Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-05-2017 01 Ran by William (administrator) on 14189-WILLIAM-L (04-05-2017 10:17:15) Running from C:\Users\William\Desktop Loaded Profiles: William (Available Profiles: William) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.) HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.) HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\AVG Online Backup\sosuploadagent.exe [59440 2016-08-30] (AVG Online Backup) HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\AVG Online Backup\SMessaging.exe [63536 2016-08-30] (AVG Online Backup) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\AVG Online Backup\AccountCreatorRunner.exe [23088 2016-08-30] (AVG Online Backup) HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-12-04] ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{c24cada4-9c69-41a7-9fd0-ab93644a81f7}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-3526073170-1583772248-2959233235-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl#spf=1 SearchScopes: HKLM -> DefaultScope {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3526073170-1583772248-2959233235-1001 -> DefaultScope {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3526073170-1583772248-2959233235-1001 -> {49218725-54B1-4FE5-ACA3-5ADE4D65021D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.) BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.) BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-04] (Oracle Corporation) BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.) BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-04] (Oracle Corporation) Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) Toolbar: HKU\S-1-5-21-3526073170-1583772248-2959233235-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.) Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.) Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-09-21] FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-11-07] FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-09-21] FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-04] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-24] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin HKU\S-1-5-21-3526073170-1583772248-2959233235-1001: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll [No File] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR NewTab: Default -> Not-active:"chrome-extension://jmknbgfaiegknhkpchegnheahinbnkjd/stubby.html", Not-active:"chrome-extension://gilccnkjlhdobgphmegemajcbpapdlmm/stubby.html", Not-active:"chrome-extension://cjhofhakdnfjgeobcioadclaekfbhndl/stubby.html", Not-active:"chrome-extension://kgpcmjeckonpfoaacknfdaaehpjbflhl/stubby.html" CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Default [2017-05-04] CHR Extension: (Google Docs) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-13] CHR Extension: (Google Drive) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-13] CHR Extension: (Ask Web Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\bllfmhclbkgdcbioppcjohckdmjmfmcj [2017-05-04] CHR Extension: (YouTube) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-13] CHR Extension: (InboxNow) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl [2017-05-04] CHR Extension: (Google Docs Offline) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-13] CHR Extension: (OnlineMapFinder) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\gilccnkjlhdobgphmegemajcbpapdlmm [2017-01-28] CHR Extension: (PDFConverterHQ) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmknbgfaiegknhkpchegnheahinbnkjd [2017-05-04] CHR Extension: (Ask Web Search) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkmodlfcmmnhhlofndkhdcembjaefbb [2017-05-04] CHR Extension: (EasyMailLogin) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpcmjeckonpfoaacknfdaaehpjbflhl [2017-05-04] CHR Extension: (Chrome Web Store Payments) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-01] CHR Extension: (Gmail) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-13] CHR Extension: (Chrome Media Router) - C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-02] CHR Profile: C:\Users\William\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-12-30] CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed] R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.) S4 sagentservice; C:\Program Files (x86)\AVG Online Backup\SAgent.Service.exe [44080 2016-08-30] (AVG Online Backup) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] S4 AvgUpgrade; "C:\Program Files (x86)\AVG\CloudCare\AvgUpgrade.exe" [X] S4 ClientManager; "C:\Program Files (x86)\AVG\CloudCare\ClientManager.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-22] () R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-05-03] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-05-04] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-04] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-04] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-05-04] (Malwarebytes) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [140504 2016-08-10] (Trend Micro Inc.) R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [332512 2016-08-10] (Trend Micro Inc.) R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.) R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.) S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.) R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [106720 2016-08-10] (Trend Micro Inc.) R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.) R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [101088 2016-08-09] (Trend Micro Inc.) R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [124752 2015-12-09] (Trend Micro Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-04 10:17 - 2017-05-04 10:18 - 00018901 _____ C:\Users\William\Desktop\FRST.txt 2017-05-04 10:16 - 2017-05-04 10:17 - 02428928 _____ (Farbar) C:\Users\William\Desktop\FRST64.exe 2017-05-04 09:27 - 2017-05-04 09:27 - 00000000 ____D C:\Users\William\AppData\Roaming\Oracle 2017-05-04 09:07 - 2017-05-04 09:07 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-05-04 09:07 - 2017-05-04 09:07 - 00000000 ____D C:\Users\William\AppData\Roaming\Sun 2017-05-04 09:07 - 2017-05-04 09:07 - 00000000 ____D C:\Users\William\AppData\LocalLow\Sun 2017-05-04 09:07 - 2017-05-04 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-05-04 09:06 - 2017-05-04 09:07 - 00000000 ____D C:\ProgramData\Oracle 2017-05-04 09:06 - 