Your connection is not private ISSUE
- Thread starter azuz16
- Start date
Based on your post at Error While trying to update Windows Server 2012, your computer is years out of date so it could be due to a invalid/outdated security certificate or malware. If you want to check the computer for malware, please follow the Malware Removal Posting Instructions.
Last edited:
Many Thanks for your your feedback
I followed the instruction for check the malware , please find the attached logs:
---------------------------------------------------------
First.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-07-2017
Ran by Administrator (administrator) on HP-HYPER-V (31-07-2017 11:48:50)
Running from C:\Users\Administrator.TC-SER-2\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator & MSSQL$MICROSOFT##WID & Classic .NET AppPool & .NET v4.5 & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows Server 2012 R2 Standard (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Hewlett-Packard Company) C:\Program Files\hp\Cissesrv\cissesrv.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.VEEAMSQL2012\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Microsoft Corporation) C:\Windows\System32\smbhash.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\smhstart.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\AMS\service\hpqams.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Microsoft Corporation) C:\Windows\System32\vmwp.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\sethc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\vmconnect.exe
(Microsoft Corporation) C:\Windows\System32\vmconnect.exe
(Microsoft Corporation) C:\Windows\System32\vmwp.exe
(GFI Software Ltd.) C:\Program Files\GFI\WebMonitor\WebMon.WinService.exe
(GFI Software Ltd) C:\Program Files\GFI\WebMonitor\GFiProxy.exe
(Microsoft Corporation) C:\Program Files (x86)\IIS Express\iisexpress.exe
(Microsoft Corporation) C:\Program Files (x86)\IIS Express\iisexpresstray.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403696 2014-08-17] (Acronis)
HKLM\...\Run: [CucusoftNetGuard] => [X]
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102200 2013-01-22] (Acronis)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
Lsa: [Notification Packages] rassfm scecli
SecurityProviders: credssp.dll, pwdssp.dll
BootExecute: autocheck autochk /q /v *
GroupPolicy: Restriction <==== ATTENTION
GroupPolicyScripts: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1003268329-1914593562-1457070966-500] => Proxy is enabled.
ProxyServer: [S-1-5-21-1003268329-1914593562-1457070966-500] => 172.16.10.20:80
Tcpip\..\Interfaces\{71C19735-80D4-4E1E-BF87-D87DEF64AA7C}: [NameServer] 172.160.10.2
Tcpip\..\Interfaces\{822E1E51-E550-4C77-9B25-CC7AB5106837}: [NameServer] 192.168.100.1
Tcpip\..\Interfaces\{99848556-9224-4E80-897F-549D2D28BCDD}: [NameServer] 172.160.10.2
Tcpip\..\Interfaces\{AF92B8DC-ECBD-47D4-88F9-184EC5A520DF}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{BCD2033F-6D60-4BE5-9F84-B3F1C679AAAB}: [NameServer] 172.16.10.2
Tcpip\..\Interfaces\{C6E7268A-D81B-41FF-ADDF-DD95CC8ACCCD}: [NameServer] 172.16.10.2
Tcpip\..\Interfaces\{CBF03056-5A9C-4AB6-B442-1F7AA156CC7C}: [NameServer] 8.8.8.8,172.16.10.2
Tcpip\..\Interfaces\{FCA4B2DF-64AD-4614-A3B1-3FEFDC328F4C}: [NameServer] 192.168.100.1
ManualProxies: 1172.16.10.20:80
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Administrator.TC-SER-2\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-07-31]
CHR Extension: (Google Docs) - C:\Users\Administrator.TC-SER-2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-13]
CHR Extension: (Google Drive) - C:\Users\Administrator.TC-SER-2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-13]
CHR Extension: (YouTube) - C:\Users\Administrator.TC-SER-2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-13]
CHR Extension: (Google Sheets) - C:\Users\Administrator.TC-SER-2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-13]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator.TC-SER-2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator.TC-SER-2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Administrator.TC-SER-2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-13]
CHR Profile: C:\Users\Administrator.TC-SER-2\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-30]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-02-09] (Microsoft Corporation)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [194048 2013-07-30] (Hewlett-Packard Company) [File not signed]
R2 CS_SysMsgProxy; C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys [255136 2013-06-21] (Cucusoft, Inc.)
