Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Start menu, icons, charm bars, clock missing, customize notification area bad


  • This topic is locked This topic is locked
23 replies to this topic

#1 rustyruscal

rustyruscal

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 08 October 2013 - 10:02 PM

I am missing the start menu, taskbar icons and shortcuts, charm bars, clock and when I click the customize notification area button nothing opens up.  I have Windows Server 2012 and DDS doesn't allow me to install it so here is my hijackthis log.  I have ran Malwarebytes, Spybot, ESET, Trendmicro housecall all with no fixes.  I cant reinstall windows on a live web server so please help me fix this.  I basically have a blank background and an empty taskbar that doesnt do anything.  Start button doesnt work but I am able to do start + R commands to pull up the Run screen.  CTRL ALT DEL just pulls up a blank blue screen from which I can no longer remote desktop connect to and have to shut down the server and turn it back on.  When I right click on the desktop and click sort by Name then all my desktop icons come back temporarily.  I also can not drag and drop things from a folder to the desktop yet I can Cut and Paste to the desktop.  If I try to rearrange icons on the desktop it will not allow me to move them it just has that circle with the line through it icon for the mouse.  Unhide me came back with this which I thought could be relevant:
 
noactivedesktopchanges policy was found and deleted
 
I am stuck so let me know what you can do.  Thank you - Russ -
 
Here is the hijackthis log:
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:04:16 PM, on 10/8/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [Popup] "C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [NetMeter] C:\Software\Net Meter\NetMeter114beta_4.exe
O4 - Global Startup: SuperDoctor III Client.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://iweb.dl.sourceforge.net
O15 - ESC Trusted Zone: http://m.webtrends.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C640C8A-9063-4496-8D3C-0A6966CDA009}: NameServer = 208.70.248.10,67.203.4.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C640C8A-9063-4496-8D3C-0A6966CDA009}: NameServer = 208.70.248.10,67.203.4.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2C640C8A-9063-4496-8D3C-0A6966CDA009}: NameServer = 208.70.248.10,67.203.4.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{2C640C8A-9063-4496-8D3C-0A6966CDA009}: NameServer = 208.70.248.10,67.203.4.2
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSMFramework - Unknown owner - C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files (x86)\SUPERMICRO\SDIII\NTService.exe
O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\Windows\SysWOW64\SD3Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files (x86)\SUPERMICRO\SDIII\Xitami\xisrv32.exe
 
--
End of file - 6628 bytes

Attached Files


Edited by rustyruscal, 08 October 2013 - 10:15 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:06 PM

Posted 13 October 2013 - 10:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/510291 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rustyruscal

rustyruscal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 13 October 2013 - 10:23 PM

I am missing the start menu, taskbar icons and shortcuts, charm bars, clock and when I click the customize notification area button nothing opens up.  I have Windows Server 2012 64 bit and DDS doesn't allow me to install it so here is my hijackthis log.  I have ran Malwarebytes, Spybot, ESET, Trendmicro housecall all with no fixes.  I cant reinstall windows on a live web server so please help me fix this.  I basically have a blank background and an empty taskbar that doesnt do anything.  Start button doesnt work but I am able to do start + R commands to pull up the Run screen.  CTRL ALT DEL just pulls up a blank blue screen from which I can no longer remote desktop connect to and have to shut down the server and turn it back on.  When I right click on the desktop and click sort by Name then all my desktop icons come back temporarily.  I also can not drag and drop things from a folder to the desktop yet I can Cut and Paste to the desktop.  If I try to rearrange icons on the desktop it will not allow me to move them it just has that circle with the line through it icon for the mouse.  Unhide me came back with this which I thought could be relevant:
 
noactivedesktopchanges policy was found and deleted
 
I am stuck so let me know what you can do.  Thank you - Russ -
 
Here is the updated log:
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:19:28 PM, on 10/13/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Administrator\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [Popup] "C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [NetMeter] C:\Software\Net Meter\NetMeter114beta_4.exe
O4 - HKCU\..\Run: [StartMenuX] C:\Program Files\Start Menu X\StartMenuX.exe
O4 - Global Startup: SuperDoctor III Client.lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C640C8A-9063-4496-8D3C-0A6966CDA009}: NameServer = 208.70.248.10,67.203.4.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C640C8A-9063-4496-8D3C-0A6966CDA009}: NameServer = 208.70.248.10,67.203.4.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2C640C8A-9063-4496-8D3C-0A6966CDA009}: NameServer = 208.70.248.10,67.203.4.2
O17 - HKLM\System\CS3\Services\Tcpip\..\{2C640C8A-9063-4496-8D3C-0A6966CDA009}: NameServer = 208.70.248.10,67.203.4.2
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSMFramework - Unknown owner - C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files (x86)\SUPERMICRO\SDIII\NTService.exe
O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\Windows\SysWOW64\SD3Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files (x86)\SUPERMICRO\SDIII\Xitami\xisrv32.exe
 
--
End of file - 6027 bytes
 

Attached Files



#4 rustyruscal

rustyruscal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 19 October 2013 - 01:43 PM

hello?



