Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected from Windows Modules Installer


  • This topic is locked This topic is locked
2 replies to this topic

#1 cutlery

cutlery

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 19 January 2017 - 11:28 AM

Hi there.  My computer has begun to run incredibly slow after attaching a used hard drive.  My CPU speed is consistently over 70%.  My internet speed, both on the infected system and other systems on the network, has slowed way down as well.  In task manager, several processes are very quickly starting then stopping, starting then stopping.  The processes are moving around so fast, you can't even read them.  It seems to have something to do with the "Windows Modules Installer" service, as disabling the service brings the CPU speed way down.  However, the service automatically starts itself again after a few minutes, regardless of whether the service is set to Disabled, or set to Manual and then stopped.  The problem then persists.

 

Any help is very much appreciated :)

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by Josh (administrator) on JOSH-DESKTOP (18-01-2017 16:14:30)
Running from C:\Users\Josh\Downloads
Loaded Profiles: Josh (Available Profiles: Josh & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8459480 2015-02-25] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot Search & Destroy\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe [5632 2014-08-18] (GIGA-BYTE TECHNOLOGY CO., LTD.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3120337947-3030421738-730012630-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3120337947-3030421738-730012630-1002\...\Run: [Office Timeline Performance Helper] => C:\Program Files (x86)\Office Timeline\Current\OfficeTimelineStartup.exe [15432 2016-11-18] (OfficeTimeline LLC)
HKU\S-1-5-21-3120337947-3030421738-730012630-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{27b37421-4270-4925-8447-7d07419707a9}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{27b37421-4270-4925-8447-7d07419707a9}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3f460988-372e-44c8-b827-5412301e9a9e}: [DhcpNameServer] 10.0.1.2
Tcpip\..\Interfaces\{fe4ad90a-471d-4d42-9606-d882dffcc5dd}: [DhcpNameServer] 10.0.1.2

