[gracek]

Hi, It's been a long time since I've needed you peeps! Thank you in advance.

 

IF I can save the computer and files on it great. If not. Life goes on. I would first like to try. 

 

I cannot run any scans. 

 

My laptop is a Win 7 Gateway NV79. It updated to windows 10 and went dark.

 

It boots to a black desktop (very slowly ,,minutes...) . On the black screen I can see the Windows start, time and search, but can not access anything. 

 

The error on the screen:

 

“Location is not available. C:\WINDOWS\system32\config\systemprofile\Desktop is not accessible. Access is denied."

 

I CAN SEE MY FILES When I go into Ctrl Alt Del BUT I can not open anything. 

 

 

I can't get to safe mode. f8 didn't work. I think i got there a few weeks ago but nothing worked there either. sooo..

 

NEXT:

I booted from an external CD USB drive to wipe the system and reinstall original windows. 

 

It enters "Windows Setup" screen and at the bottom says "Setup is loading files (....and the files)

 

THEN ERROR:

 

A problem has been detected and windows has been shut down to prevent damage to your computer.

 

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again.Follow these steps: 

 

Check for viruses on your computer. 

 

Thank you.

 

Gracek

 

 

 

 

 

[Advertisements]

Hi and welcome.

 

Lets give it a try.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Boot in the Recovery Environment

• Plug your USB Flash Drive in the infected computer
• To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  
  
• To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
  Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
• To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
  Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

• In the command prompt, type notepad and press on Enter
• Notepad will open. Click on the File menu and select Open
• Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
• In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
• Note: Replace the letter e with the drive letter of your USB Flash Drive
• FRST will open
• Click on Yes to accept the disclaimer
• Click on the Scan button and wait for it to complete
• A log called frst.txt will be saved on your USB Flash Drive. Post it in your next reply

 

[JSntgRvr]

Hi and welcome.

 

Lets give it a try.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Boot in the Recovery Environment

• Plug your USB Flash Drive in the infected computer
• To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  
  
• To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
  Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
• To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
  Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

• In the command prompt, type notepad and press on Enter
• Notepad will open. Click on the File menu and select Open
• Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
• In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
• Note: Replace the letter e with the drive letter of your USB Flash Drive
• FRST will open
• Click on Yes to accept the disclaimer
• Click on the Scan button and wait for it to complete
• A log called frst.txt will be saved on your USB Flash Drive. Post it in your next reply

 

[gracek]

Great, I can't get into f8 , but I finally got into safemode and ran the scan. Thanks. 

 

=================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.01.2019

Ran by Grace (administrator) on GRACELAPTOP (27-01-2019 18:18:37)

Running from C:\Windows\System32\config\systemprofile\Desktop

Loaded Profiles: False (Available Profiles: Grace) <==== ATTENTION (Temporary Profile?)

Platform: Windows 10 Home Version 1803 17134.191 (X64) Language: English (United States)

Default browser not detected!

Boot Mode: Safe Mode (minimal)

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\msconfig.exe

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-09-17] (Dritek System Inc.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)

HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()

HKLM-x32\...\Run: [YouCam Service7] => C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe [466712 2016-11-25] (CyberLink Corp.)

HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10257872 2018-01-09] (Piriform Ltd)

HKU\S-1-5-18\...\MountPoints2: {7186eb2d-1976-11e4-acb8-705ab6d41ab6} - "E:\LaunchU3.exe" -a

HKLM\...\Drivers32: [vidc.rscc] => C:\WINDOWS\system32\rscc.dll [836096 2013-02-21] (RSUPPORT)

HKLM\...\Drivers32-x32: [vidc.MPG4] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)

HKLM\...\Drivers32-x32: [vidc.MP42] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)

HKLM\...\Drivers32-x32: [vidc.MP43] => C:\Windows\SysWOW64\MPG4C32.dll [413760 2010-03-15] (Microsoft Corporation)

HKLM\...\Drivers32-x32: [vidc.rscc] => C:\WINDOWS\SysWOW64\rscc.dll [671744 2013-02-21] (RSUPPORT)

HKLM\...\Drivers32-x32: [vidc.n264] => C:\Windows\SysWOW64\n264.dll [12888576 2014-04-02] (RSUPPORT)

HKLM\...\Drivers32-x32: [vidc.mp4v] => C:\Windows\SysWOW64\n264.dll [12888576 2014-04-02] (RSUPPORT)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.102\Installer\chrmstp.exe [2018-11-19] (Google Inc.)

HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 

HKLM\Software\...\Authentication\Credential Providers: [{67187239-0780-4d9b-895B-7F0968AA474E}] -> C:\Program Files (x86)\CyberLink\YouCam7\CLCredProv\x64\CLCredProv.dll [2016-11-25] (CyberLink)

HKLM\Software\...\Authentication\Credential Provider Filters: [{67187239-0780-4d9b-895B-7F0968AA474E}] -> C:\Program Files (x86)\CyberLink\YouCam7\CLCredProv\x64\CLCredProv.dll [2016-11-25] (CyberLink)

Startup: C:\Users\Dorothy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4630 series.lnk [2018-08-18]

ShortcutTarget: Monitor Ink Alerts - HP Officejet 4630 series.lnk -> C:\Program Files\HP\HP Officejet 4630 series\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{2a52ceb2-57b2-43cf-8c92-4efd8d19d2f5}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{9ef1db85-9cd3-470f-a5c6-396ef645acf6}: [DhcpNameServer] 192.168.1.1 75.75.76.76

 

Internet Explorer:

==================

SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-19] (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-19] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)

Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)

DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://interactivebrokers.webex.com/client/WBXclient-T29L10NSP13EP34-10019/nbr/ieatgpc1.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

 

FireFox:

========

FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-16] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-16] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-19] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-19] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-11-06] (Adobe Systems Inc.)

FF Plugin-x32: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll [No File]

 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx <not found>

CHR HKLM-x32\...\Chrome\Extension: [odpccdgkmiicgocepijnaeihjnjnomca] - C:\Program Files (x86)\LinkSwift\odpccdgkmiicgocepijnaeihjnjnomca.crx <not found>

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ATTENTION: => Could not perform signature verification. Cryptographic Service is not running.

 

S4 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [20888 2018-04-11] (Microsoft Corporation)

S4 COMSysApp; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [19360 2018-04-11] (Microsoft Corporation)

S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)

S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)

S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)

S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [332144 2017-11-21] (HP Inc.)

S4 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)

S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()

S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)

S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2017-01-17] (Synaptics Incorporated)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-05] (Microsoft Corporation)

S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-05] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [20992 2015-01-21] (LG Electronics Inc.)

S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)

S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)

S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [49944 2016-06-01] (CyberLink Corporation)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)

S3 LVPr2M64; C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 lvsels64; C:\WINDOWS\system32\DRIVERS\lvsels64.sys [67992 2009-10-07] (Logitech Inc.)

S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()

S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()

S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-01] (Realtek Semiconductor Corp.)

