Jump to content

Recommended Posts

OTL Extras logfile created on: 9/8/2014 3:59:37 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = D:\

64bit- Server Standard Edition (full installation)  (Version = 6.2.9200) - Type = NTDomainController

Internet Explorer (Version = 9.11.9600.17126)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.94 Gb Total Physical Memory | 7.04 Gb Available Physical Memory | 88.70% Memory free

9.19 Gb Paging File | 7.92 Gb Available in Paging File | 86.20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 869.14 Gb Total Space | 850.25 Gb Free Space | 97.83% Space Free | Partition Type: NTFS

Drive D: | 7.45 Gb Total Space | 7.39 Gb Free Space | 99.14% Space Free | Partition Type: FAT32

 

Computer Name: NASVR01 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0E75316F-9C50-4A02-A98E-52D1ADE77AE3}" = rport=5358 | protocol=6 | dir=out | app=system | 

"{129D8B13-2DBB-4731-8BC4-E52056BE3951}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 

"{17C905EE-2079-44B2-AB79-B26CB9EEFA26}" = lport=138 | protocol=17 | dir=in | app=system | 

"{199CDB97-9420-44AA-93FF-2122FF4B8705}" = lport=5358 | protocol=6 | dir=in | app=system | 

"{39360617-2067-442E-8BC2-D0489B93F2D3}" = lport=5357 | protocol=6 | dir=in | app=system | 

"{396BDD63-278F-4DA2-A58E-A5F8AB8E31BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{3AE366D8-791D-4C5E-82D8-8ABF4C03368E}" = rport=138 | protocol=17 | dir=out | app=system | 

"{41B3E123-401C-4ED8-A8D3-4A8FB89E478D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{56D6C762-11C8-4F6C-BCF9-09CCBBF74F84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{582A8A42-F997-4294-B913-F15E9FB5CB42}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe | 

"{59E6B71E-7B8B-4FA7-9989-471CB10CE5EF}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{6643F632-CC50-446F-9EBE-4AC840274C21}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{6A56C0EF-EABC-4FD2-9E62-28AE297A92C6}" = rport=137 | protocol=17 | dir=out | app=system | 

"{79B5882D-8B5D-480E-985D-85657060D6AD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{83D4F0E4-5D93-445E-B390-59EB2680C54B}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{A954268C-D1B6-44DB-8700-ADBBB2DA14BD}" = lport=137 | protocol=17 | dir=in | app=system | 

"{AE155899-133F-499F-ABEB-8F48A569F560}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{D8196170-2125-446A-A0E4-C9423F9F493E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"{DB7BA9CA-AC04-4F67-8AD4-BD71B147CB65}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{EE489B02-E70A-4097-A74C-7F150ED7E878}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{F9AA8FF8-0B41-4794-AFC7-FDD0B17FC706}" = rport=5357 | protocol=6 | dir=out | app=system | 

"{FC9F492D-9297-47B6-8D70-97DA67490D3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{060E1A31-5E0D-4B12-AD6F-E4D2F85456F7}" = protocol=6 | dir=in | app=c:\pcbp\wbps.exe | 

"{1A451937-4F97-43E9-8B7C-E7276689E4B7}" = protocol=6 | dir=in | app=%systemroot%\system32\rdpsa.exe | 

"{2EDE2FD0-11AE-4797-A04C-66F77E83FF95}" = protocol=1 | dir=in | name=unitrends allow v4 pings | 

"{30506E8B-EAD4-4A3A-BF98-D2832E0976E2}" = protocol=17 | dir=in | app=c:\pcbp\exchange.dir\cepservice.exe | 

"{3FEBFD15-91FC-4738-977F-FFE13AC3890B}" = protocol=17 | dir=in | app=c:\pcbp\bpnetd.exe | 

"{42860896-6D53-4D16-B52F-AA21A77AF051}" = protocol=6 | dir=in | app=c:\pcbp\wbpr.exe | 

"{57F8F041-1E61-47C9-ABF1-F95AAA208760}" = protocol=6 | dir=in | app=c:\pcbp\bpnetd.exe | 

"{6A02AA9E-F63E-40B8-A015-E789D0F0FC7E}" = protocol=6 | dir=in | app=c:\pcbp\exchange.dir\cepservice.exe | 

"{6E10B227-10FC-42D7-8F6C-6C03F785BBE1}" = protocol=6 | dir=in | app=c:\pcbp\sql.dir\ssb.exe | 

"{7F025700-A191-44B4-A5C9-958D825ED318}" = protocol=17 | dir=in | app=c:\pcbp\wbpr.exe | 

