Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I need help my system is bogged down.

Started by mythica , Dec 02 2017 01:34 PM

Please log in to reply

#1
mythica

Posted 02 December 2017 - 01:34 PM

Member

Member
13 posts

My daughter downloaded a music program and I am pretty sure it came with something. because right after that I started having internet explorer windows constantly being opened in the background. with names like what are the stars doing now. Like you find on Facebook. But they were not opening where I could see them. It was almost like I was the server for them to be opened. I only happened upon it because as I gamer I notice when my computer is bogged down. I did the normal malware sweep and the virus scan. but it still seems that I am bogged down. programs take a few seconds to respond my start bar will take several seconds to respond. I need to have a quick response time. What else is there that I could do besides debugging my system and starting over.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Stefinee (02-12-2017 12:24:58)
Running from C:\Users\mythi\Desktop
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-06 10:14:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1111491060-269441850-655590923-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1111491060-269441850-655590923-503 - Limited - Disabled)
Guest (S-1-5-21-1111491060-269441850-655590923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1111491060-269441850-655590923-1004 - Limited - Enabled)
Stefinee (S-1-5-21-1111491060-269441850-655590923-1001 - Administrator - Enabled) => C:\Users\mythi
WDAGUtilityAccount (S-1-5-21-1111491060-269441850-655590923-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
AEGIS II - Boost Launcher (HKLM-x32\...\{4829AFF2-F50E-44F6-8BC5-C985F2C24CE1}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
AEGIS II - GameALive (HKLM-x32\...\{9A689EB4-C4FA-49C1-80A5-EC49A7F43046}) (Version: 3.00.21 - ASUSTeK Computer Inc.)
AEGIS II - Lighting (HKLM-x32\...\{E7691292-4F73-4EC6-A3F8-126BFDC987F5}) (Version: 3.00.19 - ASUSTeK Computer Inc.)
AEGIS II - System Usage (HKLM-x32\...\{E8D6582C-D43C-452A-9F75-1D8C6BC0AA12}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
AEGIS II - Threshold Setting (HKLM-x32\...\{6C5979A6-97A8-4D0C-8A3F-4F49D2A13055}) (Version: 3.00.07 - ASUSTeK Computer Inc.)
AEGIS II (HKLM-x32\...\{A9FDB6CC-F2D6-4903-87BC-1537931F11B0}) (Version: 2.01.04 - ASUSTeK Computer Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
ASUS App Box (HKLM-x32\...\{F0CE6060-50B1-401E-8357-B6E24DB98D21}) (Version: 1.01.09 - ASUSTeK Computer Inc.)
ASUS Command - Ai Booting (HKLM-x32\...\{2DCE446C-D090-4458-8782-8F16DF94351E}) (Version: 2.01.17 - ASUSTeK Computer Inc.)
ASUS Command - Ai Charger II (HKLM-x32\...\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}) (Version: 2.01.13 - ASUSTeK Computer Inc.)
ASUS Command - Backup & Recovery (HKLM-x32\...\{34D67DE5-2ECF-4E6B-A243-2C16E2792787}) (Version: 2.01.17 - ASUSTeK Computer Inc.)
ASUS Command - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 2.01.18 - ASUSTeK Computer Inc.)
ASUS Command - Power Manager (HKLM-x32\...\{DD248BEE-E925-4720-A775-9A42276BB6EA}) (Version: 2.02.09 - ASUSTeK Computer Inc.)
ASUS Command - Update (HKLM-x32\...\{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}) (Version: 2.05.05 - ASUSTeK Computer Inc.)
ASUS Command (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 2.11.01 - ASUSTeK Computer Inc.)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.95 - ICEpower a/s)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.2.1 - ASUSTek Computer Inc.)
Discord (HKU\S-1-5-21-1111491060-269441850-655590923-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1111491060-269441850-655590923-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.63 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.63 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Update 25.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 25.0.0.0 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.879.110515 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7586 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0282 - REALTEK Semiconductor Corp.)
RoboForm 8-4-3-4 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-4-3-4 - Siber Systems)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17376 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-10-21] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E22AE70-0B76-46E0-9D41-476D6EE5DFA5} - System32\Tasks\ASUS\AEGIS II System Level Up Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsSysLevelUpSrc.exe [2015-02-12] (ASUSTeK Computer Inc.)
Task: {0F31FF08-92B3-4C5B-AB76-F6E10557A5E2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {3C129648-9067-47AF-A59E-197C3986D16E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {3CB4DC9E-C29F-4875-9895-8177665B1FEB} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSUpdateChecker.exe [2016-07-15] ()
Task: {3EF621F7-329C-4476-B6D9-8E6BA9C2B82C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {3FAB1B7D-BFE6-4C7F-A801-D1F62A4577E2} - System32\Tasks\ASUS\AEGIS_II Lighting AudioDetect Execute => C:\Program Files (x86)\ASUS\AEGIS II\Lighting\AudioDetect.exe [2015-08-11] ()
Task: {4F2FE484-A48E-414D-829E-EA07F94A1882} - System32\Tasks\ASUS\ASUS OCULUS WIZARD HELPER => C:\PROGRAM FILES (X86)\ASUS\ASUS OCULUS WIZARD\ASOCULUSCHECK.EXE [2016-03-01] (ASUSTeK COMPUTER INC.)
Task: {52D461E4-2476-45AB-B862-6E2B9DA7F9E4} - System32\Tasks\ASUS\AEGIS II Alert Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AlertService.exe [2015-02-12] (ASUSTeK Computer Inc.)
Task: {59ADE45C-EC3F-4424-957C-E60E978602C5} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-25] (ASUSTek Computer Inc.)
Task: {64162CF2-1AE7-40AF-BADE-6774A22FA4DF} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2017-11-29] (AVAST Software)
Task: {64245644-58D0-4C88-A5C7-CE07A498BC73} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)
Task: {72DE78E2-236B-420D-B8A0-137C9B04F712} - System32\Tasks\ASUS\ASUS Updater => C:\Program Files (x86)\ASUS\ASUS Manager\Application Update\ASUSFourceUpdater.exe [2016-07-15] ()
Task: {800CCE1E-2A01-42D7-9EED-674A8C5FEC78} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {907BC804-746A-419F-939E-D13DC3AAF609} - System32\Tasks\ASUS\AEGIS II Toast Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsToastHelper.exe [2015-02-12] (ASUSTeK Computer Inc.)
Task: {90F5A945-66FA-4675-95FB-57774474A4B0} - System32\Tasks\ASUS\AEGIS_II Lighting CD_Rom Execute => C:\Program Files (x86)\ASUS\AEGIS II\Lighting\CheckCD_RomLighting.exe [2015-09-24] ()
Task: {92FD871A-37A6-4271-A97D-AF59487E5A1B} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2015-11-30] ()
Task: {A4CDA3F0-0C9A-4C2E-92A9-78619FDE993D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {AD219124-9CC6-4FC8-8670-1E6E973302ED} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2015-02-02] ()
Task: {B0DCB82C-05D4-4464-AE1C-3ADB14A17063} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {B191E982-7A14-4D6E-B15A-1FCABCCF9201} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-10-25] (Siber Systems)
Task: {B1ADF9A7-F90F-4E33-8ECC-9EB18AA09280} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {B20A1380-D109-408F-95E8-34B39E2B6C14} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-26] (AVAST Software)
Task: {B9C173A7-27FE-46D2-BD25-47B17EF83F63} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {BAFA7367-F16F-4723-AE30-4ED02EFAF167} - System32\Tasks\ASUS\AEGIS II Matrix => C:\Program Files (x86)\ASUS\AEGIS II\LaunchAtStartupHelper.exe [2015-03-13] ()
Task: {C4E6B127-8A29-40F6-BC98-BBB27F270E55} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMHMJMMMKJHMMMKMMMCNNJLMMJLJCNLMOMIMNMCNNJJJMMHMCNPMLJJJGMIMKMOMOJOJJJNJOMJNJICMHMCNLMCNMMFMOMOMCNJMIMLMCNOMKMPMJMMMFMPMCNPMCNOMKMPMJMMMCNNMJNPICMOMFMEKMICNJJCKFMNMMMPMJNHICMEKMICNJJCKJNBJCMCJGILIHJGJJNKJCMJNNICMJNDJCMKJBJJNM (the data entry has 48 more characters).
Task: {C70A8A83-5E38-4D45-885C-6A4C6D2BC86D} - System32\Tasks\ASUS\AEGIS II - Boost Launcher => C:\Program Files (x86)\ASUS\AEGIS II\Boost Launcher\BLMonitor.exe [2015-04-20] ()
Task: {D07546F9-1C02-45B0-A31E-5599074181DE} - System32\Tasks\ASUS\ASUS Manager HotKey Service => C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe [2014-03-19] (ASUSTeK Computer Inc.)
Task: {D1592A33-EC25-4601-8AD2-6266A7E2EA26} - System32\Tasks\ASUS\ASUS AiCharger_II TrayIcon => C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe [2015-07-07] (ASUSTeK)
Task: {D15DD130-5A53-4C72-9654-FD8ECE30FC70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {DDE6980B-25DA-43EE-BDE7-61F853222549} - System32\Tasks\ASUS\AEGIS II SysInfo Helper => C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_SysMode.exe [2015-04-22] (ASUSTeK Computer Inc.)
Task: {FF24A9FA-D4B7-4E0A-8C8A-9D0CD5FED928} - System32\Tasks\ASUS\ASUS AiCharger_Desktop Execute => C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe [2013-04-02] (ASUSTek Computer Inc.) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 06:41 - 2017-09-29 06:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-01-13 12:56 - 2017-01-13 12:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 23:51 - 2017-10-18 23:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-19 10:11 - 2015-05-19 10:11 - 000007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2017-04-20 09:52 - 2017-05-03 13:21 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-17 22:58 - 2015-07-20 20:19 - 000121560 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
2017-07-04 17:22 - 2005-04-21 21:36 - 000143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2017-11-26 13:51 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-11-26 13:51 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-05-13 00:17 - 2016-10-21 23:04 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-17 23:01 - 2013-08-28 08:24 - 000920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2016-10-17 23:02 - 2014-08-27 15:48 - 000907776 _____ () C:\Windows\PCCleanupContextMenu\x64\ContextMenuHandler.dll
