Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Image Errors - Windows 7


  • Please log in to reply
21 replies to this topic

#1 GrymReaper

GrymReaper

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 18 November 2015 - 11:19 AM

Morning everyone!

 

I am working on my neighbor's laptop that was unable to connect to the internet in normal mode.  After discovering that during safe mode the laptop was able to connect to the internet I did a system restore to a few weeks back and then everything was working fine.  It was his daughter's computer and the techie in me saw a whole bunch of junk on there and I felt it was my duty to help them out.  So as we had a few beers I ran some clean up utilities like malwarebytes, ccleaner, and a virus scan.  There was a ton of tracking cookies, some malware, and of course some stupid toolbars and coupon crud.  So after a restart I get the dreaded BAD IMAGE errors for every process that runs during startup and every program that we tried to open.  They do open immediately after clicking OK on the error but its totally annoying.

 

The first error that came up was - LogonUI.exe Bad Image: C:\PROGRA~3\Wincert\WIN64~1.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

 

Any help would be greatly appreciated!!!

 

Steps so far:

1 - System restore to fix wifi adapter issue

2 - malwarebytes

3 - CCLeaner

4 - Avast scan

 

PC Specs:

HP 2000 Notebook

AME E-350

6gb ram

64 bit win 7 premium sp1


Edited by GrymReaper, 18 November 2015 - 11:43 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dudeage

dudeage

  • Members
  • 175 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 18 November 2015 - 11:22 AM

Sounds like the work of sophisticated malware or a virus.  At this point I'd say the best thing to do is to blow it up (not literally of course) - backup and reinstall Windows.  

 

But as a last ditch effort you could also try going to Last Known Good Configuration just to see if that helps.  



#3 GrymReaper

GrymReaper
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 18 November 2015 - 11:42 AM

Yea I would love to blow it up, but its not mine of course.....I know that the bad image can be very specific to a PC that is why I am hoping someone can help out here.  I did create a system restore point after I fixed the wifi issue.  Unfortunatly the sys restore will only go back to mid october and I tried it and the errors still persist.

 

Of course reinstalling windows is always an option, but its just not an option I want to tell them so early in the game at this point.



#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:30 AM

Posted 18 November 2015 - 11:44 AM

I suggest that you await the opinions of someone trained/experienced in malware situations...thus, I have moved your topic to Am I Infected forum.

 

Louis



#5 GrymReaper

GrymReaper
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 18 November 2015 - 11:49 AM

thanks Louis, didn't realize there was that subforum



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 18 November 2015 - 11:54 AM

Hi GrymReaper :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 GrymReaper

GrymReaper
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 18 November 2015 - 12:19 PM

Hi Aura - thanks for the help.  Here is the log:

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Emil Lizak (administrator) on 18-11-2015 at 12:17:31
Running from "C:\Users\Emil Lizak\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: HP 2000 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Ralink RT5390 802.11b/g/n WiFi Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Emil-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.ct.comcast.net

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : hsd1.ct.comcast.net
   Description . . . . . . . . . . . : Ralink RT5390 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 38-59-F9-56-7A-95
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:198:102:e0f2::6c4a(Preferred)
   Lease Obtained. . . . . . . . . . : Wednesday, November 18, 2015 10:53:59 AM
   Lease Expires . . . . . . . . . . : Wednesday, November 25, 2015 10:53:58 AM
   IPv6 Address. . . . . . . . . . . : 2601:198:102:e0f2:9927:8d0d:7472:101(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:198:102:e0f2:d862:fa40:d736:2f27(Preferred)
   Link-local IPv6 Address . . . . . : fe80::9927:8d0d:7472:101%19(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.14(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, November 18, 2015 10:53:57 AM
   Lease Expires . . . . . . . . . . : Wednesday, November 25, 2015 10:53:57 AM
   Default Gateway . . . . . . . . . : fe80::2cab:a4ff:fe4c:f12e%19
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 473455097
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-2C-0B-9C-10-1F-74-52-5F-BB
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 10-1F-74-52-5F-BB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    google.com
Addresses:  2607:f8b0:4006:806::100e
   74.125.226.39
   74.125.226.37
   74.125.226.38
   74.125.226.33
   74.125.226.36
   74.125.226.46
   74.125.226.40
   74.125.226.32
   74.125.226.34
   74.125.226.41
   74.125.226.35

