Ill try to make this straight and to the point- friend has a windows 7 home premium Gateway desktop. Back in 2012, he was the victim of the FBI ransomware trojan, freaked out and his solution was to just turn off the desktop and unhook it from the internet. Fast forward to yesterday, and after I heard this story, convinced him to let me bring the computer back from the dead, after assuring him the FBI virus was easily cured. I logged in, and ran Malwarebytes 2x. It showed one trojan and about 250 PUP/PUMs, as well as manual deletion of a bunch of outdated and questionable software. But thats it, almost too easy...
So Im asking if one of you awesome experts will look at my logs please, to make sure im not missing something? Attached Frst, Addition, and AswMBR... if you need more info, please ask, and Ill respond right away, thanks!
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-1318367738-224961267-1809221802-1000\...\Run: [join.me.launcher] => C:\Users\Brian\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc)
HKU\S-1-5-21-1318367738-224961267-1809221802-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1318367738-224961267-1809221802-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1318367738-224961267-1809221802-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-1318367738-224961267-1809221802-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1318367738-224961267-1809221802-1003\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1318367738-224961267-1809221802-1002\User: Restriction <======= ATTENTION
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{BBDAE6C1-A6CD-4212-A4AF-D8E7323B4EDF}: [DhcpNameServer] 192.168.1.254
HKU\S-1-5-21-1318367738-224961267-1809221802-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-1318367738-224961267-1809221802-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360411p106p0465v185k4411r39o
URLSearchHook: HKU\S-1-5-21-1318367738-224961267-1809221802-1000 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKLM-x32 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm014YYus&ptnrS=XPxdm014YYus&ptb=C85FA07E-F22E-442D-AF50-7EF76F19EFE6&psa=&ind=2012101202&st=sb&n=77ee3a52&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1318367738-224961267-1809221802-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS428US428
SearchScopes: HKU\S-1-5-21-1318367738-224961267-1809221802-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=WBR&o=13993&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKU\S-1-5-21-1318367738-224961267-1809221802-1000 -> {4C3D2017-1104-495D-93EA-1901FBC8D222} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
SearchScopes: HKU\S-1-5-21-1318367738-224961267-1809221802-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS428US428
SearchScopes: HKU\S-1-5-21-1318367738-224961267-1809221802-1000 -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm014YYus&ptnrS=XPxdm014YYus&ptb=C85FA07E-F22E-442D-AF50-7EF76F19EFE6&psa=&ind=2012101202&st=sb&n=77ee3a52&searchfor={searchTerms}
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-16] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-16] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1318367738-224961267-1809221802-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1318367738-224961267-1809221802-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-07-12] (Pando Networks)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin HKU\S-1-5-21-1318367738-224961267-1809221802-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-07-12] (Pando Networks)
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [4048240 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WRConsumerService; C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [1201640 2014-08-16] (Webroot Software, Inc. )
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
R0 ssfs0bbc; C:\Windows\System32\DRIVERS\ssfs0bbc.sys [37488 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [135280 2009-11-06] (Webroot Software, Inc. (www.webroot.com))
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
2016-06-24 22:20 - 2016-06-24 22:20 - 00011768 _____ C:\Users\Brian\Desktop\FRST.txt
2016-06-24 22:19 - 2016-06-24 22:19 - 02387456 _____ (Farbar) C:\Users\Brian\Desktop\FRST64.exe
2016-06-24 22:16 - 2016-06-24 22:16 - 00000512 _____ C:\Users\Brian\Desktop\MBR.dat
2016-06-24 21:35 - 2016-06-24 22:16 - 00002818 _____ C:\Users\Brian\Desktop\aswMBR.txt
2016-06-24 16:12 - 2016-06-24 16:12 - 00000000 ____D C:\Users\Brian\AppData\Local\join.me.launcher
2016-06-24 15:00 - 2016-06-24 16:19 - 00000000 ____D C:\Users\Brian\AppData\Local\join.me