R2 Dfs; C:\Windows\system32\dfssvc.exe [451584 2015-02-08] (Microsoft Corporation)
R2 GFIProxy; C:\Program Files\GFI\WebMonitor\GFiProxy.exe [12288 2016-04-16] (GFI Software Ltd) [File not signed]
R2 hpqams; C:\Program Files\Hewlett-Packard\AMS\service\hpqams.exe [333712 2013-10-18] (Hewlett-Packard Company)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [173056 2013-08-22] (Microsoft Corporation)
S3 MSSQL$MICROSOFT##WID; C:\Windows\WID\Binn\sqlservr.exe [191064 2015-02-09] (Microsoft Corporation)
R2 MSSQL$VEEAMSQL2012; c:\Program Files\Microsoft SQL Server\MSSQL11.VEEAMSQL2012\MSSQL\Binn\sqlservr.exe [192192 2015-05-05] (Microsoft Corporation)
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [262424 2013-05-30] (Hewlett-Packard Company)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [85504 2013-08-22] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [76288 2013-08-22] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [15872 2013-08-22] (Microsoft Corporation)
R2 SmbHash; C:\Windows\System32\smbhash.exe [75264 2015-02-09] (Microsoft Corporation)
S4 SQLAgent$VEEAMSQL2012; c:\Program Files\Microsoft SQL Server\MSSQL11.VEEAMSQL2012\MSSQL\Binn\SQLAGENT.EXE [613056 2015-05-05] (Microsoft Corporation)
S3 SrmReports; C:\Windows\system32\srmhost.exe [137216 2015-02-09] (Microsoft Corporation)
R2 SrmSvc; C:\Windows\system32\srmsvc.dll [5874688 2015-02-09] (Microsoft Corporation)
R2 sysdown; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [262424 2013-05-30] (Hewlett-Packard Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [736256 2014-04-11] (Hewlett-Packard Company) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [249344 2014-09-05] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [13784064 2015-04-01] (Microsoft Corporation)
R2 WebMonService; C:\Program Files\GFI\WebMonitor\WebMon.WinService.exe [20104 2015-10-19] (GFI Software Ltd.)
S3 WIDWriter; C:\Windows\WID\Binn\sqlwriter.exe [129624 2015-02-09] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2265440 2013-08-22] (Brocade Communications Systems, Inc.)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [187744 2013-08-22] (Broadcom Corporation)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [560480 2013-08-22] (Broadcom Corporation)
R0 Cbafilt; C:\Windows\System32\drivers\cbafilt.sys [45920 2015-02-09] (Microsoft Corporation)
R0 Datascrn; C:\Windows\System32\drivers\datascrn.sys [126304 2015-02-09] (Microsoft Corporation)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [54624 2015-02-08] (Microsoft Corporation)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [712032 2013-08-22] (Emulex)
R3 gfishield; C:\Program Files\GFI\WebMonitor\Shield\shieldx.sys [44968 2016-04-16] (GFI Software Ltd.)
