Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-11-2014 Ran by admin at 2014-11-07 17:18:58 Run:2 Running from C:\Users\admin\Desktop Loaded Profile: admin (Available profiles: admin & student & Administrator) Boot Mode: Normal ============================================== Content of fixlist: ***************** Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /s Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" Reg: reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts" /s ***************** ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Users Default REG_EXPAND_SZ %SystemDrive%\Users\Default Public REG_EXPAND_SZ %SystemDrive%\Users\Public ProgramData REG_EXPAND_SZ %SystemDrive%\ProgramData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 Flags REG_DWORD 0xc State REG_DWORD 0x0 RefCount REG_DWORD 0x1 Sid REG_BINARY 010100000000000512000000 ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService Flags REG_DWORD 0x0 State REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService Flags REG_DWORD 0x0 State REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3702316430-553723284-2002759146-1000 ProfileImagePath REG_EXPAND_SZ C:\Users\admin Flags REG_DWORD 0x0 State REG_DWORD 0x0 Sid REG_BINARY 0105000000000005150000008EDDACDC94250121EAAD5F77E8030000 ProfileLoadTimeLow REG_DWORD 0x0 ProfileLoadTimeHigh REG_DWORD 0x0 RefCount REG_DWORD 0x2 RunLogonScriptSync REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3702316430-553723284-2002759146-1001 ProfileImagePath REG_EXPAND_SZ C:\Users\student Flags REG_DWORD 0x0 State REG_DWORD 0x0 Sid REG_BINARY 0105000000000005150000008EDDACDC94250121EAAD5F77E9030000 ProfileLoadTimeLow REG_DWORD 0x0 ProfileLoadTimeHigh REG_DWORD 0x0 RefCount REG_DWORD 0x0 RunLogonScriptSync REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3702316430-553723284-2002759146-500 ProfileImagePath REG_EXPAND_SZ C:\Users\Administrator Flags REG_DWORD 0x0 State REG_DWORD 0x100 Sid REG_BINARY 0105000000000005150000008EDDACDC94250121EAAD5F77F4010000 ProfileLoadTimeLow REG_DWORD 0x0 ProfileLoadTimeHigh REG_DWORD 0x0 RefCount REG_DWORD 0x0 RunLogonScriptSync REG_DWORD 0x0 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ConsentPromptBehaviorAdmin REG_DWORD 0x2 ConsentPromptBehaviorUser REG_DWORD 0x1 EnableInstallerDetection REG_DWORD 0x1 EnableLUA REG_DWORD 0x1 EnableSecureUIAPaths REG_DWORD 0x1 EnableVirtualization REG_DWORD 0x1 PromptOnSecureDesktop REG_DWORD 0x1 ValidateAdminCodeSignatures REG_DWORD 0x0 dontdisplaylastusername REG_DWORD 0x0 legalnoticecaption REG_SZ legalnoticetext REG_SZ scforceoption REG_DWORD 0x0 shutdownwithoutlogon REG_DWORD 0x1 undockwithoutlogon REG_DWORD 0x1 FilterAdministratorToken REG_DWORD 0x0 EnableUIADesktopToggle REG_DWORD 0x0 HideFastUserSwitching REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats CF_TEXT REG_DWORD 0x1 CF_BITMAP REG_DWORD 0x2 CF_OEMTEXT REG_DWORD 0x7 CF_DIB REG_DWORD 0x8 CF_PALETTE REG_DWORD 0x9 CF_UNICODETEXT REG_DWORD 0xd CF_DIBV5 REG_DWORD 0x11 ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ReportBootOk REG_SZ 1 Shell REG_SZ explorer.exe Userinit REG_SZ C:\Windows\system32\userinit.exe, VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl" AutoRestartShell REG_DWORD 0x1 LegalNoticeCaption REG_SZ LegalNoticeText REG_SZ PowerdownAfterShutdown REG_SZ 0 ShutdownWithoutLogon REG_SZ 0 cachedlogonscount REG_SZ 10 forceunlocklogon REG_DWORD 0x0 passwordexpirywarning REG_DWORD 0xe Background REG_SZ 0 0 0 DebugServerCommand REG_SZ no WinStationsDisabled REG_SZ 0 DisableCAD REG_DWORD 0x1 scremoveoption REG_SZ 0 ShutdownFlags REG_DWORD 0x27 AutoAdminLogon REG_SZ 0 DefaultUserName REG_SZ student DefaultDomainName REG_SZ DELL-13-01 LogonType REG_DWORD 0x1 AllowMultipleTSSessions REG_DWORD 0x0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked ========= End of Reg: ========= ========= reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts" /s ========= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList Administrator REG_DWORD 0x1 ========= End of Reg: ========= ==== End of Fixlog ====