2016-06-02 02:26 - 2015-04-20 18:06 - 000860160 _____ () C:\Windows\BoostLauncherMenu\x64\ContextMenuHandler.dll
2016-06-02 02:27 - 2015-09-24 17:12 - 000021456 _____ () C:\Program Files (x86)\ASUS\AEGIS II\Lighting\CheckCD_RomLighting.exe
2016-10-17 23:02 - 2015-11-30 16:22 - 000924672 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
2016-06-02 02:26 - 2015-04-20 17:55 - 001011712 _____ () C:\Program Files (x86)\ASUS\AEGIS II\Boost Launcher\BLMonitor.exe
2017-09-29 06:42 - 2017-09-29 07:43 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-29 06:42 - 2017-09-29 07:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-30 02:32 - 2017-11-30 02:32 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-30 02:32 - 2017-11-30 02:32 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-30 02:32 - 2017-11-30 02:32 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-30 02:32 - 2017-11-30 02:32 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-30 02:32 - 2017-11-30 02:32 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2016-10-17 23:01 - 2017-12-02 12:07 - 000018216 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2016-10-17 23:01 - 2010-06-28 19:58 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-08-07 02:09 - 2015-08-07 02:09 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-04-20 09:52 - 2017-05-03 13:21 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-06-02 02:26 - 2014-09-29 17:57 - 000011264 _____ () C:\Program Files (x86)\ASUS\AEGIS II\SysTranslations\AsMultiLang.dll
2016-06-02 02:26 - 2014-10-16 15:05 - 000053248 _____ () C:\Program Files (x86)\ASUS\AEGIS II\cpuutil.dll
2017-11-26 13:51 - 2017-11-26 13:51 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-26 13:51 - 2017-11-26 13:51 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-26 13:51 - 2017-11-26 13:51 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-26 13:51 - 2017-11-26 13:51 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-26 13:51 - 2017-11-26 13:51 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-26 13:51 - 2017-11-26 13:51 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-08-08 21:17 - 2017-08-08 14:13 - 001893880 _____ () C:\Users\mythi\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-08-08 21:17 - 2017-08-08 21:17 - 001577976 _____ () \\?\C:\Users\mythi\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-04-20 09:52 - 2017-03-27 20:29 - 065708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-08-08 21:17 - 2017-08-08 14:13 - 001938424 _____ () C:\Users\mythi\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-08-08 21:17 - 2017-08-08 14:13 - 000095736 _____ () C:\Users\mythi\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-08-09 21:52 - 2017-09-09 12:25 - 000688416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-08-09 21:52 - 2017-10-30 20:22 - 002546976 _____ () C:\Program Files (x86)\Steam\video.dll
2017-08-09 21:52 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-08-09 21:52 - 2016-01-27 00:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-08-09 21:52 - 2016-01-27 00:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-08-09 21:52 - 2016-01-27 00:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-08-09 21:52 - 2016-01-27 00:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-08-09 21:52 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-08-09 21:52 - 2016-01-27 00:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-08-09 21:52 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-08-09 21:52 - 2017-10-30 20:22 - 000901408 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-08-09 21:52 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-07-04 17:22 - 2009-02-27 15:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-08-08 21:17 - 2017-10-06 07:44 - 009722360 _____ () \\?\C:\Users\mythi\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-08-08 21:17 - 2017-11-22 16:58 - 001494520 _____ () \\?\C:\Users\mythi\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-12-02 12:10 - 2017-12-02 12:10 - 000148992 _____ () \\?\C:\Users\mythi\AppData\Local\Temp\A87.tmp.node
2017-08-08 21:17 - 2017-08-08 21:17 - 002658296 _____ () \\?\C:\Users\mythi\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-08-08 21:18 - 2017-11-27 15:24 - 002739192 _____ () \\?\C:\Users\mythi\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-11-21 21:14 - 2017-11-21 21:14 - 001505272 _____ () \\?\C:\Users\mythi\AppData\Roaming\discord\0.0.298\modules\discord_game_utils\discord_game_utils.node
2017-08-09 21:55 - 2017-08-16 15:28 - 073130272 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-08-09 21:55 - 2017-09-06 19:04 - 000678400 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-08-09 21:52 - 2015-09-24 16:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\mythi\Desktop\Image (3).jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\mythi\Desktop\Image (3).jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 00:24 - 2017-07-05 08:36 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1111491060-269441850-655590923-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mythi\Pictures\2016-04-25 Iphone\Iphone 011.JPG
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1111491060-269441850-655590923-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1111491060-269441850-655590923-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1111491060-269441850-655590923-1001\...\StartupApproved\Run: => "Chromium"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{87CE54AB-6FFC-4522-BCC4-90AF7EC67F8D}] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1 test\h1z1.exe
FirewallRules: [{248CB65E-3B10-47FB-AB3B-A2709EE58406}] => (Block) C:\program files (x86)\steam\steamapps\common\h1z1 test\h1z1.exe
FirewallRules: [UDP Query User{8F469CCE-274D-4043-9D96-16F6846108A0}C:\program files (x86)\steam\steamapps\common\h1z1 test\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 test\h1z1.exe
FirewallRules: [TCP Query User{BAA99407-34C0-4584-BC50-7E8EF25E22AD}C:\program files (x86)\steam\steamapps\common\h1z1 test\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1 test\h1z1.exe
FirewallRules: [{68DC161C-E5D8-4003-8A49-78C94BE8BDAB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{8E7ACC7E-CE68-45F5-8538-8A0E9661AD0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1 Test\LaunchPad.exe
FirewallRules: [{107FF5C7-6275-49E8-8E3A-D5AF6D7C664F}] => (Allow) LPort=54925
FirewallRules: [UDP Query User{04F8C1CC-AF77-40CB-BAC3-1595092EE3FC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{111030C0-7915-4ECB-B9CF-CC81FA8DD4DF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6F4E0B50-2063-4DE8-A5CA-43488E273CC5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91600ADC-768B-4F1E-810F-352470F5D545}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8BB29FAF-1D9F-41D9-BFCC-3A21208635A6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC35B1E4-3592-4C2E-A399-50CA8BA0BDD1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9F92FFA9-2EE1-40A1-95F5-53D64C014843}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4BD71770-05D0-4A19-92B8-717BA97A6765}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EA05B296-95B0-4D30-8D1B-D846C9DE3349}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{9F2ACDCE-41FE-407D-BF14-F2FA7D1232A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{B8B1D80B-2343-4462-94B3-D91A4D83DC1E}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{22242041-1211-41A8-A286-2A1E1BDF2200}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{29E5790F-90ED-4087-B1A9-2E4F1FCD20F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4C795FED-67A1-4D81-B932-91BA0BD20180}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C534F1B-F2AB-408B-9841-697BF2D2C5E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A26A381A-53D3-4E5A-8652-B2E101CFCF64}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{51CB24ED-F0A1-4237-B002-247ED58890BC}] => (Allow) C:\Program Files (x86)\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{D860F677-DAB8-44A0-B55D-C8CEAD5C76E7}] => (Allow) C:\Program Files (x86)\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{6419F083-DD22-4E56-83EA-680B4F4B6DD1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{9434A9B9-B199-495B-94A1-59BF705BBEDC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E4F37860-BE50-42CC-9823-85831BB93EC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F1DA7491-5072-4CAC-866C-3F7FCA3B43B8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ABEB3599-DDCA-44B2-A499-E8A8800016D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{61C4D6F1-F75A-4FF5-889C-D3C512AB2925}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{82D167F6-932C-492F-979E-C35E0E216583}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{566831D4-13A4-4299-BCA0-2265811DEF80}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{981A1E3B-895A-4DF1-8F80-E9BD2D99E0A0}C:\users\mythi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mythi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{ABCA0221-A857-438B-B2A6-A3CCE38F1886}C:\users\mythi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\mythi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D711FC12-5A61-4862-88B1-AE731B7BC183}] => (Block) C:\users\mythi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{AE4F70DE-D042-437D-BBCE-16A1491D00AC}] => (Block) C:\users\mythi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{59CA13F2-6650-4382-9BA9-7B701BE326FE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B9DBCCC2-B31A-41DB-B3D3-8016113EA4B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{A48F97B7-CAEA-48BB-8212-E5BA1586C24B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{F7756149-AADF-434E-838C-716BC5CCB6C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{52BB917E-60EE-46F5-B770-D812E371B5E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe

==================== Restore Points =========================

26-11-2017 18:19:39 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2017 12:23:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.7563, time stamp: 0x580af596
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xc06d007f
Fault offset: 0x0000000000013fb8
Faulting process id: 0x342c
Faulting application start time: 0x01d36ba303ef52fc
Faulting application path: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 835abe62-8b40-4b8c-b583-72fd4ec48a65
Faulting package full name:
Faulting package-relative application ID:

Error: (12/02/2017 12:22:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.7563, time stamp: 0x580af596
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c
Exception code: 0xc06d007f
Fault offset: 0x0000000000013fb8
Faulting process id: 0x2668
Faulting application start time: 0x01d36ba2de82c352
Faulting application path: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: ba5cbc18-acc4-4f1d-85ca-ba904ef20f00
Faulting package full name:
Faulting package-relative application ID:

Error: (12/02/2017 12:10:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 3.F.1.A.E.3.8.D.F.3.A.E.0.8.C.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Stefinee-2.local.

Error: (12/02/2017 12:10:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.197:5353   16 3.F.1.A.E.3.8.D.F.3.A.E.0.8.C.6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Stefinee.local.

Error: (12/02/2017 12:10:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 3.5.D.D.A.F.2.9.8.6.8.E.6.F.1.A.B.5.0.3.1.0.6.0.1.8.6.0.1.0.6.2.ip6.arpa. PTR Stefinee-2.local.

Error: (12/02/2017 12:10:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.197:5353   16 3.5.D.D.A.F.2.9.8.6.8.E.6.F.1.A.B.5.0.3.1.0.6.0.1.8.6.0.1.0.6.2.ip6.arpa. PTR Stefinee.local.

Error: (12/02/2017 12:10:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 3.F.1.A.E.3.8.D.F.3.A.E.0.8.C.6.B.5.0.3.1.0.6.0.1.8.6.0.1.0.6.2.ip6.arpa. PTR Stefinee-2.local.

Error: (12/02/2017 12:10:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.197:5353   16 3.F.1.A.E.3.8.D.F.3.A.E.0.8.C.6.B.5.0.3.1.0.6.0.1.8.6.0.1.0.6.2.ip6.arpa. PTR Stefinee.local.

Error: (12/02/2017 12:10:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 197.0.0.10.in-addr.arpa. PTR Stefinee-2.local.

Error: (12/02/2017 12:10:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.197:5353   16 197.0.0.10.in-addr.arpa. PTR Stefinee.local.

System errors:
=============
Error: (12/02/2017 12:04:40 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (12/02/2017 11:53:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2017 11:53:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2017 11:53:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2017 11:53:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/02/2017 11:53:10 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (12/02/2017 11:51:32 AM) (Source: DCOM) (EventID: 10010) (User: STEFINEE)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/02/2017 11:51:32 AM) (Source: DCOM) (EventID: 10010) (User: STEFINEE)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/02/2017 11:51:32 AM) (Source: DCOM) (EventID: 10010) (User: STEFINEE)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (12/02/2017 11:51:32 AM) (Source: DCOM) (EventID: 10010) (User: STEFINEE)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
Date: 2017-12-02 12:23:59.731
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-02 12:23:59.729
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-02 12:23:47.526
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-02 12:23:47.524
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-02 12:17:10.620
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-02 12:17:10.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-02 12:17:09.403
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-02 12:17:09.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-02 12:12:08.154
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2017-12-02 12:12:08.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 46%
Total physical RAM: 8121.65 MB
Available physical RAM: 4370.42 MB
Total Virtual: 17337.65 MB
Available Virtual: 12543.89 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.91 GB) (Free:715.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 63D2EEB8)

Partition: GPT.

==================== End of Addition.txt ============================

#2
RKinner

Posted 04 December 2017 - 05:13 AM

Malware Expert

Expert
24,625 posts

You posted the Addition.txt log twice. Can you post the FRST log?

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo.com/download_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

Tonight while you sleep let Avast do a boot-time scan:

It takes like 6 hours so I usually let it run at night.

Click on the Avast ball. Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan. Click on Install Special Definitions. Click on Run on Next PC Reboot.

Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start. It will tell you where it saves its log. Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

#3
mythica

Posted 07 December 2017 - 07:30 PM

Member

Topic Starter
Member
13 posts

You posted the Addition.txt log twice. Can you post the FRST log?

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name.   Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo.com/download_speccy/

(Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!)
Download, Save and Install it. Tell it you do not need CCLEANER.    Run Speccy. When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.
(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it. Point it at the file and hit Open.
Now click on Attach this file.

Tonight while you sleep let Avast do a boot-time scan:

It takes like 6 hours so I usually let it run at night.

Click on the Avast ball. Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan. Click on Install Special Definitions. Click on Run on Next PC Reboot.

Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start. It will tell you where it saves its log. Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Stefinee (administrator) on STEFINEE (02-12-2017 12:23:37)
Running from C:\Users\mythi\Desktop
Loaded Profiles: Stefinee (Available Profiles: Stefinee)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsSysLevelUpSrc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AlertService.exe
() C:\Program Files (x86)\ASUS\AEGIS II\Lighting\CheckCD_RomLighting.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_AsToastHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AEGIS II\AEGIS_II_SysMode.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
() C:\Program Files (x86)\ASUS\AEGIS II\Boost Launcher\BLMonitor.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Discord Inc.) C:\Users\mythi\AppData\Local\Discord\app-0.0.298\Discord.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Discord Inc.) C:\Users\mythi\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Discord Inc.) C:\Users\mythi\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8522480 2015-08-20] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-20] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-26] (AVAST Software)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-19] ()
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [52553728 2017-03-08] (Hammer & Chisel, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKU\S-1-5-21-1111491060-269441850-655590923-1001\...\Run: [Discord] => C:\Users\mythi\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-1111491060-269441850-655590923-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation)
HKU\S-1-5-21-1111491060-269441850-655590923-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-10-25] (Siber Systems)
HKU\S-1-5-21-1111491060-269441850-655590923-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [217088 2017-09-29] (Microsoft Corporation)
Startup: C:\Users\mythi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-04-12]
ShortcutTarget: Twitch.lnk -> C:\Users\mythi\AppData\Roaming\Curse Client\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0a35a3ba-6b81-46ed-92d3-3a5370f7aa01}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{23b8ff05-0486-47dd-9375-eae6c90b3bf5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4a148242-7301-4620-9043-72d790b19d03}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1111491060-269441850-655590923-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ASUS15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1111491060-269441850-655590923-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-10-25] (Siber Systems Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-10-25] (Siber Systems Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-10-25] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-10-25] (Siber Systems Inc.)

