Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
COM Surrogate - dllhost.exe *32 -- Multiple instances
Message
<blockquote data-quote="tdnxxx444" data-source="post: 267614" data-attributes="member: 28320"><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01</p><p>Ran by tnguyen at 2014-09-25 13:36:31</p><p>Running from C:\Users\tnguyen\Downloads</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)</p><p>Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)</p><p>Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)</p><p>Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)</p><p>Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)</p><p>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)</p><p>Beyond Compare Version 3.3.7 (HKLM-x32\...\BeyondCompare3_is1) (Version: - Scooter Software)</p><p>BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)</p><p>Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)</p><p>Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)</p><p>Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)</p><p>Git version 1.9.2-preview20140411 (HKLM-x32\...\Git_is1) (Version: 1.9.2-preview20140411 - The Git Development Community)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)</p><p>Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden</p><p>IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)</p><p>Intel PROSet Wireless (Version: - ) Hidden</p><p>Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)</p><p>Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)</p><p>Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)</p><p>Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)</p><p>iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)</p><p>Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)</p><p>Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden</p><p>Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)</p><p>Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)</p><p>Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden</p><p>Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)</p><p>Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)</p><p>Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)</p><p>O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)</p><p>O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden</p><p>OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)</p><p>Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)</p><p>pgAdmin III 1.18 (HKLM-x32\...\{B83C2BA8-F874-45F8-8E4A-07808A38D52C}) (Version: 1.18 - The pgAdmin Development Team)</p><p>PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)</p><p>QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)</p><p>Ruby 1.9.3-p545 (HKCU\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p545 - RubyInstaller Team)</p><p>Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)</p><p>SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)</p><p>Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )</p><p>SUPER © v2013.build.58+Recorder (2013/11/13) version v2013.buil (HKLM-x32\...\{8E2A1F92-9B4F-4DF9-8459-5C06B0813C69}_is1) (Version: v2013.build.58+Recorder - eRightSoft)</p><p>Toad™ for MySQL Freeware 7.2 (HKLM-x32\...\{E751D020-C0FD-432D-82D4-B1953C8BC4BD}) (Version: 7.2.0.2922 - Dell)</p><p>TortoiseSVN 1.8.6.25419 (64 bit) (HKLM\...\{0DD7C466-163D-4901-AD4B-E78EEFD7FE01}) (Version: 1.8.25419 - TortoiseSVN)</p><p>Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)</p><p>TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)</p><p>TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1642 - Intuit Inc.) Hidden</p><p>TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0379 - Intuit Inc.) Hidden</p><p>TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0164 - Intuit Inc.) Hidden</p><p>TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden</p><p>TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)</p><p>TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1036 - Intuit Inc.) Hidden</p><p>TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0312 - Intuit Inc.) Hidden</p><p>TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0140 - Intuit Inc.) Hidden</p><p>TurboTax 2013 wrapper (x32 Version: 013.000.0128 - Intuit Inc.) Hidden</p><p>Vagrant (HKLM-x32\...\{E03DED8D-D1DB-42DE-821A-F0E50C7FF6B2}) (Version: 1.6.3 - HashiCorp)</p><p>VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)</p><p>WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()</p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)</p><p></p><p>==================== Restore Points =========================</p><p></p><p>25-09-2014 03:19:50 ComboFix created restore point</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2014-09-24 21:46 - 2014-09-25 12:43 - 00001394 ____A C:\Windows\system32\Drivers\etc\hosts</p><p>192.168.56.101 cms.openroad.local</p><p>172.25.36.28 sfc.devvm45.speedfc.com</p><p>172.25.36.28 cccart.devvm45.speedfc.com</p><p>192.168.56.101 <a href="http://www.trksit.com" target="_blank">www.trksit.com</a></p><p>192.168.56.101 fullstack.heyo.com</p><p></p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {05D2A5CD-5614-4CF6-ABB0-1987E6F19C84} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-09-15] (Enigma Software Group USA, LLC.)