"{8357240A-8F0F-4931-B75B-A5CEFD806BD1}" = protocol=6 | dir=in | app=c:\pcbp\exchange.dir\bpbrick.exe | 

"{9A31BE40-6BBF-41B2-B1E6-DF0EC26497B4}" = protocol=6 | dir=in | app=c:\pcbp\putty.exe | 

"{9D5422AD-5655-4A00-B2DD-A0B6FA60ABC1}" = protocol=17 | dir=in | app=c:\pcbp\putty.exe | 

"{C1FED0D1-668E-4314-8010-F4FE97FF358B}" = protocol=17 | dir=in | app=c:\pcbp\exchange.dir\bpbrick.exe | 

"{D0C4847F-63ED-4392-AB65-DE5DB1EA7AFA}" = protocol=17 | dir=in | app=c:\pcbp\exchange.dir\bpexch.exe | 

"{D6E1A16C-2158-4585-B021-D170FE0E2750}" = protocol=17 | dir=in | app=c:\pcbp\wbps.exe | 

"{F38A119E-212B-46B0-9287-8D2B70C54E6E}" = protocol=17 | dir=in | app=c:\pcbp\sql.dir\ssb.exe | 

"{F92F41BA-7466-4C74-BDBC-EEC18D63C2B1}" = protocol=6 | dir=in | app=c:\pcbp\exchange.dir\bpexch.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{272473BB-94C1-44DB-9756-735156B3F457}" = Unitrends Agent 7.4.0.0.20140415_64 bit

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{F8511796-1457-4A92-BEF7-71080FCF297A}" = LogMeIn

"Google Chrome" = Google Chrome

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012

"Matrox Vista Driver Uninstaller" = Matrox Graphics Software (remove only)

 

========== Last 20 Event Log Errors ==========

 

[ Active Directory Web Services Events ]

Error - 6/17/2014 11:15:52 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

Error - 6/18/2014 8:54:19 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

Error - 6/18/2014 8:55:19 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

Error - 6/18/2014 8:56:19 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

Error - 8/11/2014 8:50:31 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

Error - 8/11/2014 8:53:23 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

Error - 8/11/2014 8:54:31 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

Error - 9/8/2014 3:17:23 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

Error - 9/8/2014 4:03:49 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

Error - 9/8/2014 4:42:58 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ADWS | ID = 1202

Description = 

 

[ Application Events ]

Error - 8/25/2014 7:05:32 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = Unitrends Agent | ID = 131335

Description = (id 4364) Session completes. Failed to send summary.  Error returned

 0xffffffff

 

Error - 9/7/2014 7:06:52 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = ESENT | ID = 215

Description = svchost (1420) The backup has been stopped because it was halted by

 the client or the connection with the client failed.

 

Error - 9/8/2014 3:13:24 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = EventSystem | ID = 4622

Description = 

 

Error - 9/8/2014 3:17:18 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = VSS | ID = 8193

Description = 

 

Error - 9/8/2014 3:19:37 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.3.9600.17039, 

time stamp: 0x53156588  Faulting module name: twinui.appcore.dll, version: 6.3.9600.17093,

 time stamp: 0x5347536e  Exception code: 0x80270233  Fault offset: 0x0000000000087c77

Faulting

 process id: 0xb68  Faulting application start time: 0x01cfcb99d0ca2db4  Faulting application

 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\System32\twinui.appcore.dll

Report

 Id: 12768918-378d-11e4-80c8-74867adfa5ac  Faulting package full name:   Faulting package-relative

 application ID: 

 

Error - 9/8/2014 3:41:42 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = Application Hang | ID = 1002

Description = The program RogueKillerX64.exe version 9.2.9.0 stopped interacting

 with Windows and was closed. To see if more information about the problem is available,

 check the problem history in the Action Center control panel.    Process ID: ec8    Start

 Time: 01cfcb9c0f6280fe    Termination Time: 4294967295    Application Path: C:\Users\administrator.EMPIREROOFING\Desktop\RogueKillerX64.exe

 

Report

 Id: 273d8676-3790-11e4-80c8-74867adfa5ac    Faulting package full name:     Faulting package-relative

 application ID:   

 

Error - 9/8/2014 4:03:44 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = VSS | ID = 8193

Description = 

 

Error - 9/8/2014 4:05:51 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.3.9600.17039, 

time stamp: 0x53156588  Faulting module name: twinui.appcore.dll, version: 6.3.9600.17093,

 time stamp: 0x5347536e  Exception code: 0x80270233  Fault offset: 0x0000000000087c77