FireFox:
========
FF DefaultProfile: mi65td7f.default
FF ProfilePath: C:\Users\mythi\AppData\Roaming\Mozilla\Firefox\Profiles\mi65td7f.default [2017-12-02]
FF Homepage: Mozilla\Firefox\Profiles\mi65td7f.default -> google.com
FF NewTab: Mozilla\Firefox\Profiles\mi65td7f.default -> about:newtab
FF Extension: (RoboForm Password Manager) - C:\Users\mythi\AppData\Roaming\Mozilla\Firefox\Profiles\mi65td7f.default\Extensions\[email protected] [2017-10-25]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\mythi\AppData\Roaming\Mozilla\Firefox\Profiles\mi65td7f.default\features\{28de81fc-afdf-4652-aafd-f634cd26ad3c}\[email protected] [2017-11-22] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-21] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\mythi\AppData\Local\Google\Chrome\User Data\Default [2017-11-26]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-08-28] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-19] (ASUS Cloud Corporation) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-26] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-26] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-11-09] ()
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [121560 2015-07-20] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-21] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-08] ()
R0 assdv2; C:\WINDOWS\System32\DRIVERS\assdv2.sys [30040 2015-09-07] (ASUS)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [183584 2017-11-26] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321032 2017-11-26] (AVAST Software s.r.o.)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [198968 2017-11-26] (AVAST Software s.r.o.)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343288 2017-11-26] (AVAST Software s.r.o.)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57728 2017-11-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47008 2017-11-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [148288 2017-11-26] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110376 2017-11-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84416 2017-11-26] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026232 2017-11-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [455376 2017-11-26] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203976 2017-11-26] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [364464 2017-11-26] (AVAST Software)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-12-02] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-12-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-26] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-12-02] (Malwarebytes)
R1 MpKsld547f9c9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F9CBA70-ED39-4154-94FC-7C9084EC91F8}\MpKsld547f9c9.sys [58120 2017-12-02] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvak.inf_amd64_791beb67a268df58\nvlddmkm.sys [14145584 2016-11-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-03-27] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-28] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [607488 2016-02-25] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-02 12:23 - 2017-12-02 12:24 - 000019175 _____ C:\Users\mythi\Desktop\FRST.txt
2017-12-02 12:22 - 2017-12-02 12:23 - 000000000 ____D C:\FRST
2017-12-02 12:21 - 2017-12-02 12:21 - 002391552 _____ (Farbar) C:\Users\mythi\Desktop\FRST64.exe
2017-12-02 12:06 - 2017-12-02 12:06 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-29 08:45 - 2017-11-29 08:45 - 000000000 ____D C:\Users\mythi\AppData\Local\PlaceholderTileLogoFolder
2017-11-26 17:25 - 2017-11-26 17:25 - 000000222 _____ C:\Users\mythi\Desktop\Conan Exiles.url
2017-11-26 13:55 - 2017-11-30 17:45 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-26 13:55 - 2017-11-26 13:56 - 000000000 ____D C:\Users\mythi\AppData\Local\Google
2017-11-26 13:54 - 2017-11-26 13:54 - 000000000 ____D C:\Users\mythi\AppData\Roaming\AVAST Software
2017-11-26 13:53 - 2017-12-02 09:53 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2017-11-26 13:53 - 2017-11-26 14:29 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-26 13:53 - 2017-11-26 13:53 - 000455376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-11-26 13:53 - 2017-11-26 13:53 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-11-26 13:53 - 2017-11-26 13:53 - 000002019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-11-26 13:53 - 2017-11-26 13:53 - 000002007 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-11-26 13:53 - 2017-11-26 13:53 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2017-11-26 13:53 - 2017-11-26 13:52 - 000364464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-11-26 13:53 - 2017-11-26 13:52 - 000203976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 001026232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 000343288 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 000321032 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 000198968 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 000183584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 000148288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 000110376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 000084416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 000057728 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-11-26 13:53 - 2017-11-26 13:51 - 000047008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-11-26 13:52 - 2017-12-02 12:05 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-11-26 13:52 - 2017-12-02 12:05 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-11-26 13:52 - 2017-11-26 13:52 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2017-11-26 13:52 - 2017-11-26 13:51 - 000365168 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-11-26 13:51 - 2017-12-02 12:05 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-26 13:51 - 2017-11-26 14:06 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-26 13:51 - 2017-11-26 13:51 - 000001952 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-26 13:51 - 2017-11-26 13:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-26 13:51 - 2017-11-26 13:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-26 13:51 - 2017-11-26 13:51 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-26 13:51 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-26 13:50 - 2017-11-26 13:50 - 078346672 _____ (Malwarebytes ) C:\Users\mythi\Downloads\mb3-setup-35891.35891-3.3.1.2183.exe
2017-11-26 13:50 - 2017-11-26 13:50 - 000000000 ____D C:\Program Files\AVAST Software
2017-11-26 13:49 - 2017-11-26 15:19 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-26 13:49 - 2017-11-26 13:49 - 006654960 _____ (AVAST Software) C:\Users\mythi\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-11-26 13:13 - 2017-12-02 12:03 - 000000000 ____D C:\Program Files (x86)\AVG
2017-11-26 13:12 - 2017-12-02 12:05 - 000000000 ____D C:\Users\mythi\AppData\Local\Avg
2017-11-26 13:12 - 2017-12-02 12:05 - 000000000 ____D C:\ProgramData\Avg
2017-11-26 13:12 - 2017-12-02 12:02 - 000000000 ____D C:\Users\mythi\AppData\Local\AvgSetupLog
2017-11-26 13:10 - 2017-11-26 13:10 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\mythi\Downloads\AVG_Protection_Free_1606.exe
2017-11-18 16:23 - 2017-11-26 14:14 - 000000000 ____D C:\Users\mythi\AppData\Local\SoftUpgrade
2017-11-15 19:17 - 2017-11-15 19:17 - 000000000 ____D C:\Users\mythi\AppData\Roaming\WildTangent
2017-11-14 17:39 - 2017-10-25 02:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-14 17:39 - 2017-10-25 02:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-14 17:39 - 2017-10-25 02:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-14 17:39 - 2017-10-25 01:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-14 17:39 - 2017-10-24 21:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 17:39 - 2017-10-24 21:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 17:39 - 2017-10-24 21:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 17:39 - 2017-10-24 21:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 17:39 - 2017-10-24 21:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 17:39 - 2017-10-24 21:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-14 17:39 - 2017-10-24 20:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 17:39 - 2017-10-24 20:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 17:39 - 2017-10-24 20:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 17:39 - 2017-10-24 20:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 17:39 - 2017-10-24 20:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 17:39 - 2017-10-24 20:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-14 17:39 - 2017-10-24 20:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 17:39 - 2017-10-24 20:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 17:39 - 2017-10-24 20:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 17:39 - 2017-10-24 20:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-14 17:39 - 2017-10-24 20:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 17:39 - 2017-10-24 20:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 17:39 - 2017-10-24 20:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 17:39 - 2017-10-24 20:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 17:39 - 2017-10-24 20:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 17:39 - 2017-10-24 20:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 17:39 - 2017-10-24 19:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 17:39 - 2017-10-24 19:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 17:39 - 2017-10-21 05:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-14 17:39 - 2017-10-20 07:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-14 17:38 - 2017-10-25 01:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-14 17:38 - 2017-10-25 01:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-14 17:38 - 2017-10-24 23:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-14 17:38 - 2017-10-24 21:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-14 17:38 - 2017-10-24 21:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 17:38 - 2017-10-24 21:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-14 17:38 - 2017-10-24 21:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-14 17:38 - 2017-10-24 21:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 17:38 - 2017-10-24 21:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-14 17:38 - 2017-10-24 21:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-14 17:38 - 2017-10-24 21:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 17:38 - 2017-10-24 21:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-14 17:38 - 2017-10-24 21:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-14 17:38 - 2017-10-24 21:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 17:38 - 2017-10-24 21:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-14 17:38 - 2017-10-24 21:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-14 17:38 - 2017-10-24 21:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-14 17:38 - 2017-10-24 21:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-14 17:38 - 2017-10-24 21:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-14 17:38 - 2017-10-24 21:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-14 17:38 - 2017-10-24 21:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-14 17:38 - 2017-10-24 21:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-14 17:38 - 2017-10-24 21:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 17:38 - 2017-10-24 21:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-14 17:38 - 2017-10-24 21:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-14 17:38 - 2017-10-24 21:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-14 17:38 - 2017-10-24 21:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-14 17:38 - 2017-10-24 21:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-14 17:38 - 2017-10-24 20:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-14 17:38 - 2017-10-24 20:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-14 17:38 - 2017-10-24 20:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-14 17:38 - 2017-10-24 20:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-14 17:38 - 2017-10-24 20:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-14 17:38 - 2017-10-24 20:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-14 17:38 - 2017-10-24 20:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-14 17:38 - 2017-10-24 20:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-14 17:38 - 2017-10-24 20:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-14 17:38 - 2017-10-24 20:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-14 17:38 - 2017-10-24 20:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 17:38 - 2017-10-24 20:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-14 17:38 - 2017-10-24 20:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-14 17:38 - 2017-10-24 20:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 17:38 - 2017-10-24 20:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-14 17:38 - 2017-10-24 20:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-14 17:38 - 2017-10-24 20:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-14 17:38 - 2017-10-24 20:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-14 17:38 - 2017-10-24 20:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-14 17:38 - 2017-10-24 20:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-14 17:38 - 2017-10-24 20:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-14 17:38 - 2017-10-24 20:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 17:38 - 2017-10-24 20:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-14 17:38 - 2017-10-24 20:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-14 17:38 - 2017-10-24 20:13 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 17:38 - 2017-10-24 20:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-14 17:38 - 2017-10-24 20:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-11-14 17:38 - 2017-10-24 20:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 17:38 - 2017-10-24 20:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-14 17:38 - 2017-10-24 20:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-14 17:38 - 2017-10-24 20:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-14 17:38 - 2017-10-24 20:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 17:38 - 2017-10-24 20:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 17:38 - 2017-10-24 20:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 17:38 - 2017-10-24 20:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-14 17:38 - 2017-10-24 20:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-14 17:38 - 2017-10-24 20:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-14 17:38 - 2017-10-24 20:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-14 17:38 - 2017-10-24 20:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 17:38 - 2017-10-24 20:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-14 17:38 - 2017-10-24 20:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-14 17:38 - 2017-10-24 20:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-14 17:38 - 2017-10-24 20:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-14 17:38 - 2017-10-24 20:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-14 17:38 - 2017-10-24 20:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 17:38 - 2017-10-24 20:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-14 17:38 - 2017-10-24 20:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 17:38 - 2017-10-24 20:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-14 17:38 - 2017-10-24 20:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-14 17:38 - 2017-10-24 20:01 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 17:38 - 2017-10-24 20:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 17:38 - 2017-10-24 19:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 17:38 - 2017-10-24 19:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-14 17:38 - 2017-10-24 19:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-14 17:38 - 2017-10-24 19:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-14 17:38 - 2017-10-24 19:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-14 17:38 - 2017-10-24 19:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-14 17:38 - 2017-10-19 22:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-11 12:37 - 2017-11-11 16:04 - 000000000 ____D C:\Users\mythi\AppData\Roaming\Opera Software
