Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015 Ran by customer (administrator) on CUSTOMER-HP (09-10-2015 18:06:43) Running from C:\Users\customer\Desktop Loaded Profiles: customer (Available Profiles: customer) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2015-08-18] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKU\S-1-5-21-2723336936-3563734776-362871568-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-09-21] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9-x64 01 C:\Windows\system32\CatWSPrx64.dll No File Winsock: Catalog9-x64 02 C:\Windows\system32\CatWSPrx64.dll No File Winsock: Catalog9-x64 03 C:\Windows\system32\CatWSPrx64.dll No File Winsock: Catalog9-x64 04 C:\Windows\system32\CatWSPrx64.dll No File Winsock: Catalog9-x64 15 C:\Windows\system32\CatWSPrx64.dll No File Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{68DB45EA-2950-4603-A5DB-37F0EA7BEB34}: [DhcpNameServer] 192.168.200.1 Tcpip\..\Interfaces\{D44E23BA-F679-4AD2-8DB7-81EBAE375EAE}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Internet Explorer: ================== HKU\S-1-5-21-2723336936-3563734776-362871568-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKU\S-1-5-21-2723336936-3563734776-362871568-1000 -> DefaultScope {74255D4F-0223-4A41-9008-6ED0FA657F5D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-2723336936-3563734776-362871568-1000 -> {74255D4F-0223-4A41-9008-6ED0FA657F5D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-2723336936-3563734776-362871568-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CF5B3033-4E51-4D4B-A9E9-09D2D50887F0}&mid=7d3a97f376c047d281befd6e91fd3756-99acc4ac43715f74bd88572de020e403e8e13f28&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2014-09-26 17:12:31&v=18.7.0.147&pid=safeguard&sg=&sap=dsp&q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-09-19] (IObit) BHO-x32: No Name -> {6A88117E-D66A-4E52-8F3D-4569D0238F38} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-06] (Oracle Corporation) BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-06] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\customer\AppData\Roaming\Mozilla\Firefox\Profiles\4qndcy04.default FF Homepage: hxxps://www.yahoo.com/ FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-06] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation) FF Plugin HKU\S-1-5-21-2723336936-3563734776-362871568-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-09] (Unity Technologies ApS) FF user.js: detected! => C:\Users\customer\AppData\Roaming\Mozilla\Firefox\Profiles\4qndcy04.default\user.js [2015-09-19] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\customer\AppData\Roaming\Mozilla\Firefox\Profiles\4qndcy04.default\Extensions\ascsurfingprotection@iobit.com [2015-09-19] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.) R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [125952 2010-02-11] (Broadcom Corporation) [File not signed] R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [120832 2009-10-15] (Hewlett-Packard) [File not signed] S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6803560 2009-09-11] () R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2693424 2015-08-18] () R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc) R2 RalinkRegistryWriter; C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [193888 2010-06-28] (Ralink Technology, Corp.) R2 RalinkRegistryWriter64; C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [211808 2010-06-28] (Ralink Technology, Corp.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-09 18:06 - 2015-10-09 18:06 - 02194944 _____ (Farbar) C:\Users\customer\Desktop\FRST64.exe 2015-10-09 18:06 - 2015-10-09 18:06 - 00011847 _____ C:\Users\customer\Desktop\FRST.txt 2015-10-09 18:06 - 2015-10-09 18:06 - 00000000 ____D C:\FRST 2015-09-19 20:33 - 2015-10-09 18:01 - 00002183 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk 2015-09-19 20:33 - 2015-09-19 20:33 - 00001230 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2015-09-19 20:33 - 2015-09-19 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2015-09-19 20:26 - 2015-09-20 11:06 - 00000000 ____D C:\Users\customer\AppData\Roaming\ProductData 2015-09-19 20:04 - 2015-10-03 10:51 - 00000000 ____D C:\ProgramData\ProductData 2015-09-19 20:04 - 2015-09-20 19:49 - 00000284 _____ C:\Windows\Tasks\Uninstaller_SkipUac_customer.job 2015-09-19 20:04 - 2015-09-19 20:33 - 00000000 ____D C:\Program Files (x86)\IObit 2015-09-19 20:04 - 2015-09-19 20:27 - 00000000 ____D C:\ProgramData\IObit 2015-09-19 20:04 - 2015-09-19 20:04 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2015-09-19 20:04 - 2015-09-19 20:04 - 00000000 ____D C:\Users\customer\AppData\Roaming\IObit 2015-09-19 20:04 - 2015-09-19 20:04 - 00000000 ____D C:\Users\customer\AppData\Roaming\Apple Computer 2015-09-19 20:04 - 2015-09-19 20:04 - 00000000 ____D C:\Users\customer\AppData\LocalLow\IObit 2015-09-19 20:04 - 2015-09-19 20:04 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2015-09-19 09:43 - 2015-09-19 09:43 - 00000388 _____ C:\Windows\Tasks\REGSERVO.job 2015-09-19 09:43 - 2015-09-19 09:43 - 00000000 ____D C:\ProgramData\REGSERVO64 2015-09-19 09:42 - 2015-09-19 09:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2015-09-12 09:58 - 2015-09-12 09:58 - 00772016 _____ (Reimage®) C:\Users\customer\Downloads\ReimageRepair(1).exe 2015-09-12 09:48 - 2015-09-19 20:03 - 00000120 _____ C:\Windows\Reimage.ini 2015-09-12 09:48 - 2015-09-12 09:48 - 00772016 _____ (Reimage®) C:\Users\customer\Downloads\ReimageRepair.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-09 18:04 - 2010-11-04 15:11 - 01796995 _____ C:\Windows\WindowsUpdate.log 2015-10-09 18:04 - 2009-07-14 00:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-09 18:04 - 2009-07-14 00:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-09 18:02 - 2014-09-20 08:32 - 00000000 ____D C:\ProgramData\MFAData 2015-10-09 18:02 - 2009-07-14 01:13 - 00781302 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-09 18:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2015-10-09 17:57 - 2009-07-14 01:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-10-09 17:57 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-09 17:56 - 2010-11-04 15:21 - 00000000 ____D C:\ProgramData\NVIDIA 2015-10-03 10:52 - 2010-11-04 15:09 - 00000000 ____D C:\ProgramData\PDFC 2015-09-20 11:12 - 2015-09-06 11:55 - 00000000 ____D C:\Program Files (x86)\Minecraft 2015-09-19 20:25 - 2009-07-24 16:14 - 00000000 ____D C:\Windows\Panther 2015-09-19 09:48 - 2015-09-06 13:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-16 17:12 - 2014-09-20 08:36 - 00000967 _____ C:\Users\Public\Desktop\AVG 2015.lnk 2015-09-16 17:12 - 2014-09-20 08:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-26 13:03 ==================== End of FRST.txt ============================