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:06 PM

Posted 20 October 2013 - 02:23 AM

Hello, my name is Elise and I'll assist you with this issue.

 

Firstly, as this is a server version of Windows, can I assume it is a corporate computer? If so, do you have the appropriate permissions from your company to have this issue addressed on a public forum and possible (non-sensitive) information about the system posted?

 

HijackThis logs are pretty useless in this situation, and the ones you posted do not show any problems. Do you have any idea what triggered this problem?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 rustyruscal

rustyruscal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 20 October 2013 - 01:00 PM

Hello, my name is Elise and I'll assist you with this issue.
 
Firstly, as this is a server version of Windows, can I assume it is a corporate computer? If so, do you have the appropriate permissions from your company to have this issue addressed on a public forum and possible (non-sensitive) information about the system posted?
 
HijackThis logs are pretty useless in this situation, and the ones you posted do not show any problems. Do you have any idea what triggered this problem?


I own the server and the company as it is just a company of one. I built the server as well and have access to all software. However the server is in another state so I would need to everything remotely. I do have an IMPI control hooked up so can do everything remotely as I could if I were there other than change hardware. As far as what happened my server just went offline one night and when I woke up I found that it was shutdown. I booted it up and it had to rebuild the array and everything was successful after that in starting up and the web server working but I was missing all those random features and icons. When I do a control alt delete the screen pops up the blue background that it should but then there are no icons for logoff or task manager switch user and all of that. Let me know what you think? I'm an A+ certified tech and have been working on computers for almost two decades and haven't seen anything quite like this. Is there a way to rebuild all the system files from the ISO CD without overwriting my files. I'm not sure how a reinstall of windows server would work remotely and can't have that downtime if I have to reconfigure everything remotely as well.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:06 PM

Posted 20 October 2013 - 02:00 PM

I doubt this can be done remotely, but lets see if we can find a cause for the problem. I'd like you to run the following tool to see if we can get an eventviewer output.

Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 rustyruscal

rustyruscal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 20 October 2013 - 02:39 PM

Also this problem has started several months ago since I noticed one of the options in the OTC was last modified in 30 days so I am not sure if that is relevant or not.
 
Here are the logs:
 
OTL logfile created on: 10/20/2013 12:17:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Server Standard Edition (full installation)  (Version = 6.2.9200) - Type = NTServer
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
31.97 Gb Total Physical Memory | 21.04 Gb Available Physical Memory | 65.79% Memory free
36.22 Gb Paging File | 24.94 Gb Available in Paging File | 68.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 475.59 Gb Total Space | 178.56 Gb Free Space | 37.54% Space Free | Partition Type: NTFS
 
Computer Name: LOC3COMP1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/10/20 12:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/30 14:35:38 | 000,174,056 | R--- | M] (Oracle Corporation) -- C:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe
PRC - [2012/10/30 14:33:00 | 000,069,632 | R--- | M] () -- C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
PRC - [2012/07/25 20:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2012/05/17 19:08:44 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\SUPERMICRO\SDIII\NTService.exe
PRC - [2012/05/07 10:20:48 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\SD3Service.exe
PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/08 17:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 17:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 17:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 17:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 17:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 17:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/08/07 12:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/06 14:40:42 | 000,080,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 20:08:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:37 | 000,241,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ualsvc.dll -- (UALSVC)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:07:07 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:05:55 | 000,171,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\kpssvc.dll -- (KPSSVC)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:40 | 000,369,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 20:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/30 14:33:00 | 000,069,632 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe -- (MSMFramework)
SRV - [2012/07/25 20:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/25 18:38:36 | 000,083,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\rsopprov.exe -- (RSoPProv)
SRV - [2012/05/17 19:08:44 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SUPERMICRO\SDIII\NTService.exe -- (SuperMicro Health Assistant)
SRV - [2012/05/07 10:20:48 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\SD3Service.exe -- (Supero SD3Service Daemon)
SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2004/07/22 17:20:36 | 000,487,424 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SUPERMICRO\SDIII\xitami\xisrv32.exe -- (Xitami)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/08/09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 18:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 15:15:13 | 000,099,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\MsLbfoProvider.sys -- (MsLbfoProvider)
DRV:64bit: - [2013/06/28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/28 20:04:01 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\winnat.sys -- (WinNat)
DRV:64bit: - [2013/06/10 14:17:46 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/09 18:12:41 | 000,054,000 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\megasas2.sys -- (megasas2)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:39:38 | 000,845,544 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:01:00 | 000,062,192 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2012/07/25 22:01:00 | 000,027,888 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,699,632 | ---- | M] (Emulex) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\elxfcoe.sys -- (elxfcoe)
DRV:64bit: - [2012/07/25 22:00:52 | 000,434,928 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2012/07/25 22:00:52 | 000,382,704 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:49 | 001,964,272 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bfadfcoe.sys -- (bfadfcoe)
DRV:64bit: - [2012/07/25 22:00:49 | 001,963,760 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bfad.sys -- (bfad)
DRV:64bit: - [2012/07/25 22:00:49 | 000,564,976 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxois.sys -- (bxois)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,186,096 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxfcoe.sys -- (bxfcoe)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:59:35 | 000,094,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sacdrv.sys -- (sacdrv)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:54 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wtlmdrv.sys -- (wtlmdrv)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:22 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fcvsc.sys -- (fcvsc)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/25 19:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/25 19:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/25 19:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/25 19:25:04 | 000,131,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\smbdirect.sys -- (smbdirect)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:42 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2012/07/25 19:23:05 | 000,342,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nlb.sys -- (WLBS)
DRV:64bit: - [2012/06/02 07:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/02/11 07:59:34 | 000,334,936 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\RsFx0200.sys -- (RsFx0200)
DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/12/21 15:46:16 | 000,019,056 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smbus.sys -- (SMBus)
DRV:64bit: - [2010/08/16 12:18:32 | 000,012,912 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\memmapnt.sys -- (MemMapNt)
DRV:64bit: - [2010/08/02 11:44:46 | 000,025,712 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\superbmc.sys -- (superbmc)
DRV:64bit: - [2009/11/03 20:37:06 | 000,012,400 | ---- | M] (SuperMicro Computer, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\IsaIoNt.sys -- (ISAIONT)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
 
