Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32 requests allowance to make changes


  • This topic is locked This topic is locked
2 replies to this topic

#1 xlvsdeep

xlvsdeep

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:17 PM

Posted 16 January 2016 - 01:09 PM

Hello,

 

OS:Win10

 

My issue explained: Attempted to open Windows Sounds and encounter this new popup: Rundll32 wants to make changes. Simply said I can not open the window without pressing yes. Because this popup is all new to me, it got me instatly alerted.

 

Popup all in all:

 

Programs name: Windows Host Process (Rundll32)

Confirmed Publesher: Microsoft Windows

Programs location: "C:\Windows\System32\rundll32.exe" shell32.dll,Control_RunDLL mmsys.cpl,,sounds

 

(Yes or No)

 

Spent rest of yesterday trying to spot the malware (possible?) with different scans and programs. What I did run:

 

Mostly in that order too, 1 or 2 might switch.

 

Malicious software removal tool (Microsoft) <- founds nothing relevant to this issue

MalwareBytes (home, free) <- did not find anything to remove.

Full scan on Windows Defender <- founds nothing relevant to this issue

sfcscan on cmd three times <- removed sth else on first scan, not relevant

CCleaner <- deleted bunch of crap but nothing relevant

WinThruster <- deleted something nothing relevat, not anymore on my pc

RKill<- found nothing to stop

 

Today I run AdwCleaner, JRT and ESETScan. I can post logs of these too here. Alternatively here:

 

And just now ran FRST (64bit) to get the logs.

 

These are all I came up with. Did consider Combofix but apparently doesnt run on win10(?). Re-installing win10 is another option if nothing else works. Other option is to wait for next update to my Windows which could potentially help (?).

 

Not sure if this is relevant to the main issue: When trying to open a attached program in admin it only shows a blank window, so I have to find the program in the proper folders in order to open it in admin.

 

Ofc have booted pc after all this, if thats even relevant. So as obvious, popup still happening when I try to open Sounds, and so far haven't had similar popup while trying to open anything else.

 

The log Addition is attached to the topic. FRST Log down below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Alex (administrator) on RED-DRAGON (16-01-2016 19:17:48)
Running from D:\Firefox
Loaded Profiles: Alex (Available Profiles: Alex)
Platform: Windows 10 Home (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\runSW.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\TeleWell\TeleWell TW-WLAN USB 80211 AC Wireless LAN Driver and Utility\WPSService20.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek) C:\Windows\SwUSB.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(bluestork) C:\Program Files\BS-GMKULT4\BS-GM-KULT4.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8521472 2015-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-334308690-2122388623-731785448-1001\...\Run: [Steam] => D:\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-334308690-2122388623-731785448-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-334308690-2122388623-731785448-1001\...\MountPoints2: E - "E:\Setup.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{2c74edea-56aa-4596-acdd-12450b189460}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{3106e714-75b0-460b-bfe8-e2277d736072}: [DhcpNameServer] 193.229.0.40 193.229.0.42
Tcpip\..\Interfaces\{6da695e5-3b58-4f48-82ef-74aa58431ede}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{880202d0-d097-4fa6-8f40-bc770b41fdf7}: [DhcpNameServer] 7.254.254.254

Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-16] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-16] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\e2qklzrd.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-05] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-05] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Small Tabs - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\e2qklzrd.default\Extensions\smalltabs@view.co.uk.xpi [2015-11-30]
FF Extension: FT DeepDark - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\e2qklzrd.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-12-04]
FF Extension: BitComet Video Downloader - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\e2qklzrd.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-12-09] [not signed]
FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\e2qklzrd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]

