Inactive Possible infection of bootrec / mbr

P

PhilipMoore62

Posts: 330   +2
After posting to bookwyrm in free trouble shooting. He advised that as far as he is concerned the virus attack that I first mentioned in previous post mave corrupted my bios/ueif mbr configuration.
Can you help?
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
p22003888.gif
 
Just a quick update. The issue I'm having seems to be with my UEIF settings as when I attempt to logon with the Harddrive/UEIF configuration I get the message when states "No Bootable device"

However when changing the configuration to boot from any other alternate AND using the Legacy setting being enabled the computer boots fine without issue.

I'm currently writing this on the OS that has this issue.

Following is the requested post from FRST.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by Philip (administrator) on PHILIP-PC (05-09-2015 15:45:20)
Running from C:\Users\Philip\Downloads
Loaded Profiles: Philip (Available Profiles: Philip)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Users\Philip\Downloads\dotNetFx40_Full_x86_x64.exe
(Microsoft Corporation) C:\248a575184350bd1a619eb6b29\Setup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\...\Run: [GoogleChromeAutoLaunch_A2B3EDA80A4C0AFF3796BF2C7D65C8C6] => "C:\Users\Philip\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.228.160.4 216.228.160.3
Tcpip\..\Interfaces\{728AF2CB-3B7D-467A-9B09-A7942DD77908}: [DhcpNameServer] 216.228.160.4 216.228.160.3