 
 
 
IE - HKU\S-1-5-21-2180465146-2595449653-48582371-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-2180465146-2595449653-48582371-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKU\S-1-5-21-2180465146-2595449653-48582371-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-2180465146-2595449653-48582371-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2180465146-2595449653-48582371-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2180465146-2595449653-48582371-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/04/17 16:54:31 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mewebmail.localhost
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [Popup] C:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe (LSI)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2180465146-2595449653-48582371-500..\Run: [NetMeter] C:\Software\Net Meter\NetMeter114beta_4.exe ()
O4 - HKU\S-1-5-21-2180465146-2595449653-48582371-500..\Run: [StartMenuX] C:\Program Files\Start Menu X\StartMenuX.exe (OrdinarySoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKU\S-1-5-21-2180465146-2595449653-48582371-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C640C8A-9063-4496-8D3C-0A6966CDA009}: NameServer = 208.70.248.10,67.203.4.2
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /q /v *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/20 12:15:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/10/08 22:03:32 | 004,119,904 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2013/10/08 21:52:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/08 21:46:53 | 005,132,072 | ---- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013/10/08 21:35:42 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Administrator\Desktop\rkill.com
[2013/10/08 21:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu X
[2013/10/08 21:05:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\StartMenuX
[2013/10/08 21:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\StartMenuX
[2013/10/08 21:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\Start Menu X
[2013/10/08 20:36:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/10/08 20:08:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop\Programs
[2013/10/08 19:34:02 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2013/10/08 19:16:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2013/10/08 18:29:20 | 002,467,424 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HousecallLauncher64.exe
[2013/10/08 18:28:30 | 006,630,760 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\TrendMicro_TTi_7.0_TAV_Downloader.exe
[2013/10/08 18:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/10/08 18:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013/10/08 18:03:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2013/10/08 18:00:04 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013/10/08 18:00:04 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Administrator\Desktop\unhide.exe
[2013/10/08 17:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/10/08 15:41:40 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 15:41:40 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/08 15:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/10/08 15:13:27 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/10/08 15:13:26 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/10/08 15:13:25 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/10/08 15:13:25 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2013/10/08 15:13:25 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2013/10/08 15:13:25 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/10/08 15:13:25 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/10/08 15:13:25 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/10/08 15:13:25 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/10/08 15:13:25 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/10/08 15:13:25 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/10/08 15:13:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/10/08 15:13:25 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013/10/08 15:13:25 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/10/08 15:13:24 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/10/08 15:13:24 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/10/08 15:13:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/10/08 15:13:24 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/10/08 15:13:24 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/10/08 15:13:22 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013/10/08 15:13:21 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013/10/08 15:13:21 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/10/08 15:13:21 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/10/08 15:13:21 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/10/08 15:13:21 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appmgr.dll
[2013/10/08 15:13:21 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appmgr.dll
[2013/10/08 15:13:21 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/10/08 15:13:20 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2013/10/08 15:13:20 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2013/10/08 15:13:20 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2013/10/08 15:13:20 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2013/10/08 15:13:20 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2013/10/08 15:13:20 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2013/10/08 13:58:10 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/08 13:58:10 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/08 13:58:06 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/08 13:58:04 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/08 13:58:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/08 13:58:04 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/08 13:58:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/08 13:58:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/08 13:58:02 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/10/08 13:58:02 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/08 13:58:02 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013/10/08 13:58:02 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/08 13:58:02 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2013/10/08 13:58:02 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/08 13:58:02 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/10/08 13:58:02 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/08 13:58:02 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/08 13:58:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/08 13:42:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013/10/08 13:38:42 | 001,620,836 | ---- | C] (FileZilla Project) -- C:\Users\Administrator\Desktop\FileZilla_Server-0_9_41.exe
[2013/10/05 15:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/05 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2013/10/05 15:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/20 12:15:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/10/20 11:49:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/20 08:49:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/16 18:50:26 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/09 00:05:33 | 000,000,628 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol
[2013/10/08 23:30:43 | 291,130,278 | ---- | M] () -- C:\Users\Administrator\Desktop\registry backup 10-9-13.reg
[2013/10/08 22:03:50 | 004,119,904 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2013/10/08 21:47:14 | 001,045,226 | ---- | M] () -- C:\Users\Administrator\Desktop\AdwCleaner.exe
[2013/10/08 21:46:56 | 005,132,072 | ---- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013/10/08 21:35:44 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Administrator\Desktop\rkill.com
[2013/10/08 20:44:37 | 001,177,278 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/08 20:44:37 | 000,944,220 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/08 20:44:37 | 000,226,584 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/08 20:40:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/08 20:38:35 | 000,008,168 | ---- | M] () -- C:\Windows\SysWow64\SuperD.ini
[2013/10/08 20:16:49 | 000,001,424 | ---- | M] () -- C:\Users\Administrator\Desktop\TaskMan.exe - Shortcut.lnk
[2013/10/08 19:47:48 | 000,975,257 | ---- | M] () -- C:\Users\Administrator\AppData\Local\census.cache
[2013/10/08 19:47:39 | 000,132,060 | ---- | M] () -- C:\Users\Administrator\AppData\Local\ars.cache
[2013/10/08 19:41:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\VDMDBG.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SuperMon.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SUPERDLL.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SSLEAY32.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SDRES.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pegslp_client.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\peglistener.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pegexportserver.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pegcommon.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pegclient.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\olepro32.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVCRTD.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVCR71.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVCP60D.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVBVM60.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LIBEAY32.dll
[2013/10/08 19:34:50 | 000,000,036 | ---- | M] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2013/10/08 19:34:03 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com
[2013/10/08 18:53:01 | 289,299,882 | ---- | M] () -- C:\Users\Administrator\Desktop\10-8-13 backup.reg
[2013/10/08 18:29:26 | 002,467,424 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HousecallLauncher64.exe
[2013/10/08 18:28:31 | 006,630,760 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\TrendMicro_TTi_7.0_TAV_Downloader.exe
[2013/10/08 18:13:27 | 002,365,840 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityTaskManager_Setup.exe
[2013/10/08 18:03:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Administrator\Desktop\HijackThis.exe
[2013/10/08 17:50:34 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Administrator\Desktop\unhide.exe
[2013/10/08 17:13:18 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013/10/08 15:38:12 | 000,002,235 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/08 15:37:24 | 000,287,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 13:42:35 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/10/08 13:38:42 | 001,620,836 | ---- | M] (FileZilla Project) -- C:\Users\Administrator\Desktop\FileZilla_Server-0_9_41.exe
[2013/09/22 16:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/22 15:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/22 15:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/22 15:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/22 15:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
 