Chrome:
=======
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google-presentaatiot) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-18]
CHR Extension: (Google-dokumentit) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-18]
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
CHR Extension: (Google-haku) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google-taulukot) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-18]
CHR Extension: (Google Docsin offline-tila) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Proxy for Netflix Free) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlacajbkonocfmdfgdkdjmpneojpbllj [2015-11-11]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-18]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-18]
CHR Extension: (Popout for YouTube™) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pofekaindcmmojfnfgbpklepkjfilcep [2015-12-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
S3 BITCOMET_HELPER_SERVICE; D:\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 PrintNotify; C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll [3337728 2015-10-30] (Microsoft Corporation) [File not signed]
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2013-05-23] ()
S3 TunngleService; D:\Tunngle\TnglCtrl.exe [809456 2015-12-07] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-10-15] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\TeleWell\TeleWell TW-WLAN USB 80211 AC Wireless LAN Driver and Utility\WPSService20.exe [96768 2013-05-13] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-05-08] ()
S3 cpuz138; C:\Users\Alex\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-01-16] (CPUID)
S3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [530416 2015-06-18] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2015-12-13] (Intel Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2015-10-15] ()
S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2204304 2015-07-10] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [2968792 2013-07-23] (Realtek Semiconductor Corporation                           )
S3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [40568 2015-12-04] (Tunngle.net)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-16 19:16 - 2016-01-16 19:17 - 00000000 ____D C:\FRST
2016-01-16 19:05 - 2016-01-16 19:05 - 00016148 _____ C:\Windows\system32\RED-DRAGON_Alex_HistoryPrediction.bin
2016-01-16 17:36 - 2016-01-16 17:36 - 00003369 _____ C:\Users\Alex\Desktop\ALLIALL.txt
2016-01-16 17:25 - 2016-01-16 17:25 - 00003920 _____ C:\Users\Alex\Desktop\ESETScan.txt
2016-01-16 15:35 - 2016-01-16 15:35 - 00000000 ____D C:\Program Files (x86)\ESET
2016-01-16 15:34 - 2016-01-16 15:35 - 02870984 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
2016-01-16 15:32 - 2016-01-16 15:32 - 00000622 _____ C:\Users\Alex\Desktop\JRT.txt
2016-01-16 15:24 - 2016-01-16 15:25 - 00000000 ____D C:\AdwCleaner
2016-01-16 14:51 - 2016-01-16 14:51 - 00001996 _____ C:\Users\Alex\Desktop\Rkill.txt
2016-01-16 13:23 - 2016-01-16 13:23 - 00000117 _____ C:\Windows\system32\GWMultiLaunch.ini
2016-01-16 03:19 - 2016-01-16 03:19 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-01-16 03:19 - 2016-01-16 03:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2016-01-16 03:08 - 2016-01-16 03:10 - 00001648 _____ C:\Windows\system32\ASOROSet.bin
2016-01-16 03:08 - 2016-01-16 03:08 - 00000000 ____D C:\Windows\system32\config\RCCBakup
2016-01-16 02:57 - 2016-01-16 02:57 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-01-16 02:57 - 2015-12-18 08:10 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-01-16 02:57 - 2015-12-18 08:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-16 00:57 - 2008-02-28 14:37 - 00046136 ____N (Panda Security, S.L.) C:\Windows\system32\Drivers\ShldFlt.sys
2016-01-16 00:23 - 2016-01-16 00:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-16 00:23 - 2016-01-16 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-16 00:23 - 2016-01-16 00:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-16 00:23 - 2016-01-16 00:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-16 00:23 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-16 00:23 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-16 00:23 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-15 13:42 - 2016-01-05 05:07 - 02463704 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-15 13:42 - 2016-01-05 05:07 - 00377592 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-15 13:42 - 2016-01-05 05:06 - 08022368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-15 13:42 - 2016-01-05 05:06 - 01991120 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-15 13:42 - 2016-01-05 05:06 - 01270104 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-15 13:42 - 2016-01-05 05:06 - 01063504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-15 13:42 - 2016-01-05 05:06 - 00119800 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-15 13:42 - 2016-01-05 05:04 - 02824248 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 02641928 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-15 13:42 - 2016-01-05 05:04 - 01591848 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 