WJames

No further assistance needed. Thank you for all your help, especially when things were not looking good. My offer to buy lunch still stands. I wish you and your family a Merry Christmas and Happy New year.

Re: <<Are you able to run a web browser and get on the web now?>> Yes, thank you! I know you said to post the FRST logs, but I get an error message that says post_too_long; so, I have attached them. Results of screen317's Security Check version 1.009 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! `````````Anti-malware/Other Utilities Check:````````` Windows Defender Signatures Adobe Reader 10.1.16 Adobe Reader out of Date! Mozilla Firefox (42.0) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` FRST.txt Addition.txt

Well... blessings never cease. I was able to run ComboFix. ComboFix 15-12-12.01 - Nancy McNamara 12/12/2015 19:32:18.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.318 [GMT -8:00] Running from: c:\documents and settings\Nancy McNamara\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Nancy McNamara\Recent\earth.google.com.url c:\documents and settings\Nancy McNamara\Recent\investigator.url c:\documents and settings\Nancy McNamara\WINDOWS c:\program files\MSN Gaming Zone\lobby.exe c:\windows\Downloaded Program Files\Install.inf c:\windows\EventSystem.log c:\windows\system32\wnsapisv.exe c:\windows\wmsysprx.prx . . ((((((((((((((((((((((((( Files Created from 2015-11-13 to 2015-12-13 ))))))))))))))))))))))))))))))) . . 2015-12-12 23:30 . 2015-12-12 23:30 -------- d-----w- c:\program files\Microsoft.NET 2015-12-11 07:45 . 2015-12-11 07:50 -------- d-----w- C:\18795a5bc4584a0e2c 2015-12-08 16:45 . 2012-06-02 23:18 275696 ----a-w- c:\windows\system32\mucltui.dll 2015-12-07 02:41 . 2015-12-07 02:41 -------- d-----w- C:\RegBackup 2015-12-07 02:27 . 2015-12-07 02:27 -------- d-----w- c:\program files\QuickTime 2015-12-07 02:27 . 2015-12-07 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2015-12-07 02:26 . 2015-12-07 02:26 -------- d-----w- c:\documents and settings\Nancy McNamara\Local Settings\Application Data\Apple Computer 2015-12-07 02:26 . 2015-12-07 02:26 -------- d-----w- c:\documents and settings\Nancy McNamara\Local Settings\Application Data\Apple 2015-12-07 01:42 . 2015-12-07 01:42 -------- d-----w- c:\documents and settings\Nancy McNamara\Local Settings\Application Data\Temp 2015-12-06 22:19 . 2015-12-06 22:19 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2015-12-06 21:53 . 2015-12-06 21:53 -------- d-----w- c:\documents and settings\Nancy McNamara\Application Data\Apple Computer 2015-12-06 21:50 . 2015-12-06 21:50 -------- d-----w- c:\program files\Apple Software Update 2015-12-06 21:49 . 2015-12-06 21:49 -------- d-----w- c:\program files\Common Files\Apple 2015-12-06 21:49 . 2015-12-06 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2015-12-06 21:41 . 2015-12-06 21:41 -------- d-sh--w- c:\documents and settings\Nancy McNamara\IECompatCache 2015-12-06 21:41 . 2015-12-06 21:41 -------- d-sh--w- c:\documents and settings\Nancy McNamara\PrivacIE 2015-12-06 21:38 . 2015-12-06 21:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2015-12-06 21:38 . 2015-12-06 21:38 -------- d-sh--w- c:\documents and settings\Nancy McNamara\IETldCache 2015-12-06 21:14 . 2015-12-06 21:18 -------- d-----w- c:\windows\system32\MRT 2015-12-06 21:13 . 2014-02-05 23:26 522240 ----a-w- c:\windows\system32\dllcache\jsdbgui.dll 2015-12-06 21:13 . 2011-08-16 10:45 6144 ----a-w- c:\windows\system32\dllcache\iecompat.dll 2015-12-06 21:12 . 2014-02-05 23:26 2006016 ----a-w- c:\windows\system32\dllcache\iertutil.dll 2015-12-06 21:12 . 2014-02-05 23:26 247808 ----a-w- c:\windows\system32\dllcache\ieproxy.dll 2015-12-06 21:12 . 2014-02-05 23:26 11113472 ----a-w- c:\windows\system32\dllcache\ieframe.dll 2015-12-06 21:12 . 2014-02-05 23:26 743424 ----a-w- c:\windows\system32\dllcache\iedvtool.dll 2015-12-06 21:10 . 2015-12-06 21:12 -------- dc-h--w- c:\windows\ie8 2015-12-06 20:11 . 2008-06-13 11:05 272128 ----a-w- c:\windows\system32\dllcache\bthport.sys 2015-12-06 20:10 . 2010-09-18 06:53 953856 ----a-w- c:\windows\system32\dllcache\mfc40u.dll 2015-12-06 20:09 . 2011-07-15 13:29 456320 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys 2015-12-06 20:09 . 2010-08-23 16:12 617472 ----a-w- c:\windows\system32\dllcache\comctl32.dll 2015-12-06 20:08 . 2009-11-21 15:51 471552 ----a-w- c:\windows\system32\dllcache\aclayers.dll 2015-12-06 20:08 . 2013-07-03 02:12 25088 ----a-w- c:\windows\system32\dllcache\hidparse.sys 2015-12-06 20:07 . 2010-06-14 14:31 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe 2015-12-06 20:06 . 2009-10-15 16:28 81920 ----a-w- c:\windows\system32\dllcache\fontsub.dll 2015-12-06 20:06 . 2009-02-09 12:10 617472 ----a-w- c:\windows\system32\dllcache\advapi32.dll 2015-12-06 20:06 . 2009-02-09 12:10 473600 ----a-w- c:\windows\system32\dllcache\fastprox.dll 2015-12-06 20:04 . 2008-05-01 14:33 331776 ----a-w- c:\windows\system32\dllcache\msadce.dll 2015-12-06 20:00 . 2010-06-18 13:36 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe 2015-12-06 20:00 . 2014-02-26 01:59 13312 ----a-w- c:\windows\system32\xp_eos.exe 2015-12-06 19:51 . 2013-11-06 01:03 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2015-12-06 19:48 . 2012-01-11 19:06 3072 ----a-w- c:\windows\system32\iacenc.dll 2015-12-06 19:48 . 2012-01-11 19:06 3072 ----a-w- c:\windows\system32\dllcache\iacenc.dll 2015-12-06 19:43 . 2012-06-02 23:19 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2015-12-06 19:43 . 2012-06-02 23:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2015-12-06 19:43 . 2012-06-02 23:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2015-12-06 19:43 . 2012-06-02 23:19 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2015-12-06 19:17 . 2008-04-14 13:42 294912 ----a-w- c:\windows\system32\dllcache\dlimport.exe 2015-12-06 19:14 . 2008-04-14 06:06 144384 ----a-w- c:\windows\system32\drivers\hdaudbus.sys 2015-12-06 19:14 . 2008-04-14 08:10 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys 2015-12-06 19:11 . 2006-12-29 08:31 19569 ----a-w- c:\windows\003161_.tmp 2015-12-02 08:01 . 2004-06-12 00:33 290304 ----a-w- c:\windows\subinacl.exe 2015-11-27 05:11 . 2015-11-27 05:12 -------- d-----w- c:\documents and settings\Nancy McNamara\Application Data\Maxthon3 2015-11-27 05:10 . 2015-11-27 05:11 -------- d-----w- c:\program files\Maxthon 2015-11-27 04:43 . 2015-11-27 04:43 -------- d-----w- c:\documents and settings\Nancy McNamara\Local Settings\Application Data\Mozilla 2015-11-27 04:43 . 2015-11-27 04:43 -------- d-----w- c:\program files\Mozilla Maintenance Service 2015-11-22 02:28 . 2001-08-18 06:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll 2015-11-22 02:28 . 2001-08-18 06:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll 2015-11-22 02:27 . 2001-08-18 06:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll 2015-11-22 02:27 . 2001-08-18 06:36 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll 2015-11-22 02:27 . 2001-08-18 06:36 23040 ----a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe 2015-11-22 02:25 . 2001-08-18 06:36 58880 ----a-w- c:\windows\system32\dllcache\m3092dc.dll 2015-11-22 02:24 . 2001-08-17 21:28 289887 ----a-w- c:\windows\system32\dllcache\hsf_fall.sys 2015-11-22 02:23 . 2001-08-18 06:36 236060 ----a-w- c:\windows\system32\dllcache\ditrace.exe 2015-11-22 02:22 . 2001-08-17 21:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-11-01 03:32 . 2015-10-24 06:42 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-10-05 16:50 . 2015-10-24 06:41 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-10-05 16:50 . 2015-10-24 06:48 23256 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-10-18 163576] "MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-14 69632] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2003-02-10 26112] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888] "nwiz"="nwiz.exe" [2003-10-07 741376] "MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714] "greatheartwebslow"="c:\documents and settings\All Users\Application Data\Licensethatgreatheart\meta info.exe" [2005-10-13 0] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2015-09-24 1022152] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Billminder.lnk - c:\program files\Quicken\billmind.exe -startup [2002-11-19 36864] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-10 45056] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-12 83360] Military.com Launcher.lnk - c:\program files\Military.com\Hub.exe [2005-11-7 397312] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-11-19 53248] Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-11-19 36864] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\swprv] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "McShield"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Maxthon\\Bin\\Maxthon.exe"= "c:\\Program Files\\Maxthon\\Bin\\MxUp.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [10/23/2015 10:48 PM 23256] S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [10/23/2015 10:48 PM 1135416] S2 mrtRate;mrtRate; [x] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\SYSTEM32\DRIVERS\ADM8511.SYS [3/12/2004 11:07 AM 20160] S3 eapihdrv;eapihdrv;\??\c:\docume~1\NANCYM~1\LOCALS~1\Temp\ehdrv.sys --> c:\docume~1\NANCYM~1\LOCALS~1\Temp\ehdrv.sys [?] S3 efavdrv;efavdrv;\??\c:\windows\system32\drivers\efavdrv.sys --> c:\windows\system32\drivers\efavdrv.sys [?] S3 glauiad;Creative Broadband Blaster 8012U-V;c:\windows\SYSTEM32\DRIVERS\glauiad.sys [1/16/2004 10:26 AM 29603] S3 USB-100;Linksys EtherFast 10/100 Compact USB Network Adapter;c:\windows\SYSTEM32\DRIVERS\USB100M.SYS [10/31/2015 7:30 PM 27519] . Contents of the 'Scheduled Tasks' folder . 2015-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57] . 2015-12-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job - c:\windows\system32\xp_eos.exe [2015-12-06 01:59] . 2015-12-06 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job - c:\windows\system32\xp_eos.exe [2015-12-06 01:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://ie.search.msn.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: Interfaces\{0F09ABBF-84D3-4178-94A7-79F51469EAF1}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{13F1BC97-E40D-424B-8DC8-92633F7FFE89}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{263FA267-2E9E-484D-860A-7DBF54BC3A88}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{3F91E68C-CB83-472A-9977-E9F450D055EB}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{743F44A5-C84A-49D0-91F4-5FF1C8EE281A}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{C6834603-8B8C-4FDB-A02E-CE075CAC141D}: NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{D570558D-39DB-4CBF-8443-FB12659CC63E}: NameServer = 8.8.8.8,8.8.4.4 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {10D8725C-C80B-4790-8C4B-A863D234AEA6} - hxxp://files.searchrover.net/installs/1.0.0.100/10001/Rover_10001.cab DPF: {49DB1B20-4E35-4E2E-8C6F-765E238865D6} - hxxp://militaryclient.tickle.com/download/client/Install%20Air%20Force%20Toolbar.cab FF - ProfilePath - c:\documents and settings\Nancy McNamara\Application Data\Mozilla\Firefox\Profiles\mennrp5f.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl|about:preferences . - - - - ORPHANS REMOVED - - - - . HKCU-Run-srrstr - c:\windows\System32\srrstr.exe HKCU-Run-Send Copy - c:\docume~1\NANCYM~1\APPLIC~1\DEFYWM~1\ford tool.exe HKCU-Run-Spyware Doctor - c:\program files\Spyware Doctor\spydoctor.exe HKLM-Run-Fragmetaerrorstupid - c:\documents and settings\All Users\Application Data\For list frag meta\listpile.exe HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe SafeBoot-AppXSvc SafeBoot-ClipSvc SafeBoot-TweakingRemoveSafeBoot SafeBoot-WSService AddRemove-showwindownurb - c:\docume~1\NANCYM~1\APPLIC~1\DEFYWM~1\ford tool.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2015-12-12 19:45 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????h:??????x???0???X???????????0???P???? ?w? ?w)??p????????(???w????U?w????????????0??????w, ?w?M?wW??w???w)??p????????x'@?????????X????????"@?e????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3228) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\BCMSMMSG.exe . ************************************************************************** . Completion time: 2015-12-12 19:50:07 - machine was rebooted ComboFix-quarantined-files.txt 2015-12-13 03:50 . Pre-Run: 40,110,055,424 bytes free Post-Run: 40,459,005,952 bytes free . - - End Of File - - 52D2CCAD74077F240364269D0D05348E 8F558EB6672622401DA993E1E865C861