Pinging google.com [2607:f8b0:4006:80e::200e] with 32 bytes of data:
Reply from 2607:f8b0:4006:80e::200e: time=27ms
Reply from 2607:f8b0:4006:80e::200e: time=26ms

Ping statistics for 2607:f8b0:4006:80e::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
   2001:4998:c:a06::2:4008
   2001:4998:44:204::a7
   98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=52ms
Reply from 2001:4998:58:c02::a9: time=38ms

Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 52ms, Average = 45ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 19...38 59 f9 56 7a 95 ......Ralink RT5390 802.11b/g/n WiFi Adapter
 17...10 1f 74 52 5f bb ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.14     25
         10.0.0.0    255.255.255.0         On-link         10.0.0.14    281
        10.0.0.14  255.255.255.255         On-link         10.0.0.14    281
       10.0.0.255  255.255.255.255         On-link         10.0.0.14    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         10.0.0.14    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         10.0.0.14    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19    281 ::/0                     fe80::2cab:a4ff:fe4c:f12e
  1    306 ::1/128                  On-link
 19     33 2601:198:102:e0f2::/64   On-link
 19    281 2601:198:102:e0f2::6c4a/128
                                    On-link
 19    281 2601:198:102:e0f2:9927:8d0d:7472:101/128
                                    On-link
 19    281 2601:198:102:e0f2:d862:fa40:d736:2f27/128
                                    On-link
 19    281 fe80::/64                On-link
 19    281 fe80::9927:8d0d:7472:101/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2015 11:26:32 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (11/18/2015 11:26:32 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (11/18/2015 11:04:16 AM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/18/2015 10:55:29 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/18/2015 10:55:29 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/18/2015 10:55:29 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/18/2015 10:55:29 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/18/2015 10:55:27 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/18/2015 10:55:27 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/18/2015 10:55:27 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (11/18/2015 10:55:29 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/18/2015 10:55:29 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (11/18/2015 10:54:14 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ssnfd
{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64
{88fecc13-c82a-4089-af50-4130fa453d25}Gw64
{9423905d-837c-4154-83f1-09bc74b40af1}Gw64

Error: (11/18/2015 10:54:02 AM) (Source: Service Control Manager) (User: )
Description: The Datamngr Coordinator service failed to start due to the following error:
%%2

Error: (11/18/2015 10:52:12 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/18/2015 08:18:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ssnfd
{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64
{88fecc13-c82a-4089-af50-4130fa453d25}Gw64
{9423905d-837c-4154-83f1-09bc74b40af1}Gw64

Error: (11/18/2015 08:18:14 AM) (Source: Service Control Manager) (User: )
Description: The WajamUpdaterV3 service failed to start due to the following error:
%%2

Error: (11/18/2015 08:18:00 AM) (Source: Service Control Manager) (User: )
Description: The Datamngr Coordinator service failed to start due to the following error:
%%2

Error: (11/18/2015 08:16:18 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (11/18/2015 08:13:55 AM) (Source: Service Control Manager) (User: )
Description: The Common Client Job Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (11/18/2015 11:26:32 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crtThis operation returned because the timeout period expired.

Error: (11/18/2015 11:26:32 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crtThis operation returned because the timeout period expired.