Faulting

 process id: 0xa74  Faulting application start time: 0x01cfcba04620c20a  Faulting application

 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\System32\twinui.appcore.dll

Report

 Id: 87d35b5b-3793-11e4-80c9-74867adfa5ac  Faulting package full name:   Faulting package-relative

 application ID: 

 

Error - 9/8/2014 4:42:53 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = VSS | ID = 8193

Description = 

 

Error - 9/8/2014 4:45:04 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = Application Error | ID = 1000

Description = Faulting application name: Explorer.EXE, version: 6.3.9600.17039, 

time stamp: 0x53156588  Faulting module name: twinui.appcore.dll, version: 6.3.9600.17093,

 time stamp: 0x5347536e  Exception code: 0x80270233  Fault offset: 0x0000000000087c77

Faulting

 process id: 0x5d4  Faulting application start time: 0x01cfcba5c0acb756  Faulting application

 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\System32\twinui.appcore.dll

Report

 Id: 025e1f76-3799-11e4-80ca-74867adfa5ac  Faulting package full name:   Faulting package-relative

 application ID: 

 

[ DFS Replication Events ]

Error - 4/9/2014 12:28:54 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

Error - 4/10/2014 12:07:59 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

Error - 4/10/2014 12:31:41 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

Error - 4/10/2014 2:26:58 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

Error - 4/10/2014 3:57:55 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

Error - 4/23/2014 11:09:58 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

Error - 5/20/2014 7:29:59 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

Error - 6/17/2014 11:15:04 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

Error - 6/18/2014 8:55:20 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

Error - 8/11/2014 8:53:43 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DFSR | ID = 1202

Description = The DFS Replication service failed to contact domain controller  to

 access  configuration information. Replication is stopped. The service will try again

during

 the next configuration polling cycle, which will occur in 60 minutes.  This event

 can be caused by TCP/IP connectivity, firewall, Active Directory  Domain Services,

 or DNS issues.        Additional Information:    Error: 160 (One or more arguments are not 

correct.)

 

[ Directory Service Events ]

Error - 5/14/2014 12:08:06 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 1863

Description = This is the replication status for the following directory partition

 on this directory server.        Directory partition:  DC=ForestDnsZones,DC=EMPIREROOFING,DC=local

 

 

 

This

 directory server has not received replication information from a number of directory

 servers within the configured latency interval.        Latency Interval (Hours):   24    Number

 of directory servers in all sites:  1    Number of directory servers in this site:  1        The

 latency interval can be modified with the following registry key.        Registry Key: 

  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error 

interval (hours)        To identify the directory servers by name, use the dcdiag.exe tool.

 

You

 can also use the support tool repadmin.exe to display the replication latencies

 of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".

 

Error - 5/15/2014 4:20:02 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 2974

Description = The attribute value provided is not unique in the forest or partition.

Attribute:

 servicePrincipalName  Value=HOST/EMPIRE226NAS.NAS.EMPIREROOFING.local CN=EMPIRE226NAS,CN=Computers,DC=EMPIREROOFING,DC=local

CN=EMPIRE226NAS,CN=Computers,DC=EMPIREROOFING,DC=local

Winerror:

 8647      See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this 

policy.

 

Error - 5/15/2014 3:57:45 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 2974

Description = The attribute value provided is not unique in the forest or partition.

Attribute:

 servicePrincipalName  Value=HOST/EMPIRE226NAS.NAS.EMPIREROOFING.local CN=EMPIRE226NAS,CN=Computers,DC=EMPIREROOFING,DC=local

CN=EMPIRE226NAS,CN=Computers,DC=EMPIREROOFING,DC=local

Winerror:

 8647      See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this 

policy.

 

Error - 5/16/2014 1:03:43 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 2974

Description = The attribute value provided is not unique in the forest or partition.

Attribute:

 servicePrincipalName  Value=HOST/EMPIRE226NAS.NAS.EMPIREROOFING.local CN=EMPIRE226NAS,CN=Computers,DC=EMPIREROOFING,DC=local

CN=EMPIRE226NAS,CN=Computers,DC=EMPIREROOFING,DC=local

Winerror:

 8647      See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this 

policy.

 

Error - 5/16/2014 12:08:06 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 1863

Description = This is the replication status for the following directory partition

 on this directory server.        Directory partition:  CN=Configuration,DC=EMPIREROOFING,DC=local

 

 

 

This

 directory server has not received replication information from a number of directory

 servers within the configured latency interval.        Latency Interval (Hours):   24    Number

 of directory servers in all sites:  1    Number of directory servers in this site:  1        The

 latency interval can be modified with the following registry key.        Registry Key: 

  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error 

interval (hours)        To identify the directory servers by name, use the dcdiag.exe tool.