</p><p>Task: {17601745-54B1-4320-AA49-1BB622A1E05F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-13] (Google Inc.)</p><p>Task: {75B40827-585E-41ED-AD82-E55286FABB34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-13] (Google Inc.)</p><p>Task: {799D67F5-F71A-4381-9163-797E4C4CBD91} - System32\Tasks\{D7C9FEE3-30DE-810E-6CCC-FEACECB6A9EB} => C:\Windows\system32\izmfodi.dll [2014-09-24] ()</p><p>Task: {91104190-F0D8-4CC6-A14B-81B805A7351A} - System32\Tasks\{EA81CC8D-C2B6-CAF3-A00F-EF3E0C2D7CF4} => C:\Users\tnguyen\AppData\Roaming\idwwem.dll/s "C:\Users\tnguyen\AppData\Roaming\idwwem.dll"</p><p>Task: {CF934E7A-3DB4-430B-96C7-D1FD262694A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)</p><p>Task: {E792999C-5E33-47BE-A8A0-150A764B14BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)</p><p>Task: {E95B285B-97DE-43F5-8BB2-B7FFF430E18A} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\tnguyen\AppData\Local\Temp\uhejzqi.dll",DllRegisterServer</p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll</p><p>2014-05-12 00:24 - 2003-04-18 18:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe</p><p>2014-04-12 14:48 - 2014-04-12 14:48 - 00088816 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll</p><p>2014-04-12 14:48 - 2014-04-12 14:48 - 00076016 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll</p><p>2014-05-30 13:00 - 2014-04-11 14:40 - 00736450 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll</p><p>2014-05-11 23:32 - 2013-02-22 14:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll</p><p>2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll</p><p>2013-10-11 11:47 - 2013-10-11 11:47 - 08552960 _____ () C:\Program Files (x86)\pgAdmin III\1.18\pgadmin3.exe</p><p>2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll</p><p>2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll</p><p>2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll</p><p>2014-04-12 13:45 - 2014-04-12 13:45 - 00065776 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll</p><p>2014-04-12 13:45 - 2014-04-12 13:45 - 00071920 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll</p><p>2014-09-25 12:43 - 2014-09-25 12:43 - 00043008 _____ () c:\users\tnguyen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfuusqc.dll</p><p>2014-08-15 11:08 - 2014-08-15 11:08 - 00798208 ____N () C:\Users\tnguyen\AppData\Local\Idsnsoft\3cmlink.dll</p><p>2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\libcef.dll</p><p>2014-04-08 00:00 - 2014-04-08 00:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll</p><p>2014-04-08 00:00 - 2014-04-08 00:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll</p><p>2014-04-08 00:00 - 2014-04-08 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\trillian.dll</p><p>2014-04-08 00:00 - 2014-04-08 00:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll</p><p>2014-04-08 00:00 - 2014-04-08 00:00 - 00003584 _____ () c:\program files (x86)\trillian\languages\en\toolkit.dll</p><p>2014-04-08 00:00 - 2014-04-08 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\events.dll</p><p>2014-04-08 00:00 - 2014-04-08 00:00 - 00010752 _____ () c:\program files (x86)\trillian\languages\en\buddy.dll</p><p>2014-04-08 00:00 - 2014-04-08 00:00 - 00007168 _____ () c:\program files (x86)\trillian\languages\en\talk.dll</p><p>2014-09-24 21:13 - 2014-09-22 23:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll</p><p>2014-09-24 21:13 - 2014-09-22 23:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll</p><p>2014-09-24 21:13 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll</p><p>2014-09-24 21:13 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll</p><p>2014-09-24 21:13 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll</p><p>2014-09-24 21:13 - 2014-09-22 23:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll</p><p>2014-05-12 00:05 - 2014-05-12 00:05 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0d288350c26a4fac94c8e1f2ee3e945c\IsdiInterop.ni.dll</p><p>2014-05-12 00:05 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll</p><p>2013-10-08 08:07 - 2013-10-08 08:07 - 00139264 _____ () C:\Program Files (x86)\pgAdmin III\1.18\LIBPQ.dll</p><p>2012-08-14 14:30 - 2012-08-14 14:30 - 01009664 _____ () C:\Program Files (x86)\pgAdmin III\1.18\libxml2.dll</p><p>2012-05-23 08:24 - 2012-05-23 08:24 - 00171008 _____ () C:\Program Files (x86)\pgAdmin III\1.18\libxslt.dll</p><p>2014-07-25 23:57 - 2012-10-05 19:54 - 00188416 __RSH () C:\Windows\SysWow64\winDCE32.dll</p><p>2014-04-22 13:00 - 2014-04-22 13:00 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll</p><p>2014-04-15 16:23 - 2014-04-15 16:23 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"</p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-280668642-803239663-4213265422-500 -> Administrator - Disabled - Status: Degraded)</p><p>Guest (S-1-5-21-280668642-803239663-4213265422-501 -> Limited - Disabled - Status: Degraded)</p><p>HomeGroupUser$ (S-1-5-21-280668642-803239663-4213265422-1002 -> Limited - Enabled - Status: OK)</p><p>tnguyen (S-1-5-21-280668642-803239663-4213265422-1000 -> Administrator - Enabled - Status: OK) => C:\Users\tnguyen</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p>Name: </p><p>Description: </p><p>Class Guid: </p><p>Manufacturer: </p><p>Service: </p><p>Problem: : The drivers for this device are not installed. (Code 28)</p><p>Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.</p><p></p><p>Name: Cisco Systems VPN Adapter for 64-bit Windows</p><p>Description: Cisco Systems VPN Adapter for 64-bit Windows</p><p>Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}</p><p>Manufacturer: Cisco Systems</p><p>Service: CVirtA</p><p>Problem: : This device is disabled. (Code 22)</p><p>Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (09/25/2014 00:43:50 PM) (Source: MsiInstaller) (EventID: 1024) (User: tnguyen-PC)</p><p>Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: <a href="http://go.microsoft.com/fwlink/?LinkId=23127" target="_blank">http://go.microsoft.com/fwlink/?LinkId=23127</a></p><p></p><p>Error: (09/25/2014 00:43:00 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1</p><p>Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdfd0</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x000007fef94275f4</p><p>Faulting process id: 0xf74</p><p>Faulting application start time: 0xsvchost.exe0</p><p>Faulting application path: svchost.exe1</p><p>Faulting module path: svchost.exe2</p><p>Report Id: svchost.exe3</p><p></p><p>Error: (09/25/2014 00:42:09 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/25/2014 11:39:05 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/25/2014 11:37:33 AM) (Source: Winlogon) (EventID: 4103) (User: )</p><p>Description: Windows license activation failed. Error 0x00000000.</p><p></p><p>Error: (09/25/2014 11:37:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )</p><p>Description: License Activation (slui.exe) failed with the following error code:</p><p>0x8007043C</p><p></p><p>Error: (09/25/2014 10:18:14 AM) (Source: MsiInstaller) (EventID: 1024) (User: tnguyen-PC)</p><p>Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: <a href="http://go.microsoft.com/fwlink/?LinkId=23127" target="_blank">http://go.microsoft.com/fwlink/?LinkId=23127</a></p><p></p><p>Error: (09/25/2014 10:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/25/2014 02:18:39 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1</p><p>Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x00000000022d1183</p><p>Faulting process id: 0x194</p><p>Faulting application start time: 0xsvchost.exe0</p><p>Faulting application path: svchost.exe1</p><p>Faulting module path: svchost.exe2</p><p>Report Id: svchost.exe3</p><p></p><p>Error: (09/25/2014 01:20:34 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1</p><p>Faulting module name: netprofm.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdfd0</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x000000000000809b</p><p>Faulting process id: 0x1310</p><p>Faulting application start time: 0xsvchost.exe0</p><p>Faulting application path: svchost.exe1</p><p>Faulting module path: svchost.exe2</p><p>Report Id: svchost.exe3</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (09/25/2014 00:41:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (09/25/2014 00:41:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (09/25/2014 00:41:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p>Error: (09/25/2014 00:36:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )</p><p>Description: The Computer Browser service depends on the Server service which failed to start because of the following error: </p><p>%%1068</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p>Error: (09/25/2014 00:43:50 PM) (Source: MsiInstaller) (EventID: 1024) (User: tnguyen-PC)</p><p>Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)</p><p></p><p>Error: (09/25/2014 00:43:00 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: svchost.exe6.1.7600.163854a5bc3c1netprofm.dll_unloaded0.0.0.04a5bdfd0c0000005000007fef94275f4f7401cfd8e81d4cbf15C:\Windows\system32\svchost.exenetprofm.dll644dc091-44db-11e4-833d-fab232a34850</p><p></p><p>Error: (09/25/2014 00:42:09 PM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/25/2014 11:39:05 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/25/2014 