Error: (11/18/2015 11:04:16 AM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/18/2015 10:55:29 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/18/2015 10:55:29 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/18/2015 10:55:29 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/18/2015 10:55:29 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (11/18/2015 10:55:27 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (11/18/2015 10:55:27 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/18/2015 10:55:27 AM) (Source: Windows Search Service)(User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

CodeIntegrity Errors:
===================================
  Date: 2015-11-18 10:53:39.041
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-18 10:53:38.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-18 10:53:38.386
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{9423905d-837c-4154-83f1-09bc74b40af1}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-18 10:53:38.058
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{9423905d-837c-4154-83f1-09bc74b40af1}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-18 08:17:41.501
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-18 08:17:41.236
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-18 08:17:40.924
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{9423905d-837c-4154-83f1-09bc74b40af1}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-18 08:17:40.643
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{9423905d-837c-4154-83f1-09bc74b40af1}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-18 08:05:34.292
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-18 08:05:34.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (HKLM\...\{C788B026-20BD-4E96-B698-533F1D6C5013}) (Version: 7.2.4 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (HKLM-x32\...\WTA-119c0c51-cfb9-4317-a220-4fbf25981a1a) (Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{72927D2A-ADEF-786D-91E3-06CEFD60D107}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
Bejeweled 3 (HKLM-x32\...\WTA-bf8c5fc4-8f09-42fc-a056-428f83a5da37) (Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WTA-1b0f0f3f-4c91-48b1-b744-20eefad68793) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WTA-cff3de22-a66c-4c22-b34a-5138919cf04f) (Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (HKLM-x32\...\WTA-b6ad4866-c56f-42ee-b968-177b16587fd6) (Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WTA-aa965f3a-3e9e-4573-b30d-2c42e3772164) (Version: 2.2.0.95 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Chronicles of Albian (HKLM-x32\...\WTA-c56347ea-a0a2-4e58-be53-da8f4d3c4b18) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WTA-dd18deb6-7ddc-4515-b1f6-1dceb068a32e) (Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-8870fbec-7873-45e6-b8e8-07b818b3079f) (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Facebook Video Calling 1.2.0.159 (HKLM-x32\...\{7CAC6A44-C3DE-4153-ACA6-7524602C789E}) (Version: 1.2.159 - Skype Limited)
Farm Frenzy (HKLM-x32\...\WTA-a78bdb29-818b-4192-bcf1-c80095a4966a) (Version: 2.2.0.95 - WildTangent) Hidden
FATE (HKLM-x32\...\WTA-8959d8e6-776b-4d98-90c3-22d8894d44fe) (Version: 2.2.0.97 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-b2572f39-665c-4b6f-b497-d688bbad175c) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (HKLM-x32\...\WTA-38474588-4b53-4f7f-8e28-cf8eed0e463b) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (HKLM-x32\...\WTA-e76194e3-6145-4a24-a836-bf57e0713fb1) (Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pl)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 20.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-e486a45f-e39a-4ce7-b585-feb4beb2d6f6) (Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (HKLM-x32\...\WTA-32a87b37-4e35-4796-84b1-53c2e38475e6) (Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR A6200 Genie (HKLM-x32\...\{48E61F3E-61D4-42A3-9D29-D0CF40838779}) (Version: 26.0.0.0 - NETGEAR)
NETGEAR A6200 Genie (HKLM-x32\...\{638CBDD4-5014-44D1-930A-1E5AC6083542}) (Version: 1.0.0.0 - NETGEAR)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{CE47BA54-78AC-409F-9151-BDF5BE15A804}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.15.91 - Symantec Corporation)
NVIDIA PhysX v8.04.25 (HKLM-x32\...\{74224F8D-4A17-4816-9EDB-7BB854DE532C}) (Version: 8.04.25 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Penguins! (HKLM-x32\...\WTA-e66791d3-9ffa-4ad3-af0d-f5e892b601fb) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-356126c7-d89d-4f5c-891c-86ed0abf6701) (Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (HKLM-x32\...\WTA-ac6d320e-1fa4-4343-b2b2-c578fc407270) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-cb0f3cd3-be33-49c5-abd5-15d36669c65e) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-a1e8fc7d-b409-4bb2-bf5c-d842348c67fa) (Version: 2.2.0.95 - WildTangent) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
PS_AIO_07_D110_SW_Min (HKLM-x32\...\{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}) (Version: 140.0.142.000 - Hewlett-Packard) Hidden
RealDownloader (HKLM-x32\...\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}) (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.105 - Skype Technologies S.A.)
Slingo Supreme (HKLM-x32\...\WTA-b7f15645-7cff-462a-9219-e92c4281632e) (Version: 2.2.0.97 - WildTangent) Hidden
SPORE™ Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Toolbox (HKLM-x32\...\{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}) (Version: 140.0.424.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (HKLM-x32\...\WTA-ea744253-f52c-497f-8459-b41cffe4ac62) (Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-a6b3c4e0-4c03-41f2-b836-d52c9795bdd7) (Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma Deluxe (HKLM-x32\...\WTA-179de5ea-67ad-4e33-a33e-f034f99880a0) (Version: 2.2.0.95 - WildTangent) Hidden

