Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Name Not Available" found in Volume Mixer


  • This topic is locked This topic is locked
4 replies to this topic

#1 kazachastan

kazachastan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 25 May 2017 - 03:28 AM

When I startup my computer, I keep on hearing an 8/16 bit noise. I have found an application or program listed in the Volume Mixer labeled as Name Not Available. After a simple Google search, I've cont to the conclusion that my computer has been infected with some sort of virus. One of the top solution was from this website, so I thought I'd give it a try and ask for some (much appreciated) help.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by zachary (administrator) on ZACH-LAPTOP (25-05-2017 04:16:53)
Running from C:\Users\zachary\Downloads
Loaded Profiles: zachary (Available Profiles: zachary)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe
(Intel Corporation) C:\WINDOWS\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alienware) C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\WINDOWS\SysWOW64\CtHdaSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Intel Corporation) C:\WINDOWS\Temp\DPTF\esif_assist.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe
(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe
() C:\WINDOWS\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\chrome_extension2\host\chrome_native_msg_host.exe
(Microsoft Corporation) C:\WINDOWS\System32\cmd.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Hammer & Chisel, Inc.) C:\Users\zachary\AppData\Local\Discord\app-0.0.297\Discord.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Hammer & Chisel, Inc.) C:\Users\zachary\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\zachary\AppData\Local\Discord\app-0.0.297\Discord.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Scarlet.Crush Productions) C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe
(Compal Inc.) C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) D:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFS.Common.Agent.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\Shell\DBRSync.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35216 2014-11-10] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1812544 2016-09-12] (NVIDIA Corporation)
HKLM\...\Run: [StageLightUpdate] => C:\Program Files\Stagelight\StagelightUpdate.exe
HKLM\...\Run: [PwmConsole.exe] => C:\Program Files\Trend Micro\TMIDS\PwmConsole.exe [2047216 2015-06-29] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2857200 2014-11-06] (Synaptics Incorporated)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266176 2016-07-24] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [256744 2016-07-24] (Trend Micro Inc.)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3746560 2014-09-26] (Compal Inc.)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [262464 2015-06-03] (SecureW2 B.V.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-20] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1049148205-2722017624-442803341-1001\...\Run: [DisplayFusion] => D:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8538648 2015-09-22] (Binary Fortress Software)
HKU\S-1-5-21-1049148205-2722017624-442803341-1001\...\Run: [Discord] => C:\Users\zachary\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1049148205-2722017624-442803341-1001\...\RunOnce: [Uninstall C:\Users\zachary\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\zachary\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1049148205-2722017624-442803341-1001\...\RunOnce: [Uninstall C:\Users\zachary\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\zachary\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
ShellIconOverlayIdentifiers: [  FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2016-07-24] (Trend Micro Inc.)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-06-23]
ShortcutTarget: Killer Network Manager.lnk -> C:\WINDOWS\Installer\{EBB6EF1E-4289-4B2E-8BD8-AE0303EC8FD5}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScpToolkit Tray Notifications.lnk [2017-05-19]
ShortcutTarget: ScpToolkit Tray Notifications.lnk -> C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpTrayApp.exe (Scarlet.Crush Productions)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6c2e508e-9484-4914-8656-c6fa136d90fc}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{72b186b2-5362-4a5c-b26d-1ad127c174a5}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1049148205-2722017624-442803341-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1049148205-2722017624-442803341-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1049148205-2722017624-442803341-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-us
SearchScopes: HKU\S-1-5-21-1049148205-2722017624-442803341-1001 -> DefaultScope {DEA417F8-FB85-424E-A91A-9DDDAE5B2285} URL = 
SearchScopes: HKU\S-1-5-21-1049148205-2722017624-442803341-1001 -> {DEA417F8-FB85-424E-A91A-9DDDAE5B2285} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg.dll [2017-01-10] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)