========== Files Created - No Company Name ==========
 
[2013/10/08 23:30:38 | 291,130,278 | ---- | C] () -- C:\Users\Administrator\Desktop\registry backup 10-9-13.reg
[2013/10/08 21:47:13 | 001,045,226 | ---- | C] () -- C:\Users\Administrator\Desktop\AdwCleaner.exe
[2013/10/08 20:16:49 | 000,001,424 | ---- | C] () -- C:\Users\Administrator\Desktop\TaskMan.exe - Shortcut.lnk
[2013/10/08 19:47:48 | 000,975,257 | ---- | C] () -- C:\Users\Administrator\AppData\Local\census.cache
[2013/10/08 19:47:39 | 000,132,060 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ars.cache
[2013/10/08 19:41:37 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\VDMDBG.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SuperMon.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SUPERDLL.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SSLEAY32.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SDRES.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pegslp_client.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\peglistener.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pegexportserver.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pegcommon.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pegclient.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\olepro32.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVCRTD.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVCR71.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVCP60D.dll
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVBVM60.DLL
[2013/10/08 19:41:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\LIBEAY32.dll
[2013/10/08 19:34:50 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2013/10/08 18:52:56 | 289,299,882 | ---- | C] () -- C:\Users\Administrator\Desktop\10-8-13 backup.reg
[2013/10/08 18:23:49 | 002,365,840 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityTaskManager_Setup.exe
[2013/10/08 15:37:21 | 000,287,584 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 13:42:35 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/10/05 15:40:02 | 000,002,235 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/05 15:40:02 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/05 15:39:54 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/05 15:39:54 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/10 22:17:18 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/19 20:21:31 | 000,000,628 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2013/04/24 17:29:31 | 000,007,597 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013/04/11 21:49:17 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SDRES_ru.dll
[2013/04/11 21:49:17 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\SDRES.dll
[2013/04/11 21:49:17 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\SDRES_zhtw.dll
[2013/04/11 21:49:17 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\SDRES_zhcn.dll
[2013/04/11 21:49:17 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\sndmail.exe
[2013/04/11 21:49:17 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\SD3Service.exe
[2013/04/11 21:49:17 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
[2013/04/11 21:49:17 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\supermon.dll
[2013/04/11 21:49:17 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\SDSNMPReg.exe
[2013/04/11 21:49:17 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\SUPERDLL.DLL
[2013/04/11 21:49:17 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\StartCtl.exe
[2013/04/11 21:49:17 | 000,013,289 | ---- | C] () -- C:\Windows\SysWow64\SuperDOpt.ini
[2013/04/11 21:49:17 | 000,000,767 | ---- | C] () -- C:\Windows\SysWow64\SuperDOpt10G.ini
[2013/04/11 21:49:17 | 000,000,284 | ---- | C] () -- C:\Windows\SysWow64\SuperDOptWIPMI.ini
[2013/04/11 21:49:14 | 000,008,168 | ---- | C] () -- C:\Windows\SysWow64\SuperD.ini
[2013/04/11 21:49:14 | 000,005,164 | ---- | C] () -- C:\Windows\SysWow64\MEMDIMM.ini
[2013/03/21 06:15:15 | 000,951,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/28 13:26:20 | 000,044,302 | ---- | C] () -- C:\Windows\sas_mib.dat
[2012/10/29 10:41:26 | 000,000,102 | ---- | C] () -- C:\Windows\LSI_StorSNMP.ini
[2012/10/29 10:03:28 | 000,038,017 | ---- | C] () -- C:\Windows\sas_ir_mib.dat
[2012/07/26 01:05:07 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 01:05:07 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 00:13:31 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 13:26:04 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 23:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 22:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
< End of report >
 