========================= Devices: ================================

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Device ID: ROOT\IMAGE\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ssnfd
Description: ssnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ssnfd
Device ID: ROOT\LEGACY_SSNFD\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Device ID: ROOT\MULTIFUNCTION\0000
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Device ID: ROOT\MULTIFUNCTION\0001
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64
Description: {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64
Device ID: ROOT\LEGACY_{552199FB-9890-4055-9AAF-B2F6D51D46E9}GW64\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {88fecc13-c82a-4089-af50-4130fa453d25}Gw64
Description: {88fecc13-c82a-4089-af50-4130fa453d25}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {88fecc13-c82a-4089-af50-4130fa453d25}Gw64
Device ID: ROOT\LEGACY_{88FECC13-C82A-4089-AF50-4130FA453D25}GW64\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: {9423905d-837c-4154-83f1-09bc74b40af1}Gw64
Description: {9423905d-837c-4154-83f1-09bc74b40af1}Gw64
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: {9423905d-837c-4154-83f1-09bc74b40af1}Gw64
Device ID: ROOT\LEGACY_{9423905D-837C-4154-83F1-09BC74B40AF1}GW64\0000
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Device ID: ROOT\*TEREDO\0002
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

========================= Memory info: ===================================

Percentage of memory in use: 44%
Total physical RAM: 5738.91 MB
Available physical RAM: 3196.06 MB
Total Virtual: 11476 MB
Available Virtual: 8878.91 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:279.37 GB) (Free:178.01 GB) NTFS
2 Drive d: (Recovery) (Fixed) (Total:14.56 GB) (Free:1.62 GB) NTFS
3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32

========================= Users: ========================================

User accounts for \\EMIL-HP

Administrator            Emil Lizak               Guest                   

**** End of log ****



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 18 November 2015 - 12:23 PM

Adobe Reader is outdated, I suggest you to update it. Norton PC Checkup can be uninstalled. RealPlayer should be reinstalled as the installation looks damaged. Once done, follow the instructions below please.

EndqYRa.pngRegistry - Export Uninstall Keys
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the following commands, one after the other. You'll know when you're ready to input the next command when a new line with a blinking cursor will appear under the precedent one:
    Note: You can copy and paste these commands instead of typing them. To copy a command inside the command prompt, move your mouse over the blinking cursor, right-click and select Paste. You must have copied the command prior to that (via Ctrl + C or left-click and Copy).
    reg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hklm_uninstall64.txt"
    reg query HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall /s > "%userprofile%\Desktop\hklm_uninstall32.txt"
    
  • Once you're done running the commands, two files will have appeared on your desktop:
    • hklm_uninstall32.txt
    • hklm_uninstall64.txt
  • Create a new folder on your Desktop and move both files inside it. Once done, archive (.zip) the folder (right-click on it, select Send to... and select Compressed archive (.zip));
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;
sUc2qjf.pngAutoruns - Start-up Entries
Follow the instructions below to give me an Autoruns log containing your start-up entries:
  • Download Autoruns.zip from the Sysinternals Suite webpage;
  • Extract the content of the Autoruns.zip folder where you want, then go in the folder, right-click on Autoruns.exe and select Run as Administrator;
  • Accept the EULA on opening, then wait for all the entries to load;
  • Click on File then Save and save the file to a location easily accessible as a .arn (Autoruns) file;
  • Upload the file on Dropbox, Google Drive or OneDrive and post the download URL for it here;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 GrymReaper