 

You

 can also use the support tool repadmin.exe to display the replication latencies

 of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".

 

Error - 5/16/2014 12:08:06 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 1863

Description = This is the replication status for the following directory partition

 on this directory server.        Directory partition:  CN=Schema,CN=Configuration,DC=EMPIREROOFING,DC=local

 

 

 

This

 directory server has not received replication information from a number of directory

 servers within the configured latency interval.        Latency Interval (Hours):   24    Number

 of directory servers in all sites:  1    Number of directory servers in this site:  1        The

 latency interval can be modified with the following registry key.        Registry Key: 

  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error 

interval (hours)        To identify the directory servers by name, use the dcdiag.exe tool.

 

You

 can also use the support tool repadmin.exe to display the replication latencies

 of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".

 

Error - 5/16/2014 12:08:06 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 1863

Description = This is the replication status for the following directory partition

 on this directory server.        Directory partition:  DC=ForestDnsZones,DC=EMPIREROOFING,DC=local

 

 

 

This

 directory server has not received replication information from a number of directory

 servers within the configured latency interval.        Latency Interval (Hours):   24    Number

 of directory servers in all sites:  1    Number of directory servers in this site:  1        The

 latency interval can be modified with the following registry key.        Registry Key: 

  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error 

interval (hours)        To identify the directory servers by name, use the dcdiag.exe tool.

 

You

 can also use the support tool repadmin.exe to display the replication latencies

 of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".

 

Error - 5/17/2014 1:03:38 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 2974

Description = The attribute value provided is not unique in the forest or partition.

Attribute:

 servicePrincipalName  Value=HOST/EMPIRE226NAS.NAS.EMPIREROOFING.local CN=EMPIRE226NAS,CN=Computers,DC=EMPIREROOFING,DC=local

CN=EMPIRE226NAS,CN=Computers,DC=EMPIREROOFING,DC=local

Winerror:

 8647      See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this 

policy.

 

Error - 5/18/2014 12:08:05 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 1863

Description = This is the replication status for the following directory partition

 on this directory server.        Directory partition:  CN=Configuration,DC=EMPIREROOFING,DC=local

 

 

 

This

 directory server has not received replication information from a number of directory

 servers within the configured latency interval.        Latency Interval (Hours):   24    Number

 of directory servers in all sites:  1    Number of directory servers in this site:  1        The

 latency interval can be modified with the following registry key.        Registry Key: 

  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error 

interval (hours)        To identify the directory servers by name, use the dcdiag.exe tool.

 

You

 can also use the support tool repadmin.exe to display the replication latencies

 of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".

 

Error - 5/18/2014 12:08:05 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NTDS General | ID = 1863

Description = This is the replication status for the following directory partition

 on this directory server.        Directory partition:  CN=Schema,CN=Configuration,DC=EMPIREROOFING,DC=local

 

 

 

This

 directory server has not received replication information from a number of directory

 servers within the configured latency interval.        Latency Interval (Hours):   24    Number

 of directory servers in all sites:  1    Number of directory servers in this site:  1        The

 latency interval can be modified with the following registry key.        Registry Key: 

  HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error 

interval (hours)        To identify the directory servers by name, use the dcdiag.exe tool.

 

You

 can also use the support tool repadmin.exe to display the replication latencies

 of the directory servers.   The command is "repadmin /showvector /latency <partition-dn>".

 

[ DNS Server Events ]

Error - 8/10/2014 7:28:12 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

Error - 8/10/2014 7:33:40 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

Error - 8/10/2014 7:39:09 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

Error - 8/10/2014 7:44:37 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

Error - 8/10/2014 7:50:05 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

Error - 8/10/2014 7:55:33 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

Error - 8/10/2014 8:01:01 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

Error - 8/10/2014 8:06:29 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

Error - 8/10/2014 8:11:57 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

Error - 8/14/2014 9:06:00 AM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = DNS | ID = 4015

Description = The DNS server has encountered a critical error from the Active Directory.

 Check that the Active Directory is functioning properly. The extended error debug

 information (which may be empty) is "". The event data contains the error.

 

[ System Events ]

Error - 1/30/2014 8:41:46 AM | Computer Name = NASVR01 | Source = EventLog | ID = 6008

Description = The previous system shutdown at 4:38:29 AM on ?1/?30/?2014 was unexpected.

