LandzDown Forum

Software & More => Computer Problems, Questions and Solutions! => Topic started by: mary3444 on July 21, 2015, 09:52:48 PM

Title: System restore
Post by: mary3444 on July 21, 2015, 09:52:48 PM
When I went on my computer today I lost one of my Bookmarks folders. I know I did not remove that folder. I thought if I went back 1 day with system restore I could find that folder.

When I went to do a system restore it tells me the system restore has been turned off by your system administrator. To turn on contact you system administrator.

I don't know what that means, I need help

Thanks in advance

Mary
Title: Re: System restore
Post by: Corrine on July 21, 2015, 10:01:34 PM
You need to be logged on with the Administrator account, which according to your logs is the Joe account:  Administrator - Enabled) => C:\Users\Joe
Title: Re: System restore
Post by: mary3444 on July 21, 2015, 10:05:24 PM
Thanks for the fast answer but you just lost me on this one. How do I log on with the Administrator account.

Remember I don't know a thing about this computer

Thanks
Mary
Title: Re: System restore
Post by: Corrine on July 21, 2015, 10:15:30 PM
According to the logs you've been posting, "Joe" is the Administrator Account for the computers.

The instructions for enabling System Restore (System Protection) are at http://windows.microsoft.com/en-us/windows/turn-system-restore-on-off#1TC=windows-7.  There is also a video at the top of the page.
Title: Re: System restore
Post by: mary3444 on July 22, 2015, 08:30:05 PM
I went to the instructions for system restore but I must be doing something wrong. I watched the video & read the instructions quite a few times but I still have no luck.

When I go to system properties it says under protection settings OS system ON Recovery OFF but I can't turn it on, when I hit it nothing happens.

I am so sorry to bother you but I just can't figure this out.

ThanksMary
Title: Re: System restore
Post by: techie on July 22, 2015, 08:51:39 PM
As Corrine has told you, Joe whomever that is, is the administrator. Only he has the administrative authority to  make major changes to the system, to include a system restore. You have to ask him to login to his account and run the restore. You cannot bypass it, because it was locked by Joe. You can read about how to do it, but your account is locked from changing it.

There is no one here that knows who Joe is or his administrator account passwords and we really can't help you beyond that.  You have to ask Joe.

Do you know Joe? Your father maybe?
Title: Re: System restore
Post by: mary3444 on July 22, 2015, 09:09:27 PM
This is what is driving me crazy. There is no Joe here & never has been. My husband Bob knows less then I do about computers so he would never do anything like that.

I purchased this computer last year so I don't know what to do.

No one else lives in the house except the 2 dogs.

Mary
Title: Re: System restore
Post by: mary3444 on July 22, 2015, 09:21:13 PM
I just went on User Accounts and family safety & on there is shows    Mary/administrator.

Mary
Title: Re: System restore
Post by: Corrine on July 22, 2015, 09:51:59 PM
Hi, Mary.

I checked your other posts with logs and found ... Edit:  Found that I goofed and was looking at another Mary's logs!
Title: Re: System restore
Post by: mary3444 on July 22, 2015, 10:16:07 PM
Corrine
I never had a Windows 8 computer. My old computer was a XP & then I got new Windows 7. These are the only computers I have had.

I don't know if you have me confused with someone else. My Dad passed away years ago.

Sorry about all this, I am dumbfounded.

Mary

Title: Re: System restore
Post by: Corrine on July 22, 2015, 10:44:44 PM
You are so right, Mary.  I'm sorry for the confusion.  I've been helping someone else whose name is Mary and when I saw your post I still had a tab open to the topic I was helping her with and picked up on the admin account from her logs. 

Now that I've looked at the correct profile and looked at your earlier posts, I do remember when you got this computer.  Again, my apology. 

Let's see if a FRST log shows something.  Please download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Title: Re: System restore
Post by: mary3444 on July 23, 2015, 08:46:17 PM
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by mary at 2015-07-23 16:35:58
Running from C:\Users\mary\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2746834754-3399815002-3352236638-500 - Administrator - Disabled)
Guest (S-1-5-21-2746834754-3399815002-3352236638-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2746834754-3399815002-3352236638-1002 - Limited - Enabled)
mary (S-1-5-21-2746834754-3399815002-3352236638-1000 - Administrator - Enabled) => C:\Users\mary