 
 
 

OTL Extras logfile created on: 10/20/2013 12:17:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Server Standard Edition (full installation)  (Version = 6.2.9200) - Type = NTServer
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
31.97 Gb Total Physical Memory | 21.04 Gb Available Physical Memory | 65.79% Memory free
36.22 Gb Paging File | 24.94 Gb Available in Paging File | 68.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 475.59 Gb Total Space | 178.56 Gb Free Space | 37.54% Space Free | Partition Type: NTFS
 
Computer Name: LOC3COMP1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2180465146-2595449653-48582371-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00405F22-2484-480E-9F8E-981175C84B3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{02B2CCAD-935E-4376-9294-928D7FD3FF27}" = lport=1433 | protocol=6 | dir=in | name=sql server | 
"{0BD1F220-D0ED-4EB2-B99C-FAEA893F7DA6}" = lport=4022 | protocol=6 | dir=in | name=sql service broker | 
"{12605F85-23FA-4955-B450-8BE81994E5B8}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{168BE5F6-5C42-4EC4-A075-71C2015D37BC}" = lport=1434 | protocol=6 | dir=in | name=sql server tcp 1434 | 
"{1C91ECFE-F41D-4198-A4E2-44324DC62281}" = lport=1433 | protocol=17 | dir=in | name=sql 1433 udp - remote access via ip address | 
"{1F8386FC-CA39-438E-83BA-25A1C573D794}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{20A3EC02-0F50-4481-8FCB-A4BA9BAB3780}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{29789E1E-10BD-4C06-BE4D-077C2A6AA563}" = lport=1434 | protocol=17 | dir=in | name=sql browser | 
"{2F94F8D8-673A-46FD-B44D-B41AB0FF5FD5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{337C56C7-F99D-4E93-9A95-7B67B71AB8B7}" = lport=2382 | protocol=6 | dir=in | name=sql browser | 
"{34D4F21F-C295-4589-818B-7BA3CF973256}" = rport=25 | protocol=6 | dir=out | name=smtp tcp 25 port blocked | 
"{38BC1778-1F61-495A-A4ED-67A713E5FC1C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{397C86A7-7D2A-4C32-940C-22A5FDC83176}" = lport=80 | protocol=6 | dir=in | name=open port 80 | 
"{39AC2A91-A8B8-4360-91FF-B4A1A88B1116}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{3AB97B52-E373-4337-BB11-0C88EB24E943}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3ABE21E7-EFB4-4270-A73F-DA8AD21351F0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{47D51E14-E609-47F3-96CC-D5539F9FD828}" = lport=138 | protocol=17 | dir=in | app=system | 
"{52D5FBF7-AF77-4027-8A29-7BC9957685BE}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 
"{59B234E6-276A-4961-AF7F-C06BDC348641}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5B2CFDD9-069A-4834-BF8C-543F045AA935}" = lport=443 | protocol=6 | dir=in | name=ssl | 
"{5BE69746-85CE-47E5-B420-E5D62BF9513F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{609F263E-A5FF-4466-AF32-F81139C63667}" = lport=135 | protocol=6 | dir=in | name=sql debugger/rpc | 
"{6B0E9F6E-FCE9-40CE-B655-23DC22CD9A98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6BD0FA66-F966-4E79-AAD0-A40AB5052C8D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7083A3E0-69E5-49C8-8833-06C9D21ADE97}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7102EC72-5D00-4978-ADB6-8AE023AB7FEF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7804B56A-6857-4C74-8D6F-C56C4EA18967}" = lport=138 | protocol=17 | dir=in | app=system | 
"{78A386EA-30DB-47A2-A8FD-2AEA38FB814F}" = lport=1433 | protocol=6 | dir=in | name=sql 1433 - remote access via ip address | 
"{846C905F-E724-42C0-8CA9-A6DBE3CE9C29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9253521E-CBA4-4342-9DB9-4AC9B2A419F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{95115FAE-86C5-4347-BE26-7F618520D20B}" = lport=1434 | protocol=17 | dir=in | name=sql server udp 1434 | 
"{9DFD59BC-0835-46FB-B3BF-00AA6CC0B312}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{9E1F8CD7-C106-4D11-80D1-A17489A2E20A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9E2AA737-600F-4CED-8C66-423439E548FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9FB5EF64-E004-4BBB-94D3-6F1451B2448B}" = lport=2383 | protocol=6 | dir=in | name=analysis services | 
