Author Topic: System restore  (Read 8016 times)

0 Members and 1 Guest are viewing this topic.

Offline mary3444

  • Full Member
  • ***
  • Posts: 172
    • View Profile
System restore
« on: July 21, 2015, 09:52:48 PM »
When I went on my computer today I lost one of my Bookmarks folders. I know I did not remove that folder. I thought if I went back 1 day with system restore I could find that folder.

When I went to do a system restore it tells me the system restore has been turned off by your system administrator. To turn on contact you system administrator.

I don't know what that means, I need help

Thanks in advance

Mary

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19714
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: System restore
« Reply #1 on: July 21, 2015, 10:01:34 PM »
You need to be logged on with the Administrator account, which according to your logs is the Joe account:  Administrator - Enabled) => C:\Users\Joe


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline mary3444

  • Full Member
  • ***
  • Posts: 172
    • View Profile
Re: System restore
« Reply #2 on: July 21, 2015, 10:05:24 PM »
Thanks for the fast answer but you just lost me on this one. How do I log on with the Administrator account.

Remember I don't know a thing about this computer

Thanks
Mary

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19714
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: System restore
« Reply #3 on: July 21, 2015, 10:15:30 PM »
According to the logs you've been posting, "Joe" is the Administrator Account for the computers.

The instructions for enabling System Restore (System Protection) are at http://windows.microsoft.com/en-us/windows/turn-system-restore-on-off#1TC=windows-7.  There is also a video at the top of the page.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline mary3444

  • Full Member
  • ***
  • Posts: 172
    • View Profile
Re: System restore
« Reply #4 on: July 22, 2015, 08:30:05 PM »
I went to the instructions for system restore but I must be doing something wrong. I watched the video & read the instructions quite a few times but I still have no luck.

When I go to system properties it says under protection settings OS system ON Recovery OFF but I can't turn it on, when I hit it nothing happens.

I am so sorry to bother you but I just can't figure this out.

ThanksMary

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 611
    • View Profile
Re: System restore
« Reply #5 on: July 22, 2015, 08:51:39 PM »
As Corrine has told you, Joe whomever that is, is the administrator. Only he has the administrative authority to  make major changes to the system, to include a system restore. You have to ask him to login to his account and run the restore. You cannot bypass it, because it was locked by Joe. You can read about how to do it, but your account is locked from changing it.

There is no one here that knows who Joe is or his administrator account passwords and we really can't help you beyond that.  You have to ask Joe.

Do you know Joe? Your father maybe?

Offline mary3444

  • Full Member
  • ***
  • Posts: 172
    • View Profile
Re: System restore
« Reply #6 on: July 22, 2015, 09:09:27 PM »
This is what is driving me crazy. There is no Joe here & never has been. My husband Bob knows less then I do about computers so he would never do anything like that.

I purchased this computer last year so I don't know what to do.

No one else lives in the house except the 2 dogs.

Mary

Offline mary3444

  • Full Member
  • ***
  • Posts: 172
    • View Profile
Re: System restore
« Reply #7 on: July 22, 2015, 09:21:13 PM »
I just went on User Accounts and family safety & on there is shows    Mary/administrator.

Mary

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19714
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: System restore
« Reply #8 on: July 22, 2015, 09:51:59 PM »
Hi, Mary.

I checked your other posts with logs and found ... Edit:  Found that I goofed and was looking at another Mary's logs!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline mary3444

  • Full Member
  • ***
  • Posts: 172
    • View Profile
Re: System restore
« Reply #9 on: July 22, 2015, 10:16:07 PM »
Corrine
I never had a Windows 8 computer. My old computer was a XP & then I got new Windows 7. These are the only computers I have had.

I don't know if you have me confused with someone else. My Dad passed away years ago.

Sorry about all this, I am dumbfounded.

Mary


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19714
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: System restore
« Reply #10 on: July 22, 2015, 10:44:44 PM »
You are so right, Mary.  I'm sorry for the confusion.  I've been helping someone else whose name is Mary and when I saw your post I still had a tab open to the topic I was helping her with and picked up on the admin account from her logs. 

Now that I've looked at the correct profile and looked at your earlier posts, I do remember when you got this computer.  Again, my apology. 

