Addition text:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by Philip (2015-09-05 15:46:08)
Running from C:\Users\Philip\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3686608022-1110692643-3377733670-500 - Administrator - Disabled)
Guest (S-1-5-21-3686608022-1110692643-3377733670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3686608022-1110692643-3377733670-1002 - Limited - Enabled)
Philip (S-1-5-21-3686608022-1110692643-3377733670-1000 - Administrator - Enabled) => C:\Users\Philip
==================== Security CScan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by Philip (administrator) on PHILIP-PC (05-09-2015 15:45:20)
Running from C:\Users\Philip\Downloads
Loaded Profiles: Philip (Available Profiles: Philip)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Users\Philip\Downloads\dotNetFx40_Full_x86_x64.exe
(Microsoft Corporation) C:\248a575184350bd1a619eb6b29\Setup.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\...\Run: [GoogleChromeAutoLaunch_A2B3EDA80A4C0AFF3796BF2C7D65C8C6] => "C:\Users\Philip\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 216.228.160.4 216.228.160.3
Tcpip\..\Interfaces\{728AF2CB-3B7D-467A-9B09-A7942DD77908}: [DhcpNameServer] 216.228.160.4 216.228.160.3
Internet Explorer:
==================
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://
www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3686608022-1110692643-3377733670-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3686608022-1110692643-3377733670-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bimmed_15_36_ssg01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0C0ByDyB0DtDyCyBtB0EzyzytDtDyBtN0D0Tzu0StCtAyEtAtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyD0CyB0B0FyByBtG0FtDtCyDtGyE0B0FtCtGzyyE0C0CtGyDtCzyyEzzyCyC0F0AyD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FyBzz0BtAyEtGtCtByE0BtGyEyDyCtDtGzy0F0EyCtGtByD0AzyyEzy0CtCzztD0Fzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D1781368651%26a%3Dwncy_bimmed_15_36_ssg01%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\mqeue6ue.default
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 TXEIx64; C:\Windows\System32\DRIVERS\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-05 15:46 - 2015-09-05 15:46 - 00000041 _____ C:\Users\Philip\AppData\Roaming\WB.CFG
2015-09-05 15:45 - 2015-09-05 15:46 - 01654272 _____ C:\Users\Philip\Downloads\AdwCleaner.exe
2015-09-05 15:45 - 2015-09-05 15:45 - 00007838 _____ C:\Users\Philip\Downloads\FRST.txt
2015-09-05 15:45 - 2015-09-05 15:45 - 00000000 ____D C:\FRST
2015-09-05 15:44 - 2015-09-05 15:44 - 02188800 _____ (Farbar) C:\Users\Philip\Downloads\FRST64.exe
2015-09-05 15:41 - 2015-09-05 15:41 - 00000000 ___HT C:\Windows\wusa.lock
2015-09-05 15:41 - 2015-09-05 15:41 - 00000000 ____D C:\065435139c6af5e4c08f16648de09b
2015-09-05 15:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-09-05 15:40 - 2015-09-05 15:40 - 00000000 ____D C:\248a575184350bd1a619eb6b29
2015-09-05 15:39 - 2015-09-05 15:39 - 50449456 _____ (Microsoft Corporation) C:\Users\Philip\Downloads\dotNetFx40_Full_x86_x64.exe
2015-09-05 15:33 - 2015-09-05 15:39 - 00000000 ____D C:\Users\Philip\AppData\Local\Mozilla
2015-09-05 15:33 - 2015-09-05 15:33 - 00001179 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-05 15:33 - 2015-09-05 15:33 - 00001167 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-05 15:33 - 2015-09-05 15:33 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Mozilla
2015-09-05 15:33 - 2015-09-05 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-05 15:33 - 2015-09-05 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-05 15:28 - 2015-09-05 15:41 - 00012036 _____ C:\Windows\IE11_main.log
2015-09-05 15:25 - 2015-09-05 15:25 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-09-05 15:21 - 2015-09-05 15:21 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-09-05 14:47 - 2015-09-05 14:48 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Philip\Downloads\tdsskiller.exe