"{ACFA7DBF-18BF-4921-8CA5-97B246852A36}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B88326E5-1FE4-4F98-B942-7A40B069D99B}" = lport=80 | protocol=6 | dir=in | name=http | 
"{C122F489-0039-4F54-85B0-FC40674F089B}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C2359707-D6BF-477C-B5B0-43C48220A7EC}" = lport=1434 | protocol=6 | dir=in | name=sql admin connection | 
"{CAA37FF9-87D6-4183-8D50-4B723B5CD475}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{CFC39E93-F3C9-46FA-A1FD-C699BC63E257}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D5C289AE-D1F1-4ADE-AB41-9E9696BE2D28}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DD6DC92A-F3CA-4DB0-8A02-F2E60E97834D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DDA122E2-3A42-4355-A3F1-B8C3FB5E0FD0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E260EAF7-CD50-46C0-9B2D-DE16F433FC01}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{EA35A795-0021-4EDD-8961-AB9952539BFD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FDF55703-9FBC-46ED-91A0-CF9DCEAB46CD}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{FF8A1369-6F89-4EFC-BB6B-7E6EC1852B43}" = lport=5357 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{199CC1DC-07BC-4BED-900B-7F46A6EAF5AB}" = protocol=6 | dir=in | app=c:\program files\thinix\retroui\retrouistart.exe | 
"{28C07838-F918-4349-8CFB-D15EB1C1CE17}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3C946CE6-44CB-4053-8895-65D052FC1FE3}" = protocol=17 | dir=in | app=c:\program files\thinix\retroui\retrouistart.exe | 
"{91598682-3D7F-4CCB-9282-B0C89FCA9EFE}" = protocol=17 | dir=in | app=c:\program files\thinix\retroui\settings.exe | 
"{A8949E1C-8C57-4C5C-87C9-776392725C12}" = protocol=6 | dir=in | app=c:\program files\thinix\retroui\settings.exe | 
"{B3854C3A-BE49-4531-92DA-046EC147BA68}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B4005417-B4EE-4BD3-971F-6CDD2CE95219}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B7579C3A-B807-4369-9CB6-4D288CE794CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033DFDB6-AAFA-4AF0-B5CA-93276FA910EF}" = SQL Server 2012 Distributed Replay
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}" = SQL Server 2012 Database Engine Services
"{1ABA92B0-CD1F-478B-A351-415F79B2A9E6}" = SQL Server 2012 Data quality service
"{1D411379-9CE0-4B13-A19B-72D3222DD620}" = SQL Server 2012 Common Files
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}" = SQL Server 2012 Common Files
"{22BCA430-2A68-4678-9824-184F3839948F}" = SQL Server 2012 Integration Services
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}" = SQL Server 2012 Management Studio
"{301DAC0A-285C-4BB1-A68E-7393673E9E69}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{34A7A77A-A23D-44ED-B3B6-EC8198BE2622}" = SQL Server 2012 Full text search
"{3652FFB5-6F97-4113-9420-1A09A13FDDC8}" = SQL Server 2012 Distributed Replay
"{36BF5D42-BF68-4E0C-A165-A4C6E9841F4A}" = SQL Server 2012 Integration Services
"{38661DD1-576D-48CA-A188-F97819D5B5FB}" = SQL Server 2012 Data quality service
"{3C50A8F3-6BB8-44E8-9B8B-D3696561DF2E}" = SQL Server 2012 Data quality client
"{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}" = Microsoft VSS Writer for SQL Server 2012
"{3E494002-985C-4908-B72C-5B4DD15BE090}_is1" = Start Menu X version 4.97
"{458707CD-9D7A-477F-B925-02242A29673B}" = Microsoft Web Platform Installer 4.5
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client 
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}" = SQL Server 2012 Database Engine Shared
"{656E214E-B73F-458C-AD64-ED316F008207}" = SQL Server 2012 BI Development Studio
"{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}" = SQL Server 2012 Database Engine Shared
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6B3840D6-4B8F-4E74-9202-9CE36DA94E99}" = SQL Server 2012 Client Tools
"{7272DF1C-2F88-43AC-A481-84DD67DF9746}" = SQL Server 2012 Documentation Components
"{74E7AE48-2396-4779-9642-B4B015A806EC}" = SQL Server 2012 Distributed Replay
"{7842C220-6E9A-4D5A-AE70-0E138271F883}" = SQL Server 2012 Client Tools