S0 HpCISSs2; C:\Windows\System32\drivers\HpCISSs2.sys [155536 2013-10-28] (Hewlett-Packard Company)
R0 HpCISSs3; C:\Windows\System32\drivers\HpCISSs3.sys [173968 2013-11-22] (Hewlett-Packard Company)
R3 hpqilo3chif; C:\Windows\system32\DRIVERS\hpqilo3chif.sys [43920 2013-11-24] (Hewlett-Packard Company)
R3 hpqilo3core; C:\Windows\System32\drivers\hpqilo3core.sys [47384 2013-05-23] (Hewlett-Packard Company)
R0 hpqilo3whea; C:\Windows\System32\DRIVERS\hpqilo3whea.sys [18472 2010-02-13] (Hewlett-Packard Company)
S3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R3 l2nd; C:\Windows\system32\DRIVERS\bxnd60a.sys [131280 2013-12-18] (Broadcom Corporation)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2014-12-02] (Microsoft Corporation)
S3 MsLbfoProvider; C:\Windows\system32\DRIVERS\MsLbfoProvider.sys [115712 2014-10-08] (Microsoft Corporation)
R3 MxG2hDO64; C:\Windows\system32\DRIVERS\MxG2hDO64.sys [628560 2012-06-30] (Matrox Graphics Inc.)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2014-12-02] (Microsoft Corporation)
R3 PeerDistKM; C:\Windows\System32\drivers\peerdistkm.sys [128512 2014-07-12] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2014-12-02] (Microsoft Corporation)
R3 q57nd60a; C:\Windows\system32\DRIVERS\b57nd60a.sys [463056 2013-12-18] (Broadcom Corporation)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1508704 2013-08-22] (QLogic Corporation)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475488 2013-08-22] (QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300320 2013-08-22] (QLogic Corporation)
R0 Quota; C:\Windows\System32\drivers\quota.sys [173408 2015-02-09] (Microsoft Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [94048 2013-08-22] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [145920 2014-03-20] (Microsoft Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1119672 2015-02-01] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-02-01] (Acronis)
R3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-12-02] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2015-08-05] (Microsoft Corporation)
S3 wtlmdrv; C:\Windows\System32\drivers\wtlmdrv.sys [31232 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-31 11:48 - 2017-07-31 11:49 - 000015863 _____ C:\Users\Administrator.TC-SER-2\Desktop\FRST.txt
2017-07-31 11:48 - 2017-07-31 11:48 - 000000000 ____D C:\FRST
2017-07-31 11:48 - 2017-07-31 11:39 - 002381312 _____ (Farbar) C:\Users\Administrator.TC-SER-2\Desktop\FRST64.exe
2017-07-30 12:58 - 2017-07-30 12:58 - 001544973 _____ C:\Users\Administrator.TC-SER-2\Desktop\Windows8.1-KB3004394-x64.msu
2017-07-30 12:09 - 2017-07-30 12:14 - 142963472 _____ (Microsoft Corporation) C:\Users\Administrator.TC-SER-2\Desktop\msert.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-31 11:49 - 2016-04-10 08:22 - 000000000 ____D C:\Users\Administrator.TC-SER-2\AppData\Local\Temp\2
2017-07-31 11:49 - 2016-03-14 15:22 - 000000000 ____D C:\ProgramData\firebird
2017-07-31 11:40 - 2016-03-14 15:22 - 000000004 _____ C:\Windows\system32\msdbcrpt.kar.{4d726ee4-96ff-4771-b054-fa7322787611}
2017-07-31 11:40 - 2016-03-14 15:22 - 000000004 _____ C:\Windows\system32\fsdbcrpt.kar.{4d726ee4-96ff-4771-b054-fa7322787611}
2017-07-31 11:36 - 2016-01-04 10:25 - 000000000 ____D C:\Program Files (x86)\SimpleFiles
2017-07-30 22:02 - 2015-12-28 16:27 - 000003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-07-30 18:05 - 2014-03-18 12:55 - 001257814 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-30 18:05 - 2013-08-22 16:36 - 000000000 ____D C:\Windows\Inf
2017-07-30 12:02 - 2016-04-03 09:29 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1003268329-1914593562-1457070966-500
2017-07-30 11:57 - 2015-03-12 14:16 - 000002175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-30 11:57 - 2015-03-12 14:16 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-22 00:00 - 2016-04-13 11:33 - 000000000 ____D C:\Users\Administrator.TC-SER-2\AppData\Local\Temp\iisexpress
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-24 05:16
==================== End of FRST.txt ============================
-----------------------------------------------------------------------------------------------------------
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2017
Ran by Administrator (31-07-2017 11:49:34)
Running from C:\Users\Administrator.TC-SER-2\Desktop
Windows Server 2012 R2 Standard (X64) (2014-03-19 04:27:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1003268329-1914593562-1457070966-500 - Administrator - Enabled) => C:\Users\Administrator.TC-SER-2
Guest (S-1-5-21-1003268329-1914593562-1457070966-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Broadcom Management Programs (HKLM\...\{28299A10-B31C-43CE-9644-69A16C2AD6BD}) (Version: 16.4.5.5 - Broadcom Corporation)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
FileSeek 5.0.1 (HKLM-x32\...\44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1) (Version: 5.0.1.0 - Binary Fortress Software)
GDR 3156 for SQL Server 2012 (KB3045318) (64-bit) (HKLM\...\KB3045318) (Version: 11.1.3156.0 - Microsoft Corporation)
GFI WebMonitor 10 (HKLM\...\{3F31FAA8-6CC1-4FFE-894C-D31E54067C8A}) (Version: 10.0.15292 - GFI Software Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.78 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP Insight Diagnostics Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 9.64.1262 - Hewlett-Packard Development Company, L.P.)