Internet Explorer:
==================
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3686608022-1110692643-3377733670-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3686608022-1110692643-3377733670-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\mqeue6ue.default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 TXEIx64; C:\Windows\System32\DRIVERS\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 15:46 - 2015-09-05 15:46 - 00000041 _____ C:\Users\Philip\AppData\Roaming\WB.CFG
2015-09-05 15:45 - 2015-09-05 15:46 - 01654272 _____ C:\Users\Philip\Downloads\AdwCleaner.exe
2015-09-05 15:45 - 2015-09-05 15:45 - 00007838 _____ C:\Users\Philip\Downloads\FRST.txt
2015-09-05 15:45 - 2015-09-05 15:45 - 00000000 ____D C:\FRST
2015-09-05 15:44 - 2015-09-05 15:44 - 02188800 _____ (Farbar) C:\Users\Philip\Downloads\FRST64.exe
2015-09-05 15:41 - 2015-09-05 15:41 - 00000000 ___HT C:\Windows\wusa.lock
2015-09-05 15:41 - 2015-09-05 15:41 - 00000000 ____D C:\065435139c6af5e4c08f16648de09b
2015-09-05 15:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-09-05 15:40 - 2015-09-05 15:40 - 00000000 ____D C:\248a575184350bd1a619eb6b29
2015-09-05 15:39 - 2015-09-05 15:39 - 50449456 _____ (Microsoft Corporation) C:\Users\Philip\Downloads\dotNetFx40_Full_x86_x64.exe
2015-09-05 15:33 - 2015-09-05 15:39 - 00000000 ____D C:\Users\Philip\AppData\Local\Mozilla
2015-09-05 15:33 - 2015-09-05 15:33 - 00001179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-05 15:33 - 2015-09-05 15:33 - 00001167 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-05 15:33 - 2015-09-05 15:33 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Mozilla
2015-09-05 15:33 - 2015-09-05 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-05 15:33 - 2015-09-05 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-05 15:28 - 2015-09-05 15:41 - 00012036 _____ C:\Windows\IE11_main.log
2015-09-05 15:25 - 2015-09-05 15:25 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-09-05 15:21 - 2015-09-05 15:21 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-05 14:47 - 2015-09-05 14:48 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Philip\Downloads\tdsskiller.exe
2015-09-05 14:47 - 2015-09-05 14:47 - 00002030 _____ C:\Users\Philip\Desktop\Secure Chromium.lnk
2015-09-05 14:47 - 2015-09-05 14:47 - 00000000 ____D C:\Users\Philip\AppData\Local\Chromium
2015-09-05 14:46 - 2015-09-05 15:46 - 00000336 _____ C:\Windows\Tasks\UpdateTask.job
2015-09-05 14:46 - 2015-09-05 15:46 - 00000000 ____D C:\Users\Philip\AppData\Local\{C9AAFFF6-ED02-934E-809A-B6A6A4F24A3E}
2015-09-05 14:46 - 2015-09-05 14:46 - 01200163 _____ C:\Users\Philip\Downloads\7zip.exe
2015-09-05 14:46 - 2015-09-05 14:46 - 00003280 _____ C:\Windows\System32\Tasks\UpdateTask
2015-09-05 14:45 - 2015-09-05 14:45 - 00883800 _____ (Software ) C:\Users\Philip\Downloads\zipinstall.exe
2015-09-05 14:37 - 2015-09-05 14:37 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Atheros
2015-09-05 14:37 - 2015-09-05 14:37 - 00000000 ____D C:\Users\Philip\AppData\Local\BMExplorer
2015-09-05 14:37 - 2015-09-05 14:37 - 00000000 ____D C:\ProgramData\Atheros
2015-09-05 14:18 - 2015-09-05 14:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2015-09-05 14:18 - 2015-09-05 14:19 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-09-05 14:18 - 2015-09-05 14:18 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2015-09-05 13:47 - 2015-09-05 13:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btath_hcrp_01009.Wdf
2015-09-05 13:35 - 2015-09-05 14:37 - 00000000 ____D C:\Users\Philip\Documents\Bluetooth Folder
2015-09-05 13:35 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-05 13:35 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-05 13:35 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-05 13:35 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-05 13:35 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-05 13:35 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-05 13:35 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-05 13:34 - 2015-09-05 13:34 - 00000000 ____D C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2015-09-05 13:33 - 2015-09-05 14:02 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2015-09-05 13:33 - 2014-02-21 00:49 - 04044800 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-09-05 13:31 - 2015-09-05 13:34 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2015-09-05 13:03 - 2015-09-05 13:03 - 00000000 ____D C:\Windows\system32\EventProviders
2015-09-05 12:54 - 2015-09-05 12:59 - 00000000 ____D C:\3952d7c720e8b2dbeeff
2015-09-05 12:41 - 2015-09-05 12:41 - 00003162 _____ C:\Windows\System32\Tasks\{D38C8C4C-8276-4D0A-B1C7-8D33C382A0F3}
2015-09-05 12:34 - 2015-09-05 12:34 - 00000000 ____D C:\ProgramData\Intel