"{80162C08-0FA6-4656-9685-AD88C6527F0B}" = SQL Server 2012 Data quality client
"{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}" = SQL Server 2012 Database Engine Services
"{8CB0713F-CFE0-445D-BCB2-538465860E1A}" = Microsoft SQL Server 2012 Setup (English)
"{91C4DE4A-CE48-4F8B-9D73-D2BFB619FB88}" = SQL Server 2012 RS_SharePoint_SharedService
"{9674CB74-4808-4B59-B79D-9AB501F23279}" = SQL Server 2012 Analysis Services
"{A0F05048-7653-4FCD-9F3A-C740E4052ACE}" = Microsoft SQL Server 2012 RsFx Driver
"{A7037EB2-F953-4B12-B843-195F4D988DA1}" = SQL Server 2012 Management Studio
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{B3192F55-2CE8-4C8E-9E40-D3B4998276B2}" = SQL Server 2012 Documentation Components
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files 
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service 
"{BED1EA3D-592D-4305-9D1F-20F03726EFC1}" = Sql Server Customer Experience Improvement Program
"{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{CECA0188-BD7A-43EF-B1F7-DDF719099C46}" = SQL Server 2012 Documentation Components
"{D05595D6-8288-4DF8-A911-FD8D76268815}" = SQL Server 2012 Distributed Replay
"{D307B5CF-D1F0-48A4-8DA3-54765F535208}" = SQL Server 2012 SQL Data Quality Common
"{DCCB1789-1DA0-4E3A-A52F-7815B602CC98}" = SQL Server 2012 Reporting Services
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EB675D0A-2C95-405B-BEE8-B42A65D23E11}" = IIS URL Rewrite Module 2
"{EE1B54D1-BFBC-4C19-8D66-E0AF3E967896}" = SQL Server 2012 BI Development Studio
"{F14401A9-F0A0-33CC-8444-F60823A60DEB}" = Microsoft Visual Studio Tools for Applications x64 Runtime 3.0
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{FB1349FD-D102-4722-9F0A-2543670FF7FB}" = SQL Server 2012 Analysis Services
"{FCD81E1A-6ED6-4F19-A572-82FFE102654E}" = SQL Server 2012 Reporting Services
"CCleaner" = CCleaner
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 11" = Microsoft SQL Server 2012 (64-bit)
"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012D26C3-E12A-3BDA-8ECE-DF14E721A507}" = Microsoft Visual Studio 2010 Shell (Integrated) - ENU
"{037a3c70-cc6a-4ae2-aa0e-70eb68ea81d5}" = Microsoft ASP.NET MVC 4
"{191A6F65-6878-398D-A272-EF011B80F371}" = Microsoft Visual Studio Tools for Applications x86 Runtime 3.0
"{26552587-CA45-434B-927B-66CB2A58F842}" = MegaRAID Storage Manager v13.01.04.00
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4B9E6EB0-0EED-4E74-9479-F982C3254F71}" = SQL Server Browser for SQL Server 2012
"{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}" = Microsoft Visual Studio Tools for Applications Design-Time 3.0
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{67ED4F6B-BE85-410B-A60E-793CEB7D7DAD}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{79918EFC-5E93-4798-A8F6-F43851D01456}" = SuperDoctor III
"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT 
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CCE40CE-A9E6-4916-8729-B008558EEF3F}" = Microsoft Report Viewer 2012 Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types
"{cb29be6c-39c4-493e-9da7-d585d5353714}" = Microsoft ASP.NET Web Pages 2
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D64B6984-242F-32BC-B008-752806E5FC44}" = Microsoft Visual Studio 2010 Shell (Isolated) - ENU
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects 
"{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}" = Microsoft SQL Server 2012 Policies 
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3BBC56F-2282-4464-952F-A89772181F30}" = Microsoft SQL Server Data Tools – Database Projects – Web installer entry point
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.7.3
"Google Chrome" = Google Chrome
"InstallShield_{26552587-CA45-434B-927B-66CB2A58F842}" = 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Security Task Manager" = Security Task Manager 1.8g
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/19/2013 5:00:00 AM | Computer Name = LOC3COMP1 | Source = Application Error | ID = 1000
Error - 10/19/2013 5:00:00 AM | Computer Name = LOC3COMP1 | Source = VsJITDebugger
 | ID = 4096
 