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.1.0.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.1.0.2 - Canon Inc.)
Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSA3100ISandPSA3000IS) (Version: 1.0.0.2 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Photo AIO Printer 922 (HKLM\...\Dell Photo AIO Printer 922) (Version:  - Dell, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.1 - Krzysztof Kowalczyk)
Unity Web Player (HKU\S-1-5-21-2746834754-3399815002-3352236638-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-05-2014 17:23:43 Removed Adobe Reader XI (11.0.06).
06-05-2014 14:29:52 Windows Update
06-05-2014 18:16:17 Removed eBay
08-05-2014 10:17:54 Removed DriverUpdate
08-05-2014 15:58:30 Removed eBay
09-05-2014 07:53:28 Revo Uninstaller Pro's restore point - Mozilla Thunderbird 24.3.0 (x86 en-US)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2011-01-12 18:45 - 00000734 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {272E13E9-BCF8-4A5C-A8D1-9468CACF4FEF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {4D5B8B96-87C9-42F2-BC9E-BF073A18F2CF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {87782E8D-9667-4CF0-AC28-9195EACF2279} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {8FC215A9-657E-4B5A-A761-F43848AF408D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {B445B104-B2F5-4B1D-BF02-4FE0A54FC2AE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {CB7A1E61-F601-438A-92CF-E7CB8910AC73} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {E2C78D9C-F360-433C-875F-F58B99D4C6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2007-01-22 07:18 - 2007-01-22 07:18 - 00059392 _____ () C:\Windows\system32\dlbtcfg.dll
2005-05-25 13:07 - 2005-05-25 13:07 - 00054784 _____ () C:\Windows\system32\dlbtcnv4.dll
2013-07-02 22:51 - 2013-07-02 22:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-05-08 10:22 - 2007-02-19 02:21 - 00121856 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlbtPRPR.DLL
2014-05-08 10:22 - 2007-01-22 02:18 - 00059392 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlbtCFG.DLL
2015-05-06 15:37 - 2015-05-06 15:37 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-06 15:37 - 2015-05-06 15:37 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-23 13:52 - 2015-07-23 13:52 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072301\algo.dll
2014-05-08 10:25 - 2007-01-22 02:18 - 00069632 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTcfg.dll
2014-05-08 10:25 - 2005-09-20 07:40 - 00122880 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTdrec.dll
2015-03-21 15:54 - 2015-03-21 15:54 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-20 16:17 - 2013-12-09 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-26 11:07 - 2015-02-09 10:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-04-24 10:04 - 2012-11-25 22:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 11:07 - 2014-02-18 13:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2746834754-3399815002-3352236638-1000\...\dell.com -> dell.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2746834754-3399815002-3352236638-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 63.135.176.1 - 63.135.176.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: dlbt_device => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DCF45244-D2F6-4C05-B898-26F261AFC49D}] => (Allow) C:\Windows\SysWOW64\dlbtcoms.exe
FirewallRules: [{B6BF248B-9AAE-414F-8DC0-0EBD1CC81E80}] => (Allow) C:\Windows\SysWOW64\dlbtcoms.exe
FirewallRules: [{6FA5A499-6282-4AC0-B582-5FED7929EE96}] => (Allow) C:\Windows\System32\dlbtcoms.exe
FirewallRules: [{556A1854-4DA7-462B-9CAA-E7491CC21E32}] => (Allow) C:\Windows\System32\dlbtcoms.exe
FirewallRules: [{43782154-DB65-47E9-808E-73D03BEC3E9F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbtpswx.exe
FirewallRules: [{D833E475-F8C1-45A8-AB12-492C2F698C0B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbtpswx.exe
FirewallRules: [{5D6E9BC6-F69E-45E1-8A44-36F3757DE5A2}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTmon.exe
FirewallRules: [{E1B7B9EE-87C1-4E7C-A9A5-17FC74363CF0}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTmon.exe
FirewallRules: [{D21BCE5D-4920-45A9-87EA-576E47C7CCF2}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTaiox.exe
FirewallRules: [{FEBE5537-913D-403D-8029-74BDC13143D1}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTaiox.exe
FirewallRules: [{80F2E525-DEB0-4D8E-9986-8C667059103C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{287DCCF2-081B-4522-81B1-7AD372FB394C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F88C2F7-75B1-4004-9B8D-1513240391F6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5524A96A-11A4-4B54-86C6-61FBAA7F5032}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2015 03:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 01:51:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 11:39:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 03:52:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 12:48:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 03:53:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 01:30:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: mbamcore.dll, version: 1.3.11.0, time stamp: 0x5581fc8f
Exception code: 0xc0000005
Fault offset: 0x000bc767
Faulting process id: 0x984
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/21/2015 01:29:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 03:19:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 11:26:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/23/2015 04:36:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:35:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:33:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:31:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:29:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:27:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:25:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:24:15 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:23:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:21:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.