BHO-x32: Trend Micro Password Manager BHO -> {3F019D1C-7EAA-4F25-A765-FBA635BD0AFF} -> C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-22] (Oracle Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll [2017-01-10] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2017-03-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-22] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO64.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Password Manager ToolBar - {9B4B91FC-EC4D-4018-9575-96FA5A3C03C5} - C:\Program Files\Trend Micro\TMIDS\PwmIEBHO32.dll [2015-06-29] (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe64.dll [2016-06-29] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll [2016-06-29] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg.dll [2017-01-10] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll [2017-01-10] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2016-07-24] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2016-07-24] (Trend Micro Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension [2016-11-21]
FF HKLM\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (No Name) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2017-05-14] [not signed]
FF HKLM\...\Firefox\Extensions: [com.trendmicro.tmopfirefox.ext@trendop] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi [2017-01-23]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{c2056674-a37f-4b29-9300-2004759d74fe}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2017-05-14]
FF HKLM-x32\...\Firefox\Extensions: [com.trendmicro.tmopfirefox.ext@trendop] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\com.trendmicro.tmopfirefox.ext@trendop.xpi
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-04] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-09-06] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://computerlabs.rutgers.edu"
CHR Profile: C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default [2017-05-25]
CHR Extension: (BetterTTV) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-26]
CHR Extension: (Google Docs) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
CHR Extension: (Google Drive) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Docs Offline) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Trend Micro Toolbar) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2017-02-28]
CHR Extension: (Gmail) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]
CHR Extension: (Chrome Media Router) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [309376 2014-09-18] (Qualcomm Atheros) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-29] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [142352 2015-10-22] (Creative Technology Ltd)
R2 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2017-04-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2017-04-11] (Dell Inc.)
R2 DisplayFusionService; D:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4608040 2015-09-22] (Binary Fortress Software)
R2 Ds3Service; C:\Program Files\Nefarius Software Solutions\ScpToolkit\ScpService.exe [389632 2016-01-10] (Scarlet.Crush Productions) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [399120 2017-02-13] (EasyAntiCheat Ltd)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-19] (Intel Corporation)
R2 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [7680 2014-11-10] (Alienware) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3719104 2016-02-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2617792 2016-02-23] (NVIDIA Corporation)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1145856 2016-07-24] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [333856 2015-06-29] (Trend Micro Inc.)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-04-27] (Microsoft Corporation)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.)
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1084192 2015-10-22] (Creative Technology Ltd)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [41824 2014-09-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [38720 2014-09-19] (Intel Corporation)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [216360 2014-09-19] (Intel Corporation)
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)
R3 kiox_ff_driver; C:\WINDOWS\System32\drivers\kiox_ff_driver.sys [32736 2014-10-09] (Kionix, Inc.)
R0 kxdiskprot; C:\WINDOWS\System32\DRIVERS\kxdiskprot.sys [30664 2014-10-09] (Kionix, Inc.)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2017-05-19] (hxxp://libusb-win32.sourceforge.net)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2327040 2015-10-30] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2015-08-15] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-06] (Synaptics Incorporated)
R1 tmactmon; C:\WINDOWS\system32\DRIVERS\tmactmon.sys [142544 2017-04-06] (Trend Micro Inc.)
R0 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [434896 2017-04-06] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2016-01-04] (Trend Micro Inc.)
R3 tmeevw; C:\WINDOWS\system32\DRIVERS\tmeevw.sys [143648 2016-06-20] (Trend Micro Inc.)
S0 tmel; C:\WINDOWS\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys [118992 2017-04-06] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\WINDOWS\system32\DRIVERS\TMUMH.sys [113880 2017-04-12] (Trend Micro Inc.)
R2 tmusa; C:\WINDOWS\system32\DRIVERS\tmusa.sys [131800 2017-02-08] (Trend Micro Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 04:16 - 2017-05-25 04:17 - 00032392 _____ C:\Users\zachary\Downloads\FRST.txt
2017-05-25 04:16 - 2017-05-25 04:16 - 02429952 _____ (Farbar) C:\Users\zachary\Downloads\FRST64.exe
2017-05-25 04:13 - 2017-05-25 04:14 - 00000000 ____D C:\FRST
2017-05-25 03:57 - 2017-05-25 04:09 - 00000000 ____D C:\AdwCleaner
