Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-12-2014 Ran by Rostov at 2014-12-20 12:54:18 Run:1 Running from C:\Users\Rostov\Desktop Loaded Profile: Rostov (Available profiles: Rostov) Boot Mode: Normal ============================================== Content of fixlist: ***************** Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /s Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s ***************** ========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ConsentPromptBehaviorAdmin REG_DWORD 0x0 ConsentPromptBehaviorUser REG_DWORD 0x3 EnableInstallerDetection REG_DWORD 0x1 EnableLUA REG_DWORD 0x0 EnableSecureUIAPaths REG_DWORD 0x1 EnableUIADesktopToggle REG_DWORD 0x0 EnableVirtualization REG_DWORD 0x1 PromptOnSecureDesktop REG_DWORD 0x0 ValidateAdminCodeSignatures REG_DWORD 0x0 dontdisplaylastusername REG_DWORD 0x0 legalnoticecaption REG_SZ legalnoticetext REG_SZ scforceoption REG_DWORD 0x0 shutdownwithoutlogon REG_DWORD 0x1 undockwithoutlogon REG_DWORD 0x1 FilterAdministratorToken REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats CF_TEXT REG_DWORD 0x1 CF_BITMAP REG_DWORD 0x2 CF_OEMTEXT REG_DWORD 0x7 CF_DIB REG_DWORD 0x8 CF_PALETTE REG_DWORD 0x9 CF_UNICODETEXT REG_DWORD 0xd CF_DIBV5 REG_DWORD 0x11 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users Default REG_EXPAND_SZ %SystemDrive%\Users\Default Public REG_EXPAND_SZ %SystemDrive%\Users\Public ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 Flags REG_DWORD 0xc State REG_DWORD 0x0 RefCount REG_DWORD 0x1 Sid REG_BINARY 010100000000000512000000 ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\LocalService Flags REG_DWORD 0x0 State REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 ProfileImagePath REG_EXPAND_SZ C:\Windows\ServiceProfiles\NetworkService Flags REG_DWORD 0x0 State REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-764258043-3443933537-1065429426-1000 ProfileImagePath REG_EXPAND_SZ C:\Users\Rostov Flags REG_DWORD 0x0 State REG_DWORD 0x100 Sid REG_BINARY 010500000000000515000000FBA68D2D614146CDB229813FE8030000 ProfileLoadTimeLow REG_DWORD 0x0 ProfileLoadTimeHigh REG_DWORD 0x0 RefCount REG_DWORD 0x1 RunLogonScriptSync REG_DWORD 0x0 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ReportBootOk REG_SZ 1 Shell REG_SZ explorer.exe PreCreateKnownFolders REG_SZ {A520A1A4-1780-4FF6-BD18-167343C5AF16} Userinit REG_SZ C:\Windows\system32\userinit.exe, VMApplet REG_SZ SystemPropertiesPerformance.exe /pagefile AutoRestartShell REG_DWORD 0x1 Background REG_SZ 0 0 0 CachedLogonsCount REG_SZ 10 DebugServerCommand REG_SZ no ForceUnlockLogon REG_DWORD 0x0 PasswordExpiryWarning REG_DWORD 0x5 PowerdownAfterShutdown REG_SZ 0 ShutdownWithoutLogon REG_SZ 0 WinStationsDisabled REG_SZ 0 DisableCAD REG_DWORD 0x1 scremoveoption REG_SZ 0 ShutdownFlags REG_DWORD 0x33 AutoAdminLogon REG_SZ 1 DefaultUserName REG_SZ Rostov LegalNoticeCaption REG_SZ LegalNoticeText REG_SZ DefaultDomainName REG_SZ ROSTOV-KOMPUTER HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63} (domy˜lny) REG_SZ Wireless Group Policy DisplayName REG_EXPAND_SZ @wlgpclnt.dll,-100 ProcessGroupPolicyEx REG_SZ ProcessWLANPolicyEx GenerateGroupPolicy REG_SZ GenerateWLANPolicy DllName REG_EXPAND_SZ wlgpclnt.