S3 SjtWinIo; C:\WINDOWS\System32\drivers\SjtWinIo.sys [9216 2015-06-15] (SpeedJet Technology INC.)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-08-05] (Microsoft Corporation)

S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-08-05] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-05] (Microsoft Corporation)

U3 idsvc; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One month (created) ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2019-01-27 18:17 - 2019-01-27 18:18 - 000000000 ____D C:\FRST

 

==================== One month (modified) ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2019-01-27 18:02 - 2017-04-07 20:28 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2019-01-27 17:39 - 2018-11-20 13:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2019-01-27 17:33 - 2018-11-20 13:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2019-01-27 17:21 - 2010-12-08 03:39 - 000000000 ____D C:\WINDOWS\pss

2019-01-21 14:50 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF

 

==================== Files in the root of some directories =======

 

2013-07-22 12:36 - 2013-07-22 18:35 - 095023320 _____ () C:\ProgramData\9rrr.pad

2013-07-22 12:36 - 2013-07-22 12:36 - 095023320 _____ () C:\ProgramData\b7aiw.pad

2013-07-22 12:37 - 2013-07-22 12:37 - 095023320 _____ () C:\ProgramData\ljrr.pad

2015-07-14 12:05 - 2015-07-29 07:48 - 000002536 _____ () C:\Program Files\suit.log

2018-05-19 12:00 - 2018-05-19 12:00 - 007649280 _____ () C:\Program Files (x86)\GUT8E28.tmp

2015-06-10 17:25 - 2015-06-10 17:25 - 000001302 _____ () C:\Program Files (x86)\suit.log

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe

[2018-11-20 16:02] - [2018-11-20 16:02] - 000677376 _____ (Microsoft Corporation) 3E56F9D58EBBB1B33E31B86267DBECFC

 

C:\WINDOWS\system32\wininit.exe => MD5 is legit

C:\WINDOWS\explorer.exe => MD5 is legit

C:\WINDOWS\SysWOW64\explorer.exe => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\SysWOW64\svchost.exe => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\User32.dll => MD5 is legit

C:\WINDOWS\SysWOW64\User32.dll => MD5 is legit

C:\WINDOWS\system32\userinit.exe => MD5 is legit

C:\WINDOWS\SysWOW64\userinit.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll

[2018-11-20 16:01] - [2018-11-20 16:01] - 001160192 _____ (Microsoft Corporation) 107661923943E9DC06ED2713AC5F7753

 

C:\WINDOWS\system32\dnsapi.dll => MD5 is legit

C:\WINDOWS\SysWOW64\dnsapi.dll => MD5 is legit

C:\WINDOWS\system32\dllhost.exe => MD5 is legit

C:\WINDOWS\SysWOW64\dllhost.exe => MD5 is legit

C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

 

 

safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION

 

LastRegBack: 2018-11-20 13:21

 

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019

Ran by Grace (27-01-2019 18:20:16)

Running from C:\Windows\System32\config\systemprofile\Desktop

Windows 10 Home Version 1803 17134.191 (X64) (2018-11-20 19:03:12)

Boot Mode: Safe Mode (minimal)

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3490083518-890513852-1545284020-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3490083518-890513852-1545284020-503 - Limited - Disabled)

Grace (S-1-5-21-3490083518-890513852-1545284020-1000 - Administrator - Enabled) => C:\Users\Dorothy

Guest (S-1-5-21-3490083518-890513852-1545284020-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3490083518-890513852-1545284020-1002 - Limited - Enabled)

WDAGUtilityAccount (S-1-5-21-3490083518-890513852-1545284020-504 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Active@ ISO Burner (HKLM-x32\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.5.1 - LSoft Technologies)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.008.20081 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)

Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)

AVG 2012 (HKLM\...\{22591D78-46F8-41E4-9E89-323B8C0A16AF}) (Version: 12.0.2193 - AVG Technologies) Hidden

AVG 2012 (HKLM\...\{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}) (Version: 12.0.2180 - AVG Technologies) Hidden

AVG 2012 (HKLM\...\{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}) (Version: 12.0.2195 - AVG Technologies) Hidden

AVG 2012 (HKLM\...\{74E52BA7-4698-4BE1-858C-8ED27E836570}) (Version: 12.0.2171 - AVG Technologies) Hidden

AVG 2012 (HKLM\...\{7D451293-B3FC-4664-B1B4-552B28736D05}) (Version: 12.0.2126 - AVG Technologies) Hidden

AVG 2012 (HKLM\...\{857B32C1-7C87-40B5-B2A5-D06F49B80002}) (Version: 12.0.2178 - AVG Technologies) Hidden

AVG 2012 (HKLM\...\{9666782C-CEBB-4D2A-8651-5A02AECA8034}) (Version: 12.0.2127 - AVG Technologies) Hidden

AVG 2012 (HKLM\...\{C43C57C2-092C-4BB2-9371-C7342EF0CBA5}) (Version: 12.0.2176 - AVG Technologies) Hidden

AVG 2012 (HKLM\...\{E3A9E569-929C-4716-8211-D7D2ADC467E4}) (Version: 12.0.2169 - AVG Technologies) Hidden

Backup and Sync from Google (HKLM\...\{608EBDC6-D18A-4CF6-AD54-EE6B71D29065}) (Version: 3.43.1584.4446 - Google, Inc.)

Backup Manager Basic (HKLM-x32\...\{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.33 - NewTech Infosystems) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform)

Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)

CM Installer (HKLM-x32\...\{681544C2-FFA2-4CFD-A9AD-2A3D25DF8D22}) (Version: 1.0.0.0 - Cyanogen Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3520.50 - CyberLink Corp.)

CyberLink YouCam 7 (HKLM-x32\...\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}) (Version: 7.0.2316.0 - CyberLink Corp.)

D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden

Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.00.01 - SEIKO EPSON CORPORATION)

EPSON NX420 Series Printer Uninstall (HKLM\...\EPSON NX420 Series) (Version:  - SEIKO EPSON Corporation)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON WorkForce 610 Series Printer Uninstall (HKLM\...\EPSON WorkForce 610 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)

EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)

Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)

Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)

Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)

Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.33 - NewTech Infosystems)

Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Gateway Incorporated)

Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Gateway Incorporated)

Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)

Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)

Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Gateway Incorporated)

GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.102 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden

GPL Ghostscript 8.63 (HKLM-x32\...\GPL Ghostscript 8.63) (Version:  - )

HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.58 - Conexant Systems)

HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)

HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.47.1 - HP Inc.)

HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

Launch Manager (HKLM-x32\...\LManager) (Version: 0.0.05 - Gateway)

Leawo Music Recorder version  2.2.0.0 (HKLM-x32\...\{FAF11D3B-7633-402B-BAFA-4BCAAE030F20}_is1) (Version: 2.2.0.0 - Leawo Software)

LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)

liteCam HD (HKLM-x32\...\{49D77BFA-135A-49AD-9A8A-8488EADA562D}) (Version: 5.02.0000 - RSUPPORT)

Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)

Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)

Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)

Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)

MultiCharts .NET64 Special Edition (HKLM\...\{3BA96A22-74D0-4E70-8137-EDAC30DC05FD}) (Version: 10.0.13987 - TS Support) Hidden

MultiCharts .NET64 Special Edition (HKLM\...\MultiCharts .NET64 Special Edition) (Version: 10.0.13987 - MultiCharts)

PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)

Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)

QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)

Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )

Rithmic Trader Pro 12.40.0.0 (HKLM-x32\...\{455F3A8D-CE66-4A73-85D2-980150626FA0}) (Version: 12.40.0 - Omnesys Technologies, Inc.)