2015-09-05 14:47 - 2015-09-05 14:47 - 00002030 _____ C:\Users\Philip\Desktop\Secure Chromium.lnk
2015-09-05 14:47 - 2015-09-05 14:47 - 00000000 ____D C:\Users\Philip\AppData\Local\Chromium
2015-09-05 14:46 - 2015-09-05 15:46 - 00000336 _____ C:\Windows\Tasks\UpdateTask.job
2015-09-05 14:46 - 2015-09-05 15:46 - 00000000 ____D C:\Users\Philip\AppData\Local\{C9AAFFF6-ED02-934E-809A-B6A6A4F24A3E}
2015-09-05 14:46 - 2015-09-05 14:46 - 01200163 _____ C:\Users\Philip\Downloads\7zip.exe
2015-09-05 14:46 - 2015-09-05 14:46 - 00003280 _____ C:\Windows\System32\Tasks\UpdateTask
2015-09-05 14:45 - 2015-09-05 14:45 - 00883800 _____ (Software ) C:\Users\Philip\Downloads\zipinstall.exe
2015-09-05 14:37 - 2015-09-05 14:37 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Atheros
2015-09-05 14:37 - 2015-09-05 14:37 - 00000000 ____D C:\Users\Philip\AppData\Local\BMExplorer
2015-09-05 14:37 - 2015-09-05 14:37 - 00000000 ____D C:\ProgramData\Atheros
2015-09-05 14:18 - 2015-09-05 14:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2015-09-05 14:18 - 2015-09-05 14:19 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-09-05 14:18 - 2015-09-05 14:18 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2015-09-05 13:47 - 2015-09-05 13:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btath_hcrp_01009.Wdf
2015-09-05 13:35 - 2015-09-05 14:37 - 00000000 ____D C:\Users\Philip\Documents\Bluetooth Folder
2015-09-05 13:35 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-05 13:35 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-05 13:35 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-05 13:35 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-05 13:35 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-05 13:35 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-05 13:35 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-05 13:35 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-05 13:34 - 2015-09-05 13:34 - 00000000 ____D C:\ProgramData\{EB5F5A55-037A-4E47-806B-2C8AA9374701}
2015-09-05 13:33 - 2015-09-05 14:02 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2015-09-05 13:33 - 2014-02-21 00:49 - 04044800 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-09-05 13:31 - 2015-09-05 13:34 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
2015-09-05 13:03 - 2015-09-05 13:03 - 00000000 ____D C:\Windows\system32\EventProviders
2015-09-05 12:54 - 2015-09-05 12:59 - 00000000 ____D C:\3952d7c720e8b2dbeeff
2015-09-05 12:41 - 2015-09-05 12:41 - 00003162 _____ C:\Windows\System32\Tasks\{D38C8C4C-8276-4D0A-B1C7-8D33C382A0F3}
2015-09-05 12:34 - 2015-09-05 12:34 - 00000000 ____D C:\ProgramData\Intel
2015-09-05 12:34 - 2015-09-05 12:34 - 00000000 ____D C:\Program Files\Intel
2015-09-05 12:34 - 2015-09-05 12:34 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-05 12:33 - 2015-09-05 12:33 - 00000000 ____D C:\Users\Philip\Intel
2015-09-05 12:31 - 2015-09-05 12:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-09-05 12:31 - 2014-05-22 01:40 - 03450584 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
2015-09-05 12:30 - 2013-04-01 23:19 - 00574464 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2015-09-05 12:29 - 2015-09-05 13:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-05 12:29 - 2015-09-05 12:29 - 00000000 ____D C:\Program Files (x86)\REALTEK
2015-09-05 12:29 - 2014-03-24 12:37 - 00422400 _____ (Realtek) C:\Windows\SwUSB.exe
2015-09-05 12:29 - 2013-10-18 16:42 - 00048856 _____ () C:\Windows\runSW.exe
2015-09-05 12:29 - 2010-12-01 09:31 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2015-09-05 12:27 - 2015-09-05 12:27 - 00000000 ____D C:\Intel
2015-09-05 12:22 - 2015-09-05 13:45 - 00057538 _____ C:\Windows\DPINST.LOG
