Anti-Malware keeps switching from free to premium?

[ksu6500]

I am having problems with Anti-Malware 2.1.8.1057 switching from the Free to the Premium version.  I have never paid for a license and use the software occasionally to supplement my free version of Avast Antivirus.  I have deactivated the license that appears on the license details screen but the Premium version keeps coming back.  It also tries to activate the real-time options of the Premium version which I don't want.  I have run the mbam-clean-2.1.1.1001.exe program and done a clean install to no avail.  Please advise how to stop the change to the premium version.

[ksu6500]

I am running Windows XP SP3 if this helps.

[Firefox]

Hello and Welcome!

We would need more info on the system....

Please read the following and in your next reply ATTACH the 3 requested logs - Diagnostic Logs

(the three files should be CheckResults.txt, FRST.txt and Addition.txt)

Thank You,

Firefox

[ksu6500]

I pasted the 2 files and attached the other below.  I had some problems with Avast not allowing the download of the Farbar Recovery Scan Tool.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-08-2015

Ran by Ray (administrator) on RAYMOND (10-08-2015 14:53:49)

Running from C:\Documents and Settings\Ray\Desktop

Loaded Profiles: Ray (Available Profiles: Ray & Ray Admin & Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)

Internet Explorer Version 8 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe

(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe

(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

() C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

() C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

() C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

(Dell Inc.) C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [sigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [397312 2005-11-16] (SigmaTel, Inc.)

HKLM\...\Run: [showLOMControl] =>

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2005-11-29] (Synaptics, Inc.)

HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)

HKLM\...\Run: [DVDLauncher] => C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [49152 2006-04-06] (CyberLink Corp.)

HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\Quickset.exe [1191936 2007-05-14] (Dell Inc)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [6109776 2015-07-27] (AVAST Software)

HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)

HKLM\...\Run: [Dell Photo AIO Printer 942] => C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe [294912 2005-02-03] ()

HKLM\...\Run: [DellMCM] => C:\Program Files\Dell Photo AIO Printer 942\memcard.exe [262144 2004-07-27] ()

HKLM\...\Run: [DLBUCATS] => rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16

HKU\S-1-5-21-3102310626-2103059737-1018387006-1006\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)

HKU\S-1-5-21-3102310626-2103059737-1018387006-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)

HKU\S-1-5-21-3102310626-2103059737-1018387006-1006\...\Run: [GoogleChromeAutoLaunch_5ECE9CA2ED2D9D18D797927D757A092B] => C:\Program Files\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-07-27] (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

HKU\S-1-5-21-3102310626-2103059737-1018387006-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/

HKU\S-1-5-21-3102310626-2103059737-1018387006-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

HKU\S-1-5-21-3102310626-2103059737-1018387006-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

HKU\S-1-5-21-3102310626-2103059737-1018387006-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

URLSearchHook: HKU\S-1-5-21-3102310626-2103059737-1018387006-1006 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File

SearchScopes: HKU\S-1-5-21-3102310626-2103059737-1018387006-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-07-27] (AVAST Software)

BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ->  No File

Toolbar: HKU\S-1-5-21-3102310626-2103059737-1018387006-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{7CA9F936-5947-4B2E-B416-4242AE5306E5}: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\183vux4c.default-1420055076984

FF DefaultSearchEngine.US: Google

FF Homepage: hxxp://finance.yahoo.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)

FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-01-12] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)

FF Extension: Make Address Bar Font Size Bigger - C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\183vux4c.default-1420055076984\Extensions\addressBarFontSizeBigger@papafresh.com.xpi [2015-05-02]

FF Extension: Webmail Ad Blocker - C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\183vux4c.default-1420055076984\Extensions\gmailnoads@mywebber.com.xpi [2015-05-17]

FF Extension: NoSquint - C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\183vux4c.default-1420055076984\Extensions\nosquint@urandom.ca.xpi [2015-05-06]

FF Extension: Adblock Plus - C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\183vux4c.default-1420055076984\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-31]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-18]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-23]

 

Chrome: 

=======

CHR Profile: C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-17]

CHR Extension: (Google Drive) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-17]