Microsoft Office:
=========================
Error: (07/23/2015 03:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 01:51:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 11:39:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 03:52:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 12:48:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 03:53:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 01:30:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02mbamcore.dll1.3.11.05581fc8fc0000005000bc76798401d0c3e32ef1829aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamcore.dll84fad19c-2fd6-11e5-9fda-9cd21e875842

Error: (07/21/2015 01:29:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 03:19:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 11:26:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 53%
Total physical RAM: 4012.95 MB
Available physical RAM: 1882.2 MB
Total Virtual: 8024.1 MB
Available Virtual: 5470.93 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:822.19 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:21.67 GB) (Free:11.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: A9701912)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)

==================== End of log ============================
Title: Re: System restore
Post by: mary3444 on July 23, 2015, 09:30:13 PM
Corrine
I don't think I did this one but I am not sure.
Thanks
Mary

Edit Note by Corrine:  Duplicate log removed.
Title: Re: System restore
Post by: Corrine on July 23, 2015, 09:36:43 PM
Hi, Mary.

Actually, yes, that is the same log in your first post.  I'll edit it out shortly.  The missing log is FRST.txt which should be on your desktop. 

Regarding the Addition.txt log that you posted, the last Restore Point shown is from last September.  Thus, it seems this may have been a problem for some time.  Also shown in the log is "The file system structure on the disk is corrupt and unusable." with the suggestion to run the chkdsk utility.  So, let's see what chkdsk shows.  Please do the following:

Run the internal disk checker program: 
You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer.  Click "Schedule disk check" and then restart the computer, allowing disk check to run at startup.

To find the disk check log that is produced please do the following:

Please download ListChkdskResult (https://dl.dropboxusercontent.com/u/12354842/My%20Tools/ListChkdskResult.exe) by SleepyDude to the desktop.
Please copy and paste the results in your next reply.
Title: Re: System restore
Post by: mary3444 on July 23, 2015, 10:12:30 PM
I hope this is the right one.

Now for what you just asked me to do: I click start & select Computer but I don't see C. I see OS(C:) but if I hit that I don't see a tools tab. I know I am doing something wrong but I don't know what.

I don't even remember doing a restore on this new computer. My mind must be going.
Thanks Mary


Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by mary at 2015-07-23 16:35:58
Running from C:\Users\mary\Desktop
Boot Mode: Normal

Dupe log removed by Corrine
Title: Re: System restore
Post by: Corrine on July 24, 2015, 12:34:38 AM
Mary, It seems you have a thing for the Addition.txt.  :D 

Let's concentrate on getting chkdsk to run.  See the instructions with images at How to use CHKDSK (Check Disk) (http://www.w7forums.com/threads/how-to-use-chkdsk-check-disk.448/).  Only go as far as "Command Prompt Method".  After your computer restarts, follow the instructions above for ListChkdskResult.
Title: Re: System restore
Post by: mary3444 on July 25, 2015, 08:58:23 PM
Corrine,

I am sorry that what I am doing is wrong. My mind is just not working right as I am getting ready to go in the hospital on 8/11 for a total knee replacement & it seems everything I do is not right. Hope this is what you want.
Thanks
Mary

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 7/25/2015 4:44:53 PM >------
Category: 0
Computer Name: mary-PC
Event Code: 1001
Record Number: 34198
Source Name: Microsoft-Windows-Wininit
Time Written: 07-25-2015 @ 21:42:36
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 3)...
Cleaning up instance tags for file 0x236ae.
  161280 file records processed.                                         

File verification completed.
  844 large file records processed.                                   

  0 bad file records processed.                                     

  0 EA records processed.                                           

  44 reparse records processed.                                     

CHKDSK is verifying indexes (stage 2 of 3)...
  215106 index entries processed.                                       

Index verification completed.
  0 unindexed files scanned.                                       

  0 unindexed files recovered.                                     