Let's see if a FRST log shows something.  Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • The first time it is run, it will produce two logs in the same directory the tool is run from -- FRST.txt and (Addition.txt.
  • Please copy/paste both logs in your reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline mary3444

  • Full Member
  • ***
  • Posts: 172
    • View Profile
Re: System restore
« Reply #11 on: July 23, 2015, 08:46:17 PM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by mary at 2015-07-23 16:35:58
Running from C:\Users\mary\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2746834754-3399815002-3352236638-500 - Administrator - Disabled)
Guest (S-1-5-21-2746834754-3399815002-3352236638-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2746834754-3399815002-3352236638-1002 - Limited - Enabled)
mary (S-1-5-21-2746834754-3399815002-3352236638-1000 - Administrator - Enabled) => C:\Users\mary

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.1.0.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.1.0.2 - Canon Inc.)
Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSA3100ISandPSA3000IS) (Version: 1.0.0.2 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell Photo AIO Printer 922 (HKLM\...\Dell Photo AIO Printer 922) (Version:  - Dell, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
Mozilla Thunderbird 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.1 - Krzysztof Kowalczyk)
Unity Web Player (HKU\S-1-5-21-2746834754-3399815002-3352236638-1000\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-05-2014 17:23:43 Removed Adobe Reader XI (11.0.06).
06-05-2014 14:29:52 Windows Update
06-05-2014 18:16:17 Removed eBay
08-05-2014 10:17:54 Removed DriverUpdate
08-05-2014 15:58:30 Removed eBay
09-05-2014 07:53:28 Revo Uninstaller Pro's restore point - Mozilla Thunderbird 24.3.0 (x86 en-US)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2011-01-12 18:45 - 00000734 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {272E13E9-BCF8-4A5C-A8D1-9468CACF4FEF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {4D5B8B96-87C9-42F2-BC9E-BF073A18F2CF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {87782E8D-9667-4CF0-AC28-9195EACF2279} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {8FC215A9-657E-4B5A-A761-F43848AF408D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {B445B104-B2F5-4B1D-BF02-4FE0A54FC2AE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {CB7A1E61-F601-438A-92CF-E7CB8910AC73} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {E2C78D9C-F360-433C-875F-F58B99D4C6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2007-01-22 07:18 - 2007-01-22 07:18 - 00059392 _____ () C:\Windows\system32\dlbtcfg.dll
2005-05-25 13:07 - 2005-05-25 13:07 - 00054784 _____ () C:\Windows\system32\dlbtcnv4.dll
2013-07-02 22:51 - 2013-07-02 22:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-05-08 10:22 - 2007-02-19 02:21 - 00121856 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlbtPRPR.DLL
2014-05-08 10:22 - 2007-01-22 02:18 - 00059392 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlbtCFG.DLL
2015-05-06 15:37 - 2015-05-06 15:37 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-06 15:37 - 2015-05-06 15:37 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-23 13:52 - 2015-07-23 13:52 - 02957312 _____ () C:\Program Files\AVAST Software\Avast\defs\15072301\algo.dll
2014-05-08 10:25 - 2007-01-22 02:18 - 00069632 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTcfg.dll
2014-05-08 10:25 - 2005-09-20 07:40 - 00122880 _____ () C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTdrec.dll
2015-03-21 15:54 - 2015-03-21 15:54 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-20 16:17 - 2013-12-09 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-26 11:07 - 2015-02-09 10:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-04-24 10:04 - 2012-11-25 22:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-02-26 11:07 - 2014-02-18 13:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "Application"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+\Parameters => "AppParameters"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2746834754-3399815002-3352236638-1000\...\dell.com -> dell.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2746834754-3399815002-3352236638-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mary\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 63.135.176.1 - 63.135.176.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: dlbt_device => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DCF45244-D2F6-4C05-B898-26F261AFC49D}] => (Allow) C:\Windows\SysWOW64\dlbtcoms.exe
FirewallRules: [{B6BF248B-9AAE-414F-8DC0-0EBD1CC81E80}] => (Allow) C:\Windows\SysWOW64\dlbtcoms.exe
FirewallRules: [{6FA5A499-6282-4AC0-B582-5FED7929EE96}] => (Allow) C:\Windows\System32\dlbtcoms.exe
FirewallRules: [{556A1854-4DA7-462B-9CAA-E7491CC21E32}] => (Allow) C:\Windows\System32\dlbtcoms.exe
FirewallRules: [{43782154-DB65-47E9-808E-73D03BEC3E9F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbtpswx.exe
FirewallRules: [{D833E475-F8C1-45A8-AB12-492C2F698C0B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\dlbtpswx.exe
FirewallRules: [{5D6E9BC6-F69E-45E1-8A44-36F3757DE5A2}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTmon.exe
FirewallRules: [{E1B7B9EE-87C1-4E7C-A9A5-17FC74363CF0}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTmon.exe
FirewallRules: [{D21BCE5D-4920-45A9-87EA-576E47C7CCF2}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTaiox.exe
FirewallRules: [{FEBE5537-913D-403D-8029-74BDC13143D1}] => (Allow) C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTaiox.exe
FirewallRules: [{80F2E525-DEB0-4D8E-9986-8C667059103C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{287DCCF2-081B-4522-81B1-7AD372FB394C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9F88C2F7-75B1-4004-9B8D-1513240391F6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5524A96A-11A4-4B54-86C6-61FBAA7F5032}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2015 03:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 01:51:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 11:39:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 03:52:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 12:48:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 03:53:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 01:30:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: mbamcore.dll, version: 1.3.11.0, time stamp: 0x5581fc8f
Exception code: 0xc0000005
Fault offset: 0x000bc767
Faulting process id: 0x984
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/21/2015 01:29:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 03:19:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 11:26:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/23/2015 04:36:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:35:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:33:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:31:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:29:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:27:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:25:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:24:15 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:23:12 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (07/23/2015 04:21:13 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.