2015-09-05 12:34 - 2015-09-05 12:34 - 00000000 ____D C:\Program Files\Intel
2015-09-05 12:34 - 2015-09-05 12:34 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-05 12:33 - 2015-09-05 12:33 - 00000000 ____D C:\Users\Philip\Intel
2015-09-05 12:31 - 2015-09-05 12:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-09-05 12:31 - 2014-05-22 01:40 - 03450584 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
2015-09-05 12:30 - 2013-04-01 23:19 - 00574464 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2015-09-05 12:29 - 2015-09-05 13:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-05 12:29 - 2015-09-05 12:29 - 00000000 ____D C:\Program Files (x86)\REALTEK
2015-09-05 12:29 - 2014-03-24 12:37 - 00422400 _____ (Realtek) C:\Windows\SwUSB.exe
2015-09-05 12:29 - 2013-10-18 16:42 - 00048856 _____ () C:\Windows\runSW.exe
2015-09-05 12:29 - 2010-12-01 09:31 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2015-09-05 12:27 - 2015-09-05 12:27 - 00000000 ____D C:\Intel
2015-09-05 12:22 - 2015-09-05 13:45 - 00057538 _____ C:\Windows\DPINST.LOG
2015-09-05 12:18 - 2015-09-05 12:18 - 00057560 _____ C:\Users\Philip\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-05 12:12 - 2015-09-05 12:18 - 00000000 ____D C:\Users\Philip\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-09-05 12:12 - 2015-09-05 12:12 - 00002533 _____ C:\Users\Philip\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-09-05 12:12 - 2015-09-05 12:12 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-09-05 09:59 - 2015-09-05 09:59 - 00000000 ____D C:\_SMSTaskSequence
2015-09-05 09:16 - 2015-09-05 09:16 - 00008192 __RSH C:\BOOTSECT.BAK
2015-09-05 09:16 - 2015-09-05 08:23 - 00000000 ____D C:\Windows\Panther
2015-09-05 09:16 - 2010-11-20 20:23 - 00383786 __RSH C:\bootmgr
2015-09-05 08:45 - 2015-09-05 13:09 - 00001908 _____ C:\Windows\diagwrn.xml
2015-09-05 08:45 - 2015-09-05 13:09 - 00001908 _____ C:\Windows\diagerr.xml
2015-09-05 08:44 - 2015-09-05 08:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-09-05 08:27 - 2015-09-05 08:27 - 00000000 ____D C:\Windows\pss
2015-09-05 08:23 - 2015-09-05 15:41 - 00380302 _____ C:\Windows\WindowsUpdate.log
2015-09-05 08:23 - 2015-09-05 12:33 - 00000000 ____D C:\Users\Philip
2015-09-05 08:23 - 2015-09-05 08:23 - 00001465 _____ C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-05 08:23 - 2015-09-05 08:23 - 00001425 _____ C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-05 08:23 - 2015-09-05 08:23 - 00000020 ___SH C:\Users\Philip\ntuser.ini
2015-09-05 08:23 - 2015-09-05 08:23 - 00000000 __SHD C:\Recovery
2015-09-05 08:23 - 2015-09-05 08:23 - 00000000 ____D C:\Users\Philip\AppData\Local\VirtualStore
2015-09-05 08:23 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 08:23 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 08:21 - 2015-09-05 08:21 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-05 08:20 - 2015-09-05 08:20 - 00001355 _____ C:\Windows\TSSysprep.log
2015-09-05 08:20 - 2015-09-05 08:20 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 15:31 - 2009-07-13 22:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-05 15:24 - 2010-11-20 20:47 - 00004888 _____ C:\Windows\PFRO.log
2015-09-05 15:24 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-05 15:24 - 2009-07-13 21:51 - 00002201 _____ C:\Windows\setupact.log
2015-09-05 15:23 - 2009-07-13 21:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-05 15:23 - 2009-07-13 21:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-05 14:25 - 2009-07-13 20:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 13:41 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-05 13:32 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-05 13:09 - 2009-07-13 21:51 - 00000000 _____ C:\Windows\setuperr.log
2015-09-05 13:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-05 12:12 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\restore
2015-09-05 12:05 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-05 09:16 - 2009-07-13 22:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-09-05 09:16 - 2009-07-13 22:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-09-05 08:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-09-05 08:22 - 2009-07-13 21:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-05 08:21 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-05 08:20 - 2009-07-13 21:46 - 00002790 _____ C:\Windows\DtcInstall.log
2015-09-05 08:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-09-05 08:18 - 2010-11-21 00:16 - 00000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2015-09-05 15:46 - 2015-09-05 15:46 - 0000041 _____ () C:\Users\Philip\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\Philip\AppData\Local\Temp\{2F32168C-B4D1-4065-978F-DA2DAD91A0D6}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-05 09:28
 
Addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by Philip (2015-09-05 15:46:08)
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3686608022-1110692643-3377733670-500 - Administrator - Disabled)
Guest (S-1-5-21-3686608022-1110692643-3377733670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3686608022-1110692643-3377733670-1002 - Limited - Enabled)
Philip (S-1-5-21-3686608022-1110692643-3377733670-1000 - Administrator - Enabled) => C:\Users\Philip

==================== Security CScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by Philip (administrator) on PHILIP-PC (05-09-2015 15:45:20)
Running from C:\Users\Philip\Downloads
Loaded Profiles: Philip (Available Profiles: Philip)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Users\Philip\Downloads\dotNetFx40_Full_x86_x64.exe
(Microsoft Corporation) C:\248a575184350bd1a619eb6b29\Setup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\...\Run: [GoogleChromeAutoLaunch_A2B3EDA80A4C0AFF3796BF2C7D65C8C6] => "C:\Users\Philip\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.228.160.4 216.228.160.3
Tcpip\..\Interfaces\{728AF2CB-3B7D-467A-9B09-A7942DD77908}: [DhcpNameServer] 216.228.160.4 216.228.160.3

Internet Explorer:
==================
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3686608022-1110692643-3377733670-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3686608022-1110692643-3377733670-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\mqeue6ue.default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 TXEIx64; C:\Windows\System32\DRIVERS\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 15:46 - 2015-09-05 15:46 - 00000041 _____ C:\Users\Philip\AppData\Roaming\WB.CFG
2015-09-05 15:45 - 2015-09-05 15:46 - 01654272 _____ C:\Users\Philip\Downloads\AdwCleaner.exe
2015-09-05 15:45 - 2015-09-05 15:45 - 00007838 _____ C:\Users\Philip\Downloads\FRST.txt
2015-09-05 15:45 - 2015-09-05 15:45 - 00000000 ____D C:\FRST
2015-09-05 15:44 - 2015-09-05 15:44 - 02188800 _____ (Farbar) C:\Users\Philip\Downloads\FRST64.exe
2015-09-05 15:41 - 2015-09-05 15:41 - 00000000 ___HT C:\Windows\wusa.lock
2015-09-05 15:41 - 2015-09-05 15:41 - 00000000 ____D C:\065435139c6af5e4c08f16648de09b
2015-09-05 15:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-09-05 15:40 - 2015-09-05 15:40 - 00000000 ____D C:\248a575184350bd1a619eb6b29
2015-09-05 15:39 - 2015-09-05 15:39 - 50449456 _____ (Microsoft Corporation) C:\Users\Philip\Downloads\dotNetFx40_Full_x86_x64.exe
2015-09-05 15:33 - 2015-09-05 15:39 - 00000000 ____D C:\Users\Philip\AppData\Local\Mozilla
2015-09-05 15:33 - 2015-09-05 15:33 - 00001179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-05 15:33 - 2015-09-05 15:33 - 00001167 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-05 15:33 - 2015-09-05 15:33 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Mozilla
2015-09-05 15:33 - 2015-09-05 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-05 15:33 - 2015-09-05 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-05 15:28 - 2015-09-05 15:41 - 00012036 _____ C:\Windows\IE11_main.log
2015-09-05 15:25 - 2015-09-05 15:25 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-09-05 15:21 - 2015-09-05 15:21 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-05 14:47 - 2015-09-05 14:48 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Philip\Downloads\tdsskiller.exe
2015-09-05 14:47 - 2015-09-05 14:47 - 00002030 _____ C:\Users\Philip\Desktop\Secure Chromium.lnk
2015-09-05 14:47 - 2015-09-05 14:47 - 00000000 ____D C:\Users\Philip\AppData\Local\Chromium
2015-09-05 14:46 - 2015-09-05 15:46 - 00000336 _____ C:\Windows\Tasks\UpdateTask.job
2015-09-05 14:46 - 2015-09-05 15:46 - 00000000 ____D C:\Users\Philip\AppData\Local\{C9AAFFF6-ED02-934E-809A-B6A6A4F24A3E}
2015-09-05 14:46 - 2015-09-05 14:46 - 01200163 _____ C:\Users\Philip\Downloads\7zip.exe
2015-09-05 14:46 - 2015-09-05 14:46 - 00003280 _____ C:\Windows\System32\Tasks\UpdateTask
2015-09-05 14:45 - 2015-09-05 14:45 - 00883800 _____ (Software ) C:\Users\Philip\Downloads\zipinstall.exe
2015-09-05 14:37 - 2015-09-05 14:37 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Atheros
2015-09-05 14:37 - 2015-09-05 14:37 - 00000000 ____D C:\Users\Philip\AppData\Local\BMExplorer
2015-09-05 14:37 - 2015-09-05 14:37 - 00000000 ____D C:\ProgramData\Atheros
2015-09-05 14:18 - 2015-09-05 14:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2015-09-05 14:18 - 2015-09-05 14:19 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-09-05 14:18 - 2015-09-05 14:18 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2015-09-05 13:47 - 2015-09-05 13:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btath_hcrp_01009.Wdf
2015-09-05 13:35 - 2015-09-05 14:37 - 00000000 ____D C:\Users\Philip\Documents\Bluetooth Folder
2015-09-05 13:35 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-05 13:35 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-05 13:35 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-05 13:35 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-05 13:35 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-05 13:35 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-05 13:35 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-05 13:34 - 2015-09-05 13:34 - 00000000 ____D C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2015-09-05 13:33 - 2015-09-05 14:02 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2015-09-05 13:33 - 2014-02-21 00:49 - 04044800 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-09-05 13:31 - 2015-09-05 13:34 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2015-09-05 13:03 - 2015-09-05 13:03 - 00000000 ____D C:\Windows\system32\EventProviders