2017-05-25 03:57 - 2017-05-25 03:57 - 04110280 _____ C:\Users\zachary\Downloads\AdwCleaner.exe
2017-05-25 03:41 - 2017-05-25 03:41 - 00000000 ___HD C:\OneDriveTemp
2017-05-23 22:28 - 2017-05-23 22:28 - 00027932 _____ C:\Users\zachary\Downloads\FEARL_1920.Arch00.zip
2017-05-23 22:28 - 2017-05-23 22:28 - 00000000 ____D C:\Users\zachary\Downloads\FEARL_1920.Arch00
2017-05-23 22:07 - 2017-05-23 22:07 - 00000000 ____D C:\Users\Public\Documents\Monolith Productions
2017-05-19 10:00 - 2017-05-19 10:00 - 00000000 ____D C:\ProgramData\Nefarius Software Solutions
2017-05-19 00:54 - 2017-05-19 00:54 - 00098400 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusbK.dll
2017-05-19 00:54 - 2017-05-19 00:54 - 00083552 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusbK.dll
2017-05-19 00:54 - 2017-05-19 00:54 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\libusb0.dll
2017-05-19 00:54 - 2017-05-19 00:54 - 00067680 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2017-05-19 00:54 - 2017-05-19 00:54 - 00047200 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\system32\Drivers\libusbK.sys
2017-05-19 00:53 - 2017-05-19 00:53 - 00003948 _____ C:\WINDOWS\System32\Tasks\updater
2017-05-19 00:53 - 2017-05-19 00:53 - 00001298 _____ C:\Users\Public\Desktop\ScpToolkit Driver Installer.lnk
2017-05-19 00:53 - 2017-05-19 00:53 - 00001263 _____ C:\Users\Public\Desktop\ScpToolkit Settings Manager.lnk
2017-05-19 00:53 - 2017-05-19 00:53 - 00001258 _____ C:\Users\Public\Desktop\ScpToolkit Updater.lnk
2017-05-19 00:53 - 2017-05-19 00:53 - 00001258 _____ C:\Users\Public\Desktop\ScpToolkit Monitor (legacy).lnk
2017-05-19 00:53 - 2017-05-19 00:53 - 00000000 ____D C:\Users\zachary\AppData\Roaming\Nefarius Software Solutions
2017-05-19 00:53 - 2017-05-19 00:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScpToolkit
2017-05-19 00:53 - 2017-05-19 00:53 - 00000000 ____D C:\Program Files\Nefarius Software Solutions
2017-05-19 00:52 - 2017-05-19 00:53 - 23361996 _____ (Nefarius Software Solutions) C:\Users\zachary\Downloads\ScpToolkit_Setup.exe
2017-05-16 17:43 - 2017-05-16 17:43 - 00383428 _____ C:\WINDOWS\Minidump\051617-17640-01.dmp
2017-05-14 22:53 - 2017-05-14 22:53 - 00000000 ____D C:\Program Files\Common Files\TmSentry
2017-05-14 07:11 - 2017-05-14 07:11 - 00046819 _____ C:\Users\zachary\Desktop\marching_order_card.pdf
2017-05-14 07:10 - 2017-05-14 07:10 - 00043171 _____ C:\Users\zachary\Downloads\marching_order_card.pdf
2017-05-09 13:40 - 2017-04-27 23:59 - 01862000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-09 13:40 - 2017-04-27 23:59 - 00602256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-09 13:40 - 2017-04-27 23:31 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-05-09 13:40 - 2017-04-27 23:25 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-05-09 13:40 - 2017-04-27 23:04 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-05-09 13:40 - 2017-04-27 22:57 - 01813408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-09 13:40 - 2017-04-27 22:57 - 00959144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-09 13:40 - 2017-04-27 22:56 - 02945648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-09 13:40 - 2017-04-27 22:56 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-05-09 13:40 - 2017-04-27 22:53 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-09 13:40 - 2017-04-27 22:52 - 05240448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-05-09 13:40 - 2017-04-27 22:45 - 01536600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-09 13:40 - 2017-04-27 22:19 - 01370224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-05-09 13:40 - 2017-04-27 22:16 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-05-09 13:40 - 2017-04-27 22:06 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-05-09 13:40 - 2017-04-27 21:59 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-09 13:40 - 2017-04-27 21:58 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-05-09 13:40 - 2017-04-27 21:50 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-09 13:40 - 2017-04-27 21:39 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-09 13:40 - 2017-04-27 21:35 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-09 13:40 - 2017-04-27 21:35 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-09 13:40 - 2017-04-27 21:23 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-05-09 13:40 - 2017-04-27 21:21 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-05-09 13:40 - 2017-04-27 21:21 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-05-09 13:40 - 2017-04-27 21:19 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-09 13:40 - 2017-04-27 21:19 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-09 13:40 - 2017-04-27 21:15 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-05-09 13:40 - 2017-04-27 21:11 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-05-09 13:40 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-05-09 13:40 - 2017-04-27 21:07 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-05-09 13:40 - 2017-04-27 21:04 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-05-09 13:40 - 2017-04-27 21:01 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-05-09 13:40 - 2017-04-27 20:57 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-05-09 13:40 - 2017-04-27 20:55 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-09 13:40 - 2017-04-27 20:55 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-09 