CHR Extension: (YouTube) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-17]

CHR Extension: (Webmail Ad Blocker) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2015-05-17]

CHR Extension: (Google Search) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-17]

CHR Extension: (Google Sheets) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-17]

CHR Extension: (AdBlock) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-17]

CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-17]

CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-17]

CHR Extension: (Gmail) - C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-17]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

StartMenuInternet: chrome.exe - C:\Documents and Settings\Ray Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [146600 2015-07-27] (AVAST Software)

S4 Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [188416 2005-08-30] (Cambridge Silicon Radio) [File not signed]

S3 dlbu_device; C:\WINDOWS\system32\dlbucoms.exe [421888 2004-10-25] (Dell)

R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC)

S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)

S4 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)

S3 MHN; C:\WINDOWS\System32\mhn.dll [85504 2004-08-10] (Microsoft Corporation) [File not signed]

R2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [380928 2005-12-06] (Dell Inc.) [File not signed]

S4 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [X]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-07-27] (AVAST Software)

R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-07-27] (AVAST Software)

R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-07-27] (AVAST Software)

R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-07-27] (AVAST Software)

R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-07-27] (AVAST Software)

R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-07-27] (AVAST Software)

R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-07-27] (AVAST Software)

S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-07-27] (AVAST Software)

R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-07-27] (AVAST Software)

S3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [201600 2005-07-22] (Conexant Systems, Inc.)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)

S3 MHNDRV; C:\WINDOWS\System32\DRIVERS\mhndrv.sys [11008 2004-08-10] (Microsoft Corporation) [File not signed]

R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17153 2004-02-13] (Dell Inc) [File not signed]

R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20640 2005-04-25] (Sonic Solutions) [File not signed]

R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)

S3 Tosrfbd; C:\WINDOWS\System32\Drivers\tosrfbd.sys [111232 2006-06-13] (TOSHIBA CORPORATION) [File not signed]

S1 Tosrfcom; C:\WINDOWS\system32\Drivers\Tosrfcom.sys [64896 2006-02-10] (TOSHIBA Corporation) [File not signed]

S3 Tosrfhid; C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys [60672 2006-05-29] (TOSHIBA Corporation.) [File not signed]

S3 Tosrfusb; C:\WINDOWS\System32\Drivers\tosrfusb.sys [40192 2006-06-09] (TOSHIBA CORPORATION) [File not signed]

S3 w39n51; C:\WINDOWS\System32\DRIVERS\w39n51.sys [1428096 2005-12-04] (Intel® Corporation)

S3 NETwLx32; system32\DRIVERS\NETwLx32.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

U1 WS2IFSL; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-08-10 14:53 - 2015-08-10 14:54 - 00017098 _____ C:\Documents and Settings\Ray\Desktop\FRST.txt

2015-08-10 14:52 - 2015-08-10 14:53 - 00000000 ____D C:\FRST

2015-08-10 14:50 - 2015-08-10 14:50 - 01674752 _____ (Farbar) C:\Documents and Settings\Ray\Desktop\FRST.exe

2015-08-10 14:03 - 2015-08-10 14:03 - 00001515 _____ C:\Documents and Settings\Ray\Desktop\Paint.lnk

2015-08-08 14:43 - 2015-08-10 14:42 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-08-08 14:43 - 2015-08-08 14:43 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2015-08-08 14:43 - 2015-08-08 14:43 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2015-08-08 14:43 - 2015-08-08 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2015-08-08 14:43 - 2015-08-08 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes

2015-08-08 14:43 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-08-08 14:43 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-08-08 14:41 - 2015-08-08 14:41 - 24345872 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Ray\Desktop\mbam-setup-2.1.8.1057.exe

2015-08-08 14:33 - 2015-08-08 14:33 - 00321848 _____ (Malwarebytes Corporation) C:\Documents and Settings\Ray\Desktop\mbam-clean-2.1.1.1001.exe

2015-08-06 16:04 - 2015-08-07 13:33 - 00000000 ____D C:\Program Files\Mozilla Firefox

2015-07-27 13:01 - 2015-07-27 13:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$