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3120337947-3030421738-730012630-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FireFox:
========
FF DefaultProfile: yjn7833m.default
FF ProfilePath: C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\yjn7833m.default [2017-01-18]
FF Homepage: Mozilla\Firefox\Profiles\yjn7833m.default -> hxxps://www.google.ca/
FF Extension: (Adblock Plus) - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\yjn7833m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-20] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-20] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default [2017-01-03]
CHR Extension: (Google Slides) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-24]
CHR Extension: (Google Docs) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-24]
CHR Extension: (Google Drive) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-24]
CHR Extension: (YouTube) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-24]
CHR Extension: (Google Sheets) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-24]
CHR Extension: (Google Docs Offline) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-24]
CHR Extension: (AdBlock) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-24]
CHR Extension: (Gmail) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-24]
CHR Extension: (Chrome Media Router) - C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62760 2015-11-12] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-01] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-26] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-26] (Electronic Arts)
S3 SDScannerService; C:\Program Files (x86)\Spybot Search & Destroy\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot Search & Destroy\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot Search & Destroy\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-09-26] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_7bb3101ce32915cc\nvlddmkm.sys [14181304 2016-12-03] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 SANDRA; \??\C:\Program Files\SandraLite\WNt600x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 16:14 - 2017-01-18 16:15 - 00011580 _____ C:\Users\Josh\Downloads\FRST.txt
2017-01-18 16:14 - 2017-01-18 16:14 - 02419200 _____ (Farbar) C:\Users\Josh\Downloads\FRST64.exe
2017-01-18 16:14 - 2017-01-18 16:14 - 00000000 ____D C:\FRST
2017-01-18 15:14 - 2017-01-18 15:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-18 13:53 - 2017-01-18 15:16 - 00000000 ____D C:\WINDOWS\pss
2017-01-18 13:28 - 2017-01-18 13:52 - 00000000 ____D C:\Users\Josh\Desktop\fix
2017-01-18 12:00 - 2017-01-18 12:00 - 05009173 _____ C:\Users\Josh\Desktop\ESO.rar
2017-01-18 11:59 - 2017-01-18 12:00 - 15235162 _____ C:\Users\Josh\Desktop\live.rar
2017-01-17 12:13 - 2017-01-17 21:19 - 00002764 _____ C:\Users\Josh\Documents\msg.txt
2017-01-15 13:23 - 2017-01-15 13:24 - 00000000 ____D C:\Users\Josh\Documents\Syncios Data Recovery
2017-01-15 13:23 - 2017-01-15 13:24 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Syncios Data Recovery
2017-01-15 13:23 - 2017-01-15 13:23 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syncios
2017-01-15 13:09 - 2017-01-15 13:09 - 00000000 ____D C:\Users\Josh\AppData\Roaming\iMobie
2017-01-15 13:09 - 2017-01-15 13:09 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Apple Computer
2017-01-15 13:09 - 2017-01-15 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-01-12 20:39 - 2017-01-13 12:42 - 00000086 _____ C:\Users\Josh\Documents\chaturbate.txt
2017-01-11 09:05 - 2017-01-11 09:06 - 00000230 _____ C:\Users\Josh\Desktop\Skyrim Remastered.url
2017-01-04 16:38 - 2017-01-04 16:38 - 01461760 _____ (Yuna Software) C:\Users\Josh\Downloads\Setup-PlusForSkype-3.0_FF.exe
2017-01-04 16:35 - 2017-01-18 14:21 - 00000000 ____D C:\Users\Josh\Downloads\MessengerPlusLogViewer
2017-01-03 14:42 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-01-03 14:42 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-01-03 14:42 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-01-03 14:42 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-01-03 14:42 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-01-03 14:42 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-01-03 14:42 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-01-03 14:42 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-01-03 14:42 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-01-03 14:42 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-01-03 14:42 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-01-03 14:42 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-01-03 14:42 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-01-03 14:42 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-01-03 14:42 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-01-03 14:42 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-01-03 14:42 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2017-01-03 14:42 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2017-01-03 14:42 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-01-03 14:42 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-01-03 14:42 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2017-01-03 14:42 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-01-03 14:42 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2017-01-03 14:42 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-01-03 14:42 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2017-01-03 14:42 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-01-03 14:42 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2017-01-03 14:42 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-01-03 14:42 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-01-03 14:42 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-01-03 14:42 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-01-03 14:42 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-01-03 14:42 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-01-03 14:42 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-01-03 14:42 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-01-03 14:42 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-01-03 14:42 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-01-03 14:42 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-01-03 14:42 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-01-03 14:42 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-01-03 14:42 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-01-03 14:42 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-01-03 14:42 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-01-03 14:42 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-01-03 14:42 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-01-03 14:42 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-01-03 14:42 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-01-03 14:42 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-01-03 14:42 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-01-03 14:42 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-01-03 14:42 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-01-03 14:42 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-01-03 14:42 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-01-03 14:42 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-01-03 14:42 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2017-01-03 14:42 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2017-01-03 14:42 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-01-03 14:42 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-01-03 14:42 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2017-01-03 14:42 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2017-01-03 14:42 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-01-03 14:42 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-01-03 14:42 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2017-01-03 14:42 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-01-03 14:42 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2017-01-03 14:42 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-01-03 14:42 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2017-01-03 14:42 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-01-03 14:42 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2017-01-03 14:42 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2017-01-03 14:42 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-01-03 14:42 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-01-03 14:42 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2017-01-03 14:42 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-01-03 14:42 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2017-01-03 14:42 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-01-03 14:42 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2017-01-03 14:42 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-01-03 14:42 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2017-01-03 14:42 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-01-03 14:42 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2017-01-03 14:42 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-01-03 14:42 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2017-01-03 14:42 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-01-03 14:42 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2017-01-03 14:42 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-01-03 14:42 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2017-01-03 14:42 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-01-03 14:42 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2017-01-03 14:42 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-01-03 14:42 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2017-01-03 14:42 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-01-03 14:42 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2017-01-03 14:42 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-01-03 14:42 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2017-01-03 14:42 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-01-03 14:42 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2017-01-03 