2017-11-11 12:37 - 2017-11-11 16:04 - 000000000 ____D C:\Users\mythi\AppData\Local\Opera Software
2017-11-11 12:36 - 2017-11-11 16:04 - 000000000 ____D C:\Users\mythi\AppData\Local\Chromium
2017-11-11 12:36 - 2017-11-11 16:04 - 000000000 ____D C:\Users\mythi\AppData\Local\{2BCE1D92-0F66-712A-62FE-54C24696A85A}
2017-11-11 12:36 - 2017-11-11 12:36 - 001202160 _____ (Adobe Systems Incorporated) C:\Users\mythi\AppData\Local\flashplugin.exe
2017-11-11 12:35 - 2017-11-11 12:35 - 000000000 ____D C:\Users\mythi\AppData\Local\Package Cache
2017-11-06 11:53 - 2017-11-06 11:53 - 000001856 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-11-06 11:53 - 2017-11-06 11:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-11-06 11:53 - 2017-11-06 11:53 - 000000000 ____D C:\Program Files\iPod
2017-11-06 11:52 - 2017-11-06 11:53 - 000000000 ____D C:\Program Files\iTunes
2017-11-06 09:06 - 2017-11-06 09:06 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-06 09:04 - 2017-11-06 09:04 - 000000000 ___HD C:\Users\mythi\MicrosoftEdgeBackups
2017-11-06 09:03 - 2017-11-06 09:03 - 000000020 ___SH C:\Users\mythi\ntuser.ini
2017-11-06 09:03 - 2017-11-06 09:03 - 000000000 ___RD C:\Users\mythi\3D Objects
2017-11-06 03:46 - 2017-11-18 07:08 - 000000000 ____D C:\Windows.old
2017-11-06 03:43 - 2017-11-06 03:46 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-11-06 03:42 - 2017-11-06 03:43 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-06 03:42 - 2017-11-06 03:42 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-06 03:40 - 2017-11-06 03:40 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-06 03:40 - 2017-11-06 03:40 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-06 03:40 - 2017-11-06 03:40 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-06 03:40 - 2017-11-06 03:40 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-11-06 03:40 - 2017-11-06 03:40 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-06 03:40 - 2017-11-06 03:40 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-06 03:40 - 2017-11-06 03:40 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-11-06 03:37 - 2017-11-06 03:37 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-11-06 03:37 - 2017-11-06 03:37 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-11-06 03:37 - 2017-11-06 03:37 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-11-06 03:37 - 2017-11-06 03:37 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-11-06 03:37 - 2017-11-06 03:37 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-11-06 03:37 - 2017-11-06 03:37 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-11-06 03:37 - 2017-11-06 03:37 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-11-06 03:37 - 2017-11-06 03:37 - 000000000 ____D C:\Program Files\MSBuild
2017-11-06 03:37 - 2017-11-06 03:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-11-06 03:37 - 2017-11-06 03:37 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-11-06 03:11 - 2017-11-06 03:12 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-11-06 03:11 - 2017-11-06 03:12 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-11-06 03:10 - 2017-12-02 12:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-06 03:10 - 2017-12-02 09:53 - 000003554 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2017-11-06 03:10 - 2017-12-02 09:53 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-06 03:10 - 2017-12-02 09:53 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-06 03:10 - 2017-12-02 09:53 - 000003306 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7FBC1C38-5561-4B4D-BDB1-AF1DD3E523A9}
2017-11-06 03:10 - 2017-12-02 09:53 - 000003038 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2017-11-06 03:10 - 2017-12-02 09:53 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-06 03:10 - 2017-12-02 09:53 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-06 03:10 - 2017-12-02 09:53 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-06 03:10 - 2017-12-02 09:53 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1111491060-269441850-655590923-1001
2017-11-06 03:10 - 2017-12-02 09:53 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-06 03:10 - 2017-12-02 09:53 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-06 03:10 - 2017-12-02 09:53 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-11-06 03:10 - 2017-11-06 03:10 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2017-11-06 03:10 - 2017-11-06 03:10 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-11-06 03:07 - 2017-12-02 12:11 - 001192228 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-06 03:00 - 2017-11-06 03:00 - 000000000 ____D C:\ProgramData\USOShared
2017-11-06 02:56 - 2017-11-06 02:56 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-06 02:54 - 2017-11-29 08:45 - 000000000 ____D C:\Users\mythi\AppData\Local\Packages
2017-11-06 02:54 - 2017-11-15 03:03 - 000000000 ____D C:\Users\mythi
2017-11-06 02:52 - 2016-10-21 22:22 - 000133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-11-06 02:51 - 2016-11-11 06:54 - 000224304 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-11-06 02:51 - 2016-11-11 06:54 - 000212024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-11-06 02:50 - 2017-09-29 06:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-06 02:49 - 2017-12-02 11:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-06 02:49 - 2017-11-15 03:07 - 000221968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-02 19:05 - 2017-11-06 09:03 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-02 12:00 - 2017-11-02 12:00 - 000000000 ____D C:\Users\mythi\AppData\Local\RoboForm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-02 12:23 - 2017-04-21 13:13 - 000000000 ____D C:\Users\mythi\AppData\Local\CrashDumps
2017-12-02 12:12 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-02 12:12 - 2017-03-08 15:18 - 000000000 ____D C:\Users\mythi\AppData\LocalLow\Mozilla
2017-12-02 12:10 - 2017-08-09 21:51 - 000000000 ____D C:\Program Files (x86)\Steam
2017-12-02 12:10 - 2016-10-17 22:55 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-02 12:04 - 2017-09-29 01:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-01 23:40 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-01 23:40 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-26 18:24 - 2017-03-08 17:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-26 18:20 - 2017-10-10 12:55 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-26 18:20 - 2017-03-08 17:24 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-26 17:25 - 2017-03-08 15:35 - 000000000 ____D C:\Users\mythi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-26 14:34 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-24 13:15 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-21 11:49 - 2017-04-30 20:16 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-18 16:23 - 2017-03-08 12:52 - 000000000 ____D C:\Users\mythi\AppData\Local\VirtualStore
2017-11-18 12:20 - 2017-03-08 15:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-18 12:20 - 2017-03-08 15:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-15 19:17 - 2016-10-17 23:03 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-11-15 19:17 - 2016-10-17 23:03 - 000000000 ____D C:\ProgramData\WildTangent
2017-11-15 19:14 - 2017-03-08 15:15 - 000001235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-15 19:14 - 2017-03-08 15:15 - 000000000 ____D C:\Users\mythi\AppData\Roaming\Mozilla
2017-11-15 05:09 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\rescache
2017-11-15 03:15 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-15 03:04 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-15 03:04 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-15 03:04 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-15 03:04 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-15 03:04 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-15 03:04 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 03:04 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-14 08:33 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 08:33 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-12 15:59 - 2017-03-08 16:07 - 000000000 ____D C:\Users\mythi\AppData\Roaming\discord
2017-11-11 12:36 - 2017-03-29 18:11 - 000000000 ____D C:\Users\mythi\AppData\Local\Adobe
2017-11-07 03:30 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-06 11:22 - 2017-03-08 16:06 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-11-06 09:08 - 2017-05-13 07:28 - 000002409 _____ C:\Users\mythi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-06 09:08 - 2017-03-17 14:21 - 000000000 ___RD C:\Users\mythi\OneDrive
2017-11-06 09:04 - 2017-03-08 12:51 - 000000000 ____D C:\Users\mythi\AppData\Local\TileDataLayer
2017-11-06 09:03 - 2016-06-02 02:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-06 03:48 - 2017-09-29 06:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-06 03:46 - 2017-09-29 06:49 - 000000000 ____D C:\WINDOWS\Setup
2017-11-06 03:46 - 2017-09-29 06:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-06 03:46 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-06 03:46 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-06 03:46 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-06 03:46 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-06 03:46 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Help
2017-11-06 03:46 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-06 03:46 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-06 03:46 - 2017-08-09 21:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-11-06 03:46 - 2017-07-30 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-11-06 03:46 - 2017-07-04 17:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2017-11-06 03:46 - 2017-05-13 00:17 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-11-06 03:46 - 2017-05-11 14:40 - 000000000 ____D C:\Program Files\UNP
2017-11-06 03:46 - 2017-04-20 09:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-11-06 03:46 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-06 03:46 - 2017-03-08 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2017-11-06 03:46 - 2017-03-08 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-11-06 03:46 - 2017-03-08 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2017-11-06 03:46 - 2016-10-17 22:54 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-11-06 03:46 - 2016-10-17 22:51 - 000000000 ____D C:\Program Files\Intel
2017-11-06 03:46 - 2016-06-02 02:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2017-11-06 03:46 - 2016-06-02 02:24 - 000000000 ____D C:\Program Files (x86)\ASUS
2017-11-06 03:46 - 2015-10-30 00:24 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-06 03:44 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-06 03:43 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\OCR
2017-11-06 03:43 - 2017-05-13 00:16 - 000000000 ____D C:\Program Files\Realtek
2017-11-06 03:43 - 2017-03-09 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tukui
2017-11-06 03:43 - 2016-10-17 22:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-11-06 03:43 - 2016-06-02 02:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-11-06 03:40 - 2017-09-29 07:42 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-11-06 03:12 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-06 03:10 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Registration
2017-11-06 03:10 - 2017-03-08 14:52 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-11-06 03:07 - 2016-10-17 22:54 - 000903962 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-11-06 03:00 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-06 02:57 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-06 02:55 - 2017-03-08 16:07 - 000000000 ____D C:\Users\mythi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-11-06 02:53 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-06 02:51 - 2017-05-13 00:17 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-11-06 02:51 - 2017-05-13 00:17 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-11-06 02:51 - 2017-05-13 00:16 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-11-06 02:50 - 2017-05-13 00:16 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-03 18:25 - 2017-09-29 06:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-03 18:25 - 2017-09-29 06:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-03-09 00:07 - 2017-03-09 00:07 - 000000040 _____ () C:\Users\mythi\AppData\Roaming\WB.CFG
2017-11-11 12:36 - 2017-11-11 12:36 - 001202160 _____ (Adobe Systems Incorporated) C:\Users\mythi\AppData\Local\flashplugin.exe
2017-10-28 22:08 - 2017-10-28 22:08 - 000007601 _____ () C:\Users\mythi\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-26 18:19