CHKDSK is verifying security descriptors (stage 3 of 3)...
  161280 file SDs/SIDs processed.                                       

Cleaning up 1544 unused index entries from index $SII of file 0x9.
Cleaning up 1544 unused index entries from index $SDH of file 0x9.
Cleaning up 1544 unused security descriptors.
Security descriptor verification completed.
  26914 data files processed.                                           

CHKDSK is verifying Usn Journal...
  34202696 USN bytes processed.                                           

Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

 954001407 KB total disk space.
  91712244 KB in 122546 files.
     77896 KB in 26915 indexes.
         0 KB in bad sectors.
    292031 KB in use by the system.
     65536 KB occupied by the log file.
 861919236 KB available on disk.

      4096 bytes in each allocation unit.
 238500351 total allocation units on disk.
 215479809 allocation units available on disk.

Internal Info:
00 76 02 00 e1 47 02 00 0b 44 04 00 00 00 00 00  .v...G...D......
f2 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

-----------------------------------------------------------------------


-----------------------------------------------------------------------
Title: Re: System restore
Post by: Corrine on July 25, 2015, 11:00:26 PM
Perfect, Mary.  That is exactly what I wanted to see, particularly the part that shows "0 KB in bad sectors".  I was just concerned when I saw the multiple entries in the log to run chkdsk but all is well there.

Let's take a fresh look.

Go to Control Panel\All Control Panel Items\System
Select "System Protection"
Select your C Drive [OS (C:) System]
Click "Configure"
Make sure "Restore system settings and previous versions of files" is checked.

Image attached.


Title: Re: System restore
Post by: mary3444 on July 26, 2015, 08:18:42 PM
Corrine

I don't know how to go to Control Panel\All Control Items\System.

When I hit start & then Control Panel I am sure this is not where you want me to go. I am sorry I am this bad on the computer.
I looked at the image but it did not help me.

Thanks
Mary



Title: Re: System restore
Post by: plodr on July 27, 2015, 12:39:16 AM
When you open control panel, if you have icons showing, you should see an icon for system.

If you have Category View, you can change it to icons.
http://www.dummies.com/how-to/content/windows-7-control-panel-features.html
Title: Re: System restore
Post by: mary3444 on July 27, 2015, 08:20:36 PM
OK, I changed to icons. Was able to hit system protection. Now this page says OS C On & Recovery Off but it also says Configuration is disabled by your system administrator so I can't click configure & finish what Corrine told me to do.

Thanks
Mary
Title: Re: System restore
Post by: Corrine on July 27, 2015, 10:57:08 PM
Hi, Mary. 

That did it!  Your wording this time gave me just the right search results for you to fix it!  First off, the link that I will provide you is to information provided by someone who has been providing great, helpful information for many years so don't be nervous.  Second, as you read the page, when you get to the "First Method: Using Group Policy Editor", read that carefully.  Then follow the instructions in that first method.  It will be easiest for you to do.

Are you ready?  Go here:  [Fix] System Restore Point Creation / Configuration Disabled by Group Policy or System Administrator in Windows - AskVG (http://www.askvg.com/fix-system-restore-point-creation-configuration-disabled-by-group-policy-or-system-administrator/).

Let us know how you make out.
Title: Re: System restore
Post by: mary3444 on July 28, 2015, 08:55:04 PM
Corrine,

I must be doing something wrong but I think I did what you said .
I went to System Restore & then read & did what it said under First Method. Went to the start & tried to type in gpedit.msc & I can't put it in. It says no item match your search.

I am sorry to cause you so much problems

Mary
Title: Re: System restore
Post by: Corrine on July 28, 2015, 09:28:34 PM
Just to make sure you didn't mistype it, try copy/pasting gpedit.msc in the search box.  It should show up in the top under programs. 

Otherwise, try typing run in the search box.  Run should show up at the top under Programs.  Click it and when the Run box opens, type gpedit.msc in the space by Open and then click Ok.

The 2nd method is fairly simple but because you aren't familiar with the registry, I didn't want to suggest you do that yourself.  Do you have a friend who has computer experience?  Or do you know how to unzip a file?  If so, you could download the Registry Script at the bottom of the link and run .REG file.
Title: Re: System restore
Post by: Pete! on July 28, 2015, 09:48:35 PM
http://www.askvg.com/how-to-enable-group-policy-editor-gpedit-msc-in-windows-7-home-premium-home-basic-and-starter-editions/
Quote
.......But some Windows 7 editions (Home Premium, Home Basic and Starter) don't come with Group Policy Editor. Only Windows 7 Professional, Enterprise and Ultimate editions come with Group Policy Editor installed.......