Microsoft Office:
=========================
Error: (07/23/2015 03:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 01:51:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/23/2015 11:39:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 03:52:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/22/2015 12:48:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 03:53:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2015 01:30:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02mbamcore.dll1.3.11.05581fc8fc0000005000bc76798401d0c3e32ef1829aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamcore.dll84fad19c-2fd6-11e5-9fda-9cd21e875842

Error: (07/21/2015 01:29:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 03:19:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2015 11:26:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 53%
Total physical RAM: 4012.95 MB
Available physical RAM: 1882.2 MB
Total Virtual: 8024.1 MB
Available Virtual: 5470.93 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:822.19 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:21.67 GB) (Free:11.29 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: A9701912)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)

==================== End of log ============================

Offline mary3444

  • Full Member
  • ***
  • Posts: 172
    • View Profile
Re: System restore
« Reply #12 on: July 23, 2015, 09:30:13 PM »
Corrine
I don't think I did this one but I am not sure.
Thanks
Mary

Edit Note by Corrine:  Duplicate log removed.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19714
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: System restore
« Reply #13 on: July 23, 2015, 09:36:43 PM »
Hi, Mary.

Actually, yes, that is the same log in your first post.  I'll edit it out shortly.  The missing log is FRST.txt which should be on your desktop. 

Regarding the Addition.txt log that you posted, the last Restore Point shown is from last September.  Thus, it seems this may have been a problem for some time.  Also shown in the log is "The file system structure on the disk is corrupt and unusable." with the suggestion to run the chkdsk utility.  So, let's see what chkdsk shows.  Please do the following:

Run the internal disk checker program: 
  • Click Start and select "Computer"
  • Right-click C:
  • Select the "Tools" tab
  • In the Error-checking area, click "Check Now"
  • Click "Start"
  • Check the option to "Automatically fix file system errors" and click Start.
You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer.  Click "Schedule disk check" and then restart the computer, allowing disk check to run at startup.

To find the disk check log that is produced please do the following:

Please download ListChkdskResult by SleepyDude to the desktop.
  • Double-click on the icon and click Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
Please copy and paste the results in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline mary3444

  • Full Member
  • ***
  • Posts: 172
    • View Profile
Re: System restore
« Reply #14 on: July 23, 2015, 10:12:30 PM »
I hope this is the right one.

Now for what you just asked me to do: I click start & select Computer but I don't see C. I see OS(C:) but if I hit that I don't see a tools tab. I know I am doing something wrong but I don't know what.

I don't even remember doing a restore on this new computer. My mind must be going.
Thanks Mary


Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by mary at 2015-07-23 16:35:58
Running from C:\Users\mary\Desktop
Boot Mode: Normal

Dupe log removed by Corrine