13:40 - 2017-04-27 20:51 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-09 13:40 - 2017-04-27 20:49 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-05-09 13:40 - 2017-04-27 20:47 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-09 13:40 - 2017-04-27 20:47 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-09 13:40 - 2017-04-27 20:46 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-05-09 13:40 - 2017-04-27 20:32 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-09 13:40 - 2017-04-27 20:25 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-09 13:40 - 2017-04-27 20:22 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-05-09 13:40 - 2017-04-27 20:22 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-09 13:40 - 2017-04-27 20:21 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-05-09 13:40 - 2017-04-27 20:20 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-05-09 13:40 - 2017-04-27 20:19 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-05-09 13:40 - 2017-04-27 20:06 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-05-09 13:40 - 2017-04-27 20:04 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-05-09 13:40 - 2017-04-27 19:58 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-05-09 13:40 - 2017-04-27 19:57 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-05-09 13:40 - 2017-04-27 19:55 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-05-09 13:40 - 2017-04-27 19:29 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-09 13:39 - 2017-04-28 00:32 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-05-09 13:39 - 2017-04-28 00:30 - 07465816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-09 13:39 - 2017-04-28 00:30 - 02656960 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-09 13:39 - 2017-04-28 00:30 - 01997840 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-09 13:39 - 2017-04-28 00:30 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-05-09 13:39 - 2017-04-28 00:30 - 01098640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-05-09 13:39 - 2017-04-28 00:30 - 00800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-09 13:39 - 2017-04-28 00:27 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-09 13:39 - 2017-04-28 00:08 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-05-09 13:39 - 2017-04-27 23:59 - 01558280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-09 13:39 - 2017-04-27 23:38 - 01060432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-05-09 13:39 - 2017-04-27 23:32 - 02608912 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-09 13:39 - 2017-04-27 23:32 - 01323272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-09 13:39 - 2017-04-27 23:31 - 03699280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-09 13:39 - 2017-04-27 23:31 - 00026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-09 13:39 - 2017-04-27 23:28 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-09 13:39 - 2017-04-27 23:28 - 00566104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-09 13:39 - 2017-04-27 23:27 - 06604992 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-05-09 13:39 - 2017-04-27 23:26 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-05-09 13:39 - 2017-04-27 23:26 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-05-09 13:39 - 2017-04-27 23:24 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-05-09 13:39 - 2017-04-27 23:24 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-09 13:39 - 2017-04-27 23:23 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-05-09 13:39 - 2017-04-27 23:20 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-09 13:39 - 2017-04-27 22:53 - 01987424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-09 13:39 - 2017-04-27 22:52 - 01594928 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-05-09 13:39 - 2017-04-27 22:31 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-05-09 13:39 - 2017-04-27 22:24 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-09 13:39 - 2017-04-27 22:23 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-05-09 13:39 - 2017-04-27 22:22 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-09 13:39 - 2017-04-27 22:15 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-09 13:39 - 2017-04-27 22:13 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-09 13:39 - 2017-04-27 22:11 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-05-09 13:39 - 2017-04-27 22:05 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-09 13:39 - 2017-04-27 22:03 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-05-09 13:39 - 2017-04-27 22:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-05-09 13:39 - 2017-04-27 22:01 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-09 13:39 - 2017-04-27 21:55 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-09 13:39 - 2017-04-27 21:55 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-09 13:39 - 2017-04-27 21:55 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-05-09 13:39 - 2017-04-27 21:54 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-05-09 13:39 - 2017-04-27 21:53 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-09 13:39 - 2017-04-27 21:53 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-09 13:39 - 2017-04-27 21:52 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-09 13:39 - 2017-04-27 21:51 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-05-09 13:39 - 2017-04-27 21:51 