 

Error - 1/30/2014 8:41:49 AM | Computer Name = NASVR01 | Source = BugCheck | ID = 1001

Description = 

 

Error - 2/6/2014 9:56:25 AM | Computer Name = NASVR01 | Source = Service Control Manager | ID = 7030

Description = The LogMeIn Hamachi Tunneling Engine service is marked as an interactive

 service.  However, the system is configured to not allow interactive services. 

 This service may not function properly.

 

Error - 2/7/2014 3:41:13 PM | Computer Name = NASVR01 | Source = Microsoft-Windows-Time-Service | ID = 46

Description = The time service encountered an error and was forced to shut down.

 The error was: 0x80070700: An attempt was made to logon, but the network logon 

service was not started.  

 

Error - 2/7/2014 3:41:13 PM | Computer Name = NASVR01 | Source = Service Control Manager | ID = 7023

Description = The Windows Time service terminated with the following error:   %%1792

 

Error - 2/7/2014 3:45:44 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = Microsoft-Windows-Directory-Services-SAM | ID = 16642

Description = The account-identifier allocator was unable to assign a new identifier.

 The identifier pool for this domain controller may have been depleted. If this 

problem persists, restart the domain controller and view the initialization status

 of the allocator in the event log.

 

Error - 2/7/2014 3:47:10 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NETLOGON | ID = 5774

Description = The dynamic registration of the DNS record '_ldap._tcp.NAS.EMPIREROOFING.local.

 600 IN SRV 0 100 389 NASVR01.NAS.EMPIREROOFING.local.' failed on the following 

DNS server:        DNS server IP address: ::    Returned Response Code (RCODE): 0    Returned Status

 Code: 0        For computers and users to locate this domain controller, this record must

 be  registered in DNS.        USER ACTION      Determine what might have caused this failure, resolve

 the problem, and initiate  registration of the DNS records by the domain controller.

 To determine what might  have caused this failure, run DCDiag.exe. To learn more 

about DCDiag.exe, see Help  and Support Center. To initiate registration of the DNS

 records by this domain   controller, run 'nltest.exe /dsregdns' from the command 

prompt on the domain controller  or restart Net Logon service.     Or, you can manually

 add this record to DNS, but it  is not recommended.        ADDITIONAL DATA    Error Value: %%9502

 

Error - 2/7/2014 3:47:52 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NETLOGON | ID = 5774

Description = The dynamic registration of the DNS record '_ldap._tcp.4e554d90-b800-4c28-8fa2-029fecab8499.domains._msdcs.EMPIREROOFING.local.

 600 IN SRV 0 100 389 NASVR01.NAS.EMPIREROOFING.local.' failed on the following 

DNS server:        DNS server IP address: 192.168.0.13    Returned Response Code (RCODE): 5    Returned

 Status Code: 9017        For computers and users to locate this domain controller, this

 record must be  registered in DNS.        USER ACTION      Determine what might have caused this

 failure, resolve the problem, and initiate  registration of the DNS records by the

 domain controller. To determine what might  have caused this failure, run DCDiag.exe.

 To learn more about DCDiag.exe, see Help  and Support Center. To initiate registration

 of the DNS records by this domain   controller, run 'nltest.exe /dsregdns' from the

 command prompt on the domain controller  or restart Net Logon service.     Or, you 

can manually add this record to DNS, but it  is not recommended.        ADDITIONAL DATA    Error

 Value: %%9017

 

Error - 2/7/2014 3:48:00 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NETLOGON | ID = 5723

Description = The session setup from computer 'ERDC01' failed because the security

 database  does not contain a trust account 'EMPIREROOFING.local.' referenced by the

 specified computer.        USER ACTION      If this is the first occurrence of this event for

 the specified computer  and account, this may be a transient issue that doesn't require

 any action  at this time.    If this is a Read-Only Domain Controller and 'EMPIREROOFING.local.'

 is a legitimate machine  account for the computer 'ERDC01' then 'ERDC01' should be

 marked cacheable for this  location if appropriate or otherwise ensure connectivity

 to a domain controller   capable of servicing the request (for example a writable

 domain controller).    Otherwise, the following steps may be taken to resolve this 

problem:        If 'EMPIREROOFING.local.' is a legitimate machine account for the computer

 'ERDC01', then 'ERDC01'  should be rejoined to the domain.        If 'EMPIREROOFING.local.'

 is a legitimate interdomain trust account, then the trust should  be recreated.        Otherwise,

 assuming that 'EMPIREROOFING.local.' is not a legitimate account, the following

action

 should be taken on 'ERDC01':        If 'ERDC01' is a Domain Controller, then the trust 

associated with 'EMPIREROOFING.local.' should be deleted.        If 'ERDC01' is not a Domain

 Controller, it should be disjoined from the domain.