11:37:33 AM) (Source: Winlogon) (EventID: 4103) (User: )</p><p>Description: 0x000000000x00000001</p><p></p><p>Error: (09/25/2014 11:37:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )</p><p>Description: 0x8007043C</p><p></p><p>Error: (09/25/2014 10:18:14 AM) (Source: MsiInstaller) (EventID: 1024) (User: tnguyen-PC)</p><p>Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)</p><p></p><p>Error: (09/25/2014 10:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: )</p><p>Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003</p><p></p><p>Error: (09/25/2014 02:18:39 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000022d118319401cfd89074381b79C:\Windows\system32\svchost.exeunknown2bcb5ea1-4484-11e4-be8e-947214459593</p><p></p><p>Error: (09/25/2014 01:20:34 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: svchost.exe6.1.7600.163854a5bc3c1netprofm.dll6.1.7600.163854a5bdfd0c0000005000000000000809b131001cfd87052c2a200C:\Windows\system32\svchost.exeC:\Windows\System32\netprofm.dll0e4995a8-447c-11e4-be8e-947214459593</p><p></p><p></p><p>CodeIntegrity Errors:</p><p>===================================</p><p> Date: 2014-09-25 01:15:18.388</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-25 01:15:18.388</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-23 15:30:21.990</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-23 15:30:21.981</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-16 23:32:01.273</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-16 23:32:01.257</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-16 10:12:54.751</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p> Date: 2014-09-16 10:12:54.735</p><p> Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz</p><p>Percentage of memory in use: 53%</p><p>Total physical RAM: 8073.02 MB</p><p>Available physical RAM: 3785.88 MB</p><p>Total Pagefile: 16144.21 MB</p><p>Available Pagefile: 10547.89 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.85 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:1862.92 GB) (Free:1651.92 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4DD8BB6E)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="tdnxxx444, post: 267614, member: 28320"] Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2014 01 Ran by tnguyen at 2014-09-25 13:36:31 Running from C:\Users\tnguyen\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Beyond Compare Version 3.3.7 (HKLM-x32\...\BeyondCompare3_is1) (Version: - Scooter Software) BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32128 - BitTorrent Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.) Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.) Git version 1.9.2-preview20140411 (HKLM-x32\...\Git_is1) (Version: 1.9.2-preview20140411 - The Git Development Community) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4C1CCA11-0D08-4D5E-8444-2D9FB48BCABF}) (Version: 14.00.20110 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.) O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation) Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation) pgAdmin III 1.18 (HKLM-x32\...\{B83C2BA8-F874-45F8-8E4A-07808A38D52C}) (Version: 1.18 - The pgAdmin Development Team) PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Ruby 1.9.3-p545 (HKCU\...\{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1) (Version: 1.9.3-p545 - RubyInstaller Team) Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC) Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - ) SUPER © v2013.build.58+Recorder (2013/11/13) version v2013.buil (HKLM-x32\...\{8E2A1F92-9B4F-4DF9-8459-5C06B0813C69}_is1) (Version: v2013.build.58+Recorder - eRightSoft) Toad™ for MySQL Freeware 7.2 (HKLM-x32\...\{E751D020-C0FD-432D-82D4-B1953C8BC4BD}) (Version: 7.2.0.2922 - Dell) TortoiseSVN 1.8.6.25419 (64 bit) (HKLM\...\{0DD7C466-163D-4901-AD4B-E78EEFD7FE01}) (Version: 1.8.25419 - TortoiseSVN) Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC) TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc) TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.1642 - Intuit Inc.) Hidden TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0379 - Intuit Inc.) Hidden TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0164 - Intuit Inc.) Hidden TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc) TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1036 - Intuit Inc.) Hidden TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0312 - Intuit Inc.) Hidden TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0140 - Intuit Inc.) Hidden TurboTax 2013 wrapper (x32 Version: 013.000.0128 - Intuit Inc.) Hidden Vagrant (HKLM-x32\...