21 08:00 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-23 20:36 - 2010-10-14 17:59 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Here is the aswMBR log

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-22 14:01:38
-----------------------------
14:01:38.359 OS Version: Windows 5.1.2600 Service Pack 3
14:01:38.359 Number of processors: 2 586 0x403
14:01:38.359 ComputerName: GARY-0587134ADE UserName: Gary
14:01:39.140 Initialize success
14:03:45.203 AVAST engine defs: 14032200
14:04:02.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
14:04:02.796 Disk 0 Vendor: ST3500820AS SD1A Size: 476940MB BusType: 3
14:04:02.875 Disk 0 MBR read successfully
14:04:02.875 Disk 0 MBR scan
14:04:02.906 Disk 0 unknown MBR code
14:04:02.906 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 241272 MB offset 63
14:04:02.906 Disk 0 Partition - 00 05 Extended 235667 MB offset 494127102
14:04:02.921 Disk 0 Partition 2 00 83 Linux 229793 MB offset 494127104
14:04:02.921 Disk 0 Partition - 00 05 Extended 5874 MB offset 964743168
14:04:02.937 Disk 0 scanning sectors +976773120
14:04:03.031 Disk 0 scanning C:\WINDOWS\system32\drivers
14:04:09.937 Service scanning
14:04:22.109 Modules scanning
14:04:25.937 Disk 0 trace - called modules:
14:04:25.953 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
14:04:25.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e0ab8]
14:04:25.953 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000062[0x8a73cf18]
14:04:25.953 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a73bd98]
14:04:26.750 AVAST engine scan C:\WINDOWS
14:04:34.281 AVAST engine scan C:\WINDOWS\system32
14:06:45.093 AVAST engine scan C:\WINDOWS\system32\drivers
14:06:59.375 AVAST engine scan C:\Documents and Settings\Gary
14:13:14.843 AVAST engine scan C:\Documents and Settings\All Users
14:14:20.484 Scan finished successfully
14:14:59.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gary\Desktop\MBR.dat"
14:14:59.218 The log file has been saved successfully to "C:\Documents and Settings\Gary\Desktop\aswMBR.txt"

#11
pystryker

Posted 22 March 2014 - 02:11 PM

Trusted Helper

Malware Removal
3,912 posts

Here are the FRST log. i do not see the Additions log.

My fault, please run FRST again, and place a check mark in the Addition.txt box. When it completes, please post only the Addition.txt log.

#12
Gmr

Posted 22 March 2014 - 06:50 PM

Member

Topic Starter
Member
94 posts

Here is what additions result said:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by Gary at 2014-03-22 20:45:26
Running from C:\Documents and Settings\Gary\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Management Programs (HKLM\...\{7BB045C3-D5E4-4620-B536-DC11AACD5942}) (Version: 11.67.01 - Broadcom Corporation)
Broadcom NetXtreme Ethernet Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
Cisco Network Magic (Version: 5.5.09195.0 - Pure Networks) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}) (Version: 1.0.16.0 - Hewlett Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Kingsoft Office 2013 (9.1.0.4246) (HKLM\...\Kingsoft Office) (Version: 9.1.0.4246 - Kingsoft Corp.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mjuice Components (HKLM\...\MJuiceWinamp) (Version: - )
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{35BABCAD-0593-9B89-D6A6-A48F19781033}) (Version: 7.01.0875 - Nero AG)
Network Magic (HKLM\...\Network MagicUninstall) (Version: 5.5.9195.0 - Cisco Systems, Inc.)
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Primo (Version: 1.00.0000 - Your Company Name) Hidden
PrintMaster Gold 4.00 (HKLM\...\PrintMaster Gold 4.00) (Version: - )
Pure Networks Platform (Version: 11.2.09195.1 - Pure Networks) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
Skype™ 5.0 (HKLM\...\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}) (Version: 5.0.152 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.00.15030 - Sony Corporation)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.4070 - Analog Devices)
Ubuntu (HKLM\...\Wubi) (Version: 10.04-rev189 - Ubuntu)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (remove only) (HKLM\...\Winamp) (Version: - )
Window Shopper (HKLM\...\{A1570454-ED12-4050-A7AC-9282C7AFB23C}) (Version: 01.02.0003 - Superfish)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - )

==================== Restore Points =========================

13-02-2014 13:26:05 Software Distribution Service 3.0
22-02-2014 21:19:18 System Checkpoint
24-02-2014 00:30:51 Removed Apple Application Support
03-03-2014 03:43:42 avast! antivirus system restore point
04-03-2014 00:06:36 Restore Operation
05-03-2014 05:57:37 System Checkpoint
05-03-2014 06:16:38 Software Distribution Service 3.0
07-03-2014 04:13:09 System Checkpoint
08-03-2014 16:34:11 System Checkpoint
11-03-2014 04:11:42 System Checkpoint
12-03-2014 04:45:18 System Checkpoint
12-03-2014 23:22:26 Software Distribution Service 3.0
14-03-2014 13:51:14 System Checkpoint
14-03-2014 13:33:13 System Checkpoint
14-03-2014 14:05:34 Software Distribution Service 3.0
14-03-2014 23:21:17 Software Distribution Service 3.0
15-03-2014 17:06:56 Removed Frostwire Toolbar
15-03-2014 17:49:12 Software Distribution Service 3.0
16-03-2014 18:38:18 Software Distribution Service 3.0
17-03-2014 22:47:44 Software Distribution Service 3.0
17-03-2014 23:19:47 Software Distribution Service 3.0
19-03-2014 03:30:57 Software Distribution Service 3.0
20-03-2014 20:35:20 Software Distribution Service 3.0
21-03-2014 22:25:00 Software Distribution Service 3.0
23-03-2014 00:43:47 Software Distribution Service 3.0