2015-07-27 13:01 - 2015-07-27 13:00 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys

2015-07-27 13:01 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll

2015-07-27 13:00 - 2015-07-27 13:00 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2015-07-27 13:00 - 2015-07-27 13:00 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-08-10 14:54 - 2010-05-05 15:34 - 00000000 ____D C:\Documents and Settings\Ray\Local Settings\Temp

2015-08-10 14:53 - 2010-05-05 15:00 - 00000430 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{425097F7-8630-4CAC-8069-0703166054AA}.job

2015-08-10 14:31 - 2010-05-07 15:23 - 00000418 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{9000B7A6-1BC8-426E-BC5C-CF12C685200B}.job

2015-08-10 14:18 - 2012-12-07 17:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-08-10 14:08 - 2015-05-17 20:53 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-08-09 17:40 - 2010-05-07 14:09 - 00066048 _____ C:\Documents and Settings\Ray\My Documents\Telemarketing Calls.xls

2015-08-09 16:08 - 2015-05-17 20:53 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-08-08 15:43 - 2010-05-07 14:07 - 00000000 ____D C:\Documents and Settings\Ray\My Documents\My Finances

2015-08-08 14:39 - 2005-08-16 05:40 - 02060566 _____ C:\WINDOWS\WindowsUpdate.log

2015-08-08 14:38 - 2014-04-20 16:54 - 00000159 _____ C:\WINDOWS\wiadebug.log

2015-08-08 14:38 - 2014-04-20 16:54 - 00000048 _____ C:\WINDOWS\wiaservc.log

2015-08-08 14:38 - 2012-07-06 16:01 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job

2015-08-08 14:37 - 2005-08-16 05:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-08-08 14:36 - 2010-05-05 15:34 - 00000278 ___SH C:\Documents and Settings\Ray\ntuser.ini

2015-08-08 14:36 - 2005-08-16 05:49 - 00032394 _____ C:\WINDOWS\SchedLgU.Txt

2015-08-08 14:10 - 2015-05-17 20:55 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2015-08-08 13:50 - 2012-07-13 21:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2015-08-07 15:22 - 2010-05-05 15:34 - 00000000 ____D C:\Documents and Settings\Ray

2015-08-03 14:49 - 2010-05-07 14:15 - 00000000 ____D C:\Documents and Settings\Ray\My Documents\My Acura

2015-07-30 19:35 - 2010-07-18 17:09 - 00021504 _____ C:\Documents and Settings\Ray\My Documents\TV Shows.xls

2015-07-27 20:25 - 2013-12-27 18:50 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

2015-07-27 20:25 - 2013-12-27 18:50 - 00000000 ____D C:\Program Files\CCleaner

2015-07-27 13:00 - 2014-05-02 19:42 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2015-07-27 13:00 - 2013-03-15 16:37 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys

2015-07-27 13:00 - 2013-03-15 16:37 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2015-07-27 13:00 - 2013-03-15 16:37 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2015-07-27 13:00 - 2011-02-23 16:24 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2015-07-27 13:00 - 2010-05-05 01:44 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2015-07-27 13:00 - 2010-05-05 01:44 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2015-07-27 13:00 - 2010-05-05 01:44 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2015-07-27 12:55 - 2005-08-16 05:18 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2015-07-17 17:25 - 2005-08-16 05:22 - 00000000 ____D C:\WINDOWS\Help

2015-07-15 15:18 - 2012-07-18 16:14 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2015-07-15 15:18 - 2012-07-18 16:14 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

 

==================== Files in the root of some directories =======

 

2011-01-09 20:11 - 2011-01-09 20:11 - 0000187 _____ () C:\Documents and Settings\Ray\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

2010-09-21 18:13 - 2010-12-01 01:43 - 0000664 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\d3d9caps.dat

2011-08-27 16:42 - 2014-03-08 22:44 - 0005632 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2010-05-05 15:34 - 2011-01-31 14:23 - 0000126 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\fusioncache.dat

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-08-2015

Ran by Ray (2015-08-10 14:54:51)