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-05-09 13:39 - 2017-04-27 21:50 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-09 13:39 - 2017-04-27 21:49 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-05-09 13:39 - 2017-04-27 21:46 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-09 13:39 - 2017-04-27 21:45 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-09 13:39 - 2017-04-27 21:41 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-05-09 13:39 - 2017-04-27 21:40 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-09 13:39 - 2017-04-27 21:38 - 00602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-05-09 13:39 - 2017-04-27 21:38 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-05-09 13:39 - 2017-04-27 21:33 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-05-09 13:39 - 2017-04-27 21:32 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-05-09 13:39 - 2017-04-27 21:32 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-09 13:39 - 2017-04-27 21:31 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-09 13:39 - 2017-04-27 21:31 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-09 13:39 - 2017-04-27 21:31 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-09 13:39 - 2017-04-27 21:31 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-09 13:39 - 2017-04-27 21:30 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-09 13:39 - 2017-04-27 21:29 - 02127872 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-09 13:39 - 2017-04-27 21:28 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-09 13:39 - 2017-04-27 21:28 - 00905728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-09 13:39 - 2017-04-27 21:26 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-09 13:39 - 2017-04-27 21:24 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-09 13:39 - 2017-04-27 21:23 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-05-09 13:39 - 2017-04-27 21:20 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-09 13:39 - 2017-04-27 21:19 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-05-09 13:39 - 2017-04-27 21:15 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-09 13:39 - 2017-04-27 21:15 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-09 13:39 - 2017-04-27 21:13 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-09 13:39 - 2017-04-27 21:11 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-09 13:39 - 2017-04-27 21:07 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-09 13:39 - 2017-04-27 21:03 - 03586048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-09 13:39 - 2017-04-27 21:03 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-05-09 13:39 - 2017-04-27 21:00 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-09 13:39 - 2017-04-27 20:56 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-09 13:39 - 2017-04-27 20:55 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-09 13:39 - 2017-04-27 20:54 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-09 13:39 - 2017-04-27 20:53 - 01729536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-09 13:39 - 2017-04-27 20:50 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-09 13:39 - 2017-04-27 20:47 - 04826624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-05-09 13:39 - 2017-04-27 20:47 - 03404800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-09 13:39 - 2017-04-27 20:44 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-05-09 13:39 - 2017-04-27 20:43 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-05-09 13:39 - 2017-04-27 20:36 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-05-09 13:39 - 2017-04-27 20:35 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-05-09 13:39 - 2017-04-27 20:27 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-09 13:39 - 2017-04-27 20:25 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-05-09 13:39 - 2017-04-27 20:16 - 22375424 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-09 13:39 - 2017-04-27 20:12 - 04889600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-09 13:39 - 2017-04-27 20:11 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-05-09 13:39 - 2017-04-27 20:09 - 13393920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-09 13:39 - 2017-04-27 20:08 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-09 13:39 - 2017-04-27 20:06 - 12139008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-09 13:39 - 2017-04-27 20:05 - 24605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-09 13:39 - 2017-04-27 20:04 - 19344896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-09 13:39 - 2017-04-27 20:04 - 03660288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-09 13:39 - 2017-04-27 20:04 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-05-09 13:39 - 2017-04-27 20:03 - 18673152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-09 13:39 - 2017-04-27 19:57 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-05-09 13:39 - 2017-04-27 19:53 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprtPS.dll
2017-05-09 13:39 - 2017-04-27 19:50 - 07853568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-09 13:39 - 2017-04-27 19:47 - 05670912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-09 13:39 - 2017-04-27 19:45 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-06 19:48 - 2017-05-06 19:48 - 00040216 _____ C:\Users\zachary\Downloads\cdda-Blazemod-master (1).zip
2017-05-06 19:44 - 2017-05-06 19:44 - 00040216 _____ C:\Users\zachary\Downloads\cdda-Blazemod-master.zip