RMP4 (HKLM-x32\...\{F78FC958-7354-43EA-BF26-AFCBFE7B9C18}) (Version: 1.05.0000 - RSUPPORT)

Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)

RSCC (HKLM-x32\...\{562CBD30-CA59-4640-862C-99C0ECED4B4C}) (Version: 2.02.0000 - RSUPPORT)

S5 BookMap 6.0.0 (HKLM-x32\...\S5 BookMap) (Version:  - VeloxPro)

swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)

thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)

TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{A6F2ADC4-12C4-41E8-B90B-3BE018F5787C}) (Version: 2.48.0.0 - Microsoft Corporation)

UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden

Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.11.1 - SuYin)

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3009 - Gateway Incorporated)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)

ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-10-04] (Google)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File

ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2014-11-18] (Foxit Software Inc.)

ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)

ContextMenuHandlers1: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} =>  -> No File

ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-10-04] (Google)

ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation)

ContextMenuHandlers6: [_Movavivc11] -> {1C604495-4D32-476e-8D7E-FBF50F6C80BF} =>  -> No File

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {02EDB583-AB97-4C10-A275-7F5FC0B463F9} - System32\Tasks\G2MUploadTask-S-1-5-21-3490083518-890513852-1545284020-1000 => C:\Users\Dorothy\AppData\Local\Citrix\GoToMeeting\5573\g2mupload.exe [2016-09-21] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {06A88534-1F09-447F-9CBF-1534FE769BC0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Task: {0A1666C6-ACA5-4C90-9F21-87CA2A16EC27} - System32\Tasks\HPCeeScheduleForGrace => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)

Task: {1EABDA95-746D-4690-A6E6-5F828954F6CE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] ()

Task: {208BAF21-DD64-4A0C-A80E-87F5DDC681C1} - System32\Tasks\G2MUpdateTask-S-1-5-21-3490083518-890513852-1545284020-1000 => C:\Users\Dorothy\AppData\Local\Citrix\GoToMeeting\5573\g2mupdate.exe [2016-09-21] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {23877A2E-94CE-4218-B367-F2636DA5C834} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)

Task: {244DD981-CCA4-4165-B513-274B2540EDB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)

Task: {27D0D373-F9A7-4A0D-83D1-80FBF29863A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)

Task: {28185301-9098-4F97-8288-23B6C7A917C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)

Task: {2EB83F41-99A3-4C25-B2F7-4F1246BE7459} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)

Task: {316BA93E-E306-410D-91AB-AAF711AD0C01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)

Task: {38885A60-BB4A-456C-8E66-6FEDEA009A91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-16] (Adobe Systems Incorporated)

Task: {3EF93E48-1361-43A9-9E25-4613470CB638} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)

Task: {4101B8DB-17F4-4904-9536-117A81F9C91E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)

Task: {4706B27C-277A-4741-8F87-8AA1DEEFD947} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.)

Task: {49C657AD-57B0-492B-B4B2-906B41E5ED31} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd)

Task: {4A8882AD-8AA5-4AA3-9435-38A545550010} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3490083518-890513852-1545284020-1000 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

Task: {4B60349C-F83A-4838-8CAC-98D970754D1B} - System32\Tasks\{1903E086-08BF-45D3-807B-E444BB3DF297} => "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.0.0.152&LastError=404

Task: {4BE75E50-8BDA-4F9E-858D-197CA00109AB} - System32\Tasks\TidyNetwork Update => C:\Users\Dorothy\AppData\Local\TidyNetwork.com\tidy2update.exe

Task: {4C81363C-E4DF-482A-8AFC-4B9FBCAD1F37} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe

Task: {50A843EC-43CB-4FAC-B875-F1FA511D45B9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {58D981AC-9D77-4E3C-B150-EB7527C6293F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe

Task: {5AC9C097-6C8D-40F4-A3DD-C82BF27B57E9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {5DADB4EF-8BAE-41B7-B8D0-C3679BE3DAC4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()

Task: {66434D33-463E-4175-9C09-E1644B81C4C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd)

Task: {6B86AE95-800F-405A-BC29-3DC68D00B468} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {6F457156-20FF-4957-9EFA-D89FCD5098CC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {706316D6-A0C6-4867-8127-F0FB75A8506B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3CD2M23K => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-11-09] (HP Inc.)

Task: {7108604A-DD29-4079-8FF0-ED5F322C9FBE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe

Task: {78F93ADC-F92A-427A-BAA5-AF657E5E84FF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {7C7371DE-0862-40AD-A19C-DB52CABED92B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe

Task: {873C467F-306E-4C38-BE23-D16EA1E9E815} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-11-08] (HP Inc.)

Task: {890E7F2B-FB2C-4D39-B56B-3B34B4279CD3} - System32\Tasks\{6AFD9B11-D5DF-4B91-96AD-FA1D9F9C31C1} => C:\Windows\system32\pcalua.exe -a D:\SETUP.EXE -d D:\

Task: {8EC86DD7-81C1-425E-87E4-FF09CBE2E95B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe

Task: {8EF1508B-141F-4117-8C9B-6A41D4F887EF} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe

Task: {953ADC22-F5E4-458D-A7D8-4141DEC02F4D} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)

Task: {A9E9E8A1-3307-4587-A430-F73CAB97767A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {AFF92E0C-0766-4FDD-B8A1-F929B2F7363C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {B0D237C4-966B-4FA9-A20A-21436E9DC61B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {B66C44CE-B5DA-447C-B9A5-52AE5D226FAA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe

Task: {C53CC418-F761-428A-8EF6-9C2A150A17CE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {CE6DD33E-32AA-4FE1-9BDE-DC45EC086A41} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {D143ABD9-9826-49E5-A6C7-466C97C877B1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {D339224C-D34D-4BE4-B338-DA928BDBA577} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {D350DFB3-8888-4903-9337-AE00CCB9D5A6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {D95D0352-293E-477E-B7B1-2C01ABEAF898} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {DD661CDB-C9A7-4942-8F65-F88433811FA8} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {E84F4C42-D41E-49CF-A0CE-569AC2208560} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated)

Task: {EF32ECD1-0DC9-4CD5-98BF-030B9649A67A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F65323F7-3326-4C95-93DA-564D792DE093} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F70C766E-3344-4C55-B423-88B7FD6DF90D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForGrace.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:CD5BCD16 [216]

AlternateDataStreams: C:\Users\Dorothy\Desktop\2016-03-10_15'45'06'.mp3:com.dropbox.attributes [168]

AlternateDataStreams: C:\Users\Dorothy\Desktop\2016-03-10_16'20'12'.mp3:com.dropbox.attributes [168]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;%SYSTEMROOT%\System32\OpenSSH\

DNS Servers: Media is not connected to internet.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)

HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

If an entry is included in the fixlist, it will be removed.