Ok... .NET Framework 4 installed succesfully. I did make one change to your instructions for running NetAdapter Repair... I checked Enable LAN Adapters instead of Wireless Adapters since it is hardwired in my home and will be at my friend's. FYI... I ran FRST after NetAdapter Repair and the log files do not show the files that were not loading which was preventing the network from running, per your 11/29-post. Thank you. 12/12/2015 4:56:14 PM: Microsoft Windows XP Home Edition 32-bit Service Pack 3 12/12/2015 4:56:14 PM: NetAdapter Repair All in One v1.2 Loaded 12/12/2015 4:56:14 PM: Application opened as an Administrator 12/12/2015 4:56:14 PM: Getting network information 12/12/2015 4:56:30 PM: Getting information for 'Local Area Connection 8' 12/12/2015 4:56:30 PM: Network information updated 12/12/2015 4:56:31 PM: Windows IP Configuration Host Name . . . . . . . . . . . . : oahu Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : socal.rr.com Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-07-E9-D0-6B-54 Ethernet adapter Local Area Connection 8: Connection-specific DNS Suffix . : socal.rr.com Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) #2 Physical Address. . . . . . . . . : 00-04-5A-56-66-C4 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.106 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 209.18.47.61 209.18.47.62 Lease Obtained. . . . . . . . . . : Saturday, December 12, 2015 3:22:08 PM Lease Expires . . . . . . . . . . : Sunday, December 13, 2015 3:22:08 PM 12/12/2015 4:59:46 PM: Getting network information 12/12/2015 5:00:01 PM: Getting information for 'Local Area Connection 8' 12/12/2015 5:00:01 PM: Network information updated 12/12/2015 5:04:17 PM: Releasing IP addresses 12/12/2015 5:04:18 PM: Renewing IP addresses 12/12/2015 5:04:23 PM: Released and renewed all adapters 12/12/2015 5:04:23 PM: Clearing hosts file changing back to default settings 12/12/2015 5:04:23 PM: EXISTING HOSTS FILE CONTENTS: # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost 127.0.0.1 localhost 12/12/2015 5:04:23 PM: Hosts file cleared and changed back to default settings 12/12/2015 5:04:33 PM: Clearing static IP settings and set back to DHCP 12/12/2015 5:04:33 PM: Clearing static IP/DNS settings for 'Local Area Connection 8' 12/12/2015 5:04:33 PM: Existing settings for 'Local Area Connection 8': 12/12/2015 5:04:33 PM: IP Address: 192.168.1.106 12/12/2015 5:04:33 PM: DNS Addresses: 209.18.47.61, 209.18.47.62 12/12/2015 5:04:33 PM: Subnet Mask: 255.255.255.0 12/12/2015 5:04:36 PM: Clearing DNS settings for 'Local Area Connection 8' 12/12/2015 5:04:48 PM: Cleared static IP/DNS settings and set back to DHCP (All Adapters) 12/12/2015 5:04:52 PM: Setting all DNS servers to Google DNS 12/12/2015 5:04:53 PM: Setting DNS server for 'Local Area Connection 6' 12/12/2015 5:05:00 PM: Setting DNS server for 'Local Area Connection 7' 12/12/2015 5:05:08 PM: Setting DNS server for 'Local Area Connection 3' 12/12/2015 5:05:15 PM: Setting DNS server for 'Local Area Connection 8' 12/12/2015 5:05:22 PM: Setting DNS server for 'Local Area Connection 5' 12/12/2015 5:05:29 PM: Setting DNS server for 'Local Area Connection 2' 12/12/2015 5:05:36 PM: Setting DNS server for 'Local Area Connection 4' 12/12/2015 5:05:43 PM: Setting DNS server for 'Internal' 12/12/2015 5:05:46 PM: Setting DNS server for 'Loopback' 12/12/2015 5:05:48 PM: Set DNS servers to Google DNS (All Adapters) 12/12/2015 5:05:48 PM: Flushing DNS cache 12/12/2015 5:05:48 PM: Re-registering DNS names 12/12/2015 5:05:49 PM: Flushed DNS cache and re-registered DNS names 12/12/2015 5:05:49 PM: Clearing ARP cache 12/12/2015 5:05:50 PM: Cleared ARP Table cache 12/12/2015 5:05:54 PM: Route tables cleared 12/12/2015 5:05:54 PM: Clearing the routing tables of all gateway entries 12/12/2015 5:05:55 PM: Cleared ARP cache, routing tables and IP configuration 12/12/2015 5:06:49 PM: Restarting the computer 12/12/2015 5:06:50 PM: Reloading NetBIOS 12/12/2015 5:06:50 PM: Releasing NetBIOS 12/12/2015 5:06:50 PM: Reloaded and released NetBIOS 12/12/2015 5:06:50 PM: Clearing SSL state cache 12/12/2015 5:06:50 PM: Cleared SSL state cache 12/12/2015 5:06:51 PM: Enabling LAN adapters 12/12/2015 5:06:52 PM: Enabling 'Local Area Connection 6'. 12/12/2015 5:06:56 PM: User closed the application FRST.txt Addition.txt

Should I install .NET Framework 4? Thank you.

I am unable to run NetAdapter Repair. I get a .NET Framework Initialization Error message saying a .dll cannot be loaded.

Ok... CHKDSK C: /R run succesfully. Thank you. FRST.txt Addition.txt

I was able to run Windows Reair by Tweak UI... Tweaking.com - Windows Repair v3.7.0 -------------------------------------------------------------------------------- System Variables -------------------------------------------------------------------------------- OS: Microsoft Windows XP OS Architecture: 32-bit OS Version: 5.1.2600 OS Service Pack: Service Pack 3 Computer Name: OAHU Windows Drive: C:\ Windows Path: C:\WINDOWS Program Files: C:\Program Files Current Profile: C:\Documents and Settings\Nancy McNamara Current Profile SID: S-1-5-21-3276103468-1748845545-3590808707-1006 Current Profile Classes: S-1-5-21-3276103468-1748845545-3590808707-1006_Classes Profiles Location: C:\Documents and Settings Profiles Location 2: C:\WINDOWS\ServiceProfiles Local Settings AppData: C:\Documents and Settings\Nancy McNamara\Local Settings\Application Data -------------------------------------------------------------------------------- System Information -------------------------------------------------------------------------------- System Up Time: 0 Days 00:06:48 Process Count: 32 Commit Total: 202.21 MB Commit Limit: 1.22 GB Commit Peak: 317.23 MB Handle Count: 6600 Kernel Total: 38.95 MB Kernel Paged: 30.86 MB Kernel Non Paged: 8.09 MB System Cache: 218.48 MB Thread Count: 371 -------------------------------------------------------------------------------- Memory Before Cleaning with CleanMem -------------------------------------------------------------------------------- Memory Total: 511.00 MB Memory Used: 243.66 MB(47.6834%) Memory Avail.: 267.34 MB -------------------------------------------------------------------------------- Cleaning Memory Before Starting Repairs... Memory After Cleaning with CleanMem -------------------------------------------------------------------------------- Memory Total: 511.00 MB Memory Used: 170.98 MB(33.459%) Memory Avail.: 340.03 MB -------------------------------------------------------------------------------- Starting Repairs... Started at (12/6/2015 7:14:22 PM) Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair... Total Missing 'InstallDate' Fixed: 68 01 - Reset Registry Permissions 01/03 HKEY_CURRENT_USER & Sub Keys Start (12/6/2015 7:14:26 PM) Running Repair Under Current User Account Done (12/6/2015 7:14:31 PM) 01 - Reset Registry Permissions 02/03 HKEY_LOCAL_MACHINE & Sub Keys Start (12/6/2015 7:14:31 PM) Running Repair Under System Account Done (12/6/2015 7:15:35 PM) 02 - Reset File Permissions: C: C: & Sub Folders Start (12/6/2015 7:15:35 PM) Running Repair Under Current User Account Done (12/6/2015 7:23:23 PM) 02 - Reset File Permissions: All Profiles C:\Documents and Settings & Sub Folders Start (12/6/2015 7:23:24 PM) Running Repair Under Current User Account Done (12/6/2015 7:25:01 PM) 02 - Reset File Permissions: Current Profile C:\Documents and Settings\Nancy McNamara & Sub Folders Start (12/6/2015 7:25:01 PM) Running Repair Under Current User Account Done (12/6/2015 7:25:20 PM) 03 - Reset Service Permissions Start (12/6/2015 7:25:20 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:26:24 PM) 04 - Register System Files Start (12/6/2015 7:26:24 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:30:38 PM) 05 - Repair WMI Start (12/6/2015 7:30:38 PM) Starting Security Center So We Can Export The Security Info. Exporting Antivirus Info... No Antivirus Products Reported. Exporting 3rd Party Firewall Info... No 3rd Party Firewall Products Reported. Running Repair Under Current User Account Done (12/6/2015 7:32:32 PM) 06 - Repair Windows Firewall Start (12/6/2015 7:32:33 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:32:45 PM) 07 - Repair Internet Explorer Start (12/6/2015 7:32:45 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:35:19 PM) 08 - Repair MDAC/MS Jet Start (12/6/2015 7:35:19 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:35:33 PM) 09 - Repair Hosts File Start (12/6/2015 7:35:33 PM) Running Repair Under System Account Done (12/6/2015 7:35:35 PM) 10 - Remove Policies Set By Infections Start (12/6/2015 7:35:35 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:35:38 PM) 11 - Repair Start Menu Icons Removed By Infections Start (12/6/2015 7:35:38 PM) Running Repair Under System Account Done (12/6/2015 7:35:40 PM) 12 - Repair Icons Start (12/6/2015 7:35:40 PM) Running Repair Under Current User Account Done (12/6/2015 7:35:42 PM) 13 - Repair Network Start (12/6/2015 7:35:42 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:35:57 PM) 15 - Repair Proxy Settings Start (12/6/2015 7:35:57 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:36:00 PM) 17 - Repair Windows Updates Start (12/6/2015 7:36:00 PM) Running Repair Under Current User Account Running Repair Under System Account Setting Windows Updates Files That Are In Use To Be Removed At Next Boot. Done (12/6/2015 7:36:04 PM) 18 - Repair CD/DVD Missing/Not Working Start (12/6/2015 7:36:04 PM) iTunes not found, not applying UpperFilters iTunes Reg Key Done (12/6/2015 7:36:04 PM) 19 - Repair Volume Shadow Copy Service Start (12/6/2015 7:36:04 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:36:39 PM) 21 - Repair MSI (Windows Installer) Start (12/6/2015 7:36:39 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:36:54 PM) 23.01 - Repair bat Association Start (12/6/2015 7:36:54 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:36:58 PM) 23.02 - Repair cmd Association Start (12/6/2015 7:36:58 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:00 PM) 23.03 - Repair com Association Start (12/6/2015 7:37:00 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:02 PM) 23.04 - Repair Directory Association Start (12/6/2015 7:37:02 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:04 PM) 23.05 - Repair Drive Association Start (12/6/2015 7:37:04 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:07 PM) 23.06 - Repair exe Association Start (12/6/2015 7:37:07 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:09 PM) 23.07 - Repair Folder Association Start (12/6/2015 7:37:09 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:12 PM) 23.08 - Repair inf Association Start (12/6/2015 7:37:12 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:15 PM) 23.09 - Repair lnk (Shortcuts) Association Start (12/6/2015 7:37:15 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:17 PM) 23.10 - Repair msc Association Start (12/6/2015 7:37:17 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:19 PM) 23.11 - Repair reg Association Start (12/6/2015 7:37:19 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:21 PM) 23.12 - Repair scr Association Start (12/6/2015 7:37:21 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:25 PM) 24 - Repair Windows Safe Mode Start (12/6/2015 7:37:25 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:28 PM) 25 - Repair Print Spooler Start (12/6/2015 7:37:28 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:41 PM) 26 - Restore Important Windows Services Start (12/6/2015 7:37:41 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:37:50 PM) 27 - Set Windows Services To Default Startup Start (12/6/2015 7:37:50 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:38:00 PM) 31 - Repair Windows 'New' Submenu Start (12/6/2015 7:38:00 PM) Running Repair Under Current User Account Running Repair Under System Account Done (12/6/2015 7:38:03 PM) Skipping Repair. Repair is for Windows v6 (Windows Vista & Newer) or higher. Current version: 5.1.2600 33 - Repair Performance Counters Start (12/6/2015 7:38:04 PM) Running Repair Under Current User Account Done (12/6/2015 7:38:05 PM) Cleaning up empty logs... All Selected Repairs Done. Done at (12/6/2015 7:38:05 PM) Total Repair Time: 00:23:45 ...YOU MUST RESTART YOUR SYSTEM...