 

Error - 2/7/2014 4:01:44 PM | Computer Name = NASVR01.NAS.EMPIREROOFING.local | Source = NETLOGON | ID = 5805

Description = The session setup from the computer ERDC01 failed to authenticate.

The

 following error occurred:   %%5

 

 

< End of report >

 


OTL logfile created on: 9/8/2014 3:59:37 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = D:\

64bit- Server Standard Edition (full installation)  (Version = 6.2.9200) - Type = NTDomainController

Internet Explorer (Version = 9.11.9600.17126)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.94 Gb Total Physical Memory | 7.04 Gb Available Physical Memory | 88.70% Memory free

9.19 Gb Paging File | 7.92 Gb Available in Paging File | 86.20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 869.14 Gb Total Space | 850.25 Gb Free Space | 97.83% Space Free | Partition Type: NTFS

Drive D: | 7.45 Gb Total Space | 7.39 Gb Free Space | 99.14% Space Free | Partition Type: FAT32

 

Computer Name: NASVR01 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/09/08 15:46:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe

 

 

========== Modules (No Company Name) ==========

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/06/17 18:44:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2014/04/06 06:42:05 | 001,596,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dns.exe -- (DNS)

SRV:64bit: - [2014/04/06 06:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2014/03/08 00:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)

SRV:64bit: - [2014/03/06 02:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2014/03/06 01:58:06 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dfssvc.exe -- (Dfs)

SRV:64bit: - [2014/03/04 02:37:53 | 003,832,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dfsrs.exe -- (DFSR)

SRV:64bit: - [2014/02/22 10:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2014/02/22 04:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2014/02/22 04:45:05 | 000,280,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dsrolesrv.dll -- (DsRoleSvc)

SRV:64bit: - [2014/02/22 04:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2014/02/22 04:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2014/02/22 04:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2014/01/28 19:37:39 | 001,051,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpssvc.dll -- (DHCPServer)

SRV:64bit: - [2013/12/10 02:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)

SRV:64bit: - [2013/12/03 08:37:51 | 000,036,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\KdsSvc.dll -- (KdsSvc)

SRV:64bit: - [2013/12/03 08:37:49 | 000,568,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\kdcsvc.dll -- (Kdc)

SRV:64bit: - [2013/12/03 08:37:48 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ntdsa.dll -- (NTDS)

SRV:64bit: - [2013/12/03 08:37:48 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ismserv.exe -- (IsmServ)

SRV:64bit: - [2013/12/03 08:37:47 | 001,001,472 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ntfrs.exe -- (NtFrs)

SRV:64bit: - [2013/11/22 23:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)

SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2013/08/22 06:29:10 | 000,173,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\kpssvc.dll -- (KPSSVC)

SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2013/08/22 06:18:34 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2013/08/22 06:08:00 | 000,085,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)

SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)

SRV:64bit: - [2013/08/22 05:03:02 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)

SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)

SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)

SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/08/22 04:17:18 | 000,248,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ualsvc.dll -- (UALSVC)

SRV - [2014/07/18 22:14:28 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)

SRV - [2014/07/18 22:14:25 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2014/04/15 18:43:12 | 000,702,976 | ---- | M] (Unitrends) [Auto | Running] -- C:\PCBP\bpnetd.exe -- (BP_Agent)

SRV - [2013/12/11 17:11:48 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2013/12/03 08:37:55 | 000,478,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe -- (ADWS)

SRV - [2013/08/22 07:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2013/08/21 22:43:29 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\rsopprov.exe -- (RSoPProv)

SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/07/18 22:14:25 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2014/04/01 01:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2014/03/19 22:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2014/03/19 20:15:19 | 000,145,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smbdirect.sys -- (smbdirect)

DRV:64bit: - [2014/03/08 15:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2014/03/08 15:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2014/02/22 11:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2014/02/22 10:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2014/02/22 10:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2014/02/22 10:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2014/02/22 10:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2014/02/22 10:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)

DRV:64bit: - [2014/02/22 07:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2014/02/04 17:56:44 | 000,046,136 | -H-- | M] (LogMeIn Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Hamdrv.sys -- (Hamachi)

DRV:64bit: - [2014/01/22 04:10:49 | 000,172,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winnat.sys -- (WinNat)