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AJRouter => 3

MSCONFIG\Services: ALG => 3

MSCONFIG\Services: AppHostSvc => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: AppReadiness => 3

MSCONFIG\Services: aspnet_state => 3

MSCONFIG\Services: AudioEndpointBuilder => 2

MSCONFIG\Services: Audiosrv => 2

MSCONFIG\Services: AxInstSV => 3

MSCONFIG\Services: BDESVC => 3

MSCONFIG\Services: BITS => 3

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: Browser => 3

MSCONFIG\Services: BTAGService => 3

MSCONFIG\Services: BthAvctpSvc => 3

MSCONFIG\Services: bthserv => 3

MSCONFIG\Services: camsvc => 3

MSCONFIG\Services: CDPSvc => 2

MSCONFIG\Services: CertPropSvc => 3

MSCONFIG\Services: COMSysApp => 3

MSCONFIG\Services: CryptSvc => 2

MSCONFIG\Services: DbxSvc => 2

MSCONFIG\Services: defragsvc => 3

MSCONFIG\Services: DeviceAssociationService => 2

MSCONFIG\Services: DeviceInstall => 3

MSCONFIG\Services: DevQueryBroker => 3

MSCONFIG\Services: Dhcp => 2

MSCONFIG\Services: diagnosticshub.standardcollector.service => 3

MSCONFIG\Services: diagsvc => 3

MSCONFIG\Services: DiagTrack => 2

MSCONFIG\Services: DmEnrollmentSvc => 3

MSCONFIG\Services: dmwappushservice => 3

MSCONFIG\Services: DoSvc => 3

MSCONFIG\Services: dot3svc => 3

MSCONFIG\Services: DPS => 2

MSCONFIG\Services: DsmSvc => 3

MSCONFIG\Services: DsSvc => 3

MSCONFIG\Services: DusmSvc => 2

MSCONFIG\Services: Eaphost => 3

MSCONFIG\Services: EFS => 3

MSCONFIG\Services: ePowerSvc => 2

MSCONFIG\Services: EpsonBidirectionalService => 2

MSCONFIG\Services: EpsonScanSvc => 2

MSCONFIG\Services: EPSON_EB_RPCV4_04 => 2

MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2

MSCONFIG\Services: EventLog => 2

MSCONFIG\Services: EventSystem => 2

MSCONFIG\Services: Fax => 3

MSCONFIG\Services: fdPHost => 3

MSCONFIG\Services: FDResPub => 3

MSCONFIG\Services: fhsvc => 3

MSCONFIG\Services: FontCache => 2

MSCONFIG\Services: FontCache3.0.0.0 => 3

MSCONFIG\Services: FoxitCloudUpdateService => 2

MSCONFIG\Services: FrameServer => 3

MSCONFIG\Services: GraphicsPerfSvc => 3

MSCONFIG\Services: Greg_Service => 2

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: hidserv => 3

MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2

MSCONFIG\Services: HPTouchpointAnalyticsService => 2

MSCONFIG\Services: HsfXAudioService => 2

MSCONFIG\Services: HvHost => 3

MSCONFIG\Services: IAANTMON => 2

MSCONFIG\Services: icssvc => 3

MSCONFIG\Services: IKEEXT => 3

MSCONFIG\Services: InstallService => 3

MSCONFIG\Services: iphlpsvc => 2

MSCONFIG\Services: IpxlatCfgSvc => 3

MSCONFIG\Services: irmon => 3

MSCONFIG\Services: KeyIso => 3

MSCONFIG\Services: KtmRm => 3

MSCONFIG\Services: LanmanServer => 2

MSCONFIG\Services: LanmanWorkstation => 2

MSCONFIG\Services: lfsvc => 3

MSCONFIG\Services: LicenseManager => 3

MSCONFIG\Services: lltdsvc => 3

MSCONFIG\Services: lmhosts => 3

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: LVPrcS64 => 2

MSCONFIG\Services: LxpSvc => 3

MSCONFIG\Services: MapsBroker => 2

MSCONFIG\Services: mpssvc => 2

MSCONFIG\Services: MSDTC => 3

MSCONFIG\Services: MSiSCSI => 3

MSCONFIG\Services: MSMQ => 2

MSCONFIG\Services: NaturalAuthentication => 3

MSCONFIG\Services: NcaSvc => 3

MSCONFIG\Services: NcbService => 3

MSCONFIG\Services: NcdAutoSetup => 3

MSCONFIG\Services: Netlogon => 3

MSCONFIG\Services: Netman => 3

MSCONFIG\Services: NetMsmqActivator => 2

MSCONFIG\Services: NetPipeActivator => 2

MSCONFIG\Services: netprofm => 3

MSCONFIG\Services: NetSetupSvc => 3

MSCONFIG\Services: NetTcpActivator => 2

MSCONFIG\Services: NetTcpPortSharing => 3

MSCONFIG\Services: NlaSvc => 2

MSCONFIG\Services: Norton Internet Security => 2

MSCONFIG\Services: nsi => 2

MSCONFIG\Services: NTI IScheduleSvc => 2

MSCONFIG\Services: odserv => 3

MSCONFIG\Services: ose => 3

MSCONFIG\Services: p2pimsvc => 3

MSCONFIG\Services: p2psvc => 3

MSCONFIG\Services: PcaSvc => 3

MSCONFIG\Services: PerfHost => 3

MSCONFIG\Services: PhoneSvc => 3

MSCONFIG\Services: pla => 3

MSCONFIG\Services: PlugPlay => 3

MSCONFIG\Services: PNRPAutoReg => 3

MSCONFIG\Services: PNRPsvc => 3

MSCONFIG\Services: PolicyAgent => 3

MSCONFIG\Services: Power => 2

MSCONFIG\Services: PrintNotify => 3

MSCONFIG\Services: PushToInstall => 3

MSCONFIG\Services: QWAVE => 3

MSCONFIG\Services: RasAuto => 3

MSCONFIG\Services: RasMan => 2

MSCONFIG\Services: RetailDemo => 3

MSCONFIG\Services: RmSvc => 3

MSCONFIG\Services: RpcLocator => 3

MSCONFIG\Services: SamSs => 2

MSCONFIG\Services: SCardSvr => 3

MSCONFIG\Services: ScDeviceEnum => 3

MSCONFIG\Services: SCPolicySvc => 3

MSCONFIG\Services: SDRSVC => 3

MSCONFIG\Services: seclogon => 3

MSCONFIG\Services: SEMgrSvc => 3

MSCONFIG\Services: SENS => 2

MSCONFIG\Services: SensorDataService => 3

MSCONFIG\Services: SensorService => 3

MSCONFIG\Services: SensrSvc => 3

MSCONFIG\Services: SessionEnv => 3

MSCONFIG\Services: SharedAccess => 3

MSCONFIG\Services: SharedRealitySvc => 3

MSCONFIG\Services: ShellHWDetection => 2

MSCONFIG\Services: smphost => 3

MSCONFIG\Services: SmsRouter => 3

MSCONFIG\Services: SNMPTRAP => 3

MSCONFIG\Services: spectrum => 3

MSCONFIG\Services: Spooler => 2

MSCONFIG\Services: SSDPSRV => 3

MSCONFIG\Services: SstpSvc => 3

MSCONFIG\Services: ss_conn_service => 2

MSCONFIG\Services: stisvc => 2

MSCONFIG\Services: StorSvc => 3

MSCONFIG\Services: svsvc => 3

MSCONFIG\Services: swprv => 3

MSCONFIG\Services: SynTPEnhService => 2

MSCONFIG\Services: SysMain => 2

MSCONFIG\Services: TabletInputService => 3

MSCONFIG\Services: TapiSrv => 3

MSCONFIG\Services: TermService => 3

MSCONFIG\Services: Themes => 2

MSCONFIG\Services: TieringEngineService => 3

MSCONFIG\Services: TokenBroker => 3

MSCONFIG\Services: TrkWks => 2

MSCONFIG\Services: TrustedInstaller => 2

MSCONFIG\Services: UmRdpService => 3

MSCONFIG\Services: UNS => 2

MSCONFIG\Services: Updater Service => 2

MSCONFIG\Services: upnphost => 3