I feel I have taken up enough of your good time and any further efforts would be futile. Do you have a PayPal account whereby I could buy you lunch in thanks and appreciation?

Still doesn't work, either.

I was able to run restoredefaultperms.exe, but no success with ComboFix. Same as before, it goes through its normal startup but when it begins scanning for infected files, it just goes to a flashing cursor and stays that way (I let it run for about 90 minutes). It never gets to any 'Completed stage...". Thank you.

I am unable to run Repair_Windows.exe, even from a command prompt. Sorry...

I have 'a' Windows installation CD from my XP days, but not 'the' disc for this computer since it is not mine. Thank you. Fix result of Farbar Recovery Scan Tool (x86) Version:29-11-2015 Ran by Nancy McNamara (2015-11-29 22:43:57) Run:1 Running from C:\Documents and Settings\Nancy McNamara\Desktop Loaded Profiles: Nancy McNamara (Available Profiles: Nancy McNamara & Martin McNamara & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: Task: C:\WINDOWS\Tasks\913BFC3BB60077DF.job => c:\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe Task: C:\WINDOWS\Tasks\A50429D39187A597.job => c:\progra~1\defywm~1\site funk dog.exe Task: C:\WINDOWS\Tasks\CA86E94FF1A99A73.job => c:\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe C:\WINDOWS\Tasks\913BFC3BB60077DF.job C:\WINDOWS\Tasks\A50429D39187A597.job C:\WINDOWS\Tasks\CA86E94FF1A99A73.job ***************** Restore point was successfully created. Processes closed successfully. C:\WINDOWS\Tasks\913BFC3BB60077DF.job => moved successfully C:\WINDOWS\Tasks\A50429D39187A597.job => moved successfully C:\WINDOWS\Tasks\CA86E94FF1A99A73.job => moved successfully "C:\WINDOWS\Tasks\913BFC3BB60077DF.job" => not found. "C:\WINDOWS\Tasks\A50429D39187A597.job" => not found. "C:\WINDOWS\Tasks\CA86E94FF1A99A73.job" => not found. The system needed a reboot. ==== End of Fixlog 22:44:02 ====

What is meant by "stopping the network"? I know you said to post the FRST results, but I got an error message that said the post is too long. I have attached them instead. Thank you. Addition.txt FRST.txt

I have been wanting to try another browser but as I mentioned in an earlier post, I did not want to make any software changes while we're working here unless directed to do so. I installed a couple of different browsers and they both work fine, but ComboFix still won't run. This concerns me... should it? Thank you.

Ok... I ran SFC. Still have very limited to no Internet connectivity. ComboFix will not run. Thank you.

Correction... I did NOT want to make any changes while we are working here unless directed to do so.

Still have very limited to no Internet connectivity. Rarely will a page load, but usually just goes to, "This page cannot be displayed" (e.g., Google; Wikipedia). ComboFix still will not run. I am aware the system is in dire need of software updates, but without an Internet connection I am stymied. Plus, I did want to make any changes while we are working here unless directed to do so. Thank you.

MSCONFIG has been put back to Normal Startup. Please note: I did not know MiniToolBox required an Internet connection until I saw the ping results in the log file. The file below is without an Internet connection. I've attached a second copy done with a connection. Thank you. MiniToolBox by Farbar Version: 02-11-2015 Ran by Nancy McNamara (administrator) on 07-11-2015 at 22:53:56 Running from "C:\Documents and Settings\Nancy McNamara\Desktop" Microsoft Windows XP Home Edition Service Pack 2 (X86) Model: Dimension 4550 Manufacturer: Dell Computer Corporation Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® PRO/100 VE Network Connection = Local Area Connection 2 (Media disconnected) Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) = Local Area Connection 6 (Media disconnected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip # Interface IP Configuration for "Local Area Connection 2" set address name="Local Area Connection 2" source=dhcp set dns name="Local Area Connection 2" source=dhcp register=PRIMARY set wins name="Local Area Connection 2" source=dhcp # Interface IP Configuration for "Local Area Connection 6" set address name="Local Area Connection 6" source=dhcp set dns name="Local Area Connection 6" source=dhcp register=PRIMARY set wins name="Local Area Connection 6" source=dhcp popd # End of interface IP configuration Windows IP Configuration Host Name . . . . . . . . . . . . : oahu Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-07-E9-D0-6B-54 Ethernet adapter Local Area Connection 6: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) Physical Address. . . . . . . . . : 00-04-5A-56-66-C4 Server: UnKnown Address: 127.0.0.1 Ping request could not find host google.com. Please check the name and try again. Server: UnKnown Address: 127.0.0.1 Ping request could not find host yahoo.com. Please check the name and try again. Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 07 e9 d0 6b 54 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport 0x3 ...00 04 5a 56 66 c4 ...... Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 255.255.255.255 255.255.255.255 255.255.255.255 2 1 255.255.255.255 255.255.255.255 255.255.255.255 3 1 =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation) Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 04 C:\WINDOWS\system32\nwprovau.dll [142336] (Microsoft Corporation) Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation) Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation) Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (11/03/2015 02:38:58 AM) (Source: Application Error) (User: ) Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x0008d1c0. Processing media-specific event for [pev.3xe!ws!] Error: (10/31/2015 07:46:26 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (10/22/2015 04:02:51 PM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x10021905. Processing media-specific event for [iexplore.exe!ws!] Error: (10/20/2015 05:35:16 PM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/20/2015 03:46:42 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:46:37 PM) (Source: crypt32) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (10/20/2015 03:46:22 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:46:22 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:41:44 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:41:44 PM) (Source: crypt32) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. System errors: ============= Error: (11/07/2015 10:43:40 PM) (Source: Service Control Manager) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (11/07/2015 10:35:15 PM) (Source: Service Control Manager) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (11/05/2015 11:33:45 PM) (Source: Service Control Manager) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (11/05/2015 11:31:37 PM) (Source: Service Control Manager) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (11/05/2015 11:25:23 PM) (Source: Service Control Manager) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (11/05/2015 11:24:25 PM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/05/2015 11:21:05 PM) (Source: Service Control Manager) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (11/05/2015 11:13:47 PM) (Source: Service Control Manager) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (11/05/2015 10:44:57 PM) (Source: Service Control Manager) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (11/04/2015 01:11:57 AM) (Source: DCOM) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Microsoft Office Sessions: ========================= Error: (11/03/2015 02:38:58 AM) (Source: Application Error)(User: ) Description: pev.3xe0.0.0.0pev.3xe0.0.0.00008d1c0 Error: (10/31/2015 07:46:26 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (10/22/2015 04:02:51 PM) (Source: Application Error)(User: ) Description: iexplore.exe6.0.2900.2180unknown0.0.0.010021905 Error: (10/20/2015 05:35:16 PM) (Source: Application Hang)(User: ) Description: iexplore.exe6.0.2900.2180hungapp0.0.0.000000000 Error: (10/20/2015 03:46:42 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:46:37 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (10/20/2015 03:46:22 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:46:22 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:41:44 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:41:44 PM) (Source: crypt32)(User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. =========================== Installed Programs ============================ Ad-Aware SE Personal (HKLM\...\Ad-Aware SE Personal) (Version: - Lavasoft) Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - ) Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.) Adobe Reader 6.0.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated) Banctec Service Agreement (HKLM\...\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}) (Version: 1.00.0004 - Dell) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) CD Ripper (HKLM\...\{F7A42F5B-41EF-43E9-9A49-4FA6ED9B8B60}) (Version: - ) Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.16 - BVRP Software) Dell Modem-On-Hold (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 1.39 - BVRP Software, Inc) Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc) Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.00.0000 - Dell) Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.02.000 - BVRP Software, Inc) DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell) Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.2.0.56 - Roxio Inc) ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 3.0.0762 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - ) Help and Support Customization (HKLM\...\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}) (Version: 1.00.0000 - Dell) Hidden Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version: - ) Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.00.0020 - Intel) Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - ) Macromedia Flash Player 8 (HKLM\...\ShockwaveFlash) (Version: 8 - Macromedia) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version: - ) Microsoft .NET Framework 1.0 Hotfix (KB886906) (HKLM\...\M886906) (Version: - ) Microsoft Interactive Training (HKLM\...\Microsoft Press Interactive Training) (Version: - ) Microsoft Money 2002 (HKLM\...\{E7298FD5-1386-11D5-8D6C-0050DAD32D95}) (Version: 10.0.50 - Microsoft) Microsoft Money 2002 System Pack (HKLM\...\{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}) (Version: 10.0.80 - Microsoft) Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation) Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation) Microsoft Publisher 2002 (HKLM\...\{91190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation) Military.com Toolbar (HKLM\...\Military.com Toolbar) (Version: - Military Advantage, Inc.) Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: - ) MSN Gaming Zone (HKLM\...\Microsoft Internet Gaming Zone) (Version: - ) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MUSICMATCH Jukebox (HKLM\...\MUSICMATCH Jukebox) (Version: - ) NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - ) NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version: - ) Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.05.0000 - Jasc Software Inc) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) Quicken 2003 Deluxe (HKLM\...\{E1174FD3-6818-4F31-AD74-F57A62FA845D}) (Version: 12.00.0000 - Intuit) Hidden Quicken 2003 Deluxe (HKLM\...\InstallShield_{E1174FD3-6818-4F31-AD74-F57A62FA845D}) (Version: 12.00.0000 - Intuit) QuickTime (HKLM\...\QuickTime) (Version: - ) RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - ) Search Plugin (HKCU\...\showwindownurb) (Version: - ) Update for Windows XP (KB894391) (HKLM\...\KB894391) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB900485) (HKLM\...\KB900485) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB908531) (HKLM\...\KB908531) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB910437) (HKLM\...\KB910437) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB911280) (HKLM\...\KB911280) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB916595) (HKLM\...\KB916595) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB920872) (HKLM\...\KB920872) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB922582) (HKLM\...\KB922582) (Version: 1 - Microsoft Corporation) WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0540.0 - Microsoft Corporation) Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation) Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation) Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation) Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation) Windows XP Hotfix - KB885295 (HKLM\...\KB885295) (Version: 20040901.162738 - Microsoft Corporation) Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation) Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation) Windows XP Hotfix - KB885884 (HKLM\...\KB885884) (Version: 20040924.025457 - Microsoft Corporation) Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation) Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation) Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation) Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation) Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation) Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation) Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation) Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation) Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation) Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation) Windows XP Service Pack 2 (HKLM\...\Windows XP Service Pack) (Version: 20040803.231319 - Microsoft Corporation) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 33% Total physical RAM: 511 MB Available physical RAM: 341.03 MB Total Virtual: 1247.73 MB Available Virtual: 1123.42 MB ========================= Partitions: ===================================== 2 Drive c: () (Fixed) (Total:55.84 GB) (Free:46.91 GB) NTFS ========================= Users: ======================================== User accounts for \\OAHU Administrator Guest HelpAssistant Martin McNamara Nancy McNamara SUPPORT_388945a0 SUPPORT_3f151ab9 ========================= Minidump Files ================================== C:\WINDOWS\Minidump\Mini081604-01.dmp **** End of log **** MTB2.txt