DRV:64bit: - [2013/12/11 17:11:48 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2013/12/11 17:10:22 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2013/12/03 08:37:53 | 000,066,400 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dfsrro.sys -- (DfsrRo)

DRV:64bit: - [2013/12/03 08:37:48 | 000,054,624 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfs.sys -- (DfsDriver)

DRV:64bit: - [2013/11/01 06:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/10/25 20:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)

DRV:64bit: - [2013/10/22 07:51:24 | 000,629,464 | ---- | M] (Dell Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bcraid3.sys -- (bcraid3)

DRV:64bit: - [2013/10/22 07:51:24 | 000,029,400 | ---- | M] (Dell Inc.) [storport] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bccfg3.sys -- (bccfg3)

DRV:64bit: - [2013/10/22 07:50:54 | 000,248,144 | ---- | M] (Emulex ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\be2iscsi.sys -- (be2iscsi)

DRV:64bit: - [2013/10/22 07:50:46 | 000,722,160 | ---- | M] (Emulex) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\elxcna.sys -- (elxcna)

DRV:64bit: - [2013/10/22 07:50:42 | 000,723,184 | ---- | M] (Emulex) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\elxfc.sys -- (elxfc)

DRV:64bit: - [2013/10/22 07:49:32 | 001,301,800 | ---- | M] (QLogic Corporation) [FCoE] STOR Miniport Driver (wx64) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\qlfcoe.sys -- (qlfcoe)

DRV:64bit: - [2013/10/22 07:48:54 | 000,630,096 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MxG2rDO64.sys -- (MxG2rDO64)

DRV:64bit: - [2013/10/22 07:48:38 | 000,187,600 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe)

DRV:64bit: - [2013/10/22 07:48:38 | 000,090,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag)

DRV:64bit: - [2013/10/22 07:48:36 | 000,557,264 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois)

DRV:64bit: - [2013/10/22 07:47:50 | 000,056,560 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2.sys -- (percsas2)

DRV:64bit: - [2013/10/08 02:38:53 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MsLbfoProvider.sys -- (MsLbfoProvider)

DRV:64bit: - [2013/10/05 10:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)

DRV:64bit: - [2013/09/30 16:34:05 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2013/09/30 16:24:24 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)

DRV:64bit: - [2013/09/30 16:24:24 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)

DRV:64bit: - [2013/09/30 16:24:24 | 000,111,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2013/09/30 16:24:24 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)

DRV:64bit: - [2013/09/30 16:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)

DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)

DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/08/22 07:49:32 | 000,094,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)

DRV:64bit: - [2013/08/22 07:43:49 | 000,066,400 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)

DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2013/08/22 07:43:45 | 000,712,032 | ---- | M] (Emulex) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\elxfcoe.sys -- (elxfcoe)

DRV:64bit: - [2013/08/22 07:43:45 | 000,463,712 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)

DRV:64bit: - [2013/08/22 07:43:45 | 000,426,336 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)

DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)

DRV:64bit: - [2013/08/22 07:43:41 | 002,265,440 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bfadi.sys -- (bfadi)

DRV:64bit: - [2013/08/22 07:43:41 | 002,265,440 | ---- | M] (Brocade Communications Systems, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bfadfcoei.sys -- (bfadfcoei)

DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)

DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)

DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2013/08/22 07:43:35 | 000,059,744 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)

DRV:64bit: - [2013/08/22 07:43:35 | 000,028,000 | ---- | M] (Mellanox) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)

DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2013/08/22 07:43:32 | 001,508,704 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ql2300i.sys -- (ql2300i)

DRV:64bit: - [2013/08/22 07:43:32 | 001,300,320 | ---- | M] (QLogic Corporation) [FCoE] STOR Miniport Inbox Driver (wx64) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\qlfcoei.sys -- (qlfcoei)

DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2013/08/22 07:43:31 | 000,475,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\ql40xx2i.sys -- (ql40xx2i)

DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)

DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)

DRV:64bit: - [2013/08/22 07:35:13 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2013/08/22 07:35:12 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)

DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2013/08/22 06:39:19 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wtlmdrv.sys -- (wtlmdrv)

DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/08/22 06:37:21 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fcvsc.sys -- (fcvsc)

DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)

DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)

DRV:64bit: - [2013/08/22 06:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)

DRV:64bit: - [2013/06/18 09:45:17 | 000,605,672 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)

DRV:64bit: - [2013/06/18 09:45:08 | 000,425,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV - [2013/12/11 17:11:48 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 47 6E D0 39 BE CF 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

