Fresh frst log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015 (
ATTENTION: ====> FRST version is 15 days old and could be outdated)
Ran by SYSTEM on MINWINPC on 05-05-2015 13:05:16
Running from d:\
Platform: Windows Vista Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo...very-scan-tool/==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-07-11] ()
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
HKLM\...\Run: [ECenter] => c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [291720 2006-11-03] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell PC Fax\fm3032.exe [312200 2006-11-03] ()
HKLM\...\Run: [DLCXCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [286720 2007-08-16] (Apple Inc.)
HKLM\...\Run: [EarthLink Installer] => " /C
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1174179230\ee\AOLSoftware.exe [50736 2006-09-25] (America Online, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [ISTray] => C:\Program Files\Spyware Doctor\pctsTray.exe [1173384 2008-12-08] (PC Tools)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-07] (SigmaTel, Inc.)
HKU\Default\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-11] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-11] (Gteko Ltd.)
HKU\lynndale\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-11] (Gteko Ltd.)
HKU\lynndale\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\lynndale\...\Run: [AOL Fast Start] => "C:\Program Files\AOL 9.0\AOL.EXE" -b
HKU\lynndale\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\lynndale\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2008-01-18] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-28] (Google)
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [0 2014-07-08] () <==== ATTENTION (zero size file/folder)
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-22] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-22] (AVAST Software)
S2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [537480 2006-11-03] ( )
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-28] (Google)
S2 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [348752 2009-01-07] (PC Tools)
S2 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1095560 2009-01-21] (PC Tools)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-22] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-22] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-22] (AVAST Software)
S0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [252872 2014-07-22] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-07-22] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2015-05-04] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414392 2015-05-04] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-22] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-07-22] ()
S2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
S0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [130936 2009-04-03] (PC Tools)
S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-07] (SigmaTel, Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-05 09:03 - 2006-11-02 01:45 - 00044544 _____ (Microsoft Corporation) C:\Users\lynndale\Downloads\rundll32.exe
2015-05-04 13:38 - 2015-05-04 13:38 - 00000000 ____D () C:\Windows\System32\config\HiveBackup
2015-04-20 18:40 - 2015-05-04 13:38 - 00000000 ____D () C:\FRST
2015-04-13 11:38 - 2015-04-13 11:38 - 00000680 _____ () C:\Users\lynndale\AppData\Local\d3d9caps.dat
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-05 07:24 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 07:24 - 2006-11-02 04:47 - 00003568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 03:39 - 2011-09-25 16:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-04 23:00 - 2007-03-14 00:54 - 01367131 _____ () C:\Windows\WindowsUpdate.log
2015-05-04 19:22 - 2011-09-25 16:45 - 00000000 ____D () C:\Program Files\Spyware Doctor
2015-05-04 19:22 - 2007-03-17 15:39 - 00000000 ____D () C:\users\lynndale
2015-05-04 19:22 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\spool
2015-05-04 19:22 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\System32\Msdtc
2015-05-04 19:22 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\registration
2015-05-04 19:22 - 2006-11-02 02:22 - 84672512 _____ () C:\Windows\System32\config\system_previous
2015-05-04 19:22 - 2006-11-02 02:22 - 44253184 _____ () C:\Windows\System32\config\software_previous
2015-05-04 19:20 - 2011-09-25 17:27 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-04 19:16 - 2006-11-02 02:22 - 00057344 _____ () C:\Windows\System32\config\sam_previous
2015-05-04 19:16 - 2006-11-02 02:22 - 00024576 _____ () C:\Windows\System32\config\security_previous
2015-05-04 15:29 - 2013-12-10 12:57 - 00001901 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2015-05-04 15:29 - 2013-09-20 18:51 - 00001841 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2015-05-04 15:29 - 2006-11-02 02:33 - 00759582 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-05-04 15:28 - 2011-09-25 17:29 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2015-05-04 15:28 - 2011-09-25 17:29 - 00414392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2015-05-04 15:26 - 2015-01-12 17:10 - 00002481 _____ () C:\Windows\setupact.log
2015-05-04 15:11 - 2006-11-02 02:22 - 50855936 _____ () C:\Windows\System32\config\components_previous
2015-05-04 13:12 - 2006-11-02 02:22 - 00204800 _____ () C:\Windows\System32\config\default_previous
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points =========================
Restore point made on: 2015-03-26 08:31:12
Restore point made on: 2015-03-26 22:15:23
Restore point made on: 2015-03-27 20:00:13
Restore point made on: 2015-03-28 20:00:09
Restore point made on: 2015-03-29 15:02:42
Restore point made on: 2015-03-30 20:00:12
Restore point made on: 2015-03-30 22:15:22
Restore point made on: 2015-03-31 20:00:13
Restore point made on: 2015-04-01 20:00:14
Restore point made on: 2015-04-26 18:26:45
Restore point made on: 2015-04-27 13:49:38
Restore point made on: 2015-04-29 18:20:03
Restore point made on: 2015-05-01 06:38:05
Restore point made on: 2015-05-03 08:14:53
Restore point made on: 2015-05-04 09:50:49
Restore point made on: 2015-05-04 15:27:11
Restore point made on: 2015-05-04 16:22:28
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 3069.88 MB
Available physical RAM: 2702.82 MB
Total Pagefile: 2968.47 MB
Available Pagefile: 2825.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1988.34 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:79.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (KINGSTON) (Removable) (Total:3.72 GB) (Free:3.7 GB) FAT32
Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:0.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2015-05-05 03:51
==================== End Of Log ============================