2017-05-06 19:38 - 2017-05-06 19:38 - 00039673 _____ C:\Users\zachary\Downloads\blazemod.zip
2017-05-02 13:32 - 2017-05-02 13:32 - 04148460 _____ C:\Users\zachary\Downloads\spellsearch1.pdf
2017-05-02 10:05 - 2017-05-02 10:05 - 00410220 _____ C:\WINDOWS\Minidump\050217-18343-01.dmp
2017-04-29 11:32 - 2017-04-29 11:32 - 00365882 _____ C:\Users\zachary\Desktop\Tickets for New York Comic Con 2017 from ShowClix.pdf
2017-04-29 10:54 - 2017-04-29 10:54 - 00000000 __HDC C:\ProgramData\{6E35203C-6E98-4378-8362-112CFE55C2C1}
2017-04-29 10:54 - 2017-04-29 10:54 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2017-04-29 00:32 - 2017-04-29 00:32 - 00000000 ____D C:\Users\zachary\AppData\Roaming\Google
2017-04-28 13:42 - 2017-04-28 13:42 - 00000000 ____D C:\Users\zachary\Downloads\nocs_cata_mod-master
2017-04-28 13:24 - 2017-04-28 13:24 - 00095513 _____ C:\Users\zachary\Downloads\nocs_cata_mod-master (2).zip
2017-04-26 23:01 - 2017-04-26 23:01 - 00000302 _____ C:\Users\zachary\Desktop\cra junk.txt
2017-04-25 09:53 - 2017-04-25 09:53 - 03102858 _____ C:\Users\zachary\Desktop\CRA program presentation, Zach.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 04:16 - 2015-07-03 15:26 - 00000000 ____D C:\ProgramData\Trend Micro
2017-05-25 04:07 - 2015-06-23 06:15 - 00000000 ____D C:\Program Files (x86)\AlienRespawn
2017-05-25 04:04 - 2016-07-29 08:36 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-25 04:04 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2017-05-25 04:02 - 2015-10-30 02:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2017-05-25 04:00 - 2016-07-29 08:29 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-25 04:00 - 2015-06-30 16:16 - 00000000 ___RD C:\Users\zachary\OneDrive
2017-05-25 04:00 - 2015-06-30 16:13 - 00000000 __SHD C:\Users\zachary\IntelGraphicsProfiles
2017-05-25 03:59 - 2016-07-29 08:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-25 03:59 - 2016-07-29 08:29 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-25 03:59 - 2015-10-30 02:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2017-05-25 01:33 - 2015-06-23 06:14 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-25 00:12 - 2016-08-08 19:55 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{22186A06-17D9-47F9-B084-5C5EC67CBC30}
2017-05-24 18:14 - 2015-07-04 10:17 - 00000010 _____ C:\Users\zachary\AppData\Local\sponge.last.runtime.cache
2017-05-24 10:27 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-24 10:22 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-23 17:54 - 2016-07-29 08:30 - 00000000 ____D C:\Users\zachary
2017-05-23 15:32 - 2015-07-06 10:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-23 15:31 - 2015-07-06 10:19 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-19 00:54 - 2015-07-03 15:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-05-16 17:44 - 2016-12-28 00:13 - 00000000 ____D C:\Users\zachary\AppData\Roaming\discord
2017-05-16 17:43 - 2016-08-13 10:08 - 1059943824 _____ C:\WINDOWS\MEMORY.DMP
2017-05-16 17:43 - 2016-08-08 06:35 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-15 18:24 - 2015-06-30 16:21 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-15 12:04 - 2017-04-21 18:26 - 00000000 ____D C:\Users\zachary\Desktop\Cataclysm DDA
2017-05-15 12:04 - 2016-05-07 14:58 - 00000000 ____D C:\Users\zachary\AppData\Local\CDDA Game Launcher
2017-05-12 11:04 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-12 11:03 - 2015-07-03 15:36 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-05-12 03:47 - 2016-10-02 13:56 - 00000000 ____D C:\Users\zachary\Desktop\DND Stuff
2017-05-12 01:28 - 2016-10-03 18:18 - 00000000 ____D C:\Users\zachary\Downloads\PopcornTime
2017-05-12 01:25 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-11 11:33 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2017-05-10 08:50 - 2015-06-30 16:01 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-10 04:16 - 2016-07-29 08:28 - 00352352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-10 04:16 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-10 04:16 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-10 04:16 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-10 04:16 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-10 04:16 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 04:16 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-05-10 04:16 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-10 04:16 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-09 19:44 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-04 04:24 - 2015-06-30 16:13 - 00000000 ____D C:\Users\zachary\AppData\Local\Packages
2017-05-02 16:30 - 2015-09-14 22:26 - 00000000 ____D C:\Users\zachary\AppData\Roaming\Skype
2017-04-28 20:51 - 2015-10-30 03:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-28 20:51 - 2015-10-30 03:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-28 00:23 - 2016-07-29 08:30 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-27 21:18 - 2015-06-30 16:21 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-27 21:18 - 2015-06-30 16:21 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-26 23:20 - 2015-06-23 06:14 - 00000000 ____D C:\ProgramData\PCDr
2017-04-25 21:02 - 2016-10-18 15:40 - 00000867 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-04-25 16:30 - 2017-04-15 19:44 - 00407608 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe
 