Disclaimer: I cannot vouch for the installer recommended at the above link.
See Also: http://answers.microsoft.com/en-us/windows/forum/windows_7-security/how-to-add-group-policy-editor-gpeditmsc-to/fc701400-0b72-4af2-9d50-ecfd69c7d5e4?auth=1
Title: Re: System restore
Post by: mary3444 on July 28, 2015, 09:52:21 PM
Corrine,

I first did the copy/paste in the search box, still the same thing.

I typed run then typed gpedit.msc also copy/paste & came up with Windows cannot find gpedit.msc.

I don't know anyone but you that can help me with this computer. No, I do not know how to unzip a file.
Title: Re: System restore
Post by: Corrine on July 28, 2015, 10:46:51 PM
Thank you, Pete! That explains the problem. 

Mary, I've downloaded the zip file, extracted the registry change and attached it to this post.

Click the attachment named "Enable System Restore.reg".
When prompted, save it to your computer.
When you run it, you will be asked if you want to allow the change.  Click Yes.
You should receive a message that the change was merged to the registry.
Restart your computer and check System Restore.
Title: Re: System restore
Post by: mary3444 on July 29, 2015, 09:07:57 PM
Corrine,


 I did what you said & I now have system restore.

All I wanted to do was go back a few days on system restore because I lost  one of my bookmark folders & I hoped that would bring it back. I don't see on system restore that you can go back a few days. I know this computer is different then my XP was.

In looking at the files you had me send you does everything else look good or have I done something else wrong on here.

I want to thank you & Pete for all the help.

Mary

Title: Re: System restore
Post by: Corrine on July 29, 2015, 09:54:21 PM
Mary, :dance:

Since System Restore was not on, then there is no restore point around the time you lost one of your bookmark folders.  However, now that it is working, why not create a fresh restore point.  Go to System Protection just like you did before and click Create.  Name it something simple like SR Started (meaning System Restore started). 

Could you have accidentally moved the bookmark folder so that it is now inside another folder as a sub-folder?

As to the logs, I haven't seen the FRST.txt log yet.
Title: Re: System restore
Post by: mary3444 on July 30, 2015, 09:45:31 PM
Corrine,

I will make a system restore. I don't know what happened to the bookmark folder but I am not going to worry about it.

I am trying once again to send you the FRST.txt log, just hope I did it right this time.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by mary (administrator) on MARY-PC on 23-07-2015 16:35:27
Running from C:\Users\mary\Desktop
Loaded Profiles: mary (Available Profiles: mary)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
( ) C:\Windows\System32\dlbtcoms.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lexmark International, Inc.) C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTmon.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation)
HKLM\...\Run: [DLBTCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLBTtime.dll,RunDLLEntry
HKLM\...\Run: [dlbtmon.exe] => C:\Program Files (x86)\Dell Photo AIO Printer 922\dlbtmon.exe [431600 2007-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-02] (Qualcomm®Atheros®)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-06] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2746834754-3399815002-3352236638-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2746834754-3399815002-3352236638-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2746834754-3399815002-3352236638-1000 -> DefaultScope {DE448B0F-0203-4766-95DB-86994D5ABBF5} URL =
SearchScopes: HKU\S-1-5-21-2746834754-3399815002-3352236638-1000 -> {8EAC7AD5-B6BC-47FB-AF97-FAAD93037E5B} URL =
SearchScopes: HKU\S-1-5-21-2746834754-3399815002-3352236638-1000 -> {DE448B0F-0203-4766-95DB-86994D5ABBF5} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-10] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-10] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 63.135.176.1 63.135.176.2
Tcpip\..\Interfaces\{43A1639E-D4B3-4C9E-AE1B-5A07AC3A2520}: [DhcpNameServer] 63.135.176.1 63.135.176.2