MSCONFIG\Services: VacSvc => 3

MSCONFIG\Services: VaultSvc => 3

MSCONFIG\Services: vds => 3

MSCONFIG\Services: vmicguestinterface => 3

MSCONFIG\Services: vmicheartbeat => 3

MSCONFIG\Services: vmickvpexchange => 3

MSCONFIG\Services: vmicrdv => 3

MSCONFIG\Services: vmicshutdown => 3

MSCONFIG\Services: vmictimesync => 3

MSCONFIG\Services: vmicvmsession => 3

MSCONFIG\Services: vmicvss => 3

MSCONFIG\Services: VSS => 3

MSCONFIG\Services: W32Time => 3

MSCONFIG\Services: w3logsvc => 3

MSCONFIG\Services: W3SVC => 2

MSCONFIG\Services: WalletService => 3

MSCONFIG\Services: WarpJITSvc => 3

MSCONFIG\Services: WAS => 3

MSCONFIG\Services: wbengine => 3

MSCONFIG\Services: WbioSrvc => 3

MSCONFIG\Services: Wcmsvc => 2

MSCONFIG\Services: wcncsvc => 3

MSCONFIG\Services: WdiServiceHost => 3

MSCONFIG\Services: WdiSystemHost => 3

MSCONFIG\Services: WebClient => 3

MSCONFIG\Services: Wecsvc => 3

MSCONFIG\Services: WEPHOSTSVC => 3

MSCONFIG\Services: wercplsupport => 3

MSCONFIG\Services: WerSvc => 3

MSCONFIG\Services: WFDSConMgrSvc => 3

MSCONFIG\Services: WiaRpc => 3

MSCONFIG\Services: Winmgmt => 2

MSCONFIG\Services: WinRM => 3

MSCONFIG\Services: wisvc => 3

MSCONFIG\Services: WlanSvc => 2

MSCONFIG\Services: wlidsvc => 3

MSCONFIG\Services: wlpasvc => 3

MSCONFIG\Services: wmiApSrv => 3

MSCONFIG\Services: WMPNetworkSvc => 3

MSCONFIG\Services: workfolderssvc => 3

MSCONFIG\Services: WpcMonSvc => 3

MSCONFIG\Services: WPDBusEnum => 3

MSCONFIG\Services: WpnService => 2

MSCONFIG\Services: WSearch => 2

MSCONFIG\Services: wuauserv => 3

MSCONFIG\Services: WwanSvc => 3

MSCONFIG\Services: XblAuthManager => 3

MSCONFIG\Services: XblGameSave => 3

MSCONFIG\Services: XboxGipSvc => 3

MSCONFIG\Services: XboxNetApiSvc => 3

MSCONFIG\startupfolder: C:^Users^Dorothy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\Dorothy\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: AvgRemover => C:\Users\Dorothy\Desktop\avg_remover_stf_x64_2013_2706.exe /run_number=2 /avgdir="C:\Program Files (x86)\AVG\AVG2012\" /avgdatadir="C:\ProgramData\AVG2012\" /ndis_nextstep=1

MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

MSCONFIG\startupreg: eFax 4.4 => "C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe" /R

MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"

MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: PDVD8LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: RemoteControl8 => "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\Dorothy\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 206ef9833a0547d6810fa113f030f345-2c281204cb3c23d4ef7a016a20a26c076048ea2e --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: VideoWebCamera => "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a

HKLM\...\StartupApproved\Run: => "Acer ePower Management"

HKLM\...\StartupApproved\Run32: => "Panasonic PCFAX for KX-FLB800/FLM650 Series"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{98A6BB8E-F6D0-4BC8-9FE4-BAA117C8A209}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

FirewallRules: [{56D668D9-ACA1-4A40-8CBE-7D674A0AEFD6}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett-Packard Development Company, LP)

FirewallRules: [{D740D2E4-4794-4A35-A9B0-EBFD5021576D}] => (Allow) LPort=5357

FirewallRules: [{236C11F0-3482-42B4-BF92-DA4C0C894107}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe (Hewlett-Packard Development Company, LP)

FirewallRules: [{7D3622D0-E36C-4748-B168-C0D0717E0E92}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe (Hewlett-Packard Development Company, LP)

FirewallRules: [{FF05C41A-FC33-46AA-8E5E-0E01315D97C0}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe (Hewlett-Packard Development Company, LP)

FirewallRules: [{6B54F428-8A58-4AC4-B668-A481F63DD910}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe (Hewlett-Packard Development Company, LP)

FirewallRules: [{67079B02-5066-478B-A478-33686DF3A8AD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

FirewallRules: [{7F073A1D-ECE3-4343-9DF2-605E4F47CDBE}] => (Allow) svchost.exe (Microsoft Corporation)

FirewallRules: [{73432CCB-127E-4E86-9E73-08D30C828ABC}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe (Microsoft Corporation)

FirewallRules: [{50B1591C-05D6-481F-B81A-0952A793C106}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE (CyberLink Corp.)

FirewallRules: [{97CAEFC5-3499-4A5B-8300-C7636BA3530C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

FirewallRules: [{39D67CB6-67F0-42AC-8E8B-E64BB3EFC048}] => (Allow) LPort=2869

FirewallRules: [{4214CCF1-D3A9-4CAA-AD54-BC5B1BD18AE8}] => (Allow) LPort=1900

FirewallRules: [{E85D6C83-312F-4CB3-8EBD-84A736461A6C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

FirewallRules: [{2E92A8C7-C469-421E-80F9-A34C773F8255}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

FirewallRules: [{F4D20F96-9D2D-46BF-8FE4-0C0CB4B46284}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe (SEIKO EPSON CORPORATION)

FirewallRules: [{C8658A67-E674-4C5B-9BDD-324BDFA41900}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe (SEIKO EPSON CORPORATION)

FirewallRules: [{1EC17BC0-E749-4570-B1D0-51295ABBF323}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc.)

FirewallRules: [{0A9771F9-A62E-4D6D-93E5-225AD7A6AE93}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

FirewallRules: [{A2903A74-928B-4777-A6CE-ACC6ACCB7D45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

FirewallRules: [{D626DE48-D160-4DC7-8899-818B5A59CCB4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)

FirewallRules: [{74DC4B59-7F19-47DF-A6F8-A2479FAF162F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)

FirewallRules: [TCP Query User{715E6F2F-F47E-45F0-931B-1B1885E4883F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)

FirewallRules: [UDP Query User{A8159E19-F62E-43AA-8BB3-50FBD55709AF}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google Inc.)