Running from C:\Documents and Settings\Ray\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3102310626-2103059737-1018387006-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator

ASPNET (S-1-5-21-3102310626-2103059737-1018387006-1036 - Limited - Enabled)

Guest (S-1-5-21-3102310626-2103059737-1018387006-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-3102310626-2103059737-1018387006-1005 - Limited - Disabled)

Ray (S-1-5-21-3102310626-2103059737-1018387006-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ray

Ray Admin (S-1-5-21-3102310626-2103059737-1018387006-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Ray Admin

SUPPORT_388945a0 (S-1-5-21-3102310626-2103059737-1018387006-1002 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)

Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2223 - AVAST Software)

Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v4.00.20(D) - )

Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)

Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)

CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )

Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)

Dell Photo AIO Printer 942 (HKLM\...\Dell Photo AIO Printer 942) (Version:  - )

Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)

DGOControls (HKLM\...\{779A19AC-A302-425D-B295-F12116C2D731}) (Version: 1.00.0000 - William O'Neil + Co. Inc.)

Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)

Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden

High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )

K-State (HKLM\...\{F24C546B-6806-4B5A-9809-A3B5F12741BB}) (Version: 3.0.0 - Antech Systems, Inc.)

Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )

Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)

Microsoft Office Basic Edition 2003 (HKLM\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 39.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)

mProSafe (Version: 9.00.0000 - Intel) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

mWlsSafe (Version: 9.00.0000 - Intel) Hidden

PowerDVD 5.9 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )

QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.1.12 - Dell Computer Corporation)

Seagate Manager Installer (HKLM\...\InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}) (Version: 2.01.0109 - Seagate)

Seagate Manager Installer (Version: 2.01.0109 - Seagate) Hidden

Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.4.3 - Synaptics)

Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)

Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information] (HKLM\...\EmeraldQFE2) (Version:  - Microsoft Corporation)

Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB908246 (HKLM\...\KB908246) (Version:  - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)

Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)

Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

ATTENTION: System Restore is disabled

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2005-08-16 05:18 - 2004-08-10 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{425097F7-8630-4CAC-8069-0703166054AA}.job => C:\WINDOWS\system32\msfeedssync.exe

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{9000B7A6-1BC8-426E-BC5C-CF12C685200B}.job => C:\WINDOWS\system32\msfeedssync.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-03-17 20:33 - 2015-07-27 13:00 - 00102864 _____ () C:\Program Files\Alwil Software\Avast5\log.dll

2015-03-17 20:33 - 2015-07-27 13:00 - 00123976 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll

2015-08-08 13:52 - 2015-08-08 13:52 - 02960384 _____ () C:\Program Files\Alwil Software\Avast5\defs\15080801\algo.dll

2015-08-10 13:51 - 2015-08-10 13:51 - 02960384 _____ () C:\Program Files\Alwil Software\Avast5\defs\15081003\algo.dll

2004-07-20 18:04 - 2004-07-20 18:04 - 00094208 _____ () C:\WINDOWS\system32\TosBtHcrpAPI.dll

2014-05-02 12:21 - 2004-10-08 13:47 - 00075264 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBUPP5C.dll

2006-03-17 11:19 - 2007-05-14 14:24 - 00098304 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll

2015-03-14 14:12 - 2015-03-17 20:33 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll

2014-05-02 12:21 - 2005-02-03 03:08 - 00294912 _____ () C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

2014-05-02 12:21 - 2004-07-27 09:08 - 00262144 _____ () C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

2014-05-02 12:21 - 2005-02-03 10:34 - 00102400 _____ () C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe

2014-05-02 12:21 - 2005-02-03 03:06 - 00061440 _____ () C:\Program Files\Dell Photo AIO Printer 942\JetScan.dll

2014-05-02 12:21 - 2005-02-03 03:05 - 00135168 _____ () C:\Program Files\Dell Photo AIO Printer 942\JetDecmp.dll

2014-05-02 12:21 - 2005-02-03 03:07 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 942\JetPrint.dll

2014-05-02 12:21 - 2005-02-03 03:05 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 942\JetFunc.dll