2015-09-05 12:18 - 2015-09-05 12:18 - 00057560 _____ C:\Users\Philip\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-05 12:12 - 2015-09-05 12:18 - 00000000 ____D C:\Users\Philip\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-09-05 12:12 - 2015-09-05 12:12 - 00002533 _____ C:\Users\Philip\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-09-05 12:12 - 2015-09-05 12:12 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-09-05 09:59 - 2015-09-05 09:59 - 00000000 ____D C:\_SMSTaskSequence
2015-09-05 09:16 - 2015-09-05 09:16 - 00008192 __RSH C:\BOOTSECT.BAK
2015-09-05 09:16 - 2015-09-05 08:23 - 00000000 ____D C:\Windows\Panther
2015-09-05 09:16 - 2010-11-20 20:23 - 00383786 __RSH C:\bootmgr
2015-09-05 08:45 - 2015-09-05 13:09 - 00001908 _____ C:\Windows\diagwrn.xml
2015-09-05 08:45 - 2015-09-05 13:09 - 00001908 _____ C:\Windows\diagerr.xml
2015-09-05 08:44 - 2015-09-05 08:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-09-05 08:27 - 2015-09-05 08:27 - 00000000 ____D C:\Windows\pss
2015-09-05 08:23 - 2015-09-05 15:41 - 00380302 _____ C:\Windows\WindowsUpdate.log
2015-09-05 08:23 - 2015-09-05 12:33 - 00000000 ____D C:\Users\Philip
2015-09-05 08:23 - 2015-09-05 08:23 - 00001465 _____ C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-05 08:23 - 2015-09-05 08:23 - 00001425 _____ C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-09-05 08:23 - 2015-09-05 08:23 - 00000020 ___SH C:\Users\Philip\ntuser.ini
2015-09-05 08:23 - 2015-09-05 08:23 - 00000000 __SHD C:\Recovery
2015-09-05 08:23 - 2015-09-05 08:23 - 00000000 ____D C:\Users\Philip\AppData\Local\VirtualStore
2015-09-05 08:23 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 08:23 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 08:21 - 2015-09-05 08:21 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-09-05 08:20 - 2015-09-05 08:20 - 00001355 _____ C:\Windows\TSSysprep.log
2015-09-05 08:20 - 2015-09-05 08:20 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-05 15:31 - 2009-07-13 22:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-05 15:24 - 2010-11-20 20:47 - 00004888 _____ C:\Windows\PFRO.log
2015-09-05 15:24 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-05 15:24 - 2009-07-13 21:51 - 00002201 _____ C:\Windows\setupact.log
2015-09-05 15:23 - 2009-07-13 21:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-05 15:23 - 2009-07-13 21:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-05 14:25 - 2009-07-13 20:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 13:41 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-05 13:32 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-05 13:09 - 2009-07-13 21:51 - 00000000 _____ C:\Windows\setuperr.log
2015-09-05 13:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-05 12:12 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\restore
2015-09-05 12:05 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-09-05 09:16 - 2009-07-13 22:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-09-05 09:16 - 2009-07-13 22:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-09-05 08:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-09-05 08:22 - 2009-07-13 21:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-05 08:21 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-05 08:20 - 2009-07-13 21:46 - 00002790 _____ C:\Windows\DtcInstall.log
2015-09-05 08:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-09-05 08:18 - 2010-11-21 00:16 - 00000000 ____D C:\Windows\CSC
==================== Files in the root of some directories =======
2015-09-05 15:46 - 2015-09-05 15:46 - 0000041 _____ () C:\Users\Philip\AppData\Roaming\WB.CFG
Some files in TEMP:
====================
C:\Users\Philip\AppData\Local\Temp\{2F32168C-B4D1-4065-978F-DA2DAD91A0D6}.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-05 09:28
enter ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros WLAN and Bluetooth Client Installation Program)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.243 - REALTEK Semiconductor Corp.)
