Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019 Ran by Administrator (15-02-2019 15:50:32) Running from C:\Users\Administrator\Desktop Windows Server 2012 R2 Standard (X64) (2017-11-05 12:50:48) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3531997757-2375627638-2511237956-500 - Administrator - Enabled) Guest (S-1-5-21-3531997757-2375627638-2511237956-501 - Limited - Disabled) krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile VVV (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile SpiceWorks (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile BU_Admin (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile Sacha (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile Lara (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile Mélanie (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile svc.sqladmin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile DC01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile VC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SPICEWORKS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile W10-001$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile VIDEO$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile PRTG$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile W7-TEMPLATE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile WSUS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile TSGATEWAY$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile DC02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile LANSWEEPER$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile WSUSHOME$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SQL01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SQL2008$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SQL2014$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SQL2016$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SQL2017$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile CS01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile WKS-VVV$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile CS02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile GATE01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile LAB$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Administrative Templates (.admx) for Windows 10 Fall Creators Update (HKLM-x32\...\{4EB5CC28-4B50-4EE5-A24A-725C4714EFE9}) (Version: 1.0 - Microsoft Corporation) Microsoft Online Services Sign-in Assistant (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) SharePoint Online Management Shell (HKLM\...\{95160000-115B-0409-1000-0000000FF1CE}) (Version: 16.0.6906.1200 - Microsoft Corporation) VMware Tools (HKLM\...\{092CAFE8-7A43-4C32-82C6-A5547F93417F}) (Version: 10.2.1.8267844 - VMware, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2) Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe (Microsoft Windows -> Microsoft Corporation) Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)" Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe (Microsoft Windows -> Microsoft Corporation) Task: {E17CE1E2-2876-42D3-B6F5-40A269D1D3C4} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Daily Collector => %systemroot%\system32\cscript.exe %systemroot%\system32\sildailycollector.vbs (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-04-14 08:58 - 2018-04-14 08:58 - 000454584 _____ () C:\Program Files\VMware\VMware Tools\pcre.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2894946948-3597676906-2984582856-500\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMINI~1\AppData\Local\Temp\2\BGInfo.bmp DNS Servers: 127.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/15/2019 03:49:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VVNET) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. DETAIL - The system cannot find the file specified. Error: (02/15/2019 03:49:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VVNET) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (02/15/2019 03:49:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: VVNET) Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (02/15/2019 03:42:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VVNET) Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly. DETAIL - The system cannot find the file specified. Error: (02/15/2019 03:42:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VVNET) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (02/15/2019 03:42:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: VVNET) Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (02/15/2019 03:41:17 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (02/15/2019 03:40:25 PM) (Source: MSOIDSVC.EXE) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (02/15/2019 03:40:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The VMware Alias Manager and Ticket Service service terminated unexpectedly. It has done this 1 time(s). Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET) Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe). Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET) Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe). Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET) Description: DCOM was unable to communicate with the computer SpiceWorks.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe). Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET) Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe). Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET) Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe). Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET) Description: DCOM was unable to communicate with the computer SpiceWorks.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe). Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET) Description: DCOM was unable to communicate with the computer SpiceWorks.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe). ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz Percentage of memory in use: 86% Total physical RAM: 1023.49 MB Available physical RAM: 133.3 MB Total Virtual: 1487.46 MB Available Virtual: 267.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:19.66 GB) (Free:9.42 GB) NTFS \\?\Volume{adef0c4e-c21b-11e7-80b4-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 20 GB) (Disk ID: B49B87CE) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=19.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================