HP Lights-Out Online Configuration Utility (HKLM\...\{7CE77EEE-2681-4201-A379-AB359F13F8A7}) (Version: 4.3.0.0 - Hewlett-Packard Development Company, L.P.)
HP ProLiant Agentless Management Service (HKLM\...\HP-{EDE88CBB-3384-4DDA-B23B-7E54A3F4344F}) (Version: 9.50.0.0 - Hewlett-Packard Company)
HP ProLiant iLO 3/4 Channel Interface Driver (HKLM\...\HP-{85171634-98E9-47E5-9E56-96BBC7FE1715}) (Version: 3.10.0.0 - Hewlett-Packard Company)
HP ProLiant iLO 3/4 Management Controller Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.9.0.0 - Hewlett-Packard Company)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{1C8F84CD-86A9-4E55-B768-7B4C0A6DBC78}) (Version: 7.0.0.0 - Hewlett-Packard Company)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{92CD62C0-4588-4B86-9635-3953F0B681EA}) (Version: 6.36.0.64 - Hewlett-Packard Development Company, L.P.)
HP Smart Storage Administrator (HKLM\...\{1C85E741-305F-4B0C-911D-ACA8EECC17C0}) (Version: 1.60.17.0 - Hewlett-Packard Development Company, L.P.)
HP Smart Storage Administrator CLI (HKLM\...\{D6C6E983-17FC-4695-860F-85300487F813}) (Version: 1.60.17.0 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 7.3.2 - Hewlett-Packard Development Company, L.P.)
IIS 7.5 Express (HKLM-x32\...\{22025051-1991-48EB-8BE8-7A3329DAE7ED}) (Version: 7.5.1070 - Microsoft Corporation)
Matrox Graphics Software (remove only) (HKLM-x32\...\Matrox Vista Driver Uninstaller) (Version: 4.0.1.5 - Matrox Graphics Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E4A1FDA3-689D-44DA-9B39-86BD2270F522}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8AC82589-7217-48FE-9051-AE6D3B211B14}) (Version: 11.1.3156.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{977887EC-1C9B-47FA-8489-88E5E7F43D5E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft URL Rewrite Module 1.1 for IIS 7 (HKLM\...\{08A2E0FA-6BFC-4BFC-B8EA-8FBBB7DB1EA6}) (Version: 7.1.0470.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Super Finder XT 2.6.3.2 (HKLM-x32\...\Super Finder XT Supporters Edition_is1) (Version: - FSL - FreeSoftLand)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version: - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio Application Insights Status Monitor (HKLM\...\{45C09BA3-5085-4738-BDA9-E07C19CCEB16}) (Version: 8.0.0.0 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wise Memory Optimizer 3.36 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.36 - WiseCleaner.com, Inc.)