FirewallRules: [TCP Query User{34B468BD-6F68-4712-AD78-C63160E1BAC5}C:\program files (x86)\thinkorswim\thinkorswim.exe] => (Allow) C:\program files (x86)\thinkorswim\thinkorswim.exe (thinkorswim, Inc)

FirewallRules: [UDP Query User{35DF6801-9E6D-4097-A1EF-C725C5F18226}C:\program files (x86)\thinkorswim\thinkorswim.exe] => (Allow) C:\program files (x86)\thinkorswim\thinkorswim.exe (thinkorswim, Inc)

FirewallRules: [{93DFDA90-6FE8-483C-8268-A6666CA6032E}] => (Block) C:\program files (x86)\thinkorswim\thinkorswim.exe (thinkorswim, Inc)

FirewallRules: [{42EAF20A-867B-43E6-ADCD-28F7BD2D642D}] => (Block) C:\program files (x86)\thinkorswim\thinkorswim.exe (thinkorswim, Inc)

FirewallRules: [{C2E7FA7F-0ADB-4F7B-8746-35D8AC625D3D}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe (SEIKO EPSON CORPORATION)

FirewallRules: [{3413532A-CF19-4404-B2A9-8C5484F32951}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe (SEIKO EPSON CORPORATION)

FirewallRules: [{9CF53E56-24D2-4187-AE10-63DF9AE1026F}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe (SEIKO EPSON CORPORATION)

FirewallRules: [{9A8B0FFA-D7E4-48C2-B959-F8540AEC0A28}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe (SEIKO EPSON CORPORATION)

FirewallRules: [{99008BFD-72BB-4609-8266-5824BB9CCB59}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

FirewallRules: [{471FD548-26C7-43F7-9D33-1CA3211293BB}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

 

==================== Restore Points =========================

 

Could not list restore points

Check "winmgmt" service or repair WMI.

 

 

==================== Faulty Device Manager Devices =============

 

Could not list Devices. Check "winmgmt" service or repair WMI.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/27/2019 05:57:54 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

 

 

Operation:

   Instantiating VSS server

 

Error: (01/27/2019 05:57:54 PM) (Source: VSS) (EventID: 13) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

]

 

 

Operation:

   Instantiating VSS server

 

Error: (11/20/2018 01:48:43 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )

Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

 

Error: (11/20/2018 01:43:33 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )

Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

 

Error: (11/20/2018 01:43:18 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

 

Error: (11/20/2018 01:43:18 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )

Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

 

Error: (11/20/2018 01:41:41 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )

Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

 

Error: (11/20/2018 01:41:41 PM) (Source: MSDTC 2) (EventID: 4104) (User: )

Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

 

 

System errors:

=============

Error: (01/27/2019 06:17:37 PM) (Source: DCOM) (EventID: 10001) (User: GRACELAPTOP)

Description: Unable to start a DCOM Server: {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} as Unavailable/Unavailable. The error:

"1008"

Happened while starting this command:

C:\Windows\System32\smartscreen.exe -Embedding

 

Error: (01/27/2019 06:17:30 PM) (Source: DCOM) (EventID: 10001) (User: GRACELAPTOP)

Description: Unable to start a DCOM Server: {3EEF301F-B596-4C0B-BD92-013BEAFCE793} as Unavailable/Unavailable. The error:

"1008"

Happened while starting this command:

C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding

 

Error: (01/27/2019 06:17:30 PM) (Source: DCOM) (EventID: 10001) (User: GRACELAPTOP)

Description: Unable to start a DCOM Server: {3EEF301F-B596-4C0B-BD92-013BEAFCE793} as Unavailable/Unavailable. The error:

"1008"

Happened while starting this command:

C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding

 

Error: (01/27/2019 06:17:30 PM) (Source: DCOM) (EventID: 10001) (User: GRACELAPTOP)

Description: Unable to start a DCOM Server: {515980C3-57FE-4C1E-A561-730DD256AB98} as Unavailable/Unavailable. The error:

"1008"

Happened while starting this command:

C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {515980c3-57fe-4c1e-a561-730dd256ab98} -Embedding

 

Error: (01/27/2019 06:13:46 PM) (Source: DCOM) (EventID: 10001) (User: GRACELAPTOP)

Description: Unable to start a DCOM Server: {8CEC58AE-07A1-11D9-B15E-000D56BFE6EE} as Unavailable/Unavailable. The error:

"1008"

Happened while starting this command:

C:\Windows\helppane.exe -Embedding

 

Error: (01/27/2019 06:10:53 PM) (Source: DCOM) (EventID: 10001) (User: GRACELAPTOP)

Description: Unable to start a DCOM Server: {682159D9-C321-47CA-B3F1-30E36B2EC8B9} as Unavailable/Unavailable. The error:

"1008"

Happened while starting this command:

C:\WINDOWS\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding

 

Error: (01/27/2019 06:10:53 PM) (Source: DCOM) (EventID: 10001) (User: GRACELAPTOP)

Description: Unable to start a DCOM Server: {682159D9-C321-47CA-B3F1-30E36B2EC8B9} as Unavailable/Unavailable. The error:

"1008"

Happened while starting this command:

C:\WINDOWS\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding

 

Error: (01/27/2019 06:10:53 PM) (Source: DCOM) (EventID: 10001) (User: GRACELAPTOP)

Description: Unable to start a DCOM Server: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} as Unavailable/Unavailable. The error:

"1008"

Happened while starting this command:

C:\WINDOWS\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz

Percentage of memory in use: 14%

Total physical RAM: 3766.77 MB

Available physical RAM: 3230.22 MB

Total Virtual: 7606.77 MB

Available Virtual: 7242.4 MB

 

==================== Drives ================================

 

Drive c: (Gateway) (Fixed) (Total:453.66 GB) (Free:256.02 GB) NTFS

Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

Drive f: (ANACONDA) (Removable) (Total:0.01 GB) (Free:0 GB) FAT

 

\\?\Volume{baaba001-d442-11df-bf14-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

\\?\Volume{baaba000-d442-11df-bf14-806e6f6e6963}\ (PQSERVICE) (Fixed) (Total:12 GB) (Free:3.74 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 492A0896)

Partition 1: (Not Active) - (Size=12 GB) - (Type=27)

Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 3.7 GB) (Disk ID: 13B46EC8)

Partition 1: (Active) - (Size=1.3 GB) - (Type=00)

Partition 2: (Not Active) - (Size=5 MB) - (Type=01)

Partition 3: (Not Active) - (Size=11 MB) - (Type=00)

 

==================== End of Addition.txt ============================

[JSntgRvr]

You seem to be logged as a temp profile. I need to obtain more information.

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as fixlist.txt
• Change the Save as Type to All Files
• and Save it in the same location FRST64 is saved.
• Once saved, open FRST64 click on the fix button.

Reg: Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s

 
A Fixlog.txt file will be created in the same location FRST64 is saved. Please post its contents in a reply.