==================== End of FRST.txt ============================

#4
mythica

Posted 07 December 2017 - 07:39 PM

Member

Topic Starter
Member
13 posts

sorry about that lol I must have hit something else when I was copy/pasting. And didn't notice because it was so long. Getting the rest of it done now. TY so much.

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   87.76   52 K   8 K   0
procexp64.exe   4.16   27,964 K   64,716 K   10428   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
Interrupts   1.07   0 K   0 K   n/a   Hardware Interrupts and DPCs
dwm.exe   0.87   69,916 K   35,648 K   1132
System   0.81   160 K   4,172 K   4
Taskmgr.exe   0.76   33,308 K   61,428 K   6660
Steam.exe   0.63   46,248 K   56,520 K   10788   Steam Client Bootstrapper   Valve Corporation   (Verified) Valve
firefox.exe   0.59   292,332 K   361,304 K   12504   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
Discord.exe   0.55   105,648 K   103,656 K   6944   Discord   Discord Inc.   (Verified) Hammer & Chisel Inc.
firefox.exe   0.53   239,936 K   252,040 K   10432   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
csrss.exe   0.30   3,128 K   2,748 K   820
AvastUI.exe   0.28   22,516 K   39,536 K   10568   Avast Antivirus   AVAST Software   (Verified) AVAST Software s.r.o.
AsusWSPanel.exe   0.21   26,816 K   15,480 K   12544      ASUS Cloud Corporation   (Verified) ASUS Cloud Corporation
Discord.exe   0.16   34,400 K   45,736 K   10640   Discord   Discord Inc.   (Verified) Hammer & Chisel Inc.
MBAMService.exe   0.16   250,532 K   242,820 K   3160   Malwarebytes Service   Malwarebytes   (Verified) Malwarebytes Corporation
explorer.exe   0.15   88,352 K   117,748 K   6748   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
taskhostw.exe   0.14   6,236 K   9,788 K   6180   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
robotaskbaricon.exe   0.13   9,268 K   13,428 K   10860   RoboForm TaskBar Icon   Siber Systems   (Verified) Siber Systems
AEGIS_II_SysMode.exe   0.11   11,888 K   5,056 K   6472
WmiPrvSE.exe   0.10   8,128 K   12,836 K   3852
svchost.exe   0.07   8,532 K   13,244 K   2544   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
rf-chrome-nm-host.exe   0.06   11,056 K   24,752 K   3980   rf-chrome-nm-host   Siber Systems Inc.   (Verified) Siber Systems
svchost.exe   0.05   40,096 K   38,200 K   1476   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
nvcontainer.exe   0.05   9,044 K   11,256 K   2660   NVIDIA Container   NVIDIA Corporation   (Verified) NVIDIA Corporation
firefox.exe   0.05   63,652 K   85,528 K   1096   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
NVIDIA Web Helper.exe   0.02   33,912 K   29,168 K   3972   NVIDIA Web Helper Service   Node.js   (Verified) NVIDIA Corporation
aswidsagenta.exe   0.02   16,568 K   21,712 K   10288   Avast Behavior Shield   AVAST Software   (Verified) AVAST Software s.r.o.
steamwebhelper.exe   0.02   16,676 K   14,496 K   12068   Steam Client WebHelper   Valve Corporation   (Verified) Valve
nvsphelper64.exe   0.02   2,980 K   4,080 K   7780
svchost.exe   0.02   8,872 K   10,964 K   2756   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
firefox.exe   0.02   44,556 K   41,352 K   11044   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
lsass.exe   0.01   6,608 K   11,420 K   892   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows Publisher
nvcontainer.exe   0.01   19,812 K   22,224 K   5988   NVIDIA Container   NVIDIA Corporation   (Verified) NVIDIA Corporation
SearchIndexer.exe   0.01   21,840 K   15,048 K   2820   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   2,612 K   4,288 K   672   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe   0.01   5,012 K   9,664 K   10592   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe   0.01   5,748 K   12,692 K   2068   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe   0.01   24,056 K   26,684 K   2520   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
mbamtray.exe   0.01   17,508 K   20,188 K   5776   Malwarebytes Tray Application   Malwarebytes   (Verified) Malwarebytes Corporation
nvspcaps64.exe   0.01   8,376 K   16,304 K   10664   NVIDIA Capture Server   NVIDIA Corporation   (Verified) NVIDIA Corporation
svchost.exe   0.01   2,640 K   4,448 K   3532   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
AvastSvc.exe   0.01   140,140 K   40,836 K   2112   Avast Service   AVAST Software   (Verified) AVAST Software s.r.o.
NVIDIA Share.exe   < 0.01   69,652 K   53,924 K   6732   NVIDIA Share   NVIDIA Corporation   (Verified) NVIDIA Corporation
SteamService.exe   < 0.01   6,920 K   6,568 K   12156   Steam Client Service   Valve Corporation   (Verified) Valve
Discord.exe   < 0.01   45,676 K   38,048 K   11168   Discord   Discord Inc.   (Verified) Hammer & Chisel Inc.
notepad.exe   < 0.01   3,076 K   16,376 K   8672
svchost.exe   < 0.01   18,032 K   22,536 K   2096   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe   < 0.01   3,428 K   4,620 K   2528   MobileDeviceService   Apple Inc.   (Verified) Apple Inc.
nvxdsync.exe   < 0.01   9,240 K   18,024 K   3652
conhost.exe   < 0.01   6,320 K   15,068 K   9292
svchost.exe   < 0.01   11,444 K   17,280 K   4176   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
spoolsv.exe   < 0.01   8,508 K   14,996 K   2356   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
WWAHost.exe   Suspended   99,280 K   3,364 K   9076   Microsoft WWA Host   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe       7,396 K   6,248 K   4468   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       3,272 K   6,660 K   4932
WmiPrvSE.exe       3,860 K   5,240 K   13072
wlanext.exe       1,856 K   3,224 K   2588
WinStore.App.exe   Suspended   45,120 K   3,360 K   10024   Store   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
winlogon.exe       2,272 K   5,480 K   936
wininit.exe       1,360 K   1,688 K   808
unsecapp.exe       1,384 K   2,856 K   9684
SystemSettings.exe   Suspended   48,836 K   4,260 K   12468   Settings   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       6,792 K   9,564 K   300   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       8,464 K   18,772 K   2568   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,660 K   11,400 K   3880   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       11,132 K   23,412 K   12052   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       5,164 K   13,456 K   5872   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       11,052 K   16,396 K   1000   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       6,028 K   12,644 K   5952   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,628 K   5,340 K   1900   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,320 K   4,068 K   1464   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       6,128 K   9,708 K   1884   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       4,480 K   8,676 K   1640   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,360 K   1,776 K   1444   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,680 K   7,828 K   1708   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       5,000 K   9,820 K   1800   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,428 K   4,772 K   3212   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,416 K   5,512 K   1996   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,152 K   4,044 K   2004   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       12,060 K   11,188 K   1268   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       4,060 K   7,588 K   1916   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       5,008 K   13,612 K   2836   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,444 K   6,056 K   1784   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       4,332 K   12,600 K   2044   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,820 K   2,940 K   1908   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       9,088 K   21,172 K   4188   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,772 K   8,960 K   2512   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,908 K   6,988 K   4908   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,636 K   4,800 K   6824   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,992 K   8,188 K   7928   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,684 K   5,940 K   12400   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,388 K   6,152 K   5404   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,360 K   5,344 K   12768   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,004 K   1,068 K   988   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,224 K   5,132 K   1192   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,988 K   3,700 K   1200   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,836 K   2,700 K   1240   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,984 K   3,180 K   1368   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       5,112 K   6,040 K   1392   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,624 K   5,808 K   1436   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,080 K   4,428 K   1452   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,012 K   5,524 K   1524   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,164 K   3,876 K   1600   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,700 K   3,628 K   1608   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,420 K   4,004 K   2120   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,008 K   3,468 K   2444   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,740 K   3,240 K   2608   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,628 K   1,768 K   2700   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,304 K   1,504 K   2792   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,352 K   1,820 K   2976   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       4,136 K   9,484 K   3168   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,492 K   5,452 K   4784   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,640 K   9,188 K   5292   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,112 K   5,016 K   5300   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,080 K   5,812 K   5320   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,724 K   3,004 K   5580   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,788 K   2,864 K   6312   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,692 K   4,212 K   7188   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,052 K   4,968 K   7220   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,304 K   4,588 K   9516   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       7,948 K   13,716 K   12240   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,880 K   5,252 K   6372   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       7,144 K   3,516 K   4884   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,648 K   5,816 K   8620   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,632 K   6,340 K   10484   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
steamwebhelper.exe       21,688 K   8,032 K   12136   Steam Client WebHelper   Valve Corporation   (Verified) Valve
smss.exe       568 K   608 K   464
smartscreen.exe       13,660 K   27,944 K   2788   Windows Defender SmartScreen   Microsoft Corporation   (Verified) Microsoft Windows
SkypeHost.exe   Suspended   25,440 K   15,512 K   8420   Microsoft Skype   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
sihost.exe       6,788 K   17,336 K   5616   Shell Infrastructure Host   Microsoft Corporation   (Verified) Microsoft Windows
ShellExperienceHost.exe   Suspended   68,252 K   67,148 K   7768   Windows Shell Experience Host   Microsoft Corporation   (Verified) Microsoft Windows
SettingSyncHost.exe       3,172 K   1,456 K   9176   Host Process for Setting Synchronization   Microsoft Corporation   (Verified) Microsoft Windows
services.exe       5,072 K   7,624 K   872
SecurityHealthService.exe       4,108 K   7,516 K   2720   Windows Security Health Service   Microsoft Corporation   (Verified) Microsoft Windows Publisher
SecureDeleteBackground.exe       66,604 K   4,960 K   6344
SearchUI.exe   Suspended   82,468 K   92,876 K   7900   Search and Cortana application   Microsoft Corporation   (Verified) Microsoft Windows
RuntimeBroker.exe       7,104 K   7,236 K   12016   Runtime Broker   Microsoft Corporation   (Verified) Microsoft Windows
RuntimeBroker.exe       4,648 K   4,744 K   9928   Runtime Broker   Microsoft Corporation   (Verified) Microsoft Windows
RuntimeBroker.exe       4,356 K   9,244 K   10236   Runtime Broker   Microsoft Corporation   (Verified) Microsoft Windows
RuntimeBroker.exe       5,220 K   5,952 K   7856   Runtime Broker   Microsoft Corporation   (Verified) Microsoft Windows
RuntimeBroker.exe       6,968 K   15,384 K   8068   Runtime Broker   Microsoft Corporation   (Verified) Microsoft Windows
RuntimeBroker.exe       2,552 K   3,256 K   7628   Runtime Broker   Microsoft Corporation   (Verified) Microsoft Windows
RtkNGUI64.exe       4,600 K   5,120 K   7524   Realtek HD Audio Manager   Realtek Semiconductor   (Verified) Realtek Semiconductor Corp
robotaskbaricon-x64.exe       6,404 K   12,872 K   5780   RoboForm TaskBar Icon   Siber Systems   (Verified) Siber Systems
procexp.exe       3,292 K   10,896 K   5204   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
NvTelemetryContainer.exe       5,408 K   4,484 K   2688   NVIDIA Container   NVIDIA Corporation   (Verified) NVIDIA Corporation
NVIDIA Share.exe       41,668 K   31,524 K   4880   NVIDIA Share   NVIDIA Corporation   (Verified) NVIDIA Corporation
NVDisplay.Container.exe       4,464 K   7,488 K   2668   NVIDIA Container   NVIDIA Corporation   (Verified) NVIDIA Corporation
MSASCuiL.exe       1,916 K   3,216 K   9896   Windows Defender notification icon   Microsoft Corporation   (Verified) Microsoft Windows
Memory Compression       256 K   63,100 K   1560
mDNSResponder.exe       1,916 K   3,732 K   2484   Bonjour Service   Apple Inc.   (Verified) Apple Inc.
LMS.exe       4,512 K   5,000 K   6220   Intel® Local Management Service   Intel Corporation   (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
jhi_service.exe       1,568 K   1,940 K   11848   Intel® Dynamic Application Loader Host Interface   Intel Corporation   (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
isa.exe       9,716 K   4,080 K   2220   Intel® Security Assist   Intel Corporation   (No signature was present in the subject) Intel Corporation
IAStorIcon.exe       24,556 K   10,180 K   11376   IAStorIcon   Intel Corporation   (Verified) Intel Corporation - Rapid Storage Technology
IAStorDataMgrSvc.exe       32,860 K   22,248 K   11864   IAStorDataSvc   Intel Corporation   (Verified) Intel Corporation - Rapid Storage Technology
fontdrvhost.exe       4,080 K   7,452 K   1052
fontdrvhost.exe       1,524 K   1,680 K   1008
firefox.exe       109,228 K   120,744 K   10064   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
dllhost.exe       1,964 K   9,980 K   5932   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
dasHost.exe       6,368 K   13,820 K   1952
ctfmon.exe       3,004 K   9,428 K   6456
csrss.exe       2,040 K   2,852 K   732
conhost.exe       5,600 K   10,212 K   7748   Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows
conhost.exe       1,176 K   1,588 K   3200
conhost.exe       5,552 K   4,976 K   6300   Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows
cmd.exe       3,896 K   5,744 K   7380
CheckCD_RomLighting.exe       60,324 K   3,704 K   6324
CastSrv.exe       4,012 K   6,520 K   9964   Casting protocol connection listener   Microsoft Corporation   (Verified) Microsoft Windows
BTDevMgr.exe       2,080 K   4,076 K   2492   Realtek Bluetooth BTDevManager Service Application       (Verified) Realtek Semiconductor Corp
BrYNSvc.exe       4,252 K   6,712 K   3316   BrYNCSvc   Brother Industries, Ltd.   (No signature was present in the subject) Brother Industries, Ltd.
BrStMonW.exe       3,176 K   6,672 K   6488   Status Monitor Application   Brother Industries, Ltd.   (No signature was present in the subject) Brother Industries, Ltd.
BrCtrlCntr.exe       2,312 K   3,044 K   6640   ControlCenter Main Process   Brother Industries, Ltd.   (No signature was present in the subject) Brother Industries, Ltd.
BrCcUxSys.exe       2,140 K   2,992 K   8984   ControlCenter UX System   Brother Industries, Ltd.   (No signature was present in the subject) Brother Industries, Ltd.
BLMonitor.exe       36,356 K   2,316 K   6424
atkexComSvc.exe       7,684 K   4,320 K   9268           (Verified) ASUSTeK Computer Inc.
AsusWSWinService.exe       25,944 K   6,896 K   2476   Asus WebStorage Windows Service   ASUS Cloud Corporation   (No signature was present in the subject) ASUS Cloud Corporation
AsHKService.exe       1,796 K   164 K   6440
ApplicationFrameHost.exe       21,568 K   15,060 K   12132   Application Frame Host   Microsoft Corporation   (Verified) Microsoft Windows
AiChargerDT.exe       1,588 K   140 K   6480
Ai_ChargerII_TrayIcon(ASUS_Manager).exe       2,228 K   176 K   6464
AEGIS_II_AsToastHelper.exe       1,748 K   160 K   6332
AEGIS_II_AsSysLevelUpSrc.exe       4,324 K   192 K   6156
AEGIS_II_AlertService.exe       1,652 K   680 K   6224