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861} (domy˜lny) REG_SZ Folder Redirection ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx DllName REG_EXPAND_SZ fdeploy.dll NoMachinePolicy REG_DWORD 0x1 NoSlowLink REG_DWORD 0x1 PerUserLocalSettings REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x0 NoBackgroundPolicy REG_DWORD 0x0 GenerateGroupPolicy REG_SZ GenerateGroupPolicy EventSources REG_MULTI_SZ (Folder Redirection,Application) DisplayName REG_EXPAND_SZ @fdeploy.dll,-261 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66} (domy˜lny) REG_SZ Microsoft Disk Quota DisplayName REG_EXPAND_SZ @%SystemRoot%\System32\dskquota.dll,-100 NoMachinePolicy REG_DWORD 0x0 NoUserPolicy REG_DWORD 0x1 NoSlowLink REG_DWORD 0x1 NoBackgroundPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 PerUserLocalSettings REG_DWORD 0x0 RequiresSuccessfulRegistry REG_DWORD 0x1 EnableAsynchronousProcessing REG_DWORD 0x0 DllName REG_EXPAND_SZ %SystemRoot%\System32\dskquota.dll ProcessGroupPolicy REG_SZ ProcessGroupPolicy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39} (domy˜lny) REG_SZ QoS Packet Scheduler DisplayName REG_EXPAND_SZ @gptext.dll,-201 ProcessGroupPolicy REG_SZ ProcessPSCHEDPolicy DllName REG_EXPAND_SZ gptext.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d} (domy˜lny) REG_SZ Remote Desktop USB Redirection DllName REG_EXPAND_SZ %SystemRoot%\System32\TsUsbRedirectionGroupPolicyExtension.dll RequiresSuccessfulRegistry REG_DWORD 0x1 ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx NoGPOListChanges REG_DWORD 0x1 NoUserPolicy REG_DWORD 0x1 DisplayName REG_EXPAND_SZ @%SystemRoot%\System32\TsUsbRedirectionGroupPolicyExtension.dll,-100 NoBackgroundPolicy REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} (domy˜lny) REG_SZ Internet Explorer Zonemapping ProcessGroupPolicy REG_SZ ProcessGroupPolicyForZoneMap DllName REG_SZ C:\Windows\System32\iedkcs32.dll RequiresSuccessfulRegistry REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 DisplayName REG_SZ @C:\Windows\System32\iedkcs32.dll,-3051 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57} (domy˜lny) REG_SZ Remote Desktop Protocol Extension DllName REG_EXPAND_SZ %SystemRoot%\System32\RdpGroupPolicyExtension.dll RequiresSuccessfulRegistry REG_DWORD 0x1 ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx NoGPOListChanges REG_DWORD 0x1 NoUserPolicy REG_DWORD 0x1 DisplayName REG_EXPAND_SZ @%SystemRoot%\System32\RdpGroupPolicyExtension.dll,-100 NoBackgroundPolicy REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93} (domy˜lny) REG_SZ Windows Search Group Policy Extension ProcessGroupPolicy REG_SZ ProcessGroupPolicy DllName REG_EXPAND_SZ %SystemRoot%\System32\srchadmin.dll RequiresSuccessfulRegistry REG_DWORD 0x1 NoSlowLink REG_DWORD 0x0 NoGPOListChanges REG_DWORD 0x1 NoUserPolicy REG_DWORD 0x0 NoMachinePolicy REG_DWORD 0x0 PerUserLocalSettings REG_DWORD 0x0 EnableAsynchronousProcessing REG_DWORD 0x1 NoBackgroundPolicy REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE} (domy˜lny) REG_SZ Internet Explorer User Accelerators ProcessGroupPolicy REG_SZ ProcessGroupPolicyForActivities DllName REG_SZ C:\Windows\System32\iedkcs32.dll RequiresSuccessfulRegistry REG_DWORD 0x1 ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyForActivitiesEx NoGPOListChanges REG_DWORD 0x1 DisplayName REG_SZ @C:\Windows\System32\iedkcs32.dll,-3051 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A} (domy˜lny) REG_SZ Security DisplayName REG_EXPAND_SZ @(runtime.system32)\scecli.dll,-7650 ProcessGroupPolicy REG_SZ SceProcessSecurityPolicyGPO GenerateGroupPolicy REG_SZ SceGenerateGroupPolicy ExtensionRsopPlanningDebugLevel REG_DWORD 0x1 ProcessGroupPolicyEx REG_SZ SceProcessSecurityPolicyGPOEx ExtensionDebugLevel REG_DWORD 0x1 DllName REG_EXPAND_SZ scecli.