FireFox:
========
FF ProfilePath: C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\i7v8c085.default
FF DefaultSearchEngine.US: Google
FF Homepage: https://news.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2746834754-3399815002-3352236638-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\mary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Profiles\i7v8c085.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]
CHR Extension: (Docs) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]
CHR Extension: (Google Drive) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-10]
CHR Extension: (YouTube) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-10]
CHR Extension: (Google Search) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-10]
CHR Extension: (Avast Online Security) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
CHR Extension: (Google Wallet) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]
CHR Extension: (Gmail) - C:\Users\mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows (R) Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-06] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-06] (Avast Software)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 dlbt_device; C:\Windows\system32\dlbtcoms.exe [567280 2007-02-28] ( )
R2 dlbt_device; C:\Windows\SysWOW64\dlbtcoms.exe [538096 2007-02-28] ( )
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-24] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-06] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-06] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-06] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-06] ()
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-06] (Avast Software)
S0 RapportKE64; System32\Drivers\RapportKE64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 16:35 - 2015-07-23 16:35 - 00016953 _____ C:\Users\mary\Desktop\FRST.txt
2015-07-23 16:23 - 2015-07-23 16:35 - 00000000 ____D C:\FRST
2015-07-23 16:22 - 2015-07-23 16:22 - 02135552 _____ (Farbar) C:\Users\mary\Desktop\FRST64.exe
2015-07-23 15:59 - 2015-07-23 15:59 - 00000000 ___RD C:\Users\mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-21 13:35 - 2015-07-14 22:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 13:35 - 2015-07-14 22:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 13:35 - 2015-07-14 22:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 13:35 - 2015-07-14 22:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 13:35 - 2015-07-14 21:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 13:35 - 2015-07-14 21:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 13:35 - 2015-07-14 21:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 13:35 - 2015-07-14 21:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 13:35 - 2015-07-14 20:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 13:35 - 2015-07-14 20:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 11:47 - 2015-07-15 11:47 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\182B6936.sys
2015-07-14 14:27 - 2015-06-25 13:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 14:27 - 2015-06-25 12:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 14:27 - 2015-06-20 15:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 14:27 - 2015-06-20 14:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 14:27 - 2015-06-20 14:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 14:27 - 2015-06-20 14:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 14:27 - 2015-06-20 14:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 14:27 - 2015-06-20 14:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 14:27 - 2015-06-20 14:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 14:27 - 2015-06-20 14:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 14:27 - 2015-06-20 14:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 14:27 - 2015-06-20 14:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 14:27 - 2015-06-20 14:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 14:27 - 2015-06-20 14:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 14:27 - 2015-06-20 14:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 14:27 - 2015-06-20 14:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 14:27 - 2015-06-20 14:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 14:27 - 2015-06-20 14:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 14:27 - 2015-06-20 14:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 14:27 - 2015-06-20 13:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 14:27 - 2015-06-20 13:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 14:27 - 2015-06-20 13:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 14:27 - 2015-06-20 13:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 14:27 - 2015-06-20 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 14:27 - 2015-06-20 13:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 14:27 - 2015-06-19 13:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 14:27 - 2015-06-19 13:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 14:27 - 2015-06-19 13:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 14:27 - 2015-06-19 13:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 14:27 - 2015-06-19 13:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 14:27 - 2015-06-19 13:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 14:27 - 2015-06-19 13:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 14:27 - 2015-06-19 13:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 14:27 - 2015-06-19 13:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 14:27 - 2015-06-19 13:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 14:27 - 2015-06-19 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 14:27 - 2015-06-19 12:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 14:27 - 2015-06-19 12:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 14:27 - 2015-06-19 12:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 14:27 - 2015-06-19 12:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 14:27 - 2015-06-19 12:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 14:27 - 2015-06-19 12:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 14:27 - 2015-06-19 12:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 14:27 - 2015-06-19 12:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 14:15 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 14:15 - 2015-07-02 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 14:15 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 14:15 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 14:15 - 2015-07-02 15:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 14:15 - 2015-07-02 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 14:15 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 14:15 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 14:15 - 2015-07-02 15:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 14:15 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 14:15 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 14:15 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 14:01 - 2015-07-09 12:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 14:01 - 2015-07-09 12:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 14:01 - 2015-07-09 12:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 14:01 - 2015-07-09 12:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 14:01 - 2015-07-09 12:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 14:01 - 2015-07-09 12:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 14:01 - 2015-07-09 12:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 14:01 - 2015-07-09 12:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 14:01 - 2015-07-09 12:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 14:01 - 2015-07-09 12:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 14:01 - 2015-07-09 12:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 14:01 - 2015-07-09 12:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 14:01 - 2015-07-09 12:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 14:01 - 2015-07-09 12:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 14:01 - 2015-07-09 12:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 14:01 - 2015-07-09 12:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 14:01 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 14:01 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 14:00 - 2015-06-26 21:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 14:00 - 2015-06-26 21:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 14:00 - 2015-06-26 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 14:00 - 2015-06-26 20:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 