#5
mythica

Posted 07 December 2017 - 07:40 PM

Member

Topic Starter
Member
13 posts

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       464 N/A
csrss.exe                      732 N/A
wininit.exe                    808 N/A
csrss.exe                      820 N/A
services.exe                   872 N/A
lsass.exe                      892 KeyIso, SamSs, VaultSvc
svchost.exe                    988 PlugPlay
svchost.exe                   1000 BrokerInfrastructure, DcomLaunch, Power,
                                   SystemEventsBroker
fontdrvhost.exe               1008 N/A
svchost.exe                    300 RpcEptMapper, RpcSs
svchost.exe                    672 LSM
winlogon.exe                   936 N/A
fontdrvhost.exe               1052 N/A
dwm.exe                       1132 N/A
svchost.exe                   1192 NcbService
svchost.exe                   1200 TimeBrokerSvc
svchost.exe                   1240 hidserv
svchost.exe                   1268 EventLog
svchost.exe                   1368 SEMgrSvc
svchost.exe                   1392 nsi
svchost.exe                   1436 ProfSvc
svchost.exe                   1444 Themes
svchost.exe                   1452 EventSystem
svchost.exe                   1464 Dhcp
svchost.exe                   1476 SysMain
svchost.exe                   1524 SENS
Memory Compression            1560 N/A
svchost.exe                   1600 AudioEndpointBuilder
svchost.exe                   1608 FontCache
svchost.exe                   1640 NlaSvc
svchost.exe                   1708 Audiosrv
svchost.exe                   1784 netprofm
svchost.exe                   1800 StateRepository
svchost.exe                   1884 Schedule
svchost.exe                   1900 Dnscache
svchost.exe                   1908 DusmSvc
svchost.exe                   1916 Wcmsvc
svchost.exe                   1996 UserManager
svchost.exe                   2004 WinHttpAutoProxySvc
svchost.exe                   2044 lfsvc
svchost.exe                   2068 WlanSvc
svchost.exe                   2096 BFE, CoreMessagingRegistrar, MpsSvc
AvastSvc.exe                  2112 avast! Antivirus
svchost.exe                   2120 ShellHWDetection
spoolsv.exe                   2356 Spooler
svchost.exe                   2444 LanmanWorkstation
AsusWSWinService.exe          2476 Asus WebStorage Windows Service
mDNSResponder.exe             2484 Bonjour Service
BTDevMgr.exe                  2492 BTDevManager
svchost.exe                   2512 CryptSvc
svchost.exe                   2520 DPS
AppleMobileDeviceService.     2528 Apple Mobile Device Service
svchost.exe                   2544 Winmgmt
svchost.exe                   2568 DiagTrack
wlanext.exe                   2588 N/A
svchost.exe                   2608 DeviceAssociationService
nvcontainer.exe               2660 NvContainerLocalSystem
NVDisplay.Container.exe       2668 NVDisplay.ContainerLocalSystem
NvTelemetryContainer.exe      2688 NvTelemetryContainer
svchost.exe                   2700 SstpSvc
SecurityHealthService.exe     2720 SecurityHealthService
svchost.exe                   2756 stisvc
svchost.exe                   2792 TrkWks
SearchIndexer.exe             2820 WSearch
svchost.exe                   2836 WpnService
svchost.exe                   2976 WdiServiceHost
dasHost.exe                   1952 N/A
MBAMService.exe               3160 MBAMService
svchost.exe                   3168 iphlpsvc
conhost.exe                   3200 N/A
svchost.exe                   3212 LanmanServer
svchost.exe                   3532 SSDPSRV
nvxdsync.exe                  3652 N/A
WmiPrvSE.exe                  3852 N/A
svchost.exe                   4176 RasMan, wuauserv
wmpnetwk.exe                  4468 WMPNetworkSvc
svchost.exe                   4784 PcaSvc
svchost.exe                   4908 upnphost
WmiPrvSE.exe                  4932 N/A
svchost.exe                   5292 fdPHost
svchost.exe                   5300 NcdAutoSetup
svchost.exe                   5320 FDResPub
svchost.exe                   5404 HomeGroupProvider
svchost.exe                   5580 Browser
svchost.exe                   5952 CDPSvc
mbamtray.exe                  5776 N/A
svchost.exe                   5872 CDPUserSvc_59ec2
nvcontainer.exe               5988 N/A
sihost.exe                    5616 N/A
svchost.exe                   4188 WpnUserService_59ec2
svchost.exe                   3880 TokenBroker
AEGIS_II_AsSysLevelUpSrc.     6156 N/A
taskhostw.exe                 6180 N/A
AEGIS_II_AlertService.exe     6224 N/A
svchost.exe                   6312 TabletInputService
CheckCD_RomLighting.exe       6324 N/A
AEGIS_II_AsToastHelper.ex     6332 N/A
SecureDeleteBackground.ex     6344 N/A
BLMonitor.exe                 6424 N/A
AsHKService.exe               6440 N/A
ctfmon.exe                    6456 N/A
Ai_ChargerII_TrayIcon(ASU     6464 N/A
AEGIS_II_SysMode.exe          6472 N/A
AiChargerDT.exe               6480 N/A
explorer.exe                  6748 N/A
svchost.exe                   6824 wscsvc
svchost.exe                   7188 NgcSvc
svchost.exe                   7220 NgcCtnrSvc
ShellExperienceHost.exe       7768 N/A
SearchUI.exe                  7900 N/A
RuntimeBroker.exe             8068 N/A
RuntimeBroker.exe             7856 N/A
svchost.exe                   7928 LicenseManager
SkypeHost.exe                 8420 N/A
atkexComSvc.exe               9268 asComSvc
svchost.exe                   9516 Netman
MSASCuiL.exe                  9896 N/A
RuntimeBroker.exe             9928 N/A
CastSrv.exe                   9964 N/A
RuntimeBroker.exe            10236 N/A
unsecapp.exe                  9684 N/A
RtkNGUI64.exe                 7524 N/A
aswidsagenta.exe             10288 aswbIDSAgent
AvastUI.exe                  10568 N/A
Discord.exe                  10640 N/A
nvspcaps64.exe               10664 N/A
Steam.exe                    10788 N/A
robotaskbaricon.exe          10860 N/A
Discord.exe                  11168 N/A
nvsphelper64.exe              7780 N/A
NVIDIA Share.exe              6732 N/A
NVIDIA Share.exe              4880 N/A
BrStMonW.exe                  6488 N/A
BrCtrlCntr.exe                6640 N/A
NVIDIA Web Helper.exe         3972 N/A
BrYNSvc.exe                   3316 BrYNSvc
conhost.exe                   6300 N/A
Discord.exe                   6944 N/A
BrCcUxSys.exe                 8984 N/A
IAStorIcon.exe               11376 N/A
RuntimeBroker.exe            12016 N/A
steamwebhelper.exe           12068 N/A
steamwebhelper.exe           12136 N/A
SteamService.exe             12156 Steam Client Service
svchost.exe                  12240 OneSyncSvc_59ec2,
                                   PimIndexMaintenanceSvc_59ec2,
                                   UnistoreSvc_59ec2, UserDataSvc_59ec2
svchost.exe                  10592 DoSvc
IAStorDataMgrSvc.exe         11864 IAStorDataMgrSvc
jhi_service.exe              11848 jhi_service
svchost.exe                   6372 StorSvc
LMS.exe                       6220 LMS
svchost.exe                  12768 SharedAccess
WmiPrvSE.exe                 13072 N/A
ApplicationFrameHost.exe     12132 N/A
WinStore.App.exe             10024 N/A
WWAHost.exe                   9076 N/A
RuntimeBroker.exe             7628 N/A
SystemSettings.exe           12468 N/A
AsusWSPanel.exe              12544 N/A
isa.exe                       2220 Intel® Security Assist
SettingSyncHost.exe           9176 N/A
svchost.exe                   4884 DsSvc
svchost.exe                   8620 lmhosts
svchost.exe                   7664 ClipSVC
svchost.exe                  12400 WdiSystemHost
firefox.exe                  12504 N/A
firefox.exe                  11044 N/A
firefox.exe                   1096 N/A
firefox.exe                  10432 N/A
robotaskbaricon-x64.exe       5780 N/A
firefox.exe                  10064 N/A
rf-chrome-nm-host.exe         3980 N/A
conhost.exe                   7748 N/A
svchost.exe                  12052 BITS
dllhost.exe                   5932 N/A
audiodg.exe                    408 N/A
smartscreen.exe               2788 N/A
svchost.exe                  10484 Appinfo
svchost.exe                   4236 tiledatamodelsvc
Taskmgr.exe                   6660 N/A
SearchProtocolHost.exe        7096 N/A
SearchFilterHost.exe          3848 N/A
cmd.exe                       7380 N/A
conhost.exe                   9292 N/A
tasklist.exe                  7800 N/A