2015-09-05 12:54 - 2015-09-05 12:59 - 00000000 ____D C:\3952d7c720e8b2dbeeff
2015-09-05 12:41 - 2015-09-05 12:41 - 00003162 _____ C:\Windows\System32\Tasks\{D38C8C4C-8276-4D0A-B1C7-8D33C382A0F3}
2015-09-05 12:34 - 2015-09-05 12:34 - 00000000 ____D C:\ProgramData\Intel
2015-09-05 12:34 - 2015-09-05 12:34 - 00000000 ____D C:\Program Files\Intel
2015-09-05 12:34 - 2015-09-05 12:34 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-05 12:33 - 2015-09-05 12:33 - 00000000 ____D C:\Users\Philip\Intel
2015-09-05 12:31 - 2015-09-05 12:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-09-05 12:31 - 2014-05-22 01:40 - 03450584 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
2015-09-05 12:30 - 2013-04-01 23:19 - 00574464 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2015-09-05 12:29 - 2015-09-05 13:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-05 12:29 - 2015-09-05 12:29 - 00000000 ____D C:\Program Files (x86)\REALTEK
2015-09-05 12:29 - 2014-03-24 12:37 - 00422400 _____ (Realtek) C:\Windows\SwUSB.exe
2015-09-05 12:29 - 2013-10-18 16:42 - 00048856 _____ () C:\Windows\runSW.exe
2015-09-05 12:29 - 2010-12-01 09:31 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2015-09-05 12:27 - 2015-09-05 12:27 - 00000000 ____D C:\Intel
2015-09-05 12:22 - 2015-09-05 13:45 - 00057538 _____ C:\Windows\DPINST.LOG
2015-09-05 12:18 - 2015-09-05 12:18 - 00057560 _____ C:\Users\Philip\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-05 12:12 - 2015-09-05 12:18 - 00000000 ____D C:\Users\Philip\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-09-05 12:12 - 2015-09-05 12:12 - 00002533 _____ C:\Users\Philip\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-09-05 12:12 - 2015-09-05 12:12 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-09-05 09:59 - 2015-09-05 09:59 - 00000000 ____D C:\_SMSTaskSequence
2015-09-05 09:16 - 2015-09-05 09:16 - 00008192 __RSH C:\BOOTSECT.BAK
2015-09-05 09:16 - 2015-09-05 08:23 - 00000000 ____D C:\Windows\Panther
2015-09-05 09:16 - 2010-11-20 20:23 - 00383786 __RSH C:\bootmgr
2015-09-05 08:45 - 2015-09-05 13:09 - 00001908 _____ C:\Windows\diagwrn.xml
2015-09-05 08:45 - 2015-09-05 13:09 - 00001908 _____ C:\Windows\diagerr.xml
2015-09-05 08:44 - 2015-09-05 08:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-09-05 08:27 - 2015-09-05 08:27 - 00000000 ____D C:\Windows\pss
2015-09-05 08:23 - 2015-09-05 15:41 - 00380302 _____ C:\Windows\WindowsUpdate.log
2015-09-05 08:23 - 2015-09-05 12:33 - 00000000 ____D C:\Users\Philip
2015-09-05 08:23 - 2015-09-05 08:23 - 00001465 _____ C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-05 08:23 - 2015-09-05 08:23 - 00001425 _____ C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-05 08:23 - 2015-09-05 08:23 - 00000020 ___SH C:\Users\Philip\ntuser.ini
2015-09-05 08:23 - 2015-09-05 08:23 - 00000000 __SHD C:\Recovery
2015-09-05 08:23 - 2015-09-05 08:23 - 00000000 ____D C:\Users\Philip\AppData\Local\VirtualStore
2015-09-05 08:23 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 08:23 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 08:21 - 2015-09-05 08:21 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-05 08:20 - 2015-09-05 08:20 - 00001355 _____ C:\Windows\TSSysprep.log
2015-09-05 08:20 - 2015-09-05 08:20 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 15:31 - 2009-07-13 22:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-05 15:24 - 2010-11-20 20:47 - 00004888 _____ C:\Windows\PFRO.log
2015-09-05 15:24 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-05 15:24 - 2009-07-13 21:51 - 00002201 _____ C:\Windows\setupact.log
2015-09-05 15:23 - 2009-07-13 21:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-05 15:23 - 2009-07-13 21:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-05 14:25 - 2009-07-13 20:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 13:41 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-05 13:32 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-05 13:09 - 2009-07-13 21:51 - 00000000 _____ C:\Windows\setuperr.log
2015-09-05 13:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-05 12:12 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\restore
2015-09-05 12:05 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-05 09:16 - 2009-07-13 22:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-09-05 09:16 - 2009-07-13 22:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-09-05 08:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-09-05 08:22 - 2009-07-13 21:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-05 08:21 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-05 08:20 - 2009-07-13 21:46 - 00002790 _____ C:\Windows\DtcInstall.log
2015-09-05 08:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-09-05 08:18 - 2010-11-21 00:16 - 00000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2015-09-05 15:46 - 2015-09-05 15:46 - 0000041 _____ () C:\Users\Philip\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\Philip\AppData\Local\Temp\{2F32168C-B4D1-4065-978F-DA2DAD91A0D6}.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-05 09:28