Description = An unhandled exception ('System.IO.FileNotFoundException') occurred in SQLPS.exe [5320]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on.
 
Check the documentation index for 'Just-in-time debugging, errors' for more information.
Error - 10/19/2013 6:00:08 AM | Computer Name = LOC3COMP1 | Source = SideBySide 
| ID = 16842830
 
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Error - 10/20/2013 5:00:01 AM | Computer Name = LOC3COMP1 | Source = Application
 Error | ID = 1000
 
Error - 10/20/2013 5:00:01 AM | Computer Name = LOC3COMP1 | Source = VsJITDebugger | ID = 4096
Description = An unhandled exception ('System.IO.FileNotFoundException') occurred
 in SQLPS.exe [2428]. Just-In-Time debugging this exception failed with the following
 error: Debugger could not be started because no user is logged on.  Check the documentation
 index for 'Just-in-time debugging, errors' for more information.
 
[ System Events ]
Error - 10/15/2013 7:05:01 AM | Computer Name = LOC3COMP1 | Source = Schannel | ID = 36874
Description = An TLS 1.2 connection request was received from a remote client application,
 but none of the cipher suites supported by the client application are supported
 by the server. The SSL connection request has failed.
 
Error - 10/15/2013 7:05:01 AM | Computer Name = LOC3COMP1 | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 40. The Windows SChannel error state is 1205.
 
Error - 10/15/2013 7:05:02 AM | Computer Name = LOC3COMP1 | Source = Schannel | ID = 36874
Description = An TLS 1.2 connection request was received from a remote client application,
 but none of the cipher suites supported by the client application are supported
 by the server. The SSL connection request has failed.
 
Error - 10/15/2013 7:05:02 AM | Computer Name = LOC3COMP1 | Source = Schannel | ID = 36888
Description = A fatal alert was generated and sent to the remote endpoint. This 
may result in termination of the connection. The TLS protocol defined fatal error
 code is 40. The Windows SChannel error state is 1205.
 
Error - 10/20/2013 3:14:31 PM | Computer Name = LOC3COMP1 | Source = UmrdpService | ID = 1111
Description = Driver HP ePrint required for printer HP ePrint is unknown. Contact
 the administrator to install the driver before you log in again.
 
Error - 10/20/2013 3:14:31 PM | Computer Name = LOC3COMP1 | Source = UmrdpService | ID = 1111
Description = Driver doPDF 7 Printer Driver required for printer doPDF v7 is unknown.
 Contact the administrator to install the driver before you log in again.
 
Error - 10/20/2013 3:14:33 PM | Computer Name = LOC3COMP1 | Source = UmrdpService | ID = 1111
Description = Driver HP Photosmart 7510 series required for printer HP Photosmart
 7510 series (Network) is unknown. Contact the administrator to install the driver
 before you log in again.
 
Error - 10/20/2013 3:14:33 PM | Computer Name = LOC3COMP1 | Source = UmrdpService | ID = 1111
Description = Driver HP DeskJet 930C/932C/935C required for printer HP DeskJet 930C/932C/935C
 is unknown. Contact the administrator to install the driver before you log in again.
 
Error - 10/20/2013 3:14:33 PM | Computer Name = LOC3COMP1 | Source = UmrdpService | ID = 1111
Description = Driver HP Photosmart 7510 series required for printer HP Photosmart
 7510 series is unknown. Contact the administrator to install the driver before 
you log in again.
 
Error - 10/20/2013 3:14:34 PM | Computer Name = LOC3COMP1 | Source = UmrdpService | ID = 1111
Description = Driver Send To Microsoft OneNote 2010 Driver required for printer 
Send To OneNote 2010 is unknown. Contact the administrator to install the driver
 before you log in again.
 
 
< End of report >
 

Edited by rustyruscal, 20 October 2013 - 02:42 PM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:06 PM

Posted 20 October 2013 - 03:35 PM

No, that is no issue, the files at this point aren't really important. Have you checked out the hardware (especially disk or disks if you use a RAID setup)? This might be hard to do remotely, but it couldn't hurt to start there.

I realize this may be difficult given the fact that you have no access to the server, depending a bit on your setup, but I'd concentrate on hardware issues rather than software first here.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 rustyruscal

rustyruscal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 20 October 2013 - 04:35 PM

Yes all hardware appears to be functioning properly.  The raid 1+0 setup all four drives are online and in optimal condition.  Do you have any other ideas?



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:06 PM

Posted 21 October 2013 - 02:06 AM

Have you tried a simple sfc /scannow?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 rustyruscal

rustyruscal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 22 October 2013 - 11:51 PM

Yes I tried it before a while back and since you suggested it I went ahead and ran it again.  Everything came back good on the check.



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:06 PM

Posted 23 October 2013 - 01:49 AM

Have you tried to manually change the start menu/notification area settings (right click start menu and select Properties)?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 rustyruscal

rustyruscal
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 23 October 2013 - 02:11 AM

I dont have a start menu anymore.  I have a completely empty task bar which I right click on and goto properties and when I click that customize button the prompt just flickers and nothing opens.  If you look at my very first post you will see some of the other random weird options that have been disabled from my computer.  I had to download a program called Start Menu X just to replicate what a start button would do since none of the charms buttons work and I cant put any shortcuts on my task bar anymore.  Let me know if you have any other ideas.  Thank you for the help.



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,204 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:06 PM

Posted 23 October 2013 - 05:08 AM

You could try to create a new userprofile and see if that displays normally. That way you can narrow down the problem to user-only or system.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users