GrymReaper
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 18 November 2015 - 12:31 PM

Ok working on these now....be back asap



#10 GrymReaper

GrymReaper
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 18 November 2015 - 01:09 PM

.arn: https://drive.google.com/open?id=0B0kB1s6BymZwX2hSRGFDOVFkWmc

 

uninstall info: https://drive.google.com/open?id=0B0kB1s6BymZweGJXeEt5d2FWQkU



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 18 November 2015 - 01:59 PM

Press on the Win Key + R keys, and copy/paste the following command in the box, then press on Enter.
MsiExec.exe /X{730E03E4-350E-48E5-9D3E-4329903D454D}
This will launch the uninstall of a program called Itibiti RTC.

Now, delete the following entries in Autoruns. To delete them, right-click on the entry and select Delete. Autoruns must be launched with Admin Rights for it to work.

6wbAv0C.png
6nYOhLV.png
LWVdD0W.png
4VVIXvk.png
PS7R99o.png

Delete these files/folders also.
C:\ProgramData\Wincert
C:\Program Files (x86)\Music Toolbar
C:\Users\Emil Lizak\AppData\Local\tidynetwork
C:\Users\Emil Lizak\AppData\Local\Pay-By-Ads
C:\Program Files\V-Bates
Once done, or if you don't feel comfortable with deleting these entries, files and folders, let me know.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 GrymReaper

GrymReaper
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 18 November 2015 - 02:20 PM

Ok everything is deleted and all steps have been taken.  That being said, there were a few things from autoruns that would not delete:

 

HKLM\Software\Wow6432Node -> the cltmngsvc.exe (could not delete)

C:\Progra~3\Wincert\Win64C~1.DLL (could not delete)

 

I figured there was a lot of stuff coming and going over the past few hours so I restarted and low and behold there are no more errors.  You guys/gals are great.

 

I would love to be able to help others out, how did you all become so good at malware removal.

 

Again thanks very much, not sure if there is another step you would like me to do, but all "seems" ok at the moment.


Edited by GrymReaper, 18 November 2015 - 02:21 PM.


#13 GrymReaper

GrymReaper
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 18 November 2015 - 02:41 PM

I had some really good results from this forum today, so I am going to try to see if there is someone that can help me out with a problem that has bothered me for a few months, but I have resolved it on my own by just installing the program on a different PC.

 

There are two programs that I am trying to run Kodi.TV app on PC and Minecraft Story Mode for my kids on my PC (has the 37" monitor).  Everytime I try to run them I receive the error in the subject line.  From my understanding I believe it is because there is an application running in 32bit mode in a 64 bit environment or vice versa.....That being said, I believe it is being masked by some virus or malware because I have done a ton of things to try to fix it.  At one point I was thinking to do a fresh install but I have a lot of data that I would have to move and backup and I just dont feel like doing that haha.

 

So again, thanks in advance for any assistance.  And of course if there are any other funny looking things on there let me know :)


Edited by hamluis, 19 November 2015 - 11:45 AM.
Merged topics - Hamluis.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:30 AM

Posted 18 November 2015 - 02:42 PM

There's a few more things I would like to do before I let you go, to deal with remnants mostly, and there's still 3 active drivers (malicious) that needs to be removed :) Follow the instructions below please.
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Spcusrh.pngRun as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the commands below one by one and press on Enter (enter a command, then press on Enter to send it);
    sc delete {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64
    sc delete {88fecc13-c82a-4089-af50-4130fa453d25}Gw64
    sc delete {9423905d-837c-4154-83f1-09bc74b40af1}Gw64
    
  • Let me know what is the output of each commands;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 GrymReaper

GrymReaper
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 18 November 2015 - 02:59 PM

All 3 received the same results:

 

[SC] DeleteServices SUCCESS






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users