Your Uninstaller! Pro (HKLM\...\Your Uninstaller! Pro) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [FileSeek] -> {b211c53f-0052-4187-957f-f5bea28eb679} => C:\Program Files (x86)\FileSeek\FileSeekContextMenuHandler64.dll [2015-01-27] (Binary Fortress Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers3: [DeleteFiles] -> {736AF091-C361-49B4-A928-87C586130D33} => C:\Program Files\File Shredder\fsshell.dll [2012-04-01] ()
ContextMenuHandlers6: [FileSeek] -> {b211c53f-0052-4187-957f-f5bea28eb679} => C:\Program Files (x86)\FileSeek\FileSeekContextMenuHandler64.dll [2015-01-27] (Binary Fortress Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A7F20C0-7DA0-4EC0-A709-FB02255989EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {2EA9A4BA-CE2F-4152-A841-B066EAF814D8} - System32\Tasks\Zoho Report Uploader => C:\Users\Administrator\Desktop\UploadTool\bin\UploadFromDB.bat [Argument = a.alhuthaifi@telecare.com.sa Hola73652]
Task: {644C2327-4EA3-4796-9D9B-86569FB123C0} - System32\Tasks\Microsoft\Windows\Backup\Microsoft-Windows-WindowsBackup => C:\Windows\System32\wbadmin.exe [2014-10-29] (Microsoft Corporation)
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2013-08-22] (Microsoft Corporation)
Task: {697AE616-011A-4CF6-8CCA-DE6CDFFA2050} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {777D9BBE-20B2-4E20-99B1-726D5B6E4087} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {7783F871-92D7-44CF-9747-00F6D66E787F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2013-08-22] (Microsoft Corporation)
Task: {9680A227-4776-492B-B760-3EC171A08707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {B484F934-37C8-4B62-AA6A-0AEC9159D315} - System32\Tasks\WiseCleaner\WMOSkipUAC => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe [2015-07-02] (WiseCleaner.com)
Task: {BA7FA2EC-9D7A-4F9D-8DCD-691FBFF9C90F} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {F0BBC3A4-3205-4E8D-BBA6-FC6C5F4E052E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {F258FD7B-7126-4B4A-9440-58473831AB90} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-12-28] ()
Task: {FD5220CD-6FD9-4443-BF01-08A1B7A1F997} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Administrator.TC-SER-2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2014-03-19 07:33 - 2014-04-11 13:27 - 001619456 _____ () C:\hp\hpsmh\bin\libxml2.dll
2014-03-19 07:33 - 2014-04-11 13:27 - 001619456 _____ () C:\hp\hpsmh\modules\libxml2.dll
2014-03-19 07:33 - 2014-04-11 13:27 - 000080384 _____ () C:\hp\hpsmh\modules\zlib1.dll
2015-11-10 15:45 - 2015-11-10 15:45 - 008901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-05 16:59 - 2012-04-01 00:06 - 002689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2013-08-22 12:53 - 2014-12-02 11:37 - 000033280 _____ () C:\Windows\System32\ActivationVDev.dll
2016-03-11 16:38 - 2016-03-11 16:38 - 001282048 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V8d0bc16f#\19584c6b8d8f594ebf356b0dfc3f4775\Microsoft.Virtualization.Client.RdpClientAxHost.ni.dll
2015-10-19 17:20 - 2016-07-30 00:00 - 000164352 _____ () C:\Program Files\GFI\WebMonitor\Http.Filter.Tracing.dll
2017-07-30 11:57 - 2017-07-25 10:42 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\libglesv2.dll
2017-07-30 11:57 - 2017-07-25 10:42 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\libegl.dll
2013-01-22 13:30 - 2013-01-22 13:30 - 000013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B [948]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 16:25 - 2013-08-22 16:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1003268329-1914593562-1457070966-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.16.10.2 - 172.160.10.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{8E31A341-A1A2-4F5A-8CF6-46D15F199EF8}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{C1F9B5E3-8FB1-4F44-80CE-0DDC37DB97B5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{E80A1A6C-E71C-49E2-B365-9C1D827A00AB}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{6BE6C106-B644-4E08-A6D7-F66C913E0ABF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{9F95B1A7-8DE8-4E51-9A14-1A2B867CDCE1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{D881833B-8214-43DE-9D1E-513D003AC741}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