2017-05-04 09:06 - 00000000 ____D C:\Program Files (x86)\Java 2017-05-04 08:58 - 2017-05-04 08:59 - 00399360 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe 2017-05-04 08:55 - 2017-05-04 08:55 - 00000000 ____D C:\FRST 2017-05-04 08:04 - 2017-05-04 08:16 - 00000000 ____D C:\AVG_Remover 2017-05-04 00:07 - 2017-05-04 00:07 - 00000000 ____D C:\WINDOWS\system32\%commonappdata% 2017-05-03 23:42 - 2017-05-03 23:42 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0F0F31F2.sys 2017-05-03 23:30 - 2017-05-03 23:30 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0FA12857.sys 2017-05-03 23:29 - 2017-05-03 23:29 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\346327A7.sys 2017-05-03 23:28 - 2017-05-03 23:28 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\592526F7.sys 2017-05-03 23:25 - 2017-05-03 23:25 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7B9D24B8.sys 2017-05-03 23:21 - 2017-05-03 23:21 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\32822217.sys 2017-05-03 23:21 - 2017-05-03 23:21 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0140216A.sys 2017-05-03 23:17 - 2017-05-03 23:17 - 00000016 _____ C:\InjectIntoProcess crash 2017-05-03 17:44 - 2017-05-04 10:10 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-05-03 17:44 - 2017-05-04 10:10 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-05-03 17:44 - 2017-05-04 10:10 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-05-03 17:44 - 2017-05-03 17:44 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys 2017-05-03 17:44 - 2017-05-03 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-05-03 17:44 - 2017-05-03 17:44 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-05-03 17:44 - 2017-05-03 17:44 - 00000000 ____D C:\Program Files\Malwarebytes 2017-05-03 17:44 - 2017-03-22 11:02 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-05-03 17:37 - 2017-05-03 17:43 - 60107896 _____ (Malwarebytes ) C:\Users\William\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe 2017-05-03 17:28 - 2017-05-03 17:29 - 211072168 _____ (Trend Micro Inc.) C:\Users\William\Downloads\TTi_11.0_HE_64bit.exe 2017-05-03 17:27 - 2017-05-04 00:08 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForWilliam.job 2017-05-03 17:27 - 2017-05-03 17:27 - 00003272 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForWilliam 2017-05-03 17:03 - 2017-05-03 17:03 - 00000000 ____D C:\Users\William\AppData\Roaming\HP Support Assistant 2017-05-02 12:03 - 2017-05-02 12:03 - 00007598 _____ C:\Users\William\AppData\Local\Resmon.ResmonCfg 2017-05-02 11:24 - 2017-05-02 11:27 - 04102600 _____ C:\Users\William\Downloads\adwcleaner_6.046.exe 2017-05-02 10:36 - 2017-05-02 10:36 - 00000000 ____D C:\Users\William\AppData\Roaming\Google ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-04 10:10 - 2016-09-23 14:05 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-05-04 09:37 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-05-04 09:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-05-04 08:59 - 2016-09-21 18:42 - 00000000 ____D C:\ProgramData\Trend Micro 2017-05-04 08:48 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-05-04 08:44 - 2016-10-22 04:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-04 08:43 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-05-04 08:23 - 2016-09-13 21:14 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-04 08:23 - 2016-09-13 21:14 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-04 08:16 - 2016-12-05 13:32 - 00000000 ____D C:\ProgramData\Avg 2017-05-04 08:16 - 2016-12-05 13:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-05-04 08:15 - 2016-12-05 13:30 - 00000000 ____D C:\Program Files (x86)\AVG 2017-05-04 08:10 - 2016-07-16 07:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2017-05-04 08:09 - 2016-12-05 13:32 - 00000000 ____D C:\Users\William\AppData\Local\Avg 2017-05-04 07:37 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-05-04 00:20 - 2016-11-25 17:58 - 00000332 _____ C:\Users\William\AppData\Roaming\wklnhst.dat 2017-05-04 00:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2017-05-04 00:08 - 2016-12-16 07:28 - 00000000 ____D C:\Users\William\AppData\Local\PuzzleGamesDailyTooltab 2017-05-03 23:16 - 2016-09-13 20:53 - 00000000 ____D C:\Users\William\AppData\Local\Packages 2017-05-03 22:58 - 2016-09-13 19:06 - 00000000 ____D C:\ProgramData\iolo 2017-05-03 22:21 - 2016-10-22 04:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-05-03 17:31 - 2016-09-21 19:47 - 00000010 _____ C:\Users\William\AppData\Local\sponge.last.runtime.cache 2017-05-03 17:27 - 2016-09-13 14:52 - 00000000 ____D C:\Users\William\AppData\Local\Hewlett-Packard 2017-05-03 17:03 - 2016-09-20 15:38 - 00000000 ____D C:\Users\William\AppData\Roaming\HpUpdate 2017-05-02 12:45 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-05-02 11:45 - 2016-09-13 20:41 - 01061014 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-05-02 11:34 - 2016-09-21 18:21 - 00000000 ____D C:\AdwCleaner 2017-05-02 11:31 - 2016-09-13 19:06 - 00000000 ____D C:\Program Files (x86)\iolo 2017-05-02 11:05 - 2017-03-20 15:07 - 00002422 _____ C:\Users\William\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-05-02 11:05 - 2016-12-16 16:39 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-05-02 11:05 - 2016-09-13 20:57 - 00000000 ___RD C:\Users\William\OneDrive 2017-05-02 02:00 - 2016-12-05 13:30 - 00000000 ____D C:\ProgramData\AVG Online Backup 2017-04-28 22:40 - 2016-10-22 04:24 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-28 22:40 - 2016-10-22 04:24 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-14 01:00 - 2016-10-13 20:38 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-04-14 00:56 - 2016-10-13 20:37 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-04-13 20:28 - 2016-10-22 04:11 - 00000000 ____D C:\Users\William ==================== Files in the root of some directories ======= 2016-11-25 17:58 - 2017-05-04 00:20 - 0000332 _____ () C:\Users\William\AppData\Roaming\wklnhst.dat 2016-09-21 18:42 - 2016-09-21 18:42 - 0000036 _____ () C:\Users\William\AppData\Local\housecall.guid.cache 2017-05-02 12:03 - 2017-05-02 12:03 - 0007598 _____ () C:\Users\William\AppData\Local\Resmon.ResmonCfg 2016-09-21 19:47 - 2017-05-03 17:31 - 0000010 _____ () C:\Users\William\AppData\Local\sponge.last.runtime.cache 2016-09-20 15:36 - 2016-09-20 15:36 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-04-28 17:39 ==================== End of FRST.txt ============================