 

 

 

========== Chrome  ==========

 

CHR - plugin: Error reading preferences file

CHR - Extension: Google Docs = C:\Users\administrator.EMPIREROOFING\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\

CHR - Extension: Google Drive = C:\Users\administrator.EMPIREROOFING\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\administrator.EMPIREROOFING\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: YouTube = C:\Users\administrator.EMPIREROOFING\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\administrator.EMPIREROOFING\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Google Wallet = C:\Users\administrator.EMPIREROOFING\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\administrator.EMPIREROOFING\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2014/09/08 15:30:04 | 000,000,768 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableAutomaticRestartSignOn = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: preferredtechnology.com ([ftp] ftp in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = NAS.EMPIREROOFING.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F21DB04B-0C1A-498A-A7A9-05865DDD4C66}: NameServer = 127.0.0.1,192.168.0.13,192.168.0.14

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (pwdssp.dll) -  File not found

O29 - HKLM SecurityProviders - (pwdssp.dll) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk /q /v *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

NetSvcs:64bit: sacsvr - C:\Windows\SysNative\sacsvr.dll (Microsoft Corporation)

NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)

NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/09/08 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\administrator.EMPIREROOFING\AppData\Local\CrashDumps

[2014/09/08 14:41:47 | 000,000,000 | ---D | C] -- C:\Users\administrator.EMPIREROOFING\Desktop\RK_Quarantine

[2014/09/08 14:37:12 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/09/08 14:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/09/08 14:37:01 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/09/08 14:37:01 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/09/08 14:37:01 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/09/08 14:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014/09/08 14:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/09/08 14:36:12 | 000,000,000 | ---D | C] -- C:\Users\administrator.EMPIREROOFING\AppData\Local\Programs

[2014/09/08 14:34:36 | 017,292,760 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\administrator.EMPIREROOFING\Desktop\mbam-setup-2.0.2.1012.exe

[2014/09/08 14:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller

[2014/08/25 10:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2014/08/25 10:51:55 | 000,000,000 | ---D | C] -- C:\Users\administrator.EMPIREROOFING\AppData\Local\Google

[2014/08/25 10:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

 

========== Files - Modified Within 30 Days ==========

 

[2014/09/08 15:59:44 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/09/08 15:57:54 | 000,899,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/09/08 15:57:54 | 000,755,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/09/08 15:57:54 | 000,145,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/09/08 15:45:54 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/09/08 15:45:08 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/09/08 15:44:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/09/08 15:26:00 | 000,036,456 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys

[2014/09/08 15:23:08 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/09/08 14:37:05 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/09/08 14:30:44 | 005,427,288 | ---- | M] () -- C:\Users\administrator.EMPIREROOFING\Desktop\RogueKillerX64.exe

[2014/09/08 14:29:44 | 017,292,760 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\administrator.EMPIREROOFING\Desktop\mbam-setup-2.0.2.1012.exe

[2014/08/27 10:52:10 | 000,002,259 | ---- | M] () -- C:\Users\administrator.EMPIREROOFING\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

 

========== Files Created - No Company Name ==========

 

[2014/09/08 14:37:05 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/09/08 14:34:40 | 005,427,288 | ---- | C] () -- C:\Users\administrator.EMPIREROOFING\Desktop\RogueKillerX64.exe

[2014/09/08 14:32:20 | 000,036,456 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys

[2014/08/25 10:52:51 | 000,002,259 | ---- | C] () -- C:\Users\administrator.EMPIREROOFING\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/08/25 10:52:51 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/08/25 10:51:57 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/08/25 10:51:56 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/04/16 08:43:28 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini

[2014/03/17 06:54:17 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2014/02/07 17:34:49 | 000,003,422 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/08/22 10:39:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2013/08/22 10:39:41 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2013/08/22 09:49:34 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2013/08/21 18:51:23 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

 

========== ZeroAccess Check ==========

 

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/04/06 11:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/04/06 10:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

< End of report >

 


 

Link to post
Share on other sites

If anyone can help, all your help would be much appreciate! I've provided the logs from OTL, just from reading around in here, that seems like what everyone has you do at first. Either way, I found the Rans virus by running RogueKiller. 

I can't open internet, I can't open network and sharing, I can't open start menu, the right side pane that is supposed to pop up when you put your mouse in the top right, isn't coming up. 

 

I'm stuck! I've run MalwareBytes, RogueKiller, Anti-rootkit, KDDS Killer...

 

Please help!

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.