Secure Chromium (HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
05-09-2015 12:12:26 Installed Windows 7 USB/DVD Download Tool
05-09-2015 12:28:52 Installed REALTEK PCIE Wireless LAN Driver
05-09-2015 12:33:42 IIF_MSI
05-09-2015 13:11:27 Device Driver Package Install: ieuinit.inf
05-09-2015 13:12:46 Installed REALTEK PCIE Wireless LAN Driver
05-09-2015 13:31:43 Installed Qualcomm Atheros WLAN and Bluetooth Client Installatio⺴ࠈ
05-09-2015 15:29:54 Windows Modules Installer
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {5021DB2D-674F-4DAF-9AAA-796DA93859C4} - System32\Tasks\UpdateTask => C:\Users\Philip\AppData\Local\{C9AAFFF6-ED02-934E-809A-B6A6A4F24A3E}\uninstall.exe [2015-09-05] ()
Task: {AA540CF9-33A4-4BBF-9FE2-F07E8F168D14} - System32\Tasks\{D38C8C4C-8276-4D0A-B1C7-8D33C382A0F3} => pcalua.exe -a E:\Chipset_Intel_9.4.4.1006_W81x64\Setup.exe -d E:\Chipset_Intel_9.4.4.1006_W81x64
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\Philip\AppData\Local\{C9AAFFF6-ED02-934E-809A-B6A6A4F24A3E}\uninstall.exe
==================== Loaded Modules (Whitelisted) ==============
2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\94061638.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\94061638.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3686608022-1110692643-3377733670-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 216.228.160.4 - 216.228.160.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{49F4EA33-2B92-4454-92E2-3E86624747EF}] => (Allow) C:\Users\Philip\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{F019A753-A260-4CE4-9E87-55B72EB16F23}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FA54971C-23D6-4B7D-AB7F-E6F740255126}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Intel(R) Trusted Execution Engine Interface
Description: Intel(R) Trusted Execution Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: TXEIx64
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/05/2015 03:26:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 02:40:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 02:38:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 01:46:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (09/05/2015 01:36:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (09/05/2015 01:28:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 01:16:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 01:15:48 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={0654A564-4FB9-4BD3-9410-AABBB0E0650F}: The user Philip-PC\Philip dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (09/05/2015 01:07:56 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={8D0E9AAF-0063-4425-A933-778ACDBE2F10}: The user Philip-PC\Philip dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
Error: (09/05/2015 01:07:27 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={545D362A-7146-4D7F-B32C-7A974A9897F6}: The user Philip-PC\Philip dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
System errors:
=============
Error: (09/05/2015 01:03:25 PM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: Philip-PC)
Description: Service Pack installation failed with error code 0x800f0a03.
Error: (09/05/2015 12:34:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243
Microsoft Office:
=========================
Error: (09/05/2015 03:26:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 02:40:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 02:38:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 01:46:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description:
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (09/05/2015 01:36:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description:
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (09/05/2015 01:28:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 01:16:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/05/2015 01:15:48 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {0654A564-4FB9-4BD3-9410-AABBB0E0650F}Philip-PC\PhilipBroadband Connection651
Error: (09/05/2015 01:07:56 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {8D0E9AAF-0063-4425-A933-778ACDBE2F10}Philip-PC\PhilipBroadband Connection651
Error: (09/05/2015 01:07:27 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {545D362A-7146-4D7F-B32C-7A974A9897F6}Philip-PC\PhilipBroadband Connection651
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 68%
Total physical RAM: 1933.36 MB
Available physical RAM: 609.2 MB
Total Virtual: 3866.73 MB
Available Virtual: 1891.46 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.42 GB) (Free:449.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.33 GB) NTFS
Drive f: (UBUNTU 11_0) (Removable) (Total:29.1 GB) (Free:25.98 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 59E5C963)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=465.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 29.1 GB) (Disk ID: 009412F6)
Partition 1: (Active) - (Size=29.1 GB) - (Type=0C)
==================== End of Addition.txt ============================