01150816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 00862056 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 00787720 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-15 13:42 - 2016-01-05 05:04 - 00784136 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 00779928 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 00772448 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 00751992 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-15 13:42 - 2016-01-05 05:04 - 00667856 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-15 13:42 - 2016-01-05 05:04 - 00249464 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-15 13:42 - 2016-01-05 05:04 - 00243248 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 00233992 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 00115704 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-15 13:42 - 2016-01-05 05:04 - 00090912 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-15 13:42 - 2016-01-05 05:04 - 00083704 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-15 13:42 - 2016-01-05 04:59 - 00781976 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-01-15 13:42 - 2016-01-05 04:52 - 00441696 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-15 13:42 - 2016-01-05 04:50 - 01817064 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-15 13:42 - 2016-01-05 04:50 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-15 13:42 - 2016-01-05 04:50 - 00723648 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-15 13:42 - 2016-01-05 04:50 - 00345080 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-15 13:42 - 2016-01-05 04:50 - 00251544 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-15 13:42 - 2016-01-05 04:50 - 00205072 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-15 13:42 - 2016-01-05 04:31 - 01365576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-15 13:42 - 2016-01-05 04:30 - 02459096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-15 13:42 - 2016-01-05 04:30 - 02162064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-15 13:42 - 2016-01-05 04:30 - 02152744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-15 13:42 - 2016-01-05 04:30 - 01106872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-15 13:42 - 2016-01-05 04:30 - 00882208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-15 13:42 - 2016-01-05 04:30 - 00368776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-15 13:42 - 2016-01-05 04:30 - 00232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-15 13:42 - 2016-01-05 04:30 - 00100712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-15 13:42 - 2016-01-05 04:29 - 00208688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2016-01-15 13:42 - 2016-01-05 04:28 - 02445128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-15 13:42 - 2016-01-05 04:28 - 00714808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-15 13:42 - 2016-01-05 04:28 - 00696192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-15 13:42 - 2016-01-05 04:28 - 00695752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-15 13:42 - 2016-01-05 04:28 - 00645144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-15 13:42 - 2016-01-05 04:28 - 00635312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-15 13:42 - 2016-01-05 04:28 - 00497896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-15 13:42 - 2016-01-05 04:28 - 00277400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-15 13:42 - 2016-01-05 04:28 - 00116728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-15 13:42 - 2016-01-05 04:28 - 00107952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-15 13:42 - 2016-01-05 04:28 - 00082096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-15 13:42 - 2016-01-05 04:28 - 00072808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-15 13:42 - 2016-01-05 04:21 - 00658528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-01-15 13:42 - 2016-01-05 04:18 - 21873152 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-01-15 13:42 - 2016-01-05 04:15 - 24592896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-15 13:42 - 2016-01-05 04:15 - 00931328 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-15 13:42 - 2016-01-05 04:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2016-01-15 13:42 - 2016-01-05 04:15 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\usermgrcli.dll
2016-01-15 13:42 - 2016-01-05 04:10 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\mfh264enc.dll