[gracek]

Hi GloMo, Here ya go. Fixlog

 

Thanks!

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019

Ran by Grace (28-01-2019 13:18:56) Run:1

Running from C:\Windows\System32\config\systemprofile\Desktop

Loaded Profiles: False (Available Profiles: Grace)

Boot Mode: Safe Mode (minimal)

==============================================

 

fixlist content:

*****************

Reg: Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s

*****************

 

 

========= Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s =========

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default

    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users

    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18

    Flags    REG_DWORD    0xc

    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

    RefCount    REG_DWORD    0x1

    Sid    REG_BINARY    010100000000000512000000

    State    REG_DWORD    0x0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19

    Flags    REG_DWORD    0x0

    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\ServiceProfiles\LocalService

    State    REG_DWORD    0x0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20

    Flags    REG_DWORD    0x0

    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\ServiceProfiles\NetworkService

    State    REG_DWORD    0x0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3490083518-890513852-1545284020-1000

    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Dorothy

    Flags    REG_DWORD    0x0

    State    REG_DWORD    0x100

    Sid    REG_BINARY    010500000000000515000000BE7206D0BC291435B4291B5CE8030000

    FullProfile    REG_DWORD    0x1

    Migrated    REG_BINARY    F029216EFF80D401

    ProfileAttemptedProfileDownloadTimeLow    REG_DWORD    0x0

    ProfileAttemptedProfileDownloadTimeHigh    REG_DWORD    0x0

    ProfileLoadTimeLow    REG_DWORD    0x0

    ProfileLoadTimeHigh    REG_DWORD    0x0

    RunLogonScriptSync    REG_DWORD    0x0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415

    ProfileImagePath    REG_EXPAND_SZ    C:\Users\DefaultAppPool

    Flags    REG_DWORD    0x0

    State    REG_DWORD    0x4

    Sid    REG_BINARY    010600000000000552000000E29C36B3138F4819EC090A682F26612F5FD1B2EE

    FullProfile    REG_DWORD    0x1

    Migrated    REG_BINARY    6030926DFF80D401

 

 

 

========= End of Reg: =========

 

 

==== End of Fixlog 13:18:57 ====

[JSntgRvr]

Something is wrong with the profiles. You are actually running from the systemprofile folder, there is no such profile as Grace, but a profile labeled as Dorothy.

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as fixlist.txt
• Change the Save as Type to All Files
• and Save it in the same location FRST64 is saved.
• Once saved, open FRST64 click on the fix button.

CMD: Dir  /a:d C:\Users

 
A Fixlog.txt file will be created in the same location FRST64 is saved. Please post its contents in a reply.

[gracek]

Yes, I did have a Dorothy. Here ya go!

Thanks. Grace

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019

Ran by Grace (28-01-2019 17:18:47) Run:2

Running from C:\Windows\System32\config\systemprofile\Desktop

Loaded Profiles: False (Available Profiles: Grace)

Boot Mode: Safe Mode (minimal)

==============================================

 

fixlist content:

*****************

CMD: Dir  /a:d C:\Users

*****************

 

 

========= Dir  /a:d C:\Users =========

 

 Volume in drive C is Gateway

 Volume Serial Number is 186E-D78F

 

 Directory of C:\Users

 

11/20/2018  01:32 PM    <DIR>          .

11/20/2018  01:32 PM    <DIR>          ..

04/11/2018  06:45 PM    <SYMLINKD>     All Users [C:\ProgramData]

11/20/2018  01:58 PM    <DIR>          Default

04/11/2018  06:45 PM    <JUNCTION>     Default User [C:\Users\Default]

10/09/2016  05:01 PM    <DIR>          Default.migrated

11/20/2018  01:43 PM    <DIR>          DefaultAppPool

01/26/2019  02:48 PM    <DIR>          Dorothy

11/20/2018  04:20 PM    <DIR>          Public

               0 File(s)              0 bytes

               9 Dir(s)  274,903,920,640 bytes free

 

========= End of CMD: =========

 

 

==== End of Fixlog 17:18:47 ====

[JSntgRvr]

Lets create a new profile for Grace. Lets see if you can logon to that account:

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as fixlist.txt
• Change the Save as Type to All Files
• and Save it in the same location FRST64 is saved.
• Once saved, open FRST64 click on the fix button.

CMD: net user /add Grace
CMD: net localgroup administrators Grace /add
Reg: Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s
CMD: Dir /a:d C:\Users
Folder: C:\Users\Default.migrated
Reboot:

A Fixlog.txt file will be created in the same location FRST64 is saved. Please post its contents in a reply.

Upon restart, attempt to logon as Grace, leave the password blank.

[gracek]

OK, I still need a password to get into "grace". I can not choose any other account. 
I am still booting in safe mode.

 This is how I am getting to the txt files...

 

I enter my password, it boots in "safe mode". I am getting to my USB files by ctl-alt-del, then to Task Manager.... 

 

Then I go to FILE, Run Task and click BROWSE to get to my USB drive :-) Thanks, G

 

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019

Ran by Grace (29-01-2019 10:59:20) Run:4

Running from C:\Windows\System32\config\systemprofile\Desktop

Loaded Profiles: False (Available Profiles: Grace)

Boot Mode: Safe Mode (minimal)

==============================================

 

fixlist content:

*****************

CMD: net user /add Grace

CMD: net localgroup administrators Grace /add

Reg: Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s

CMD: Dir /a:d C:\Users

Folder: C:\Users\Default.migrated

Reboot:

*****************

 

 

========= net user /add Grace =========

 

The account already exists.

 

More help is available by typing NET HELPMSG 2224.

 

 

========= End of CMD: =========

 

 

========= net localgroup administrators Grace /add =========

 

System error 1378 has occurred.

 

The specified account name is already a member of the group.

 

 

========= End of CMD: =========

 

 

========= Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s =========

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    Default    REG_EXPAND_SZ    %SystemDrive%\Users\Default

    ProfilesDirectory    REG_EXPAND_SZ    %SystemDrive%\Users

    ProgramData    REG_EXPAND_SZ    %SystemDrive%\ProgramData

    Public    REG_EXPAND_SZ    %SystemDrive%\Users\Public

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18

    Flags    REG_DWORD    0xc

    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\system32\config\systemprofile

    RefCount    REG_DWORD    0x1

    Sid    REG_BINARY    010100000000000512000000

    State    REG_DWORD    0x0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19

    Flags    REG_DWORD    0x0

    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\ServiceProfiles\LocalService

    State    REG_DWORD    0x0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20

    Flags    REG_DWORD    0x0

    ProfileImagePath    REG_EXPAND_SZ    %systemroot%\ServiceProfiles\NetworkService

    State    REG_DWORD    0x0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3490083518-890513852-1545284020-1000

    ProfileImagePath    REG_EXPAND_SZ    C:\Users\Dorothy

    Flags    REG_DWORD    0x0

    State    REG_DWORD    0x100

    Sid    REG_BINARY    010500000000000515000000BE7206D0BC291435B4291B5CE8030000

    FullProfile    REG_DWORD    0x1

    Migrated    REG_BINARY    F029216EFF80D401

    ProfileAttemptedProfileDownloadTimeLow    REG_DWORD    0x0

    ProfileAttemptedProfileDownloadTimeHigh    REG_DWORD    0x0

    ProfileLoadTimeLow    REG_DWORD    0x0

    ProfileLoadTimeHigh    REG_DWORD    0x0

    RunLogonScriptSync    REG_DWORD    0x0

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415

    ProfileImagePath    REG_EXPAND_SZ    C:\Users\DefaultAppPool

    Flags    REG_DWORD    0x0

    State    REG_DWORD    0x4

    Sid    REG_BINARY    010600000000000552000000E29C36B3138F4819EC090A682F26612F5FD1B2EE

    FullProfile    REG_DWORD    0x1

    Migrated    REG_BINARY    6030926DFF80D401

 

 

 

========= End of Reg: =========

 

 

========= Dir /a:d C:\Users =========

 

 Volume in drive C is Gateway

 Volume Serial Number is 186E-D78F

 

 Directory of C:\Users

 

11/20/2018  01:32 PM    <DIR>          .