14:00 - 2015-06-25 03:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 14:00 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 14:00 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 13:55 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 13:55 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 13:54 - 2015-07-09 12:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 13:54 - 2015-07-09 12:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 13:54 - 2015-07-09 12:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 13:54 - 2015-07-09 12:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 13:54 - 2015-07-09 12:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 13:54 - 2015-07-09 12:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 13:54 - 2015-07-09 12:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 13:54 - 2015-07-09 12:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 13:54 - 2015-07-01 15:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 13:54 - 2015-07-01 15:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 13:54 - 2015-07-01 15:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 13:54 - 2015-07-01 15:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 13:54 - 2015-07-01 15:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 13:54 - 2015-07-01 15:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 13:54 - 2015-07-01 15:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 13:54 - 2015-07-01 15:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 13:54 - 2015-07-01 15:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 13:54 - 2015-07-01 15:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 13:54 - 2015-07-01 15:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 13:54 - 2015-07-01 15:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 13:54 - 2015-07-01 15:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 13:54 - 2015-07-01 15:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 13:54 - 2015-07-01 15:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 13:54 - 2015-07-01 15:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 13:54 - 2015-07-01 15:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 13:54 - 2015-07-01 15:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 13:54 - 2015-07-01 15:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 13:54 - 2015-07-01 15:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 13:54 - 2015-07-01 15:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 13:54 - 2015-07-01 15:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 13:54 - 2015-07-01 15:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 13:54 - 2015-07-01 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 13:54 - 2015-07-01 15:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 13:54 - 2015-07-01 15:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 13:54 - 2015-07-01 14:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 13:54 - 2015-07-01 14:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 13:54 - 2015-07-01 14:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 13:54 - 2015-06-15 16:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 13:54 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 13:54 - 2015-06-15 16:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 13:54 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 13:54 - 2015-06-15 16:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 13:54 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 13:54 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 13:54 - 2015-06-15 16:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 13:54 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 13:54 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 13:54 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 13:54 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-14 13:54 - 2015-04-27 14:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 13:54 - 2015-04-27 14:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 13:54 - 2015-04-27 14:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 13:54 - 2015-04-27 14:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 13:54 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 13:54 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 13:54 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 13:54 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-14 11:48 - 2015-07-14 11:48 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5A3E1BC8.sys
2015-07-13 10:56 - 2015-07-13 10:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\64ED25CF.sys
2015-07-08 15:45 - 2015-07-08 15:45 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-07-05 18:04 - 2015-07-06 13:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 13:02 - 2015-05-19 20:26 - 00033616 ____N (Intel Corporation ) C:\Windows\system32\Drivers\iqvw64e.sys
2015-06-29 13:54 - 2015-06-29 13:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1C966867.sys
2015-06-27 11:42 - 2015-07-23 15:58 - 00003304 _____ C:\Windows\setupact.log
2015-06-27 11:42 - 2015-06-27 11:42 - 00000000 _____ C:\Windows\setuperr.log
2015-06-25 15:52 - 2015-06-25 15:52 - 00000000 __HDC C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}
2015-06-24 07:47 - 2015-06-24 10:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0E1C48AB.sys
2015-06-23 11:50 - 2015-06-23 11:50 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\14953440.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-23 16:22 - 2014-04-24 11:43 - 01865470 _____ C:\Windows\WindowsUpdate.log
2015-07-23 16:12 - 2014-04-24 09:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-23 16:10 - 2014-05-09 18:08 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-23 16:06 - 2014-04-24 10:04 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-07-23 16:06 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 16:06 - 2009-07-13 23:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 15:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-23 11:39 - 2014-05-03 16:29 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-21 17:26 - 2015-06-22 13:17 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-07-21 17:25 - 2014-04-24 09:59 - 00000000 ____D C:\ProgramData\PCDr
2015-07-21 15:52 - 2009-07-13 23:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 13:30 - 2014-05-02 11:00 - 00000000 ____D C:\Users\mary\AppData\Local\CrashDumps
2015-07-17 17:38 - 2014-05-08 10:24 - 00000000 ____D C:\Program Files\Dl_cats
2015-07-15 18:15 - 2015-06-06 18:16 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-15 18:15 - 2015-06-06 18:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-14 17:53 - 2015-05-17 15:59 - 00000000 ____D C:\Users\mary\AppData\Local\Adobe
2015-07-14 17:53 - 2014-04-24 09:46 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 17:53 - 2014-04-24 09:46 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 17:53 - 2014-04-24 09:46 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 15:47 - 2014-12-10 16:41 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-14 15:47 - 2014-05-06 14:30 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-14 15:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-14 14:40 - 2014-05-02 10:22 - 00000000 ____D C:\Windows\system32\MRT
2015-07-08 17:40 - 2014-10-19 15:59 - 00000000 ____D C:\Windows\Minidump
2015-07-08 15:45 - 2014-04-24 09:58 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-07-06 13:53 - 2014-05-02 11:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-06 13:53 - 2010-11-20 22:47 - 00287406 _____ C:\Windows\PFRO.log
2015-07-03 08:43 - 2014-05-02 10:22 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 16:08 - 2014-07-13 16:14 - 00000136 _____ C:\Windows\ODBC.INI
2015-06-27 16:39 - 2014-05-09 18:07 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-27 16:39 - 2014-05-09 18:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-26 10:24 - 2014-05-03 16:24 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-26 10:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2015-06-25 15:52 - 2015-03-21 13:46 - 00003818 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-06-25 15:47 - 2015-03-21 13:46 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-06-23 13:30 - 2010-11-20 22:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-05-09 07:43 - 2014-05-09 08:23 - 6696936 _____ (Dell                                                        ) C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe
2014-04-24 09:51 - 2014-04-24 09:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-05-09 10:28 - 2014-05-09 10:28 - 0003810 _____ () C:\ProgramData\ResPntListUNI.txt
2014-05-09 09:38 - 2014-05-09 09:40 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt

Files to move or delete:
====================
C:\ProgramData\Dell Click 2 Fix+-64-bit-V2546.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 11:25

==================== End of log =========================
Title: Re: System restore
Post by: Corrine on July 30, 2015, 11:25:55 PM
That is what I wanted to see!  There is a finding in the log that I disagree with based on my search that it is legitimate so we're going to leave it. 

My opinion, Mary, is that you are "good to go" after we take care of cleaning up FRST and the logs.

Let's take care of removing the tools used.  You can manually delete the registry file I had you use to fix System Restore and then do the following:

Please download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix).

Ensure the following boxes are checked:
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.hdrcgb.org.uk%2Fg2g%2Fdelfix.jpg&hash=51891b79af25c2742ee9dab79ad6d4c4)
The program will run for a few moments and then notepad will open with a log.   Please paste the log in your next reply and let me know if you have any questions.  Otherwise, my best wishes in your upcoming knee surgery.  Although recovery may be slow, I'm sure you will do fine.
Title: Re: System restore
Post by: mary3444 on July 31, 2015, 09:09:28 PM
Corrine,

I am glad I sent you the right log this time.

I did what you said & am sending it to you.

Thank you, this is my second knee replacement so I know what to expect.

I again want to thank you for being so patient with me. You are my "Computer Angel"

Mary

# DelFix v1.010 - Logfile created 31/07/2015 at 17:04:15
# Updated 26/04/2015 by Xplode
# Username : mary - MARY-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\mary\Desktop\Addition.txt
Deleted : C:\Users\mary\Desktop\FRST.txt
Deleted : C:\Users\mary\Desktop\FRST64.exe
Deleted : C:\Users\mary\Downloads\AdwCleaner.exe
Deleted : C:\Users\mary\Downloads\dds.scr
Deleted : C:\Users\mary\Downloads\JRT(1).exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #15 [Removed Adobe Reader XI (11.0.06). | 05/05/2014 22:23:43]
Deleted : RP #16 [Windows Update | 05/06/2014 19:29:52]
Deleted : RP #17 [Removed eBay | 05/06/2014 23:16:17]
Deleted : RP #18 [Removed DriverUpdate | 05/08/2014 15:17:54]
Deleted : RP #19 [Removed eBay | 05/08/2014 20:58:30]
Deleted : RP #23 [Revo Uninstaller Pro's restore point - Mozilla Thunderbird 24.3.0 (x86 en-US) | 05/09/2014 12:53:28]
Deleted : RP #24 [Scheduled Checkpoint | 07/30/2015 22:18:58]
Deleted : RP #25 [SR | 07/30/2015 23:00:29]
Deleted : RP #26 [Windows Update | 07/31/2015 16:30:02]

New restore point created !

########## - EOF - ##########
Title: Re: System restore
Post by: Corrine on July 31, 2015, 11:58:28 PM
You are so very welcome, Mary.  I'm so glad that we got this fixed.

The best part of that log:  "New restore point created !"