14:42 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-01-03 14:42 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2017-01-03 14:42 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-01-03 14:42 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2017-01-03 14:42 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-01-03 14:42 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2017-01-03 14:42 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-01-03 14:42 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2017-01-03 14:42 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-01-03 14:42 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2017-01-03 14:42 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-01-03 14:42 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-01-03 14:42 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-01-03 14:42 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2017-01-03 14:42 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-01-03 14:42 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2017-01-03 14:42 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-01-03 14:42 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2017-01-03 14:42 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-01-03 14:42 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2017-01-03 14:42 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-01-03 14:42 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2017-01-03 14:42 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2017-01-03 14:42 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-01-03 14:42 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-01-03 14:42 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2017-01-03 14:42 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-01-03 14:42 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2017-01-03 14:42 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2017-01-03 14:42 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-01-03 14:42 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-01-03 14:42 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-01-03 14:42 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2017-01-03 14:42 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2017-01-03 14:42 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2017-01-03 14:42 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-01-03 14:42 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-01-03 14:42 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-01-03 14:42 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-01-03 14:42 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-01-03 14:42 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-01-03 14:42 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-01-03 14:42 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-01-03 14:42 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2017-01-03 14:42 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-01-03 14:42 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2017-01-03 14:42 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-01-03 14:42 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-01-03 14:42 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-01-03 14:42 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2017-01-03 14:42 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-01-03 14:42 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2017-01-03 14:42 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-01-03 14:42 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2017-01-03 14:41 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-01-03 14:41 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2017-01-03 14:41 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-01-03 14:41 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2017-01-02 17:19 - 2017-01-02 17:19 - 00001767 _____ C:\Users\Josh\Desktop\World of Warcraft.lnk
2016-12-27 15:09 - 2016-12-27 15:09 - 00000655 _____ C:\Users\Josh\Documents\a.txt
2016-12-27 14:52 - 2017-01-06 17:31 - 00012456 _____ C:\Users\Josh\Documents\I spent my entire Christmas break reliving terrifying memories brought on by you and your family.docx
2016-12-22 17:34 - 2016-12-22 17:34 - 00011706 _____ C:\Users\Josh\Documents\transcribe.docx
2016-12-22 16:36 - 2016-12-22 16:36 - 00010597 _____ C:\Users\Josh\Documents\hometown.docx
2016-12-22 13:18 - 2016-12-22 14:58 - 00035328 _____ C:\Users\Josh\Documents\Resume1.doc
2016-12-21 11:45 - 2016-12-21 11:52 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Notepad++
2016-12-21 11:45 - 2016-12-21 11:45 - 00000868 _____ C:\Users\Public\Desktop\Notepad++.lnk
2016-12-21 11:45 - 2016-12-21 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-12-21 11:45 - 2016-12-21 11:45 - 00000000 ____D C:\Program Files\Notepad++
2016-12-21 11:44 - 2016-12-21 11:45 - 02842808 _____ C:\Users\Josh\Downloads\npp.7.2.2.Installer.x64.exe
2016-12-21 11:42 - 2016-12-21 11:43 - 62866856 _____ C:\Users\Josh\Downloads\jdk-6u45-windows-x64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-18 16:13 - 2016-09-04 07:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-18 16:02 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-18 16:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-18 15:39 - 2016-11-26 07:28 - 00000000 ____D C:\Users\Josh\AppData\LocalLow\Mozilla
2017-01-18 15:36 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-18 15:24 - 2016-09-04 07:14 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-18 15:21 - 2016-09-04 07:18 - 01410554 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-18 15:18 - 2015-12-26 12:19 - 00026192 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2017-01-18 15:17 - 2016-09-04 07:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-18 15:16 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-18 14:29 - 2016-09-04 07:19 - 00000000 ____D C:\Users\Josh
2017-01-18 14:27 - 2016-11-12 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-01-18 14:26 - 2016-09-04 07:19 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-18 14:26 - 2016-09-04 07:19 - 00000000 ____D C:\Users\.NET v4.5 Classic
2017-01-18 14:26 - 2016-09-04 07:19 - 00000000 ____D C:\Users\.NET v4.5
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\Nui
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-01-18 14:26 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-01-18 14:26 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-18 14:26 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-01-18 14:26 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-18 14:26 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-01-18 14:26 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2017-01-18 14:23 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\SMI
2017-01-18 14:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-18 14:21 - 2016-11-29 11:43 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2017-01-18 14:21 - 2016-11-25 15:30 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Battle.net
2017-01-18 14:21 - 2016-08-27 12:55 - 00000000 ____D C:\Users\Josh\AppData\Roaming\DesktopOK
2017-01-18 14:21 - 2015-11-17 13:33 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-18 14:20 - 2016-12-02 11:46 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-01-18 14:20 - 2016-09-21 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-01-18 14:20 - 2016-07-04 10:29 - 00000000 ____D C:\Program Files (x86)\Spybot Search & Destroy
2017-01-18 14:20 - 2016-06-29 12:41 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-18 14:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-18 14:00 - 2016-10-25 19:17 - 00000000 ____D C:\Users\Josh\Documents\Mods
2017-01-18 13:59 - 2016-09-04 07:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-18 13:59 - 2016-09-04 07:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-18 13:59 - 2016-08-17 14:19 - 00000000 ____D C:\Users\Josh\AppData\Local\NVIDIA
2017-01-18 13:58 - 2016-11-25 15:31 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-18 13:58 - 2016-09-04 07:14 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-18 13:53 - 2016-12-17 12:24 - 00005110 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-18 13:37 - 2016-06-28 11:47 - 00030777 _____ C:\Users\Josh\Documents\psw copy.txt
2017-01-18 12:42 - 2016-09-01 14:51 - 00000000 ____D C:\Users\Josh\AppData\Local\CrashDumps
2017-01-18 12:00 - 2016-11-07 05:05 - 00000000 ____D C:\Users\Josh\Documents\Elder Scrolls Online
2017-01-17 17:52 - 2016-11-25 15:33 - 00000000 ____D C:\Users\Josh\AppData\Local\Battle.net
2017-01-15 16:55 - 2016-06-24 15:51 - 00000000 ___RD C:\Users\Josh\OneDrive
2017-01-13 13:39 - 2016-08-01 13:05 - 00000354 _____ C:\Users\Josh\Documents\watching.txt
2017-01-11 13:53 - 2016-06-24 17:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 09:06 - 2016-10-27 08:38 - 00000230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skyrim Remastered.url
2017-01-05 18:41 - 2016-10-26 05:40 - 00000000 ____D C:\ProgramData\Origin
2017-01-04 19:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-04 17:21 - 2016-07-05 11:37 - 00000000 ____D C:\Users\Josh\AppData\Roaming\Skype
2017-01-04 15:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-02 17:19 - 2016-11-29 12:05 - 00001767 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft.lnk
2017-01-02 09:24 - 2016-12-01 14:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-29 14:33 - 2016-06-30 09:55 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-12-29 14:32 - 2016-06-30 09:55 - 00000000 ____D C:\Program Files\Rockstar Games
2016-12-25 13:39 - 2016-11-08 09:22 - 00000000 ____D C:\Users\Josh\Documents\The Witcher 3
2016-12-23 12:51 - 2016-11-06 12:13 - 00001926 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elder Scrolls Online.lnk
2016-12-23 12:51 - 2016-11-06 12:12 - 00001926 _____ C:\Users\Josh\Desktop\Elder Scrolls Online.lnk
2016-12-23 12:02 - 2016-11-06 12:08 - 00000000 ____D C:\Program Files (x86)\Elder Scrolls Online
2016-12-22 15:02 - 2016-06-28 11:47 - 00014167 _____ C:\Users\Josh\Documents\inf copy.txt
2016-12-20 09:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-20 09:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-20 09:04 - 2016-06-28 13:08 - 00000000 ____D C:\Users\Josh\AppData\Local\Adobe