==================== Files in the root of some directories =======
 
2015-07-03 15:26 - 2015-07-03 15:26 - 0000036 _____ () C:\Users\zachary\AppData\Local\housecall.guid.cache
2016-07-29 23:54 - 2016-07-29 23:54 - 0000017 _____ () C:\Users\zachary\AppData\Local\resmon.resmoncfg
2015-07-04 10:17 - 2017-05-24 18:14 - 0000010 _____ () C:\Users\zachary\AppData\Local\sponge.last.runtime.cache
2016-10-02 02:35 - 2016-10-02 02:35 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
2016-10-28 21:30 - 2016-10-28 21:30 - 50563233 _____ (Popcorn Time                                                ) C:\Users\zachary\AppData\Local\Temp\setup_3D01.exe
2016-09-10 00:22 - 2017-01-18 21:34 - 43918808 _____ (Skype Technologies S.A.) C:\Users\zachary\AppData\Local\Temp\SkypeSetup.exe
2017-03-05 16:08 - 2017-03-05 16:08 - 14456872 _____ (Microsoft Corporation) C:\Users\zachary\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-21 12:28
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 AM

Posted 26 May 2017 - 09:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR Extension: (BetterTTV) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Trend Micro Toolbar) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2017-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
Task: {06663B23-5BFD-40F5-AC79-443DBC4B04F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {08D22317-99E3-4C46-A058-E71F67C535B3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {09A8E367-3BF2-4262-AFC4-0B3953B5749F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0E04C7A7-D5C1-492F-8639-7EBEE587EB8F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4A4764DB-0CA8-4E64-A163-B4AA310A719C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {72366170-13A1-418C-8C14-C63F22F917D1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {83AC6FBB-DF98-4176-B738-0B795F95F3DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {85EA7699-DD0B-48C2-9C11-3A66A006EAC8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9366CD95-4593-487F-B1E7-D903A850C8EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AA4D3C24-5640-4E7A-948E-709BE6D09717} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CC4B383C-5876-47F3-94B4-BDB556B4A444} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DB49E8DD-CB4D-43CC-B8C5-AC54E8BA5A4B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E32DBBF3-93A0-4E43-B747-F0349842211D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E751DA8B-41D0-4FF4-9A58-88203F72FAAF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

End
[/code]
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the beeps at startup persists it may just be that it's an indication of some hardware problem
Navigate to this page and see if you can identify a pattern that will give you some clues.
https://www.computerhope.com/beep.htm

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)

Please let me know what problem persists with this computer.

#3 kazachastan

kazachastan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:16 AM

Posted 27 May 2017 - 03:06 PM

After performing the steps listed in your reply, the strange noise and Name Not Available program are still present in my sound mixer. The 8-bit noise definitely is not the result of a hardware problem, as this noise is is not uniform and is too quick to be considered as an error signal. The noise also quickly fades as it plays, further reinforcing my idea that it is not an error signal brought about by a failed piece of hardware.