enter ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros WLAN and Bluetooth Client Installation Program)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.243 - REALTEK Semiconductor Corp.)
Secure Chromium (HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-09-2015 12:12:26 Installed Windows 7 USB/DVD Download Tool
05-09-2015 12:28:52 Installed REALTEK PCIE Wireless LAN Driver
05-09-2015 12:33:42 IIF_MSI
05-09-2015 13:11:27 Device Driver Package Install: ieuinit.inf
05-09-2015 13:12:46 Installed REALTEK PCIE Wireless LAN Driver
05-09-2015 13:31:43 Installed Qualcomm Atheros WLAN and Bluetooth Client Installatio⺴ࠈ
05-09-2015 15:29:54 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5021DB2D-674F-4DAF-9AAA-796DA93859C4} - System32\Tasks\UpdateTask => C:\Users\Philip\AppData\Local\{C9AAFFF6-ED02-934E-809A-B6A6A4F24A3E}\uninstall.exe [2015-09-05] ()
Task: {AA540CF9-33A4-4BBF-9FE2-F07E8F168D14} - System32\Tasks\{D38C8C4C-8276-4D0A-B1C7-8D33C382A0F3} => pcalua.exe -a E:\Chipset_Intel_9.4.4.1006_W81x64\Setup.exe -d E:\Chipset_Intel_9.4.4.1006_W81x64