FirewallRules: [{A8D9636E-3FDC-4AD1-8961-7EF4AD52F46F}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{9AC54A94-3AC6-4265-A8FC-979FAEFF3267}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{DF8080CE-48F1-440E-9762-BA9F17675C5B}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{2224E7C3-F22C-44D8-9D90-1A83ABC89C3B}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{0759F147-5D76-4419-A165-51AB3CD482B3}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [{583BB646-A5FD-4396-B408-C5730DFE05ED}] => (Allow) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [FSRM-SrmReports-In (RPC)] => (Allow) %systemroot%\system32\srmhost.exe
FirewallRules: [{52244866-DA58-4F19-AE76-068878B8F0DA}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [{AFD08187-6B96-473D-B7BF-14879E7F718A}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
FirewallRules: [WindowsServerBackup-wbengine-In-TCP-NoScope] => (Allow) %systemroot%\system32\wbengine.exe
FirewallRules: [{6C17CCD2-B516-448C-B6BD-93108645C648}] => (Allow) LPort=5555
FirewallRules: [{B736A39E-EA76-4E31-96F2-33D87DC85A85}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E5E1F987-0FF9-41A5-A794-B05B0565B6D2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{341D3A06-3378-4033-8C92-C905052C76CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E9C12B46-F0E8-4FEE-9424-B09A927FC6EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{62EFBABF-65E1-41FC-9316-EF3B3E390519}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{29FEA938-BD47-4787-9781-7704B8638D53}] => (Allow) C:\Program Files (x86)\SimpleFiles\SimpleFiles.exe
FirewallRules: [{9FC3AC8F-F26B-401A-A428-BDEEE6536DCB}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{9304C4E5-A9A8-483F-87BE-B51677639194}] => (Allow) C:\Program Files (x86)\SimpleFiles\downloader.exe
FirewallRules: [{879FEB06-6179-46F5-BFC5-2F49C9A29914}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B9B3BE19-4F76-49B5-8F71-A47FBF8707AE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7542A66D-55C2-4079-A40A-CDF844C5E33C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0EA4E3D7-81B1-4068-96AF-2B15B69097E0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D8FA1DB7-F4DE-4AB8-A7CD-2E34E3172240}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{EB572720-74D2-4A4D-87EE-D97134F78106}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{3CA11389-32C5-43E3-83A7-A84574EEA0A5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{4674FBB4-FDA7-4872-828F-0138170D2D25}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{3A59CD45-48EA-4615-8DF7-99DB8C1926D6}] => (Allow) LPort=139
FirewallRules: [{A5AB0732-EEC4-422D-BEAF-9AA05077CC4E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E75451CC-EDEE-479D-B80F-59C441C4C6AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A4E7B81D-17B5-439C-B7ED-9B83DF6ADE72}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{86F6210E-621A-4881-B7AE-0DD49791896C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2EF93EB6-FF40-49FE-852E-110615704638}] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [{97E42662-29F9-4E9A-A123-810FF8A27822}] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [{900E00AF-E895-40B8-9D9C-4905C3500404}] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [{8E021D17-1812-43C5-852B-4043ABD136FE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2017 04:54:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{936d2723-7a68-4627-892e-a530120dc495}\ was not optimized because an error was encountered: Neither Slab Consolidation nor Slab Analysis will run if slabs are less than 8 MB. (0x8900002D)
Error: (07/30/2017 05:59:43 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{936d2723-7a68-4627-892e-a530120dc495}\ was not optimized because an error was encountered: Neither Slab Consolidation nor Slab Analysis will run if slabs are less than 8 MB. (0x8900002D)
Error: (07/24/2017 05:16:58 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{936d2723-7a68-4627-892e-a530120dc495}\ was not optimized because an error was encountered: Neither Slab Consolidation nor Slab Analysis will run if slabs are less than 8 MB. (0x8900002D)
Error: (07/23/2017 04:52:59 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{936d2723-7a68-4627-892e-a530120dc495}\ was not optimized because an error was encountered: Neither Slab Consolidation nor Slab Analysis will run if slabs are less than 8 MB. (0x8900002D)
Error: (07/21/2017 11:41:01 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task with GUID '674D9BE6-C532-4258-B58C-132B38D406F4' because of error 2 (Failed to find the file (folder) or the key (value) in the registry.).
Error: (07/21/2017 11:41:01 AM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run task with GUID '175175AE-ED85-4233-96F4-BC9E6915336B' because of error 3 (The system cannot find the path specified).