==================== Hosts content: ==========================

2008-08-21 08:00 - 2012-05-21 22:43 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Gary.job => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Matt.job => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Nick.job => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-23 20:30 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-23 20:30 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2001-03-02 22:26 - 2001-03-02 22:26 - 00007680 _____ () C:\Program Files\Winamp\Winampa.exe
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2014-02-17 20:04 - 2014-02-17 20:04 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-12 18:55 - 2014-03-12 18:55 - 16276872 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63393233.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75295681.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84667761.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96452275.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\63393233.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75295681.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84667761.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96452275.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2014 08:43:34 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/22/2014 01:50:49 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/14/2014 08:03:41 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.0.0.152, faulting module kernel32.dll, version 5.1.2600.6293, fault address 0x00012fd3.
Processing media-specific event for [skype.exe!ws!]

Error: (03/14/2014 07:18:45 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.4.304.00x80004002morrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (03/14/2014 07:18:40 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/23/2036 04:04:41 AM) (Source: Application Error) (User: )
Description: Faulting application ituneshelper.exe, version 11.0.4.4, faulting module msvcr80.dll, version 8.0.50727.6195, fault address 0x00051f1c.
Processing media-specific event for [ituneshelper.exe!ws!]

Error: (08/24/2033 06:10:08 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 06:10:08 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 06:10:08 AM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 06:10:08 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list cab from: <http://www.download....uthrootstl.cab> with error: This operation returned because the timeout period expired.

System errors:
=============
Error: (03/22/2014 08:33:28 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (03/22/2014 02:36:15 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (03/22/2014 01:46:11 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (03/21/2014 11:17:50 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (03/21/2014 06:14:56 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (03/21/2014 11:24:00 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (03/21/2014 00:15:17 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (03/20/2014 04:25:08 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (03/20/2014 05:39:12 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (03/18/2014 11:18:14 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Microsoft Office Sessions:
=========================
Error: (03/22/2014 08:43:34 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (03/22/2014 01:50:49 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (03/14/2014 08:03:41 PM) (Source: Application Error)(User: )
Description: skype.exe5.0.0.152kernel32.dll5.1.2600.629300012fd3

Error: (03/14/2014 07:18:45 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.4.304.00x80004002morrobootstraper__cinstallflow__internalrun - getenablefirewallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (03/14/2014 07:18:40 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry0x80070003moaccachereset4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (03/23/2036 04:04:41 AM) (Source: Application Error)(User: )
Description: ituneshelper.exe11.0.4.4msvcr80.dll8.0.50727.619500051f1c

Error: (08/24/2033 06:10:08 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 06:10:08 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 06:10:08 AM) (Source: crypt32)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (08/24/2033 06:10:08 AM) (Source: crypt32)(User: )
Description: http://www.download....rootstl.cabThis operation returned because the timeout period expired.

==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 2039.43 MB
Available physical RAM: 1256.08 MB
Total Pagefile: 3935.89 MB
Available Pagefile: 3311.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:235.62 GB) (Free:182.72 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B77D5572)

Partition: GPT Partition Type.

==================== End Of Log ============================

#13
Gmr

Posted 22 March 2014 - 06:51 PM

Member

Topic Starter
Member
94 posts

i see a lot of kodak files in there. i dont have a kodak printer anymore...

#14
pystryker

Posted 22 March 2014 - 07:12 PM

Trusted Helper

Malware Removal
3,912 posts

i see a lot of kodak files in there. i dont have a kodak printer anymore...

I see in the list of Installed programs a Kodak related program listed below:

PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden

It won't show in the Add/Remove Programs, but I've provided a fix below that will enable it to be shown, you can then uninstall it.

Your logs are remarkably clean, and I see nothing in them to indicate a third party has access and an active connection to your machine.

TDSSKiller found no rootkits hiding on your machine, and your FRST logs are clean as well.

Let's clean out your temporary files and I've provided the aforementioned fix below to unhide the program.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

Start
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Step 2: Temporary File Cleaner

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Things I need to see in your next post:

FRST Fix Log

#15
Gmr

Posted 22 March 2014 - 07:21 PM

Member

Topic Starter
Member
94 posts

Here is the fixlist log. Thank you again for helping me. I did recently get some help in cleaning up my machine. I dont have ultimate trust in their work as i do with geeks to go. thats why im here...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01
Ran by Gary at 2014-03-22 21:19:10 Run:3
Running from C:\Documents and Settings\Gary\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
End
*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA5BDB2A-12F0-4343-8351-21AAEB293990}\\SystemComponent => Value deleted successfully.

==== End of Fixlog ====