2016-01-15 13:42 - 2016-01-05 04:10 - 00305776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-15 13:42 - 2016-01-05 04:10 - 00278424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-15 13:42 - 2016-01-05 04:10 - 00188032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-15 13:42 - 2016-01-05 04:09 - 01234944 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-01-15 13:42 - 2016-01-05 04:09 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-15 13:42 - 2016-01-05 04:02 - 01672192 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-15 13:42 - 2016-01-05 04:02 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-15 13:42 - 2016-01-05 04:02 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-15 13:42 - 2016-01-05 04:01 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-15 13:42 - 2016-01-05 04:00 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-15 13:42 - 2016-01-05 04:00 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-01-15 13:42 - 2016-01-05 03:59 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-15 13:42 - 2016-01-05 03:57 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2016-01-15 13:42 - 2016-01-05 03:57 - 00578560 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-01-15 13:42 - 2016-01-05 03:57 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-15 13:42 - 2016-01-05 03:56 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-01-15 13:42 - 2016-01-05 03:51 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-15 13:42 - 2016-01-05 03:51 - 01009664 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-15 13:42 - 2016-01-05 03:51 - 00634368 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-15 13:42 - 2016-01-05 03:51 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-15 13:42 - 2016-01-05 03:51 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-15 13:42 - 2016-01-05 03:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2016-01-15 13:42 - 2016-01-05 03:44 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usermgrcli.dll
2016-01-15 13:42 - 2016-01-05 03:43 - 19324928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-15 13:42 - 2016-01-05 03:42 - 00871936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-15 13:42 - 2016-01-05 03:38 - 00556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfh264enc.dll
2016-01-15 13:42 - 2016-01-05 03:32 - 01541632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-15 13:42 - 2016-01-05 03:32 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-15 13:42 - 2016-01-05 03:31 - 00563200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-15 13:42 - 2016-01-05 03:31 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-15 13:42 - 2016-01-05 03:30 - 18802176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-01-15 13:42 - 2016-01-05 03:29 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-15 13:42 - 2016-01-05 03:29 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-15 13:42 - 2016-01-05 03:26 - 00373760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-15 13:42 - 2016-01-05 03:24 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-01-15 13:42 - 2016-01-05 03:20 - 00890880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-15 13:42 - 2016-01-05 03:19 - 01070080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-15 13:42 - 2016-01-05 03:19 - 00747008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-15 13:42 - 2016-01-05 03:19 - 00409088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-15 13:42 - 2016-01-05 03:19 - 00404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-14 12:29 - 2016-01-15 14:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-14 11:46 - 2016-01-14 11:46 - 00003630 _____ C:\Windows\System32\Tasks\BS-GM-KULT4-GmTaskPlan
2016-01-14 11:46 - 2016-01-14 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS-GMKULT4
2016-01-14 11:46 - 2016-01-14 11:46 - 00000000 ____D C:\Program Files\BS-GMKULT4
2016-01-14 11:46 - 2016-01-14 11:46 - 00000000 ____D C:\Program Files (x86)\BS-GMKULT4
2016-01-14 11:46 - 2015-04-24 09:54 - 00003554 _____ C:\Windows\system32\GmTaskPlan64.xml
2016-01-05 20:29 - 2016-01-05 20:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
2016-01-05 20:28 - 2016-01-05 20:28 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll
2016-01-05 20:28 - 2016-01-05 20:28 - 00640000 _____ (Nokia) C:\Windows\system32\nmwcdcoclsx64.dll
2016-01-05 20:28 - 2016-01-05 20:28 - 00171008 _____ (Nokia) C:\Windows\system32\Drivers\nmwcdnsux64.sys
2016-01-05 20:28 - 2016-01-05 20:28 - 00166912 _____ (Nokia) C:\Windows\system32\ccdcmbwux64.dll
2016-01-05 20:28 - 2016-01-05 20:28 - 00057856 _____ (Nokia) C:\Windows\system32\nmwcdclsx64.dll
2016-01-05 20:28 - 2016-01-05 20:28 - 00019968 _____ (Nokia) C:\Windows\system32\Drivers\ccdcmbx64.sys
2016-01-05 20:28 - 2016-01-05 20:28 - 00012800 _____ (Nokia) C:\Windows\system32\Drivers\nmwcdnsucx64.sys
2016-01-05 20:28 - 2016-01-05 20:28 - 00009216 _____ (Nokia) C:\Windows\system32\Drivers\usbser_lowerfltjx64.sys
2016-01-05 20:28 - 2016-01-05 20:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-01-05 20:28 - 2016-01-05 20:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
2016-01-01 18:54 - 2016-01-02 04:13 - 00000000 ____D C:\Users\Alex\Documents\Diablo III
2016-01-01 18:21 - 2016-01-01 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-01-01 18:16 - 2016-01-14 13:14 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-01-01 05:56 - 2016-01-15 01:59 - 00000000 ____D C:\Users\Alex\AppData\Local\Battle.net
2016-01-01 05:56 - 2016-01-15 01:58 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-01 05:56 - 2016-01-01 07:25 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Battle.net
2016-01-01 05:08 - 2016-01-01 05:08 - 00000000 ____D C:\Users\Alex\AppData\Local\Blizzard Entertainment
2016-01-01 05:08 - 2016-01-01 05:08 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-01-01 05:06 - 2016-01-01 05:06 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-24 23:10 - 2015-12-24 23:10 - 00000000 ____D C:\Program Files\CPUID