2016-06-24 15:00 - 2016-06-24 15:00 - 00000000 ____D C:\Users\Brian\AppData\Roaming\join.me
2016-06-24 14:59 - 2016-06-24 15:00 - 22125056 _____ C:\Users\Brian\Downloads\join.me.msi
2016-06-24 14:57 - 2016-06-24 14:57 - 00000000 ____H C:\Users\Brian\Documents\Default.rdp
2016-06-24 14:19 - 2016-06-24 14:19 - 00000000 ___RD C:\Users\Brian\Documents\Notes
2016-06-24 14:15 - 2016-06-24 14:15 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Malwarebytes
2016-06-24 14:15 - 2012-09-29 11:54 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbam.sys
2016-06-24 14:11 - 2016-06-24 14:32 - 00000000 ____D C:\Users\Brian\AppData\Local\Apple Computer
2016-06-24 11:47 - 2016-06-24 11:47 - 00038400 _____ (Sysinternals) C:\Windows\SysWOW64\Drivers\REGSYS701.SYS
2016-06-24 10:13 - 2016-06-24 10:13 - 00000000 _____ C:\Users\Brian\AppData\Roaming\wklnhst.dat
2016-06-24 10:10 - 2016-06-24 10:12 - 00258916 _____ C:\TDSSKiller.2.8.15.0_24.06.2016_10.10.24_log.txt
2016-06-24 08:31 - 2012-10-29 09:30 - 00027159 _____ C:\Windows\TempFileCleaner.cmd
2016-06-24 08:24 - 2016-06-24 08:24 - 00000000 __SHD C:\Users\Brian\AppData\Local\EmieUserList
2016-06-24 08:24 - 2016-06-24 08:24 - 00000000 __SHD C:\Users\Brian\AppData\Local\EmieSiteList
2016-06-24 07:53 - 2012-09-29 11:54 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2016-06-24 16:32 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-24 16:32 - 2009-07-13 21:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-24 16:29 - 2009-07-13 22:13 - 00812762 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-24 16:24 - 2009-12-01 02:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-24 14:47 - 2011-04-19 21:05 - 00000000 ____D C:\Users\Brian\AppData\Local\Google
2016-06-24 14:25 - 2012-10-11 23:12 - 00000000 ____D C:\Program Files (x86)\Conduit
2016-06-24 14:11 - 2011-06-27 21:27 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Apple Computer
2016-06-24 13:57 - 2011-07-10 22:53 - 00000000 ____D C:\Users\Brian\AppData\Local\ElevatedDiagnostics
2016-06-24 12:46 - 2012-06-01 20:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-24 11:01 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-06-24 10:30 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2016-06-24 10:30 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-24 10:16 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-06-13 19:31 - 2011-04-19 20:31 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-24 10:13 - 2016-06-24 10:13 - 0000000 _____ () C:\Users\Brian\AppData\Roaming\wklnhst.dat
2011-07-13 13:10 - 2011-07-13 13:10 - 0000093 _____ () C:\Users\Brian\AppData\Local\fusioncache.dat
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by Brian (2016-06-24 22:21:13)
Running from C:\Users\Brian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-20 03:20:56)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1318367738-224961267-1809221802-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1318367738-224961267-1809221802-1002 - Limited - Disabled)
Brian (S-1-5-21-1318367738-224961267-1809221802-1000 - Administrator - Enabled) => C:\Users\Brian
Guest (S-1-5-21-1318367738-224961267-1809221802-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-1318367738-224961267-1809221802-1003 - Limited - Disabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Webroot AntiVirus with Spy Sweeper (Disabled - Up to date) {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
AS: Webroot AntiVirus with Spy Sweeper (Disabled - Up to date) {8162D2B6-63C7-5812-E5F7-165FDC222080}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.3.10235 - Blizzard Entertainment)
DriverTuner 3.0.1.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.0.0.1 - LionSea SoftWare)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Fish Tycoon (x32 Version: 2.2.0.95 - WildTangent) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Gateway Incorporated)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
join.me (HKU\S-1-5-21-1318367738-224961267-1809221802-1000\...\JoinMe) (Version: 2.15.1.2637 - LogMeIn, Inc.)
join.me.launcher (x32 Version: 1.0.624.0 - LogMeIn, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Logitech Gaming Software 7.00 (HKLM\...\{690285C2-2481-44FB-8402-162EA970A6DD}) (Version: 7.00.291 - Logitech Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (x32 Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Nero 9 Essentials (HKLM-x32\...\{f531dd03-45ef-45e9-ab97-2a0ab4f14907}) (Version: - Nero AG)
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.5.4 - Pando Networks Inc.)