==================== Files in the root of some directories =======

2016-09-06 17:04 - 2016-10-27 11:13 - 2369536 _____ () C:\Users\Josh\AppData\Local\file__0.localstorage
2016-09-04 08:00 - 2016-09-04 08:00 - 0000017 _____ () C:\Users\Josh\AppData\Local\resmon.resmoncfg
2016-09-04 07:14 - 2016-09-04 07:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-17 12:24 - 2017-01-18 15:17 - 0002938 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-17 12:24 - 2017-01-18 13:53 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
C:\Users\Josh\AppData\Local\Temp\MsgPlusUninstall.exe
C:\Users\Josh\AppData\Local\Temp\Nexus Mod Manager-0.62.1.exe
C:\Users\Josh\AppData\Local\Temp\Nexus Mod Manager-0.62.2.exe
C:\Users\Josh\AppData\Local\Temp\Nexus Mod Manager-0.63.1.exe
C:\Users\Josh\AppData\Local\Temp\Nexus Mod Manager-0.63.3.exe
C:\Users\Josh\AppData\Local\Temp\Nexus Mod Manager-0.63.5.exe
C:\Users\Josh\AppData\Local\Temp\Nexus Mod Manager-0.63.6.exe
C:\Users\Josh\AppData\Local\Temp\Nexus Mod Manager-0.63.7.exe
C:\Users\Josh\AppData\Local\Temp\Nexus Mod Manager-0.63.9.exe
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Josh\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Josh\AppData\Local\Temp\nvStInst.exe
C:\Users\Josh\AppData\Local\Temp\NvTelemetry.dll
C:\Users\Josh\AppData\Local\Temp\NvTelemetryAPI32.dll
C:\Users\Josh\AppData\Local\Temp\NvTelemetryAPI64.dll
C:\Users\Josh\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Josh\AppData\Local\Temp\sfextra.dll
C:\Users\Josh\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-18 15:27

==================== End of FRST.txt ============================

Attached Files


Edited by cutlery, 19 January 2017 - 11:34 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 24 January 2017 - 11:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/637793 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:16 AM

Posted 29 January 2017 - 11:35 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users