\{E03DED8D-D1DB-42DE-821A-F0E50C7FF6B2}) (Version: 1.6.3 - HashiCorp) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll () CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-280668642-803239663-4213265422-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 25-09-2014 03:19:50 ComboFix created restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-09-24 21:46 - 2014-09-25 12:43 - 00001394 ____A C:\Windows\system32\Drivers\etc\hosts 192.168.56.101 cms.openroad.local 172.25.36.28 sfc.devvm45.speedfc.com 172.25.36.28 cccart.devvm45.speedfc.com 192.168.56.101 [url="http://www.trksit.com"]www.trksit.com[/url] 192.168.56.101 fullstack.heyo.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05D2A5CD-5614-4CF6-ABB0-1987E6F19C84} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-09-15] (Enigma Software Group USA, LLC.) Task: {17601745-54B1-4320-AA49-1BB622A1E05F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-13] (Google Inc.) Task: {75B40827-585E-41ED-AD82-E55286FABB34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-13] (Google Inc.) Task: {799D67F5-F71A-4381-9163-797E4C4CBD91} - System32\Tasks\{D7C9FEE3-30DE-810E-6CCC-FEACECB6A9EB} => C:\Windows\system32\izmfodi.dll [2014-09-24] () Task: {91104190-F0D8-4CC6-A14B-81B805A7351A} - System32\Tasks\{EA81CC8D-C2B6-CAF3-A00F-EF3E0C2D7CF4} => C:\Users\tnguyen\AppData\Roaming\idwwem.dll/s "C:\Users\tnguyen\AppData\Roaming\idwwem.dll" Task: {CF934E7A-3DB4-430B-96C7-D1FD262694A9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {E792999C-5E33-47BE-A8A0-150A764B14BF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {E95B285B-97DE-43F5-8BB2-B7FFF430E18A} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\tnguyen\AppData\Local\Temp\uhejzqi.dll",DllRegisterServer Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2014-05-12 00:24 - 2003-04-18 18:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe 2014-04-12 14:48 - 2014-04-12 14:48 - 00088816 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll 2014-04-12 14:48 - 2014-04-12 14:48 - 00076016 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll 2014-05-30 13:00 - 2014-04-11 14:40 - 00736450 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll 2014-05-11 23:32 - 2013-02-22 14:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2010-12-23 13:33 - 2010-12-23 13:33 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2013-10-11 11:47 - 2013-10-11 11:47 - 08552960 _____ () C:\Program Files (x86)\pgAdmin III\1.18\pgadmin3.exe 2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll 2014-04-12 13:45 - 2014-04-12 13:45 - 00065776 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll 2014-04-12 13:45 - 2014-04-12 13:45 - 00071920 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll 2014-09-25 12:43 - 2014-09-25 12:43 - 00043008 _____ () c:\users\tnguyen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfuusqc.dll 2014-08-15 11:08 - 2014-08-15 11:08 - 00798208 ____N () C:\Users\tnguyen\AppData\Local\Idsnsoft\3cmlink.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\tnguyen\AppData\Roaming\Dropbox\bin\libcef.dll 2014-04-08 00:00 - 2014-04-08 00:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll 2014-04-08 00:00 - 2014-04-08 00:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll 2014-04-08 00:00 - 2014-04-08 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\trillian.dll 2014-04-08 00:00 - 2014-04-08 00:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll 2014-04-08 00:00 - 2014-04-08 00:00 - 00003584 _____ () c:\program files (x86)\trillian\languages\en\toolkit.dll 2014-04-08 00:00 - 2014-04-08 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\events.dll 2014-04-08 00:00 - 2014-04-08 00:00 - 00010752 _____ () c:\program files (x86)\trillian\languages\en\buddy.dll 2014-04-08 00:00 - 2014-04-08 00:00 - 00007168 _____ () c:\program files (x86)\trillian\languages\en\talk.dll 2014-09-24 21:13 - 2014-09-22 23:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll 2014-09-24 21:13 - 2014-09-22 23:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll 2014-09-24 21:13 - 2014-09-22 23:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll 2014-09-24 21:13 - 2014-09-22 23:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll 2014-09-24 21:13 - 2014-09-22 23:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll 2014-09-24 21:13 - 2014-09-22 23:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll 2014-05-12 00:05 - 2014-05-12 00:05 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0d288350c26a4fac94c8e1f2ee3e945c\IsdiInterop.ni.dll 2014-05-12 00:05 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-10-08 08:07 - 2013-10-08 08:07 - 00139264 _____ () C:\Program Files (x86)\pgAdmin III\1.18\LIBPQ.dll 2012-08-14 14:30 - 2012-08-14 14:30 - 01009664 _____ () C:\Program Files (x86)\pgAdmin III\1.18\libxml2.dll 2012-05-23 08:24 - 2012-05-23 08:24 - 00171008 _____ () C:\Program Files (x86)\pgAdmin III\1.18\libxslt.dll 2014-07-25 23:57 - 2012-10-05 19:54 - 00188416 __RSH () C:\Windows\SysWow64\winDCE32.dll 2014-04-22 13:00 - 