Prison Tycoon - Alcatraz (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Romopolis (x32 Version: 2.2.0.95 - WildTangent) Hidden
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SimCity™ Societies (HKLM-x32\...\{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}) (Version: 1.0.0.0 - Electronic Arts)
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Spy Sweeper Core (x32 Version: 4.4.0.85 - Webroot Software) Hidden
The Lord of the Rings Online™ v03.03.00.8048 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 03.03.00.8048 - Turbine, Inc.)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Mogul (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Webroot AntiVirus with Spy Sweeper (HKLM-x32\...\{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1) (Version: 6.1 - Webroot Software, Inc.)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3008 - Gateway Incorporated)
Westward (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.21 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 4.1.0.14007 - Blizzard Entertainment)
Youda Survivor 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0864ACE8-F4B1-46D6-8F93-F02A3E4D92E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {08698D40-983E-4E95-8511-BEF953F37C8D} - System32\Tasks\wrSpySweeper_L48B9FE50FAE640DC8284E0939545902A => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06] (Webroot Software, Inc.)
Task: {6EE10206-13AB-4749-9636-E4A4E5E3C6E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {846AB774-34CC-433A-B063-9678D3B2FC62} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E12FE6A-39B6-40A5-8E27-087D6B1C7B0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-16] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\wrSpySweeper_L48B9FE50FAE640DC8284E0939545902A.job => C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L48B9FE50FAE640DC8284E0939545902A C:\BrianԢ眇扥潲瑯ԒTaskName=wrSpySweeper_L48B9FE50FAE640DC8284E0939545902A
ApplicationName=C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.gateway.com/redirect.aspx?rid=09000002
==================== Loaded Modules (Whitelisted) ==============
2009-12-13 19:19 - 2009-12-09 02:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2012-05-20 16:18 - 2013-01-18 08:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-02 18:33 - 2009-02-02 18:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 18:55 - 2008-09-28 18:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2012-03-22 11:40 - 2012-03-22 11:40 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
2012-03-22 11:40 - 2012-03-22 11:40 - 01242472 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebrootSpySweeperService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2014-08-16 23:07 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1318367738-224961267-1809221802-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Brian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Brian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk => C:\Windows\pss\ZooskMessenger.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: Gateway Photo Frame => "C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAAnotif => "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => "C:\Windows\RaidTool\xInsIDE.exe"
MSCONFIG\startupreg: Launch LCore => "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OOTag => "C:\windows\oobeoffer\oobeoffer\ootag.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Sendori Tray => "C:\Program Files (x86)\Sendori\SendoriTray.exe"
MSCONFIG\startupreg: SpySweeper => "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
20-08-2014 13:07:03 Windows Defender Checkpoint
21-08-2014 14:11:41 Windows Defender Checkpoint
21-08-2014 15:52:10 Windows Update
22-08-2014 02:25:13 Windows Update
22-08-2014 15:16:10 Windows Defender Checkpoint
26-08-2014 02:25:11 Windows Update
28-08-2014 03:00:11 Windows Update
17-01-2016 06:06:14 Scheduled Checkpoint
14-06-2016 22:47:51 Scheduled Checkpoint
24-06-2016 15:00:34 Installed join.me
24-06-2016 20:27:44 Windows Update
==================== Faulty Device Manager Devices =============
Name: Logitech GamePanel Devices (Mono)
Description: Logitech GamePanel Devices (Mono)
Class Guid: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Manufacturer: Logitech Inc
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Logitech GamePanel Devices (QVGA)
Description: Logitech GamePanel Devices (QVGA)
Class Guid: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Manufacturer: Logitech Inc
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/24/2016 04:20:49 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsm.exe, failed with status code 1. The machine must now be restarted.