Performed all requests per your previous post. Thank you. Addition.txt FRST.txt

Some web pages load, some don't (e.g., Google and Wikipedia try to load but just go to 'Page cannot be displayed'). I am not having any success running ComboFix either starting Windows normally or in Safe Mode. In either case, it goes through its normal startup but when it begins scanning for infected files, it just goes to a flashing cursor and stays that way (for as long as 90 minutes I have let it run). It never gets to any 'Completed stage...". Thank you.

Thank you, AdvancedSetup, for your continued good service. I have on my to-do-list to install SP3, but as you indicated, was not going to do until we are done here. Verifying... there was no STEP 03 STEP 04 - Junkware Removal Tool ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.4 (09.28.2015:1) OS: Microsoft Windows XP x86 Ran by Nancy McNamara on Sat 10/31/2015 at 17:28:45.10 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software \Microsoft\Internet Explorer\Toolbar\WebBrowser\\{08FCF7E3-5F7D-444E- 8554-76A516EB3C6C} Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software \Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C6139A57-16FB-4FA4- 8045-A847FBFFD695} Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software \Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID \{0D91188C-9DA5-AA7F-51C7-8C959F2F0515} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AF96305 -C21B-59B7-D450-615508DB2746} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID \{4CFA620C-9D41-59BD-D103-61550881731A} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID \{5652ED2A-007B-AE27-07FE-97735BFA9DD9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{849CC480 -5983-4D30-A12C-774E8E8D8291} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B9FB4EF8 -8339-4656-B394-0548DC556D02} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software \Policies\Microsoft\Internet Explorer Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software \Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects \{0D91188C-9DA5-AA7F-51C7-8C959F2F0515} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software \Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects \{1AF96305-C21B-59B7-D450-615508DB2746} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software \Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects \{4CFA620C-9D41-59BD-D103-61550881731A} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software \Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects \{5652ED2A-007B-AE27-07FE-97735BFA9DD9} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software \Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects \{849CC480-5983-4D30-A12C-774E8E8D8291} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software \Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects \{B9FB4EF8-8339-4656-B394-0548DC556D02} ~~~ Files ~~~ Informational C:\WINDOWS\system32\tasklist.exe doesn't exist [Process check skipped . Windows XP Home Edition?] ~~~ Folders Successfully deleted: [Folder] C:\Program Files\viewpoint ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 10/31/2015 at 17:30:47.84 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ STEP 05 - AdwCleaner # AdwCleaner v5.014 - Logfile created 31/10/2015 at 17:38:37 # Updated 18/10/2015 by Xplode # Database : 2015-10-18.5 [Local] # Operating system : Microsoft Windows XP Service Pack 2 (x86) # Username : Nancy McNamara - OAHU # Running from : C:\Documents and Settings\Nancy McNamara\Desktop \AdwCleaner.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl [-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 [-] Key Deleted : HKLM\SOFTWARE\Classes \AxMetaStream.MetaStreamCtlSecondary [-] Key Deleted : HKLM\SOFTWARE\Classes \AxMetaStream.MetaStreamCtlSecondary.1 [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498 -00104B6EB52E} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6 -AD540AD427CD} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3- A498-00104B6EB52E} [-] Key Deleted : HKLM\SOFTWARE\MetaStream [-] Key Deleted : HKLM\SOFTWARE\Viewpoint [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\ViewpointMediaPlayer [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer ***** [ Web browsers ] ***** ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1908 bytes] ########## STEP 06 - Malwarebytes Anti-Malware Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/31/2015 Scan Time: 7:33:12 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.31.05 Rootkit Database: v2015.10.28.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 2 CPU: x86 File System: NTFS User: Nancy McNamara Scan Type: Threat Scan Result: Completed Objects Scanned: 358253 Time Elapsed: 8 min, 57 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) STEP 07 - ESET online antivirus scannner - No threats found. STEP 08 - Farbar Recovery Scan Tool Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-10- 2015 Ran by Nancy McNamara (administrator) on OAHU (31-10-2015 20:47:26) Running from C:\Documents and Settings\Nancy McNamara\Desktop Loaded Profiles: Nancy McNamara (Available Profiles: Nancy McNamara & Martin McNamara & Administrator) Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 6 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use- farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\SYSTEM32\cisvc.exe (NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe (Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe (Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe (Dell - Advanced Desktop Engineering) C:\WINDOWS\SYSTEM32\DSentry.exe (Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe (Roxio) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier \1.2.908.5008\GoogleToolbarNotifier.exe (Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe (Microsoft Corporation) C:\WINDOWS\SYSTEM32\CIDAEMON.EXE (Microsoft Corporation) C:\WINDOWS\SYSTEM32\CIDAEMON.EXE ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DwlClient] => C:\Program Files\Common Files\Dell\EUSW \Support.exe [69632 2005-10-14] (Dell) HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer \RealPlay.exe [26112 2003-02-10] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2004-05-24] (Apple Computer, Inc.) HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [MoneyStartUp10.0] => C:\Program Files\Microsoft Money \System\Activation.exe [241714 2001-07-25] (Microsoft Corporation) HKLM\...\Run: [greatheartwebslow] => C:\Documents and Settings\All Users\Application Data\Licensethatgreatheart\meta info.exe [0 2005-10- 13] () HKLM\...\Run: [Fragmetaerrorstupid] => C:\Documents and Settings\All Users\Application Data\For list frag meta\listpile.exe HKLM\...\Run: [DVDSentry] => C:\WINDOWS\System32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering) HKLM\...\Run: [bCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation) HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS \AOLDial.exe HKLM\...\Run: [AdaptecDirectCD] => C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [679936 2002-04-10] (Roxio) HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [srrstr] => C:\WINDOWS\System32\srrstr.exe HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [send Copy] => C:\DOCUME~1\NANCYM~1\APPLIC~1\DEFYWM~1\ford tool.exe HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MsnMsgr] => "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation) HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MoneyAgent] => C:\Program Files\Microsoft Money\System\Money Express.exe [184376 2001-07-25] (Microsoft Corporation) HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier \1.2.908.5008\GoogleToolbarNotifier.exe [163576 2006-10-18] (Google Inc.) HKU\S-1-5-18\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation) HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0 SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll Startup: C:\Documents and Settings\All Users\Start Menu\Programs \Startup\Microsoft Office.lnk [2003-02-10] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs \Startup\Quicken Scheduled Updates.lnk [2004-01-16] ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files \Quicken\bagent.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs \Startup\Quicken Startup.lnk [2004-01-16] ShortcutTarget: Quicken Startup.lnk -> C:\Program Files\Quicken \QWDLLS.EXE (Intuit) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{13F1BC97-E40D-424B-8DC8-92633F7FFE89}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchportal.info HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.dellnet.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dellnet.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dellnet.com/ HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft \Internet Explorer\Main,Start Page = hxxp://hickamairforcebase.com/ HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft \Internet Explorer\Main,Default_Search_URL = hxxp://ie.search.msn.com HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft \Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 - (No Name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No File HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] () BHO: Military.com Toolbar Helper -> {7D5FBE1D-F012-4f2a-8A1C- 42E1037972B7} -> C:\Documents and Settings\All Users\Application Data \Military.com\Helper.6.dll [2005-02-24] () BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.) BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25] (Microsoft Corporation) Toolbar: HKLM - Military.com Toolbar - {1685C500-A1A8-4b18-91DD- B79D39A8A532} - C:\Documents and Settings\All Users\Application Data \Military.com\Toolbar.6.dll [2005-02-24] (Tickle.com Inc.) Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c: \program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.) Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google \googletoolbar3.dll [2006-10-12] (Google Inc.) DPF: {10D8725C-C80B-4790-8C4B-A863D234AEA6} hxxp://files.searchrover.net/installs/1.0.0.100/10001/Rover_10001.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=48835 DPF: {1D0D9077-3798-49BB-9058-393499174D5D} file://c:\counter.cab DPF: {205FF73B-CA67-11D5-99DD-444553540000} hxxp://www.spywarestormer.com/files2/Install.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F- 94901338C922/wmv9VCM.CAB DPF: {49DB1B20-4E35-4E2E-8C6F-765E238865D6} hxxp://militaryclient.tickle.com/download/client/Install%20Air%20Force %20Toolbar.cab DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.av.aol.com/molbin/shared/mcinsctl/en- us/4,0,0,83/mcinsctl.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB? 38058.5802546296 DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en- us/1,0,0,20/mcgdmgr.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-05-03] (Intel Corporation) [File not signed] S4 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08- 17] (Microsoft Corporation) S3 ADM8511; C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated) R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2003-02-10] (Windows ® 2000 DDK provider) [File not signed] R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [59440 2003-02-10] (Roxio) [File not signed] R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23724 2003-02- 10] (Roxio) [File not signed] R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [236032 2002-04- 10] (Roxio) [File not signed] S3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [24554 2002-04-10] (Roxio) [File not signed] R3 eapihdrv; C:\Documents and Settings\Nancy McNamara\Local Settings \Temp\ehdrv.sys [135760 2015-10-31] (ESET) S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation) S3 glauiad; C:\WINDOWS\System32\DRIVERS\glauiad.sys [29603 2003-04-09] (GlobespanVirata Inc.) S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation) S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation) S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation) S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation) S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation) S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation) S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation) S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation) S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation) S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10- 05] (Malwarebytes) R3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [29638 2002-04-10] (Roxio) [File not signed] R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28164 2003-02-10] (MusicMatch, Inc.) [File not signed] S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-05-03] (Intel Corporation) [File not signed] R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2002-07-19] (Dell Computer Corporation) [File not signed] S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42496 2004-08-03] (Microsoft Corporation) R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [117898 2002-04-10] (Roxio) [File not signed] S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2002-08-29] () R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206336 2002-04-10] (Roxio) R3 USB-100; C:\WINDOWS\System32\DRIVERS\USB100M.SYS [27519 2001-09-13] (Linksys) [File not signed] S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) S3 bvrp_pci; no ImagePath S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X] S3 EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [X] S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X] S2 mrtRate; no ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08- 03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-31 20:41 - 2015-10-31 20:41 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Desktop\FRST-OlderVersion 2015-10-31 19:30 - 2015-10-31 19:30 - 00000000 ____D C:\WINDOWS \LastGood 2015-10-31 19:30 - 2001-09-13 18:35 - 00027519 ____R (Linksys) C: \WINDOWS\system32\Drivers\USB100M.SYS 2015-10-31 17:42 - 2015-10-31 17:38 - 00001987 _____ C:\Documents and Settings\Nancy McNamara\Desktop\AdwCleaner[C1].txt 2015-10-31 17:33 - 2015-10-31 17:38 - 00000000 ____D C:\AdwCleaner 2015-10-31 17:30 - 2015-10-31 17:30 - 00002967 _____ C:\Documents and Settings\Nancy McNamara\Desktop\JRT.txt 2015-10-31 17:27 - 2015-10-31 16:54 - 01691648 _____ C:\Documents and Settings\Nancy McNamara\Desktop\AdwCleaner.exe 2015-10-31 17:27 - 2015-10-31 16:53 - 01801288 _____ (Malwarebytes) C: \Documents and Settings\Nancy McNamara\Desktop\JRT.exe 2015-10-29 23:54 - 2015-10-29 23:54 - 00000000 ____D C:\WINDOWS\ERDNT 2015-10-29 23:53 - 2015-10-29 23:53 - 00000611 _____ C:\Documents and Settings\Nancy McNamara\Desktop\NTREGOPT.lnk 2015-10-29 23:53 - 2015-10-29 23:53 - 00000592 _____ C:\Documents and Settings\Nancy McNamara\Desktop\ERUNT.lnk 2015-10-29 23:53 - 2015-10-29 23:53 - 00000000 ____D C:\Program Files \ERUNT 2015-10-29 23:53 - 2015-10-29 23:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT 2015-10-29 23:47 - 2015-10-29 23:48 - 00002204 _____ C:\Documents and Settings\Nancy McNamara\Desktop\Rkill.txt 2015-10-29 23:14 - 2015-10-31 19:43 - 00001057 _____ C:\Documents and Settings\Nancy McNamara\Desktop\MBAM.txt 2015-10-29 23:14 - 2015-10-29 23:14 - 00001057 _____ C:\Documents and Settings\Nancy McNamara\Desktop\MBAM1.txt 2015-10-24 20:37 - 2015-10-24 20:37 - 00021200 _____ C:\Documents and Settings\Nancy McNamara\Desktop\Addition2.txt 2015-10-24 20:36 - 2015-10-31 20:47 - 00014065 _____ C:\Documents and Settings\Nancy McNamara\Desktop\FRST.txt 2015-10-24 20:34 - 2015-10-31 20:47 - 00000000 ____D C:\FRST 2015-10-24 20:33 - 2015-10-31 20:41 - 01701888 _____ (Farbar) C: \Documents and Settings\Nancy McNamara\Desktop\FRST.exe 2015-10-24 08:40 - 2015-10-24 08:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Lavasoft 2015-10-24 08:31 - 2015-10-24 08:31 - 00000000 ____D C:\Program Files \ESET 2015-10-23 22:48 - 2015-10-23 22:48 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-23 22:48 - 2015-10-23 22:48 - 00000000 ____D C:\Program Files \Malwarebytes Anti-Malware 2015-10-23 22:48 - 2015-10-23 22:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-23 22:48 - 2015-10-05 08:50 - 00023256 _____ (Malwarebytes) C: \WINDOWS\system32\Drivers\mbam.sys 2015-10-23 22:43 - 2015-10-23 22:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-10-23 22:42 - 2015-10-31 19:32 - 00170200 _____ (Malwarebytes) C: \WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-10-23 22:42 - 2015-10-23 22:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2015-10-23 22:41 - 2015-10-05 08:50 - 00121560 _____ (Malwarebytes) C: \WINDOWS\system32\Drivers\mbamchameleon.sys 2015-10-23 22:40 - 2015-10-23 22:40 - 00000000 ___HD C:\WINDOWS\PIF 2015-10-23 22:38 - 2015-10-23 22:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET 2015-10-23 22:25 - 2015-10-23 22:25 - 00000000 ____D C:\Program Files \FileASSASSIN 2015-10-23 22:25 - 2015-10-23 22:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN 2015-10-23 20:32 - 2015-10-23 20:32 - 00000000 ___SD C:\Documents and Settings\Martin McNamara\UserData 2015-10-22 16:00 - 2015-10-22 16:00 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Application Data\Weather Studio 2015-10-22 16:00 - 2015-10-22 16:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Weather Studio 2015-10-20 15:58 - 2015-10-20 15:58 - 00002778 _____ C:\WINDOWS \KB926255.log 2015-10-20 15:57 - 2015-10-20 15:58 - 00003451 _____ C:\WINDOWS \KB923694.log 2015-10-20 15:56 - 2015-10-20 15:57 - 00002837 _____ C:\WINDOWS \KB925454.log 2015-10-20 15:41 - 2015-10-20 15:41 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Local Settings\Application Data\Google 2015-10-20 15:41 - 2015-10-20 15:41 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Application Data\Google ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-31 20:47 - 2003-02-13 20:55 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Local Settings\Temp 2015-10-31 20:00 - 2005-10-05 13:00 - 00000286 ____H C:\WINDOWS\Tasks \CA86E94FF1A99A73.job 2015-10-31 20:00 - 2005-03-24 01:01 - 00000286 ____H C:\WINDOWS\Tasks \913BFC3BB60077DF.job 2015-10-31 20:00 - 2004-10-09 13:10 - 00000252 ____H C:\WINDOWS\Tasks \A50429D39187A597.job 2015-10-31 19:31 - 2006-08-09 05:01 - 00125406 _____ C:\WINDOWS \setupapi.log 2015-10-31 19:31 - 2004-08-14 21:39 - 01137774 _____ C:\WINDOWS \WindowsUpdate.log 2015-10-31 19:28 - 2003-02-10 12:41 - 00000006 ____H C:\WINDOWS\Tasks \SA.DAT 2015-10-31 19:28 - 2003-02-10 12:40 - 00001170 _____ C:\WINDOWS \system32\WPA.DBL 2015-10-31 19:28 - 2002-09-03 06:53 - 00000159 _____ C:\WINDOWS \WIADEBUG.LOG 2015-10-31 19:28 - 2002-09-03 06:53 - 00000050 _____ C:\WINDOWS \WIASERVC.LOG 2015-10-31 17:48 - 2003-02-13 20:55 - 00000278 ___SH C:\Documents and Settings\Nancy McNamara\NTUSER.INI 2015-10-29 22:34 - 2003-01-24 05:19 - 00321848 _____ (Malwarebytes Corporation) C:\Documents and Settings\Nancy McNamara\Desktop\mbam- clean-2.1.1.1001.exe 2015-10-29 22:32 - 2003-01-24 05:19 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\Nancy McNamara\Desktop\erunt-setup.exe 2015-10-29 22:30 - 2003-01-24 05:19 - 02019656 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Nancy McNamara\Desktop \rkill.exe 2015-10-24 22:48 - 2002-09-03 07:04 - 00193252 _____ C:\WINDOWS \SETUPACT.LOG 2015-10-24 08:42 - 2003-01-19 23:01 - 00000178 ___SH C:\Documents and Settings\Administrator\NTUSER.INI 2015-10-24 08:41 - 2003-01-19 23:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-10-23 23:09 - 2003-02-13 20:54 - 00000178 ___SH C:\Documents and Settings\Martin McNamara\NTUSER.INI 2015-10-23 23:07 - 2003-02-10 12:27 - 00000000 ____D C:\Program Files \Common Files\Microsoft Shared 2015-10-23 23:03 - 2003-02-13 20:54 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Local Settings\Temp 2015-10-23 20:32 - 2003-02-13 20:54 - 00000000 ____D C:\Documents and Settings\Martin McNamara 2015-10-22 14:55 - 2003-02-10 12:26 - 00000000 ____D C:\WINDOWS \TWAIN_32 2015-10-22 14:53 - 2004-08-16 03:46 - 00000510 _____ C:\Documents and Settings\Nancy McNamara\Desktop\AOL Saved Files.lnk 2015-10-22 14:53 - 2004-08-16 03:46 - 00000014 _____ C:\WINDOWS \msoffice.ini 2015-10-22 14:53 - 2004-08-16 03:46 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Desktop\AOL Saved PFC 2015-10-22 14:53 - 2004-02-11 15:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AOL 2015-10-22 14:53 - 2003-09-13 12:02 - 00000671 _____ C:\WINDOWS\WIN.INI 2015-10-22 14:49 - 2004-08-11 19:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee 2015-10-22 14:44 - 2004-04-13 17:09 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Application Data\AOL 2015-10-22 14:33 - 2004-06-11 23:12 - 00154112 _____ C:\WINDOWS \system32\Status.MPF 2015-10-20 16:56 - 2006-08-23 09:41 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Application Data\Weather Studio 2015-10-20 16:54 - 2003-02-10 12:34 - 00000211 __RSH C:\BOOT.INI 2015-10-20 16:54 - 2002-09-03 06:50 - 00000276 _____ C:\WINDOWS \SYSTEM.INI 2015-10-20 16:41 - 2004-03-12 10:59 - 00000000 ____D C:\WINDOWS\pss 2015-10-20 16:35 - 2006-09-16 00:42 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Application Data\Google 2015-10-20 16:16 - 2006-09-16 00:42 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Local Settings\Application Data\Google 2015-10-20 15:58 - 2004-12-15 13:23 - 00000000 ___HD C:\WINDOWS\ $hf_mig$ ==================== Files in the root of some directories ======= 2004-06-18 16:46 - 2004-06-18 16:49 - 0000000 _____ () C:\Documents and Settings\Nancy McNamara\Application Data\dm.ini 2003-08-14 17:04 - 2006-05-15 13:31 - 0013312 _____ () C:\Documents and Settings\Nancy McNamara\Local Settings\Application Data\DCBC2A71-70D8- 4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Documents and Settings\Martin McNamara\Local Settings\Temp \A~NSISu_.exe C:\Documents and Settings\Nancy McNamara\Local Settings\Temp \sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:31- 10-2015 Ran by Nancy McNamara (2015-10-31 20:48:05) Running from C:\Documents and Settings\Nancy McNamara\Desktop Microsoft Windows XP Home Edition Service Pack 2 (X86) (2003-02-14 04:53:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3276103468-1748845545-3590808707-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings \Administrator Guest (S-1-5-21-3276103468-1748845545-3590808707-501 - Limited - Disabled) HelpAssistant (S-1-5-21-3276103468-1748845545-3590808707-1005 - Limited - Disabled) Martin McNamara (S-1-5-21-3276103468-1748845545-3590808707-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Martin McNamara Nancy McNamara (S-1-5-21-3276103468-1748845545-3590808707-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Nancy McNamara SUPPORT_388945a0 (S-1-5-21-3276103468-1748845545-3590808707-1002 - Limited - Disabled) SUPPORT_3f151ab9 (S-1-5-21-3276103468-1748845545-3590808707-1004 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware SE Personal (HKLM\...\Ad-Aware SE Personal) (Version: - Lavasoft) Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - ) Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6- 4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.) Adobe Reader 6.0.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated) Banctec Service Agreement (Version: 1.00.0004 - Dell) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) CD Ripper (HKLM\...\{F7A42F5B-41EF-43E9-9A49-4FA6ED9B8B60}) (Version: - ) Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.16 - BVRP Software) Dell Modem-On-Hold (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 1.39 - BVRP Software, Inc) Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E- B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc) Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.00.0000 - Dell) Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.02.000 - BVRP Software, Inc) DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell) Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788- 009027ABA5D0}) (Version: 5.2.0.56 - Roxio Inc) ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 3.0.0762 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4- 9B18-009027A5CD4F}) (Version: - ) Help and Support Customization (Version: 1.00.0000 - Dell) Hidden Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version: - ) Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.00.0020 - Intel) Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - ) Macromedia Flash Player 8 (HKLM\...\ShockwaveFlash) (Version: 8 - Macromedia) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version: - ) Microsoft .NET Framework 1.0 Hotfix (KB886906) (HKLM\...\M886906) (Version: - ) Microsoft Interactive Training (HKLM\...\Microsoft Press Interactive Training) (Version: - ) Microsoft Money 2002 (HKLM\...\{E7298FD5-1386-11D5-8D6C-0050DAD32D95}) (Version: 10.0.50 - Microsoft) Microsoft Money 2002 System Pack (HKLM\...\{CF5193F7-6B37-11D5-B7D2- 00AA00A204F1}) (Version: 10.0.80 - Microsoft) Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE- 0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation) Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE- 0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation) Microsoft Publisher 2002 (HKLM\...\{91190409-6000-11D3-8CFE- 0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation) Military.com Toolbar (HKLM\...\Military.com Toolbar) (Version: - Military Advantage, Inc.) Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: - ) MSN Gaming Zone (HKLM\...\Microsoft Internet Gaming Zone) (Version: - ) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43- AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MUSICMATCH Jukebox (HKLM\...\MUSICMATCH Jukebox) (Version: - ) NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - ) NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version: - ) Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.05.0000 - Jasc Software Inc) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) Quicken 2003 Deluxe (HKLM\...\InstallShield_{E1174FD3-6818-4F31-AD74- F57A62FA845D}) (Version: 12.00.0000 - Intuit) Quicken 2003 Deluxe (Version: 12.00.0000 - Intuit) Hidden QuickTime (HKLM\...\QuickTime) (Version: - ) RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - ) Search Plugin (HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\... \showwindownurb) (Version: - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0540.0 - Microsoft Corporation) Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation) Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation) Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation) Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation) Windows XP Hotfix - KB885295 (HKLM\...\KB885295) (Version: 20040901.162738 - Microsoft Corporation) Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation) Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation) Windows XP Hotfix - KB885884 (HKLM\...\KB885884) (Version: 20040924.025457 - Microsoft Corporation) Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation) Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation) Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation) Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation) Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation) Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation) Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation) Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation) Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation) Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation) Windows XP Service Pack 2 (HKLM\...\Windows XP Service Pack) (Version: 20040803.231319 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 22-10-2015 14:55:29 Removed Print to Fax 22-10-2015 14:58:46 Removed Samsung YP-35 23-10-2015 22:47:06 Malwarebytes Anti-Rootkit Restore Point 23-10-2015 23:07:43 Removed Windows Defender 31-10-2015 16:36:49 System Checkpoint 31-10-2015 17:28:49 JRT Pre-Junkware Removal 31-10-2015 19:30:52 Unsigned driver install ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2002-08-29 03:00 - 2006-03-06 21:28 - 00000734 ____A C:\WINDOWS \system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\913BFC3BB60077DF.job => c: \docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe Task: C:\WINDOWS\Tasks\A50429D39187A597.job => c: \progra~1\defywm~1\site funk dog.exe Task: C:\WINDOWS\Tasks\CA86E94FF1A99A73.job => c: \docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Control Panel \Desktop\\Wallpaper -> C:\WINDOWS\afs.bmp DNS Servers: 209.18.47.61 - 209.18.47.62 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk => C:\WINDOWS\pss \Billminder.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Military.com Launcher.lnk => C:\WINDOWS\pss \Military.com Launcher.lnkCommon Startup MSCONFIG\startupreg: Spyware Doctor => "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/31/2015 07:46:26 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trus tedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (10/22/2015 04:02:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x10021905. Processing media-specific event for [iexplore.exe!ws!] Error: (10/20/2015 05:35:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/20/2015 03:46:42 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trus tedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:46:37 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trus tedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (10/20/2015 03:46:22 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trus tedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:46:22 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trus tedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:41:44 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trus tedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 03:41:44 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trus tedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (01/20/2003 02:17:46 AM) (Source: Application Error) (EventID: 1004) (User: ) Description: Faulting application winlogon.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00064ed1. Error in creating result PEAP-TLV in response to received PEAP-TLV (winlogon.exe!ld!) System errors: ============= Error: (10/31/2015 07:28:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (01/20/2003 12:01:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (10/31/2015 05:49:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (10/31/2015 05:39:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (10/31/2015 05:38:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/31/2015 05:38:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/31/2015 05:38:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Indexing Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/31/2015 05:38:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (10/31/2015 04:21:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (10/30/2015 12:00:42 AM) (Source: 0) (EventID: 14103) (User: ) Description: {743F44A5-C84A-49D0-91F4-5FF1C8EE281A} ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 2.66GHz Percentage of memory in use: 44% Total physical RAM: 511 MB Available physical RAM: 285.84 MB Total Virtual: 864.13 MB Available Virtual: 691.39 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.84 GB) (Free:47.27 GB) NTFS ==>[drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: 9DC96E9E) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=55.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