11/20/2018  01:32 PM    <DIR>          ..

04/11/2018  06:45 PM    <SYMLINKD>     All Users [C:\ProgramData]

11/20/2018  01:58 PM    <DIR>          Default

04/11/2018  06:45 PM    <JUNCTION>     Default User [C:\Users\Default]

10/09/2016  05:01 PM    <DIR>          Default.migrated

11/20/2018  01:43 PM    <DIR>          DefaultAppPool

01/26/2019  02:48 PM    <DIR>          Dorothy

11/20/2018  04:20 PM    <DIR>          Public

               0 File(s)              0 bytes

               9 Dir(s)  274,929,205,248 bytes free

 

========= End of CMD: =========

 

 

========================= Folder: C:\Users\Default.migrated ========================

 

2015-10-30 02:24 - 2016-10-09 17:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Default.migrated\AppData

2015-10-30 02:24 - 2016-10-09 17:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Default.migrated\AppData\Local

2015-10-30 02:24 - 2016-10-09 17:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Default.migrated\AppData\Local\Microsoft

2015-10-30 02:24 - 2016-10-09 17:01 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Default.migrated\AppData\Local\Microsoft\Windows

2015-12-14 09:03 - 2015-12-14 09:03 - 000000000 _SHDL [00000000000000000000000000000000] () C:\Users\Default.migrated\AppData\Local\Microsoft\Windows\Temporary Internet Files

2015-10-30 02:24 - 2016-10-09 16:53 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Default.migrated\Documents

2015-12-14 09:03 - 2015-12-14 09:03 - 000000000 _SHDL [00000000000000000000000000000000] () C:\Users\Default.migrated\Documents\My Music

2015-12-14 09:03 - 2015-12-14 09:03 - 000000000 _SHDL [00000000000000000000000000000000] () C:\Users\Default.migrated\Documents\My Pictures

2015-12-14 09:03 - 2015-12-14 09:03 - 000000000 _SHDL [00000000000000000000000000000000] () C:\Users\Default.migrated\Documents\My Videos

 

====== End of Folder: ======

 

 

 

The system needed a reboot.

 

==== End of Fixlog 10:59:21 ====

[JSntgRvr]

Was ever a profile renamed?

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as fixlist.txt
• Change the Save as Type to All Files
• and Save it in the same location FRST64 is saved.
• Once saved, open FRST64 click on the fix button.

cmd: wmic useraccount where (name='Grace') get name,sid
C:\Users\Default.migrated
Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3490083518-890513852-1545284020-1000
" /v "Migrated" /f

A Fixlog.txt file will be created in the same location FRST64 is saved. Please post its contents in a reply.

Upon restart, attempt to logon as Grace, leave the password blank.

[gracek]

Hi, yes years ago the profile was renamed. This black screen happened after a win 10 update. 

 

Here ya go :-)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.01.2019

Ran by Grace (29-01-2019 17:04:02) Run:5

Running from C:\Windows\System32\config\systemprofile\Desktop

Loaded Profiles: False (Available Profiles: Grace)

Boot Mode: Safe Mode (minimal)

==============================================

 

fixlist content:

*****************

cmd: wmic useraccount where (name='Grace') get name,sid

C:\Users\Default.migrated

Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3490083518-890513852-1545284020-1000

" /v "Migrated" /f

*****************

 

 

========= wmic useraccount where (name='Grace') get name,sid =========

 

ERROR:

 

Description = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

 

 

========= End of CMD: =========

 

C:\Users\Default.migrated => moved successfully

 

========= Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3490083518-890513852-1545284020-1000 =========

 

 

 

========= End of Reg: =========

 

" /v "Migrated" /f => Error: No automatic fix found for this entry.

 

==== End of Fixlog 17:04:03 ====

[JSntgRvr]

This command was cut when copy and paste.
 

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3490083518-890513852-1545284020-1000" /v "Migrated" /f

 
Lets try to Fix that

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as fixlist.txt
• Change the Save as Type to All Files
• and Save it in the same location FRST64 is saved.
• Once saved, open FRST64 click on the fix button.

Startregedit:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3490083518-890513852-1545284020-1000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3490083518-890513852-1545284020-1000]
"ProfileImagePath"=hex(2):43,00,3A,00,5C,00,55,00,73,00,65,00,72,00,\
  73,00,5C,00,44,00,6F,00,72,00,6F,00,74,00,68,00,79,00,00,00
"Flags"=dword:00000000
"State"=dword:00000100
"Sid"=hex:01,05,00,00,00,00,00,05,15,00,00,00,5c,7d,10,12,57,a6,eb,2a,ae,63,fc,\
  0c,e8,03,00,00
"ProfileLoadTimeLow"=dword:00000000
"ProfileLoadTimeHigh"=dword:00000000
"RefCount"=dword:00000002
"RunLogonScriptSync"=dword:00000000

Endregedit:

A Fixlog.txt file will be created in the same location FRST64 is saved. Please post its contents in a reply.

Upon restart, attempt to logon as Grace.
 
There must be other problems. Lets run these utilities:
 
Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Please download MiniToolBox and run it.

Checkmark following boxes:

• Report IE Proxy Settings
• Report FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size

Click Go and post the result.

[JSntgRvr]

If that wont work lets create a new profile, other than Grace and lets see if you can logon to that new profile.

• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as fixlist.txt
• Change the Save as Type to All Files
• and Save it in the same location FRST64 is saved.
• Once saved, open FRST64 click on the fix button.

CMD: net user Grace_new /add
CMD: net localgroup administrators Grace_new /add
Reg: Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s
CMD: Dir /a:d C:\Users
Reboot:

A Fixlog.txt file will be created in the same location FRST64 is saved. Please post its contents in a reply.

Upon restart, attempt to logon as Grace_new, leave the password blank.

 

Let me know the outcome

[gracek]

Hi,

 

The logon screen does say GRACE. That is what I am logging on to in safe mode. 

 

FSS and Minitoolbox : I put both on the desktop and "ran" both but neither produces any kind of log like FRST64.

 

I accidentally deleted the FRST64 file. 

I still need to run the FRST64 txt in your last reply still. I will do in the morning. 

 

Thanks..

 

grace

[JSntgRvr]

Is there an easy access icon on the logon screen?