2014-05-02 12:21 - 2005-02-03 03:05 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 942\JetImage.dll

2014-05-02 12:21 - 2005-02-03 03:05 - 00028672 _____ () C:\Program Files\Dell Photo AIO Printer 942\JetPDF.dll

2014-05-02 12:21 - 2004-07-29 16:54 - 00061440 _____ () C:\Program Files\Dell Photo AIO Printer 942\ConvDIB.dll

2005-08-16 05:18 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2005-08-16 05:18 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2015-06-05 21:51 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2015-06-05 21:51 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3102310626-2103059737-1018387006-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\dell.bmp

DNS Servers: 192.168.1.1

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL

DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL

DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:AOL

StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\IEXPLORE.EXE] => Enabled:Internet Explorer

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019

StandardProfile\AuthorizedApplications: [C:\Program Files\Alwil Software\Avast5\AvastUI.exe] => Enabled:avast! Free Antivirus

StandardProfile\AuthorizedApplications: [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe] => Enabled:Malwarebytes' Anti-Malware

StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000

StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger

StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console

StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Disabled:Windows Messenger

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome

StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007

 

==================== Faulty Device Manager Devices =============

 

Name: Intel® PRO/Wireless 3945ABG Network Connection

Description: Intel® PRO/Wireless 3945ABG Network Connection

Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}

Manufacturer: Intel Corporation

Service: w39n51

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: 1394 Net Adapter

Description: 1394 Net Adapter

Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}

Manufacturer: Microsoft

Service: NIC1394

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/04/2015 08:33:56 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

 

Error: (08/04/2015 08:33:55 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: The specified server cannot perform the requested operation.

 

Error: (08/04/2015 08:33:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This operation returned because the timeout period expired.

 

Error: (08/04/2015 08:33:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This operation returned because the timeout period expired.

 

Error: (08/04/2015 08:33:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This operation returned because the timeout period expired.

 

Error: (08/04/2015 08:33:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>with error: This operation returned because the timeout period expired.

 

Error: (07/28/2015 07:28:06 PM) (Source: crypt32) (EventID: 5) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/132D0D45534B6997CDB2D5C339E25576609B5CC6.crt>with error: This operation returned because the timeout period expired.

 

Error: (07/28/2015 07:28:06 PM) (Source: crypt32) (EventID: 5) (User: )

Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/132D0D45534B6997CDB2D5C339E25576609B5CC6.crt>with error: This operation returned because the timeout period expired.

 

Error: (05/26/2015 02:44:25 PM) (Source: Application Error) (EventID: 1001) (User: )

Description: Fault bucket 1208758338.

The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

 

Error: (05/26/2015 02:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application plugin-container.exe, version 38.0.1.5611, faulting module mozalloc.dll, version 38.0.1.5611, fault address 0x00001aa1.

Processing media-specific event for [plugin-container.exe!ws!]

 

 

System errors:

=============

Error: (08/10/2015 01:50:02 PM) (Source: Dhcp) (EventID: 1000) (User: )

Description: Your computer has lost the lease to its IP address 192.168.1.217 on the

Network Card with network address 0015C50001E0.

 

Error: (08/07/2015 07:05:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

 

Error: (08/06/2015 01:35:08 PM) (Source: Dhcp) (EventID: 1000) (User: )

Description: Your computer has lost the lease to its IP address 192.168.1.217 on the

Network Card with network address 0015C50001E0.

 

Error: (08/03/2015 01:55:52 PM) (Source: Dhcp) (EventID: 1000) (User: )

Description: Your computer has lost the lease to its IP address 192.168.1.217 on the

Network Card with network address 0015C50001E0.

 

Error: (08/02/2015 01:52:30 PM) (Source: Dhcp) (EventID: 1000) (User: )

Description: Your computer has lost the lease to its IP address 192.168.1.217 on the

Network Card with network address 0015C50001E0.

 

Error: (07/30/2015 06:50:46 PM) (Source: Dhcp) (EventID: 1000) (User: )

Description: Your computer has lost the lease to its IP address 192.168.1.217 on the

Network Card with network address 0015C50001E0.