Thank you (!) for your help... Rkill 2.8.2 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2015 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/29/2015 11:47:45 PM in x86 mode. Windows Version: Microsoft Windows XP Service Pack 2 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\WINDOWS\System32\DSentry.exe (PID: 472) [WD-HEUR] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 10/29/2015 11:48:40 PM Execution time: 0 hours(s), 0 minute(s), and 54 seconds(s) -------------------------------------------------------------------------------------------- Please note... since XP does not have a "Run as administrator" option. I ran the program logged in as a user with administrator privileges, but I see the log file below still indicates "Administrator: No"... Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/29/2015 Scan Time: 11:04:14 PM Logfile: Administrator: No Version: 2.2.0.1024 Malware Database: v2015.10.30.01 Rootkit Database: v2015.10.28.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows XP Service Pack 2 CPU: x86 File System: NTFS User: Nancy McNamara Scan Type: Threat Scan Result: Completed Objects Scanned: 160114 Time Elapsed: 4 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

Hello - A friend asked me to resurrect an old Dell running Windows XP SP2 (32-bit). After making several hardware, software and necessary changes to make XP as safe as possible, when the Home Page starts to load in IE, it stops and displays, "This page cannot be displayed". Even booting to a live CD does not help... Knoppix blocked several scripts (e.g., unable to connect to surveymonkey.com:443). Online scans cannot be performed. The registry cannot be edited, except in Safe Mode. I was able install and run MBAM; it found 1 issue but did not resolve the other issues. Thank you in advance for whatever help you may offer. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-10-2015 Ran by Nancy McNamara (administrator) on OAHU (24-10-2015 21:36:27) Running from C:\Documents and Settings\Nancy McNamara\Desktop Loaded Profiles: Nancy McNamara (Available Profiles: Nancy McNamara & Martin McNamara & Administrator) Platform: Microsoft Windows XP Home Edition Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 6 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\SYSTEM32\cisvc.exe (NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe (Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe (Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe (Dell - Advanced Desktop Engineering) C:\WINDOWS\SYSTEM32\DSentry.exe (Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe (Roxio) C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\WINDOWS\SYSTEM32\wuauclt.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DwlClient] => C:\Program Files\Common Files\Dell\EUSW\Support.exe [69632 2005-10-14] (Dell) HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2003-02-10] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2004-05-24] (Apple Computer, Inc.) HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [MoneyStartUp10.0] => C:\Program Files\Microsoft Money\System\Activation.exe [241714 2001-07-25] (Microsoft Corporation) HKLM\...\Run: [greatheartwebslow] => C:\Documents and Settings\All Users\Application Data\Licensethatgreatheart\meta info.exe [0 2005-10-13] () HKLM\...\Run: [Fragmetaerrorstupid] => C:\Documents and Settings\All Users\Application Data\For list frag meta\listpile.exe HKLM\...\Run: [DVDSentry] => C:\WINDOWS\System32\DSentry.exe [28672 2002-08-14] (Dell - Advanced Desktop Engineering) HKLM\...\Run: [bCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation) HKLM\...\Run: [AOLDialer] => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe HKLM\...\Run: [AdaptecDirectCD] => C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [679936 2002-04-10] (Roxio) HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [srrstr] => C:\WINDOWS\System32\srrstr.exe HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [send Copy] => C:\DOCUME~1\NANCYM~1\APPLIC~1\DEFYWM~1\ford tool.exe HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MsnMsgr] => "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation) HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [MoneyAgent] => C:\Program Files\Microsoft Money\System\Money Express.exe [184376 2001-07-25] (Microsoft Corporation) HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe [163576 2006-10-18] (Google Inc.) HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\SSMYPICS.SCR [47104 2004-08-04] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation) HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0 SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2003-02-10] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk [2004-01-16] ShortcutTarget: Quicken Scheduled Updates.lnk -> C:\Program Files\Quicken\bagent.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk [2004-01-16] ShortcutTarget: Quicken Startup.lnk -> C:\Program Files\Quicken\QWDLLS.EXE (Intuit) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{743F44A5-C84A-49D0-91F4-5FF1C8EE281A}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Internet Explorer: ================== HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchportal.info HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.dellnet.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dellnet.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dellnet.com/ HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hickamairforcebase.com/ HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.search.msn.com HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie URLSearchHook: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 - (No Name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No File HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] () BHO: No Name -> {0D91188C-9DA5-AA7F-51C7-8C959F2F0515} -> C:\DOCUME~1\NANCYM~1\APPLIC~1\UPLOAD~1\managernoun.exe => No File BHO: No Name -> {1AF96305-C21B-59B7-D450-615508DB2746} -> C:\WINDOWS\System32\pqeaygao.dll => No File BHO: No Name -> {4CFA620C-9D41-59BD-D103-61550881731A} -> C:\WINDOWS\System32\horp.dll => No File BHO: No Name -> {5652ED2A-007B-AE27-07FE-97735BFA9DD9} -> C:\DOCUME~1\NANCYM~1\APPLIC~1\UPLOAD~1\managernoun.exe => No File BHO: Military.com Toolbar Helper -> {7D5FBE1D-F012-4f2a-8A1C-42E1037972B7} -> C:\Documents and Settings\All Users\Application Data\Military.com\Helper.6.dll [2005-02-24] () BHO: No Name -> {849CC480-5983-4D30-A12C-774E8E8D8291} -> No File BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.) BHO: No Name -> {B9FB4EF8-8339-4656-B394-0548DC556D02} -> No File BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25] (Microsoft Corporation) Toolbar: HKLM - Military.com Toolbar - {1685C500-A1A8-4b18-91DD-B79D39A8A532} - C:\Documents and Settings\All Users\Application Data\Military.com\Toolbar.6.dll [2005-02-24] (Tickle.com Inc.) Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.) Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {C6139A57-16FB-4FA4-8045-A847FBFFD695} - No File Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> No Name - {08FCF7E3-5F7D-444E-8554-76A516EB3C6C} - No File Toolbar: HKU\S-1-5-21-3276103468-1748845545-3590808707-1006 -> &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll [2006-10-12] (Google Inc.) DPF: {10D8725C-C80B-4790-8C4B-A863D234AEA6} hxxp://files.searchrover.net/installs/1.0.0.100/10001/Rover_10001.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=48835 DPF: {1D0D9077-3798-49BB-9058-393499174D5D} file://c:\counter.cab DPF: {205FF73B-CA67-11D5-99DD-444553540000} hxxp://www.spywarestormer.com/files2/Install.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {49DB1B20-4E35-4E2E-8C6F-765E238865D6} hxxp://militaryclient.tickle.com/download/client/Install%20Air%20Force%20Toolbar.cab DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38058.5802546296 DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} hxxp://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) FireFox: ======== FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] () ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 NMSSvc; C:\WINDOWS\System32\NMSSvc.exe [1118208 2002-05-03] (Intel Corporation) [File not signed] S4 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) S3 ADM8511; C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [20160 2001-08-17] (ADMtek Incorporated) R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2003-02-10] (Windows ® 2000 DDK provider) [File not signed] R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [59440 2003-02-10] (Roxio) [File not signed] R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [23724 2003-02-10] (Roxio) [File not signed] R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [236032 2002-04-10] (Roxio) [File not signed] S3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [24554 2002-04-10] (Roxio) [File not signed] S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation) S3 glauiad; C:\WINDOWS\System32\DRIVERS\glauiad.sys [29603 2003-04-09] (GlobespanVirata Inc.) S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation) S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation) S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation) S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation) S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation) S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation) S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation) S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation) S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation) S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [29638 2002-04-10] (Roxio) [File not signed] R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28164 2003-02-10] (MusicMatch, Inc.) [File not signed] S3 NMSCFG; C:\WINDOWS\System32\drivers\NMSCFG.SYS [9868 2002-05-03] (Intel Corporation) [File not signed] R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2002-07-19] (Dell Computer Corporation) [File not signed] S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42496 2004-08-03] (Microsoft Corporation) R1 pwd_2k; C:\WINDOWS\system32\Drivers\pwd_2k.sys [117898 2002-04-10] (Roxio) [File