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\Philip\AppData\Local\{C9AAFFF6-ED02-934E-809A-B6A6A4F24A3E}\uninstall.exe

==================== Loaded Modules (Whitelisted) ==============

2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94061638.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94061638.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 216.228.160.4 - 216.228.160.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{49F4EA33-2B92-4454-92E2-3E86624747EF}] => (Allow) C:\Users\Philip\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{F019A753-A260-4CE4-9E87-55B72EB16F23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA54971C-23D6-4B7D-AB7F-E6F740255126}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel(R) Trusted Execution Engine Interface
Description: Intel(R) Trusted Execution Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: TXEIx64
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2015 03:26:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 02:40:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 02:38:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 01:46:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/05/2015 01:36:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/05/2015 01:28:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 01:16:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 01:15:48 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={0654A564-4FB9-4BD3-9410-AABBB0E0650F}: The user Philip-PC\Philip dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (09/05/2015 01:07:56 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={8D0E9AAF-0063-4425-A933-778ACDBE2F10}: The user Philip-PC\Philip dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (09/05/2015 01:07:27 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={545D362A-7146-4D7F-B32C-7A974A9897F6}: The user Philip-PC\Philip dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.


System errors:
=============
Error: (09/05/2015 01:03:25 PM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: Philip-PC)
Description: Service Pack installation failed with error code 0x800f0a03.

Error: (09/05/2015 12:34:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243


Microsoft Office:
=========================
Error: (09/05/2015 03:26:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 02:40:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 02:38:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 01:46:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/05/2015 01:36:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/05/2015 01:28:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 01:16:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/05/2015 01:15:48 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {0654A564-4FB9-4BD3-9410-AABBB0E0650F}Philip-PC\PhilipBroadband Connection651

Error: (09/05/2015 01:07:56 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {8D0E9AAF-0063-4425-A933-778ACDBE2F10}Philip-PC\PhilipBroadband Connection651

Error: (09/05/2015 01:07:27 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {545D362A-7146-4D7F-B32C-7A974A9897F6}Philip-PC\PhilipBroadband Connection651


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 68%
Total physical RAM: 1933.36 MB
Available physical RAM: 609.2 MB
Total Virtual: 3866.73 MB
Available Virtual: 1891.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:449.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.33 GB) NTFS
Drive f: (UBUNTU 11_0) (Removable) (Total:29.1 GB) (Free:25.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 59E5C963)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=465.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29.1 GB) (Disk ID: 009412F6)
Partition 1: (Active) - (Size=29.1 GB) - (Type=0C)

==================== End of Addition.txt ============================
 
Sorry Broni,
What I didn't mention in my description of conditions is that when I change the UEFI to an alternate boot up (cd/dvd with legacy) there is nothing plugged into USB or no cd in the dvd/cd drive. And yet it still successfully boots up and logs into Windows 7.
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Rouge Killer text
RogueKiller V10.10.4.0 [Sep 4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Philip [Administrator]
Started from : C:\Users\Philip\Downloads\RogueKiller.exe
Mode : Delete -- Date : 09/06/2015 11:58:06

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{728AF2CB-3B7D-467A-9B09-A7942DD77908} | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{728AF2CB-3B7D-467A-9B09-A7942DD77908} | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{728AF2CB-3B7D-467A-9B09-A7942DD77908} | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhostDeleted

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-22V0TT0 ATA Device +++++
--- User ---
[MBR] 5e39601d1e791b107eaff05ee9f70e78
[BSP] f32991ef1eecbab2e117c783cb5081c2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 476588 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Ultimate x64
Ran by Philip on Sun 09/06/2015 at 11:29:57.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] swdumon [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\SlimDrivers Startup
Successfully deleted: [Task] C:\Windows\Tasks\SlimDrivers Startup.job



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys



~~~ Folders

Successfully deleted: [Folder] C:\Users\Philip\Appdata\Local\slimware utilities inc
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers



~~~ Chrome


[C:\Users\Philip\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Philip\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Philip\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Philip\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/06/2015 at 11:39:29.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

More scans to follow
 
# AdwCleaner v5.005 - Logfile created 06/09/2015 at 12:36:17
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Philip - PHILIP-PC
# Running from : C:\Users\Philip\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[!] Key Not Deleted : [x64] HKCU\Software\PRODUCTSETUP
[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1818 bytes] ##########
 
Hi Mr Broni,
I'm pleased to tell you that I was able through research on my own resolve this crazy process.
Through reading about how the UEFI configuration works, I learned that the HDD must be formatted to FAT 32. My initial format in which I did after cleaning the bugs was done as NTFS.
Thank you for your attention.
Philip Moore
 
Mr Broni,
If you would be more comfortable moving through all of the anti virus cleaning steps I'm willing to comply. Otherwise I would be comfortable with you showing this post as resolved.
 
You must log in or register to reply here.

Similar threads

midian182
Elon Musk wants to charge all users of X, formerly Twitter, a monthly fee
2
Replies
27
Views
921
Freddie159
Freddie159
A
Pirated Windows installer found to contain crypto-hijacker, exploit EFI partition
Replies
11
Views
700
AndreV
A
Cal Jeffrey
Netflix competitors expected to lose over $5 billion this year
2
Replies
26
Views
672
MakeMSGreatAgain
M

Latest posts

Back