 

Error: (07/28/2015 05:38:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

 

Error: (07/28/2015 05:37:35 PM) (Source: Dhcp) (EventID: 1000) (User: )

Description: Your computer has lost the lease to its IP address 192.168.1.217 on the

Network Card with network address 0015C50001E0.

 

Error: (07/22/2015 07:13:05 PM) (Source: W32Time) (EventID: 29) (User: )

Description: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible. 

No attempt to contact a source will be made for 14 minutes.

NtpClient has no source of accurate time.

 

Error: (07/22/2015 07:13:05 PM) (Source: W32Time) (EventID: 17) (User: )

Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)

 

 

Microsoft Office:

=========================

Error: (08/04/2015 08:33:56 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThespecified server cannot perform the requested operation.

 

Error: (08/04/2015 08:33:55 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThespecified server cannot perform the requested operation.

 

Error: (08/04/2015 08:33:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThisoperation returned because the timeout period expired.

 

Error: (08/04/2015 08:33:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThisoperation returned because the timeout period expired.

 

Error: (08/04/2015 08:33:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThisoperation returned because the timeout period expired.

 

Error: (08/04/2015 08:33:54 PM) (Source: crypt32) (EventID: 8) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThisoperation returned because the timeout period expired.

 

Error: (07/28/2015 07:28:06 PM) (Source: crypt32) (EventID: 5) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/132D0D45534B6997CDB2D5C339E25576609B5CC6.crtThisoperation returned because the timeout period expired.

 

Error: (07/28/2015 07:28:06 PM) (Source: crypt32) (EventID: 5) (User: )

Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/132D0D45534B6997CDB2D5C339E25576609B5CC6.crtThisoperation returned because the timeout period expired.

 

Error: (05/26/2015 02:44:25 PM) (Source: Application Error) (EventID: 1001) (User: )

Description: 1208758338

 

Error: (05/26/2015 02:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe38.0.1.5611mozalloc.dll38.0.1.561100001aa1

 

 

==================== Memory info =========================== 

 

Processor: Genuine Intel® CPU T2400 @ 1.83GHz

Percentage of memory in use: 50%

Total physical RAM: 2038.37 MB

Available physical RAM: 1008.27 MB

Total Virtual: 3931.16 MB

Available Virtual: 2652.61 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:87.06 GB) (Free:65.11 GB) NTFS ==>[drive with boot components (Windows XP)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 91.8 GB) (Disk ID: E686F016)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=87.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=4.6 GB) - (Type=DB)

 

==================== End of log ============================

 

CheckResults.txt

[AdvancedSetup]

The computer is experiencing errors in the network card which in turn will disable web blocking.

 

 

ATTENTION: System Restore is disabled

 

Why is your system restore disabled?

 

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.
 

Thanks

[ksu6500]

The computer is experiencing errors in the network card which in turn will disable web blocking.

 

 

ATTENTION: System Restore is disabled

 

Why is your system restore disabled?

 

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

 

Thanks

 

Errors in the network card would have nothing to do with the problem I am having.  Did you read my original post of the problem?  I ran a scan using both Malwarebytes Anti-Malware and Avast Free Anti-virus 2015 and neither found any issues with malware.

 

I have used this laptop for 10 years without ever needing to use system restore so I disabled it long ago.

 

Can you please review this issue again.  If you can't resolve please pass it to someone who can.

[AdvancedSetup]

Simply trying to help you with a messed up computer but since you don't appear to care we'll deal with just your request.

 

Please follow the directions from this topic.

 

https://forums.malwarebytes.org/index.php?/topic/122284-mbam-clean-removal-process/

 

That will fully remove the program and all registration information. Then reinstall but don't choose the Trial and don't try to activate and you'll have the Free version and it won't try to become the premium.

 

Thank you.

[ksu6500]

Thanks for the help but I will be doing a clean removal and looking for another solution to supplement my Avast Free Antivirus 2015.  There is obviously a bug in this version of MBAM.

[AdvancedSetup]

Okay then I'll go ahead and close your topic then since we're done here.

 

Take care

 

Ron