not signed] R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2002-08-29] () R1 UdfReadr_xp; C:\WINDOWS\system32\Drivers\UdfReadr_xp.sys [206336 2002-04-10] (Roxio) S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) S3 bvrp_pci; no ImagePath S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X] S3 EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys [X] S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X] S2 mrtRate; no ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-24 21:36 - 2015-10-24 21:36 - 00015024 _____ C:\Documents and Settings\Nancy McNamara\Desktop\FRST.txt 2015-10-24 21:34 - 2015-10-24 21:36 - 00000000 ____D C:\FRST 2015-10-24 21:33 - 2015-10-23 23:46 - 01700352 _____ (Farbar) C:\Documents and Settings\Nancy McNamara\Desktop\FRST.exe 2015-10-24 09:40 - 2015-10-24 09:40 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Lavasoft 2015-10-24 09:31 - 2015-10-24 09:31 - 00000000 ____D C:\Program Files\ESET 2015-10-23 23:48 - 2015-10-23 23:48 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-10-23 23:48 - 2015-10-23 23:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-10-23 23:48 - 2015-10-23 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-10-23 23:48 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-10-23 23:43 - 2015-10-23 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-10-23 23:42 - 2015-10-24 00:02 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-10-23 23:42 - 2015-10-23 23:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2015-10-23 23:41 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-10-23 23:40 - 2015-10-23 23:40 - 00000000 ___HD C:\WINDOWS\PIF 2015-10-23 23:38 - 2015-10-23 23:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET 2015-10-23 23:25 - 2015-10-23 23:25 - 00000000 ____D C:\Program Files\FileASSASSIN 2015-10-23 23:25 - 2015-10-23 23:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\FileASSASSIN 2015-10-23 21:32 - 2015-10-23 21:32 - 00000000 ___SD C:\Documents and Settings\Martin McNamara\UserData 2015-10-22 17:00 - 2015-10-22 17:00 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Application Data\Weather Studio 2015-10-22 17:00 - 2015-10-22 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Weather Studio 2015-10-20 16:58 - 2015-10-20 16:58 - 00002778 _____ C:\WINDOWS\KB926255.log 2015-10-20 16:57 - 2015-10-20 16:58 - 00003451 _____ C:\WINDOWS\KB923694.log 2015-10-20 16:56 - 2015-10-20 16:57 - 00002837 _____ C:\WINDOWS\KB925454.log 2015-10-20 16:41 - 2015-10-20 16:41 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Local Settings\Application Data\Google 2015-10-20 16:41 - 2015-10-20 16:41 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Application Data\Google ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-24 21:36 - 2003-02-13 21:55 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Local Settings\Temp 2015-10-24 21:32 - 2004-08-14 22:39 - 01079999 _____ C:\WINDOWS\WindowsUpdate.log 2015-10-24 21:32 - 2003-02-10 13:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-10-24 21:32 - 2003-02-10 13:40 - 00001170 _____ C:\WINDOWS\system32\WPA.DBL 2015-10-24 21:32 - 2002-09-03 07:53 - 00000159 _____ C:\WINDOWS\WIADEBUG.LOG 2015-10-24 21:32 - 2002-09-03 07:53 - 00000050 _____ C:\WINDOWS\WIASERVC.LOG 2015-10-24 14:43 - 2003-02-10 13:41 - 00032464 _____ C:\WINDOWS\SchedLgU.Txt 2015-10-24 09:42 - 2003-01-20 00:01 - 00000178 ___SH C:\Documents and Settings\Administrator\NTUSER.INI 2015-10-24 09:41 - 2003-01-20 00:01 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-10-24 00:09 - 2003-02-13 21:55 - 00000278 ___SH C:\Documents and Settings\Nancy McNamara\NTUSER.INI 2015-10-24 00:09 - 2003-02-13 21:54 - 00000178 ___SH C:\Documents and Settings\Martin McNamara\NTUSER.INI 2015-10-24 00:07 - 2003-02-10 13:27 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-10-24 00:03 - 2003-02-13 21:54 - 00000000 ____D C:\Documents and Settings\Martin McNamara\Local Settings\Temp 2015-10-24 00:01 - 2006-08-09 06:01 - 00093374 _____ C:\WINDOWS\setupapi.log 2015-10-24 00:00 - 2005-10-05 14:00 - 00000286 ____H C:\WINDOWS\Tasks\CA86E94FF1A99A73.job 2015-10-24 00:00 - 2005-03-24 02:01 - 00000286 ____H C:\WINDOWS\Tasks\913BFC3BB60077DF.job 2015-10-24 00:00 - 2004-10-09 14:10 - 00000252 ____H C:\WINDOWS\Tasks\A50429D39187A597.job 2015-10-23 21:32 - 2003-02-13 21:54 - 00000000 ____D C:\Documents and Settings\Martin McNamara 2015-10-23 12:35 - 2003-02-10 13:41 - 00414482 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-10-22 15:55 - 2003-02-10 13:26 - 00000000 ____D C:\WINDOWS\TWAIN_32 2015-10-22 15:53 - 2004-08-16 04:46 - 00000510 _____ C:\Documents and Settings\Nancy McNamara\Desktop\AOL Saved Files.lnk 2015-10-22 15:53 - 2004-08-16 04:46 - 00000014 _____ C:\WINDOWS\msoffice.ini 2015-10-22 15:53 - 2004-08-16 04:46 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Desktop\AOL Saved PFC 2015-10-22 15:53 - 2004-02-11 16:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AOL 2015-10-22 15:53 - 2003-09-13 13:02 - 00000671 _____ C:\WINDOWS\WIN.INI 2015-10-22 15:49 - 2004-08-11 20:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee 2015-10-22 15:44 - 2004-04-13 18:09 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Application Data\AOL 2015-10-22 15:33 - 2004-06-12 00:12 - 00154112 _____ C:\WINDOWS\system32\Status.MPF 2015-10-20 17:56 - 2006-08-23 10:41 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Application Data\Weather Studio 2015-10-20 17:54 - 2003-02-10 13:34 - 00000211 __RSH C:\BOOT.INI 2015-10-20 17:54 - 2002-09-03 07:50 - 00000276 _____ C:\WINDOWS\SYSTEM.INI 2015-10-20 17:41 - 2004-03-12 11:59 - 00000000 ____D C:\WINDOWS\pss 2015-10-20 17:35 - 2006-09-16 01:42 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Application Data\Google 2015-10-20 17:16 - 2006-09-16 01:42 - 00000000 ____D C:\Documents and Settings\Nancy McNamara\Local Settings\Application Data\Google 2015-10-20 16:58 - 2004-12-15 14:23 - 00000000 ___HD C:\WINDOWS\$hf_mig$ ==================== Files in the root of some directories ======= 2004-06-18 17:46 - 2004-06-18 17:49 - 0000000 _____ () C:\Documents and Settings\Nancy McNamara\Application Data\dm.ini 2003-08-14 18:04 - 2006-05-15 14:31 - 0013312 _____ () C:\Documents and Settings\Nancy McNamara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== C:\Documents and Settings\Martin McNamara\Local Settings\Temp\A~NSISu_.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-10-2015 Ran by Nancy McNamara (2015-10-24 21:37:20) Running from C:\Documents and Settings\Nancy McNamara\Desktop Microsoft Windows XP Home Edition Service Pack 2 (X86) (2003-02-14 04:53:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3276103468-1748845545-3590808707-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator Guest (S-1-5-21-3276103468-1748845545-3590808707-501 - Limited - Disabled) HelpAssistant (S-1-5-21-3276103468-1748845545-3590808707-1005 - Limited - Disabled) Martin McNamara (S-1-5-21-3276103468-1748845545-3590808707-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Martin McNamara Nancy McNamara (S-1-5-21-3276103468-1748845545-3590808707-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Nancy McNamara SUPPORT_388945a0 (S-1-5-21-3276103468-1748845545-3590808707-1002 - Limited - Disabled) SUPPORT_3f151ab9 (S-1-5-21-3276103468-1748845545-3590808707-1004 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ad-Aware SE Personal (HKLM\...\Ad-Aware SE Personal) (Version: - Lavasoft) Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Download Manager 1.2 (Remove Only) (HKLM\...\AdobeESD) (Version: - ) Adobe Photoshop Album 2.0 Starter Edition (HKLM\...\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}) (Version: 2.00.100 - Adobe Systems, Inc.) Adobe Reader 6.0.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A00000000001}) (Version: 006.000.001 - Adobe Systems Incorporated) Banctec Service Agreement (Version: 1.00.0004 - Dell) Hidden BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version: - ) CD Ripper (HKLM\...\{F7A42F5B-41EF-43E9-9A49-4FA6ED9B8B60}) (Version: - ) Classic PhoneTools (HKLM\...\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}) (Version: 4.16 - BVRP Software) Dell Modem-On-Hold (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 1.39 - BVRP Software, Inc) Dell Picture Studio - Dell Image Expert (HKLM\...\{151C555A-A9E7-4A2E-B6D7-165D04A3C956}) (Version: 3.4.1 - Jasc Software Inc) Dell Support (HKLM\...\{43FCA273-9534-40DB-B7C5-D7758875616A}) (Version: 2.00.0000 - Dell) Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.02.000 - BVRP Software, Inc) DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0001 - Dell) Easy CD Creator 5 Basic (HKLM\...\{609F7AC8-C510-11D4-A788-009027ABA5D0}) (Version: 5.2.0.56 - Roxio Inc) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) FileASSASSIN (HKLM\...\FileASSASSIN) (Version: 1.06 - Malwarebytes) Google Earth (HKLM\...\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}) (Version: 3.0.0762 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - ) Help and Support Customization (Version: 1.00.0000 - Dell) Hidden Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version: - ) Intel® PROSet II (HKLM\...\{01A4AEDE-F219-49A2-B855-16A016EAF9A4}) (Version: 2.00.0020 - Intel) Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version: - ) Macromedia Flash Player 8 (HKLM\...\ShockwaveFlash) (Version: 8 - Macromedia) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework (English) v1.0.3705 (HKLM\...\Microsoft .NET Framework Full v1.0.3705 (1033)) (Version: - ) Microsoft .NET Framework 1.0 Hotfix (KB886906) (HKLM\...\M886906) (Version: - ) Microsoft Interactive Training (HKLM\...\Microsoft Press Interactive Training) (Version: - ) Microsoft Money 2002 (HKLM\...\{E7298FD5-1386-11D5-8D6C-0050DAD32D95}) (Version: 10.0.50 - Microsoft) Microsoft Money 2002 System Pack (HKLM\...\{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}) (Version: 10.0.80 - Microsoft) Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation) Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation) Microsoft Publisher 2002 (HKLM\...\{91190409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.3520.0 - Microsoft Corporation) Military.com Toolbar (HKLM\...