Error: (06/24/2016 02:51:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x1280
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Error: (06/24/2016 02:48:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (06/24/2016 02:48:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (06/24/2016 02:48:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (06/24/2016 02:48:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (06/24/2016 12:41:07 PM) (Source: SendoriService) (EventID: 99) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
Error: (06/24/2016 11:00:52 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (06/24/2016 11:00:52 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (06/24/2016 11:00:52 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (06/24/2016 10:16:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (06/24/2016 10:16:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (06/24/2016 04:27:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069 = The service did not start due to a logon failure.
Error: (06/24/2016 04:27:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1331 = Logon failure: account currently disabled.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (06/24/2016 04:25:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GRegService service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (06/24/2016 04:24:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:23:38 PM on 6/24/2016 was unexpected.
Error: (06/24/2016 02:31:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069 = The service did not start due to a logon failure.
Error: (06/24/2016 02:31:05 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1331 = Logon failure: account currently disabled.
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (06/24/2016 02:28:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GRegService service failed to start due to the following error:
%%2 = The system cannot find the file specified.
Error: (06/24/2016 02:04:43 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068lltdsvc{5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
CodeIntegrity:
===================================
Date: 2016-06-24 11:47:40.186
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Brian\AppData\Local\Temp\HBCD\REGSYS701.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-06-24 11:47:40.030
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Brian\AppData\Local\Temp\HBCD\REGSYS701.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-06-24 11:47:39.890
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\REGSYS701.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-06-24 11:47:39.749
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\drivers\REGSYS701.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 57%
Total physical RAM: 8119.09 MB
Available physical RAM: 3424.63 MB
Total Virtual: 16236.37 MB
Available Virtual: 11073.92 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:914.41 GB) (Free:729.05 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E7E9DEBE)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=914.4 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
AswMBR
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-06-24 21:34:02
-----------------------------
21:34:02.818 OS Version: Windows x64 6.1.7601 Service Pack 1
21:34:02.818 Number of processors: 4 586 0x2502
21:34:02.819 ComputerName: BRIAN-PC UserName: Brian
21:34:04.354 Initialize success
21:34:04.392 VM: initialized successfully
21:34:04.393 VM: Intel CPU supported
21:34:08.517 VM: supported disk I/O iaStor.sys
21:35:32.010 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-06-24 21:34:02
-----------------------------
21:34:02.818 OS Version: Windows x64 6.1.7601 Service Pack 1
21:34:02.818 Number of processors: 4 586 0x2502
21:34:02.819 ComputerName: BRIAN-PC UserName: Brian
21:34:04.354 Initialize success
21:34:04.392 VM: initialized successfully
21:34:04.393 VM: Intel CPU supported
21:34:08.517 VM: supported disk I/O iaStor.sys
21:35:32.010 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"
21:35:35.442 AVAST engine defs: 16062401
21:35:55.301 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
21:35:55.301 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
21:35:55.862 VM: Disk 0 MBR read successfully
21:35:55.862 Disk 0 MBR scan
21:35:55.862 Disk 0 Windows 7 default MBR code
21:35:55.894 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048
21:35:55.925 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
21:35:55.987 Disk 0 default boot code
21:35:56.018 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432
21:35:57.266 Disk 0 scanning C:\Windows\system32\drivers
21:36:51.950 Service scanning
21:40:36.115 Modules scanning
21:40:36.115 Disk 0 trace - called modules:
21:40:36.302 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
21:40:36.302 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e22060]
21:40:36.302 3 CLASSPNP.SYS[fffff88001add43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007b50050]
21:40:55.568 AVAST engine scan C:\Windows
21:41:47.282 AVAST engine scan C:\Windows\system32
21:47:46.746 AVAST engine scan C:\Windows\system32\drivers
21:47:55.966 AVAST engine scan C:\Users\Brian
21:51:49.170 AVAST engine scan C:\ProgramData
21:52:15.940 Disk 0 statistics 4127404/0/22 @ 3.29 MB/s
21:52:15.940 Scan finished successfully
22:16:08.145 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"
22:16:08.152 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"