 

Below is the Fixlog.txt generated by executing the fix option on the FRST tool:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by zachary (27-05-2017 15:23:29) Run:1
Running from C:\Users\zachary\Downloads
Loaded Profiles: zachary (Available Profiles: zachary)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR Extension: (BetterTTV) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Trend Micro Toolbar) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2017-02-28]
CHR Extension: (Chrome Media Router) - C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR HKLM\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idkknaphebegndgimgdpfnconcickdfn] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [olmajmomenlhgihenlbjcfbopoghpckg] - hxxps://clients2.google.com/service/update2/crx
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
Task: {06663B23-5BFD-40F5-AC79-443DBC4B04F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {08D22317-99E3-4C46-A058-E71F67C535B3} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {09A8E367-3BF2-4262-AFC4-0B3953B5749F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0E04C7A7-D5C1-492F-8639-7EBEE587EB8F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4A4764DB-0CA8-4E64-A163-B4AA310A719C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {72366170-13A1-418C-8C14-C63F22F917D1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {83AC6FBB-DF98-4176-B738-0B795F95F3DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {85EA7699-DD0B-48C2-9C11-3A66A006EAC8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9366CD95-4593-487F-B1E7-D903A850C8EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AA4D3C24-5640-4E7A-948E-709BE6D09717} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CC4B383C-5876-47F3-94B4-BDB556B4A444} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DB49E8DD-CB4D-43CC-B8C5-AC54E8BA5A4B} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {E32DBBF3-93A0-4E43-B747-F0349842211D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E751DA8B-41D0-4FF4-9A58-88203F72FAAF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
 
End
[/code]
*****************
 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped => moved successfully
C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf => moved successfully
C:\Users\zachary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idkknaphebegndgimgdpfnconcickdfn => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\olmajmomenlhgihenlbjcfbopoghpckg => key removed successfully
Amsp => Unable to stop service.
HKLM\System\CurrentControlSet\Services\Amsp => key could not remove, key could be protected
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06663B23-5BFD-40F5-AC79-443DBC4B04F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06663B23-5BFD-40F5-AC79-443DBC4B04F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D22317-99E3-4C46-A058-E71F67C535B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D22317-99E3-4C46-A058-E71F67C535B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09A8E367-3BF2-4262-AFC4-0B3953B5749F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09A8E367-3BF2-4262-AFC4-0B3953B5749F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E04C7A7-D5C1-492F-8639-7EBEE587EB8F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E04C7A7-D5C1-492F-8639-7EBEE587EB8F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A4764DB-0CA8-4E64-A163-B4AA310A719C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A4764DB-0CA8-4E64-A163-B4AA310A719C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72366170-13A1-418C-8C14-C63F22F917D1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72366170-13A1-418C-8C14-C63F22F917D1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83AC6FBB-DF98-4176-B738-0B795F95F3DA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83AC6FBB-DF98-4176-B738-0B795F95F3DA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85EA7699-DD0B-48C2-9C11-3A66A006EAC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85EA7699-DD0B-48C2-9C11-3A66A006EAC8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9366CD95-4593-487F-B1E7-D903A850C8EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9366CD95-4593-487F-B1E7-D903A850C8EA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA4D3C24-5640-4E7A-948E-709BE6D09717} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA4D3C24-5640-4E7A-948E-709BE6D09717} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC4B383C-5876-47F3-94B4-BDB556B4A444} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC4B383C-5876-47F3-94B4-BDB556B4A444} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB49E8DD-CB4D-43CC-B8C5-AC54E8BA5A4B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB49E8DD-CB4D-43CC-B8C5-AC54E8BA5A4B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E32DBBF3-93A0-4E43-B747-F0349842211D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E32DBBF3-93A0-4E43-B747-F0349842211D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E751DA8B-41D0-4FF4-9A58-88203F72FAAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E751DA8B-41D0-4FF4-9A58-88203F72FAAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
[/code] => Error: No automatic fix found for this entry.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-05-2017 15:30:53)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\Amsp => key could not remove, key could be protected
 
==== End of Fixlog 15:30:53 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 AM

Posted 28 May 2017 - 07:39 AM

Lets check further.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Quoted from the log.
This service was not removed.

The [X] at the end of the entry in your logs indicates that something is missing.
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]

Review this article.
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1058784.aspx

Disable the Security Agent's self-protection.

RESTART the computer and find out if the sound problem is solved.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:16 AM

Posted 03 June 2017 - 08:47 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users