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 EnableAsynchronousProcessing REG_DWORD 0x1 MaxNoGPOListChangesInterval REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17} (domy˜lny) REG_SZ Deployed Printer Connections DisplayName REG_EXPAND_SZ @%systemroot%\system32\gpprnext.dll,-1 DllName REG_EXPAND_SZ %systemroot%\system32\gpprnext.dll EnableAsynchronousProcessing REG_DWORD 0x1 ExtensionEventSource REG_SZ GenerateGroupPolicy REG_SZ PrinterGenerateGroupPolicy MaxNoGPOListChangesInterval REG_DWORD 0x0 NoBackgroundPolicy REG_DWORD 0x0 NoGPOListChanges REG_DWORD 0x0 NoMachinePolicy REG_DWORD 0x0 NoSlowLink REG_DWORD 0x1 NotifyLinkTransition REG_DWORD 0x0 NoUserPolicy REG_DWORD 0x0 PerUserLocalSettings REG_DWORD 0x0 ProcessGroupPolicy REG_SZ PrinterProcessGroupPolicy ProcessGroupPolicyEx REG_SZ PrinterProcessGroupPolicyEx RequiresSuccessfulRegistry REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} (domy˜lny) REG_SZ 802.3 Group Policy DisplayName REG_EXPAND_SZ @dot3gpclnt.dll,-100 ProcessGroupPolicyEx REG_SZ ProcessLANPolicyEx GenerateGroupPolicy REG_SZ GenerateLANPolicy DllName REG_EXPAND_SZ dot3gpclnt.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa} (domy˜lny) REG_SZ TCPIP DisplayName REG_EXPAND_SZ @gptext.dll,-204 ProcessGroupPolicy REG_SZ ProcessTCPIPPolicy DllName REG_EXPAND_SZ gptext.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 RequiresSuccessfulRegistry REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} (domy˜lny) REG_SZ Internet Explorer Machine Accelerators ProcessGroupPolicy REG_SZ ProcessGroupPolicyForActivities DllName REG_SZ C:\Windows\System32\iedkcs32.dll RequiresSuccessfulRegistry REG_DWORD 0x1 ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyForActivitiesEx NoGPOListChanges REG_DWORD 0x1 DisplayName REG_SZ @C:\Windows\System32\iedkcs32.dll,-3051 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27} (domy˜lny) REG_SZ IP Security ProcessGroupPolicyEx REG_SZ ProcessIPSECPolicyEx GenerateGroupPolicy REG_SZ GenerateIPSECPolicy DllName REG_EXPAND_SZ %SystemRoot%\System32\polstore.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x0 DisplayName REG_EXPAND_SZ @C:\Windows\system32\polstore.dll,-5012 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a} (domy˜lny) REG_SZ Audit Policy Configuration ProcessGroupPolicyEx REG_SZ ProcessGroupPolicyEx GenerateGroupPolicy REG_SZ GenerateGroupPolicy DllName REG_EXPAND_SZ auditcse.dll NoUserPolicy REG_DWORD 0x1 EnableAsynchronousProcessing REG_DWORD 0x1 MaxNoGPOListChangesInterval REG_DWORD 0x3c0 ForceRefreshFG REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C} (domy˜lny) REG_SZ Enterprise QoS DisplayName REG_EXPAND_SZ @gptext.dll,-203 ProcessGroupPolicy REG_SZ ProcessEQoSPolicy DllName REG_EXPAND_SZ gptext.dll RequiresSuccessfulRegistry REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f} (domy˜lny) REG_SZ CP DisplayName REG_EXPAND_SZ @gptext.dll,-205 ProcessGroupPolicy REG_SZ ProcessConnectivityPlatformPolicy DllName REG_EXPAND_SZ gptext.dll NoUserPolicy REG_DWORD 0x1 NoGPOListChanges REG_DWORD 0x1 RequiresSuccessfulRegistry REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui (domy˜lny) REG_SZ DLLName REG_SZ igfxdev.dll Asynchronous REG_DWORD 0x1 Impersonate REG_DWORD 0x1 Unlock REG_SZ WinlogonUnlockEvent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked ========= End of Reg: ========= ==== End of Fixlog ====