\Military.com Toolbar) (Version: - Military Advantage, Inc.) Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: - ) MSN Gaming Zone (HKLM\...\Microsoft Internet Gaming Zone) (Version: - ) MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation) MUSICMATCH Jukebox (HKLM\...\MUSICMATCH Jukebox) (Version: - ) NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - ) NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version: - ) Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.05.0000 - Jasc Software Inc) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) Quicken 2003 Deluxe (HKLM\...\InstallShield_{E1174FD3-6818-4F31-AD74-F57A62FA845D}) (Version: 12.00.0000 - Intuit) Quicken 2003 Deluxe (Version: 12.00.0000 - Intuit) Hidden QuickTime (HKLM\...\QuickTime) (Version: - ) RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - ) Search Plugin (HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\...\showwindownurb) (Version: - ) Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - ) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.5.0540.0 - Microsoft Corporation) Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation) Windows XP Hotfix - KB873333 (HKLM\...\KB873333) (Version: 20050114.005213 - Microsoft Corporation) Windows XP Hotfix - KB873339 (HKLM\...\KB873339) (Version: 20041117.092459 - Microsoft Corporation) Windows XP Hotfix - KB885250 (HKLM\...\KB885250) (Version: 20050118.202711 - Microsoft Corporation) Windows XP Hotfix - KB885295 (HKLM\...\KB885295) (Version: 20040901.162738 - Microsoft Corporation) Windows XP Hotfix - KB885835 (HKLM\...\KB885835) (Version: 20041027.181713 - Microsoft Corporation) Windows XP Hotfix - KB885836 (HKLM\...\KB885836) (Version: 20041028.173203 - Microsoft Corporation) Windows XP Hotfix - KB885884 (HKLM\...\KB885884) (Version: 20040924.025457 - Microsoft Corporation) Windows XP Hotfix - KB886185 (HKLM\...\KB886185) (Version: 20041021.090540 - Microsoft Corporation) Windows XP Hotfix - KB887472 (HKLM\...\KB887472) (Version: 20041014.162858 - Microsoft Corporation) Windows XP Hotfix - KB887742 (HKLM\...\KB887742) (Version: 20041103.095002 - Microsoft Corporation) Windows XP Hotfix - KB888113 (HKLM\...\KB888113) (Version: 20041116.131036 - Microsoft Corporation) Windows XP Hotfix - KB888302 (HKLM\...\KB888302) (Version: 20041207.111426 - Microsoft Corporation) Windows XP Hotfix - KB890047 (HKLM\...\KB890047) (Version: 20041221.124506 - Microsoft Corporation) Windows XP Hotfix - KB890175 (HKLM\...\KB890175) (Version: 20041201.233338 - Microsoft Corporation) Windows XP Hotfix - KB890859 (HKLM\...\KB890859) (Version: 1 - Microsoft Corporation) Windows XP Hotfix - KB891781 (HKLM\...\KB891781) (Version: 20050110.165439 - Microsoft Corporation) Windows XP Hotfix - KB893086 (HKLM\...\KB893086) (Version: 1 - Microsoft Corporation) Windows XP Service Pack 2 (HKLM\...\Windows XP Service Pack) (Version: 20040803.231319 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 15-09-2006 12:15:49 System Checkpoint 16-09-2006 01:42:04 Installed Google Earth 17-09-2006 02:37:59 System Checkpoint 18-09-2006 03:15:54 System Checkpoint 19-09-2006 03:27:42 System Checkpoint 20-09-2006 04:28:54 System Checkpoint 20-09-2006 04:31:37 Software Distribution Service 2.0 21-09-2006 05:27:47 System Checkpoint 22-09-2006 10:10:27 System Checkpoint 22-09-2006 12:30:55 Software Distribution Service 2.0 23-09-2006 12:38:50 System Checkpoint 24-09-2006 03:26:19 Software Distribution Service 2.0 25-09-2006 03:38:51 System Checkpoint 26-09-2006 04:07:10 System Checkpoint 26-09-2006 14:31:29 Software Distribution Service 2.0 27-09-2006 06:00:33 Software Distribution Service 2.0 28-09-2006 21:23:20 Software Distribution Service 2.0 29-09-2006 22:24:34 System Checkpoint 30-09-2006 23:23:30 System Checkpoint 02-10-2006 10:21:05 System Checkpoint 03-10-2006 10:22:03 System Checkpoint 04-10-2006 10:34:44 System Checkpoint 04-10-2006 16:04:45 Software Distribution Service 2.0 05-10-2006 13:26:34 Software Distribution Service 2.0 06-10-2006 14:26:34 System Checkpoint 07-10-2006 15:27:42 System Checkpoint 08-10-2006 16:50:08 System Checkpoint 09-10-2006 17:18:49 System Checkpoint 10-10-2006 18:18:49 System Checkpoint 11-10-2006 04:32:33 Software Distribution Service 2.0 11-10-2006 06:00:30 Software Distribution Service 2.0 12-10-2006 06:15:01 System Checkpoint 13-10-2006 07:15:13 System Checkpoint 14-10-2006 08:39:11 System Checkpoint 15-10-2006 09:00:53 System Checkpoint 16-10-2006 12:22:47 System Checkpoint 17-10-2006 12:35:03 System Checkpoint 18-10-2006 01:33:33 Software Distribution Service 2.0 19-10-2006 02:33:35 System Checkpoint 19-10-2006 17:08:51 Software Distribution Service 2.0 20-10-2006 17:33:38 System Checkpoint 21-10-2006 18:19:40 System Checkpoint 22-10-2006 18:46:11 System Checkpoint 23-10-2006 19:44:37 System Checkpoint 24-10-2006 20:02:35 System Checkpoint 25-10-2006 04:21:30 Software Distribution Service 2.0 26-10-2006 04:55:00 System Checkpoint 26-10-2006 18:00:44 Software Distribution Service 2.0 27-10-2006 18:24:09 System Checkpoint 28-10-2006 18:24:42 System Checkpoint 29-10-2006 19:54:36 System Checkpoint 30-10-2006 20:23:42 System Checkpoint 31-10-2006 20:25:05 System Checkpoint 31-10-2006 22:38:49 Software Distribution Service 2.0 01-11-2006 23:23:41 System Checkpoint 02-11-2006 20:49:29 Software Distribution Service 2.0 03-11-2006 14:50:51 Software Distribution Service 2.0 04-11-2006 10:04:40 Software Distribution Service 2.0 04-11-2006 20:02:43 Software Distribution Service 2.0 05-11-2006 23:52:10 System Checkpoint 07-11-2006 00:01:49 System Checkpoint 08-11-2006 01:01:54 System Checkpoint 08-11-2006 05:20:35 Software Distribution Service 2.0 08-11-2006 20:28:59 System Checkpoint 09-11-2006 01:53:00 Software Distribution Service 2.0 09-11-2006 22:32:31 Software Distribution Service 2.0 10-11-2006 23:07:57 System Checkpoint 11-11-2006 23:14:54 System Checkpoint 13-11-2006 01:14:52 System Checkpoint 14-11-2006 02:14:53 System Checkpoint 15-11-2006 02:34:50 System Checkpoint 10-12-2006 13:03:56 Software Distribution Service 2.0 11-12-2006 06:00:20 Software Distribution Service 2.0 12-12-2006 06:23:46 System Checkpoint 13-12-2006 07:23:47 System Checkpoint 20-01-2003 03:16:15 System Checkpoint 22-10-2015 15:55:29 Removed Print to Fax 22-10-2015 15:58:46 Removed Samsung YP-35 23-10-2015 23:47:06 Malwarebytes Anti-Rootkit Restore Point 24-10-2015 00:07:43 Removed Windows Defender ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2002-08-29 04:00 - 2006-03-06 22:28 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\913BFC3BB60077DF.job => c:\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe Task: C:\WINDOWS\Tasks\A50429D39187A597.job => c:\progra~1\defywm~1\site funk dog.exe Task: C:\WINDOWS\Tasks\CA86E94FF1A99A73.job => c:\docume~1\nancym~1\applic~1\defywm~1\site funk dog.exe ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3276103468-1748845545-3590808707-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\afs.bmp DNS Servers: 209.18.47.61 - 209.18.47.62 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk => C:\WINDOWS\pss\Billminder.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Military.com Launcher.lnk => C:\WINDOWS\pss\Military.com Launcher.lnkCommon Startup MSCONFIG\startupreg: Spyware Doctor => "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/22/2015 05:02:51 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x10021905. Processing media-specific event for [iexplore.exe!ws!] Error: (10/20/2015 06:35:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (10/20/2015 04:46:42 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 04:46:37 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (10/20/2015 04:46:22 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 04:46:22 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 04:41:44 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (10/20/2015 04:41:44 PM) (Source: crypt32) (EventID: 11) (User: ) Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Error: (01/20/2003 03:17:46 AM) (Source: Application Error) (EventID: 1004) (User: ) Description: Faulting application winlogon.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00064ed1. Error in creating result PEAP-TLV in response to received PEAP-TLV (winlogon.exe!ld!) Error: (01/20/2003 03:17:22 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application , version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00064ed1. Processing media-specific event for [!ws!] System errors: ============= Error: (10/24/2015 09:32:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (10/24/2015 02:43:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (10/24/2015 02:42:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The mrtRate service failed to start due to the following error: %%2 Error: (10/24/2015 09:42:05 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (10/24/2015 09:40:08 AM) (Source: DCOM) (EventID: 10005) (User: OAHU) Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (10/24/2015 09:26:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: Fips intelppm mbamchameleon Error: (10/24/2015 09:25:06 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (10/24/2015 12:08:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Application Management service terminated with the following error: %%126 Error: (10/24/2015 12:08:00 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Application Management service terminated with the following error: %%126 Error: (10/24/2015 12:07:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Application Management service terminated with the following error: %%126 ==================== Memory info =========================== Processor: Intel® Pentium® 4 CPU 2.66GHz Percentage of memory in use: 38% Total physical RAM: 511 MB Available physical RAM: 315.67 MB Total Virtual: 864.13 MB Available Virtual: 707.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.84 GB) (Free:45.75 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: (Marty's Toolbox) (CDROM) (Total:0.08 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 55.9 GB) (Disk ID: 9DC96E9E) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=55.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================