2014-04-22 13:00 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll 2014-04-15 16:23 - 2014-04-15 16:23 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-280668642-803239663-4213265422-500 -> Administrator - Disabled - Status: Degraded) Guest (S-1-5-21-280668642-803239663-4213265422-501 -> Limited - Disabled - Status: Degraded) HomeGroupUser$ (S-1-5-21-280668642-803239663-4213265422-1002 -> Limited - Enabled - Status: OK) tnguyen (S-1-5-21-280668642-803239663-4213265422-1000 -> Administrator - Enabled - Status: OK) => C:\Users\tnguyen ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/25/2014 00:43:50 PM) (Source: MsiInstaller) (EventID: 1024) (User: tnguyen-PC) Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: [url]http://go.microsoft.com/fwlink/?LinkId=23127[/url] Error: (09/25/2014 00:43:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: netprofm.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdfd0 Exception code: 0xc0000005 Fault offset: 0x000007fef94275f4 Faulting process id: 0xf74 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/25/2014 00:42:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/25/2014 11:39:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/25/2014 11:37:33 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x00000000. Error: (09/25/2014 11:37:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: 0x8007043C Error: (09/25/2014 10:18:14 AM) (Source: MsiInstaller) (EventID: 1024) (User: tnguyen-PC) Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: [url]http://go.microsoft.com/fwlink/?LinkId=23127[/url] Error: (09/25/2014 10:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/25/2014 02:18:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000022d1183 Faulting process id: 0x194 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/25/2014 01:20:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: netprofm.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdfd0 Exception code: 0xc0000005 Fault offset: 0x000000000000809b Faulting process id: 0x1310 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 System errors: ============= Error: (09/25/2014 00:41:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/25/2014 00:41:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/25/2014 00:41:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/25/2014 00:37:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (09/25/2014 00:36:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (09/25/2014 00:43:50 PM) (Source: MsiInstaller) (EventID: 1024) (User: tnguyen-PC) Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) Error: (09/25/2014 00:43:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc3c1netprofm.dll_unloaded0.0.0.04a5bdfd0c0000005000007fef94275f4f7401cfd8e81d4cbf15C:\Windows\system32\svchost.exenetprofm.dll644dc091-44db-11e4-833d-fab232a34850 Error: (09/25/2014 00:42:09 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/25/2014 11:39:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/25/2014 11:37:33 AM) (Source: Winlogon) (EventID: 4103) (User: ) Description: 0x000000000x00000001 Error: (09/25/2014 11:37:33 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: 0x8007043C Error: (09/25/2014 10:18:14 AM) (Source: MsiInstaller) (EventID: 1024) (User: tnguyen-PC) Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) Error: (09/25/2014 10:16:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/25/2014 02:18:39 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c000000500000000022d118319401cfd89074381b79C:\Windows\system32\svchost.exeunknown2bcb5ea1-4484-11e4-be8e-947214459593 Error: (09/25/2014 01:20:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc3c1netprofm.dll6.1.7600.163854a5bdfd0c0000005000000000000809b131001cfd87052c2a200C:\Windows\system32\svchost.exeC:\Windows\System32\netprofm.dll0e4995a8-447c-11e4-be8e-947214459593 CodeIntegrity Errors: =================================== Date: 2014-09-25 01:15:18.388 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-25 01:15:18.388 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-23 15:30:21.990 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-23 15:30:21.981 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-16 23:32:01.273 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-16 23:32:01.257 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-16 10:12:54.751 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-16 10:12:54.735 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz Percentage of memory in use: 53% Total physical RAM: 8073.02 MB Available physical RAM: 3785.88 MB Total Pagefile: 16144.21 MB Available Pagefile: 10547.89 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1862.92 GB) (Free:1651.92 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4DD8BB6E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top