Error: (07/17/2017 03:16:34 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{936d2723-7a68-4627-892e-a530120dc495}\ was not optimized because an error was encountered: Neither Slab Consolidation nor Slab Analysis will run if slabs are less than 8 MB. (0x8900002D)
Error: (07/16/2017 02:13:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{936d2723-7a68-4627-892e-a530120dc495}\ was not optimized because an error was encountered: Neither Slab Consolidation nor Slab Analysis will run if slabs are less than 8 MB. (0x8900002D)
Error: (07/11/2017 06:52:16 AM) (Source: SRMSVC) (EventID: 8228) (User: )
Description: File Server Resource Manager was unable to access the following file or volume: '\\?\Volume{936d2723-7a68-4627-892e-a530120dc495}\'. This file or volume might be locked by another application right now, or you might need to give Local System access to it.
Error: (07/10/2017 04:59:03 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{936d2723-7a68-4627-892e-a530120dc495}\ was not optimized because an error was encountered: Neither Slab Consolidation nor Slab Analysis will run if slabs are less than 8 MB. (0x8900002D)
System errors:
=============
Error: (07/31/2017 08:54:54 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (07/31/2017 08:54:53 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (07/31/2017 08:54:52 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (07/31/2017 08:54:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (07/31/2017 08:54:50 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (07/31/2017 08:54:50 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (07/31/2017 08:54:48 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (07/31/2017 08:54:48 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (07/31/2017 08:54:47 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
Error: (07/31/2017 08:54:47 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
CodeIntegrity:
===================================
Date: 2016-04-08 04:57:19.178
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2016-04-08 04:57:18.756
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2016-04-08 04:55:41.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2016-04-08 04:55:41.059
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2016-04-03 09:56:47.618
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2016-04-03 09:56:47.384
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2016-04-03 09:55:23.639
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2016-04-03 09:55:23.311
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2016-04-03 09:47:16.274
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
Date: 2016-04-03 09:47:15.879
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz
Percentage of memory in use: 25%
Total physical RAM: 32733.27 MB
Available physical RAM: 24353.15 MB
Total Virtual: 37597.27 MB
Available Virtual: 27047.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:837.75 GB) (Free:298.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 838.1 GB) (Disk ID: 1CD244C6)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=837.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
----------------------------------------------------------------------------------------------------------------
SALog.txt
Result of Security Analysis by Rocket Grannie (x86) Updated: 25th July, 2017
Running from:C:\Users\Administrator.TC-SER-2\Desktop (11:51:13 - 07/31/2017)
***---------------------------------------------------------***
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
------------------------------------------------------------------------------
Hi, azuz16.
Doing some further research, generally, the 80072F8F error code is related to the system time. The first thing to try is the following:
If that doesn't work, open a command prompt and type these commands:
net start w32time
w32tm /resync
If you are still unable to update, please follow the instruction sin Windows Update Forum Posting Instructions and post the results in your original topic at Error While trying to update Windows Server 2012.
Doing some further research, generally, the 80072F8F error code is related to the system time. The first thing to try is the following:
right-click on system clock > Adjust date/time > Internet Time tab > Change settings > Update now
If that doesn't work, open a command prompt and type these commands:
net start w32time
w32tm /resync
If you are still unable to update, please follow the instruction sin Windows Update Forum Posting Instructions and post the results in your original topic at Error While trying to update Windows Server 2012.
Hi,
I see GFI Web Monitor in your installed programs. I suspect this is doing HTTPS inspection, which means it would need to replace the root CAs on the machine.
Can you check the security details when you visit Chrome? In Chrome:
Are you able to uninstall GFI Web Monitor and test?
I see GFI Web Monitor in your installed programs. I suspect this is doing HTTPS inspection, which means it would need to replace the root CAs on the machine.
Can you check the security details when you visit Chrome? In Chrome:
- Press F12 to open Dev Tools
- Select the security tab
- Take a screenshot of what you see
- Click the view certificate button, and send a screenshot of the Certificate window that pops up.
Are you able to uninstall GFI Web Monitor and test?
Thank you for your feedback, I followed the steps and it's not working, I will follow the instruction in the Windows update form and will post the result there
Hi
Thank you for your feedback
Please find the screenshot you see
Regarding removing GFI, I could not remove it because I providing some errors, I contacted the support and still waiting for their feedback
Has Sysnative Forums helped you? Please consider donating to help us support the site!