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-16 19:16 - 2015-07-10 11:05 - 00000000 ____D C:\Windows
2016-01-16 18:32 - 2015-10-18 12:21 - 00001038 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-16 18:32 - 2015-10-18 12:21 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-16 17:44 - 2015-10-15 15:23 - 01379500 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-16 17:44 - 2015-07-10 18:40 - 00434288 _____ C:\Windows\system32\perfh00B.dat
2016-01-16 17:44 - 2015-07-10 18:40 - 00081386 _____ C:\Windows\system32\perfc00B.dat
2016-01-16 17:44 - 2015-07-10 13:02 - 00000000 ____D C:\Windows\INF
2016-01-16 17:40 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\AppReadiness
2016-01-16 17:38 - 2015-10-17 12:33 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Skype
2016-01-16 17:37 - 2015-12-05 20:36 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-16 17:37 - 2015-07-10 14:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-16 17:37 - 2015-07-10 11:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-16 14:25 - 2015-11-29 19:18 - 00007597 _____ C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2016-01-16 14:11 - 2015-10-21 21:24 - 00000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2016-01-16 03:17 - 2015-10-15 15:50 - 00000000 ____D C:\Program Files\Java
2016-01-16 03:17 - 2015-10-15 15:49 - 00000000 ____D C:\Users\Alex\.oracle_jre_usage
2016-01-16 03:17 - 2015-10-15 15:49 - 00000000 ____D C:\ProgramData\Oracle
2016-01-16 03:17 - 2015-10-15 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-16 03:17 - 2015-10-15 15:49 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-16 03:16 - 2015-10-15 15:50 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-01-16 03:10 - 2015-10-15 15:21 - 00000000 ____D C:\Users\Alex
2016-01-16 03:10 - 2015-07-10 11:05 - 74448896 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-01-16 03:10 - 2015-07-10 11:05 - 18612224 _____ C:\Windows\system32\config\SYSTEM.bak
2016-01-16 03:10 - 2015-07-10 11:05 - 00032768 _____ C:\Windows\system32\config\SECURITY.bak
2016-01-16 02:57 - 2015-12-05 20:36 - 00000000 ____D C:\Users\Alex\AppData\Local\NVIDIA
2016-01-16 02:57 - 2015-10-15 15:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-16 02:56 - 2015-07-10 12:55 - 00000000 ____D C:\Windows\CbsTemp
2016-01-16 00:28 - 2015-11-28 07:11 - 00000000 ____D C:\Windows\Minidump
2016-01-16 00:28 - 2015-10-15 16:16 - 00000000 ____D C:\Windows\Panther
2016-01-15 21:24 - 2015-10-15 15:33 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-15 14:15 - 2015-10-15 15:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 14:15 - 2015-10-15 15:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-15 14:15 - 2015-10-15 15:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-15 13:45 - 2015-10-15 15:33 - 00000000 ____D C:\Windows\system32\MRT
2016-01-15 13:43 - 2015-10-15 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-15 13:43 - 2015-10-15 15:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-15 12:58 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-14 21:00 - 2015-11-01 05:05 - 00000152 _____ C:\Users\Alex\Desktop\ts df.txt
2016-01-14 11:48 - 2015-10-15 15:51 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 11:48 - 2015-10-15 15:51 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-12 06:41 - 2015-12-05 20:36 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-12 06:41 - 2015-12-05 20:36 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-12 06:40 - 2015-12-05 20:36 - 01860120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-01-12 06:40 - 2015-12-05 20:36 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-12 06:40 - 2015-12-05 20:36 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-05 22:00 - 2015-12-09 15:40 - 00000000 ____D C:\Users\Alex\AppData\Roaming\BitComet
2016-01-05 21:11 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\NDF
2016-01-05 15:25 - 2015-10-15 15:51 - 00000000 ____D C:\Users\Alex\AppData\Local\Adobe
2016-01-04 13:06 - 2015-10-17 12:33 - 00000000 ____D C:\ProgramData\Skype
2016-01-03 03:40 - 2015-07-10 13:06 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 03:40 - 2015-07-10 13:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-01 05:54 - 2015-10-15 15:21 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Adobe
2016-01-01 03:04 - 2015-10-15 15:51 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2015-12-31 15:15 - 2015-10-15 15:29 - 00000000 ____D C:\Users\Alex\AppData\Local\Comms
2015-12-24 23:10 - 2015-12-13 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-12-20 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2015-12-19 01:28 - 2015-12-09 23:07 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Tunngle
2015-12-19 00:54 - 2015-12-09 23:07 - 00000000 ____D C:\ProgramData\Tunngle
2015-12-18 08:11 - 2015-12-05 20:34 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

==================== Files in the root of some directories =======

2015-10-16 09:36 - 2015-10-16 09:37 - 1065984 _____ () C:\Users\Alex\AppData\Local\file__0.localstorage
2015-11-29 19:18 - 2016-01-16 14:25 - 0007597 _____ () C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2015-12-13 09:15 - 2015-12-13 09:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Alex\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-14 11:44

==================== End of FRST.txt ============================

 

 

 

Thank you for your effort, xlvsdeep


Edited by xlvsdeep, 16 January 2016 - 03:10 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 17 January 2016 - 11:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The change you are trying to make is protected by the operating system.

Open the elevated command prompt.
How to:
http://www.tenforums.com/tutorials/2790-elevated-command-prompt-open-windows-10-a.html

Then type mmsys.cpl at the prompt and hit the Enter key.

You should then be able to adjust the sound.

Nothing suspicious was found on your logs.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:17 AM

Posted 22 January 2016 - 11:26 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users