#6
mythica

Posted 07 December 2017 - 07:49 PM

Member

Topic Starter
Member
13 posts

speccy summary sans serial number

Attached Files

My.txt 125.39KB 492 downloads

#7
RKinner

Posted 07 December 2017 - 08:27 PM

Malware Expert

Expert
24,625 posts

Doesn't look like an infection. I was going to say the WiFi is getting some interference since you have them all 6 on the same channel but even tho you have WiFi turned on you are probably using the wired Ethernet connection

Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
                           Connection-specific DNS Suffix   hsd1.ut.comcast.net
                           Connection Name   Wi-Fi
                           NetBIOS over TCPIP   Yes
                           DHCP enabled   Yes
                           MAC Address   B0-C0-90-C0-88-47
                           IP Address   10.0.0.197
                           Subnet mask   255.255.255.0
                           Gateway server   10.0.0.1
                           DHCP   10.0.0.1
                           DNS Server   75.75.75.75
                           75.75.76.76

since it's the only one with a gateway and DNS Server assigned. Why is the Wifi turned on? Are you letting the PC act as a router? If not turn off the WiFi so it doesn't confuse things.

Speccy also says

Motherboard
ASUSTeK COMPUTER INC. G11CD (LGA1151) 122 °C

which is probably an error but would be very bad if true.

Let's get a second opinion:

http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time. What is the highest it reports?

Let's check your system files:

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

If you open an elevated command prompt it will by default open in c:\Windows\system32

Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

(I use two spaces so you can be sure to see where one space goes.)
Hit Enter. This will take a while (10-20 minutes) to complete. Once the prompt returns:

Reboot. Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow

This will also take a few minutes.

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get anything but the first result then type:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt

Hit Enter. Then type::

notepad  \junk.txt

Hit Enter.

Copy the text from notepad and paste it into a reply.

After you finish SFC, regardless of the result:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

#8
mythica

Posted 07 December 2017 - 11:44 PM

Member

Topic Starter
Member
13 posts

I do not have an Ethernet connection. Only the Wifi. It will be changing in the near future that is for sure.

I will air out my computer tomorrow. It may be dirty. It is saying 120 C right now. I think I need to shut her down for the night and clean her out in the morning. hopefully that will help. I was infected with some kind of malware but I used Malwarebytes and avast to get rid of it. This is why I don't give my password to my children. But I was worried that something may have been amiss because it didn't seem to resolve the other issues.

I will still run the boot check and then I will have it auto shut down when it is done. Then tomorrow after cleaning it I will do the rest of the items you have here and fingers crossed everything checks out.

Thank you again for your help

#9
RKinner

Posted 08 December 2017 - 05:03 AM

Malware Expert

Expert
24,625 posts

Oops. Misread Speccy. Guess I needed some sleep.

Available access points count   6
               Wi-Fi ()
                   SSID
                   Frequency   5805000 kHz
                   Channel Number   161
                   Name   No name
                   Signal Strength/Quality   100
                   Security   Enabled
                   State   The interface is connected to a network
                   Dot11 Type   Infrastructure BSS network
                   Network   Connectible
                   Network Flags   There is a profile for this network
                   Cipher Algorithm to be used when joining this network   AES-CCMP algorithm
                   Default Auth used to join this network for the first time   802.11i Robust Security Network Association (RSNA) algorithm (WPA2 is one such algorithm)
               Wi-Fi (Flyest Wifi 5)
                   SSID   Flyest Wifi 5
                   Frequency   5805000 kHz
                   Channel Number   161
                   Name   Flyest Wifi 5
                   Signal Strength/Quality   65
                   Security   Enabled
                   State   The interface is connected to a network
                   Dot11 Type   Infrastructure BSS network
                   Network   Connectible
                   Network Flags   There is a profile for this network
                   Cipher Algorithm to be used when joining this network   AES-CCMP algorithm
                   Default Auth used to join this network for the first time   802.11i RSNA algorithm that uses PSK
               Wi-Fi (Ivie)
                   SSID   Ivie
                   Frequency   5805000 kHz
                   Channel Number   161
                   Name   Ivie
                   Signal Strength/Quality   55
                   Security   Enabled
                   State   The interface is connected to a network
                   Dot11 Type   Infrastructure BSS network
                   Network   Connectible
                   Network Flags   There is a profile for this network
                   Cipher Algorithm to be used when joining this network   AES-CCMP algorithm
                   Default Auth used to join this network for the first time   802.11i RSNA algorithm that uses PSK
               Wi-Fi (Pizza is Awesome)
                   SSID   Pizza is Awesome
                   Frequency   5805000 kHz
                   Channel Number   161
                   Name   Pizza is Awesome
                   Signal Strength/Quality   65
                   Security   Enabled
                   State   The interface is connected to a network
                   Dot11 Type   Infrastructure BSS network
                   Network   Connectible
                   Network Flags   There is a profile for this network
                   Cipher Algorithm to be used when joining this network   AES-CCMP algorithm
                   Default Auth used to join this network for the first time   802.11i RSNA algorithm that uses PSK
               Wi-Fi (xfinitywifi)
                   SSID   xfinitywifi
                   Frequency   5805000 kHz
                   Channel Number   161
                   Name   xfinitywifi
                   Signal Strength/Quality   100
                   Security   Disabled
                   State   The interface is connected to a network
                   Dot11 Type   Infrastructure BSS network
                   Network   Connectible
                   Network Flags   There is a profile for this network
                   Cipher Algorithm to be used when joining this network   No Cipher algorithm is enabled/supported
                   Default Auth used to join this network for the first time   IEEE 802.11 Open System authentication algorithm
               Wi-Fi (zugzug5g)
                   SSID   zugzug5g
                   Frequency   5805000 kHz
                   Channel Number   161
                   Name   zugzug5g
                   Signal Strength/Quality   100
                   Security   Enabled
                   State   The interface is connected to a network
                   Dot11 Type   Infrastructure BSS network
                   Network   Connectible
                   Network Flags   Currently Connected to this network
                   Cipher Algorithm to be used when joining this network   AES-CCMP algorithm
                   Default Auth used to join this network for the first time   802.11i RSNA algorithm that uses PSK

As you can see from the above all 6 access points are using the same channel 161. One of them is just as strong as the one you are using so it's hard for your WiFi to tell them apart. Get:

inssider

http://www.techspot....6-inssider.html
Double click to install it. Then run it by right click and Run As Admni.

It will show you a graph in the bottom right that has your signal in blue and competing signals in orange and yellow. It may also recommend a different channel which might have less interference.

Moving to a different channel (by logging on to your router) can drastically improve performance.

Hopefully you do have access to your router. If you need help logging on to it tell me the make and model number.

#10
mythica

Posted 08 December 2017 - 02:08 PM

Member

Topic Starter
Member
13 posts

I have an xfiniti (comcast) router. What settings once I get in there do I change so that it doesn't get confused anymore. Because all of these houses have the exact same internet. So same routers. All secured. so I can't use theirs even if it is better. lol

#11
mythica

Posted 08 December 2017 - 02:11 PM

Member

Topic Starter
Member
13 posts

and when I tried to download the program you just suggested Mozilla said its not configured right so they wont connect to it. then malware said it wouldn't download it either.

#12
mythica

Posted 08 December 2017 - 02:12 PM

Member

Topic Starter
Member
13 posts

Your connection is not secure

The owner of files.metageek.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Learn more…

Report errors like this to help Mozilla identify and block malicious sites

#13
RKinner

Posted 08 December 2017 - 04:36 PM

Malware Expert

Expert
24,625 posts

Yes, routers all claim that they automatically pick the best channel but in practice all of the same make just seem to grab the same channel. In your router under Wireless or WiFi you will something about Channel. It will be set to Auto. You have to change it to Manual then it will let you select a different channel. There are two bands. The older band runs from channels 1 to 12 or so. The newer band has 25 channels but uses a different number scale.

I tried the download in Chrome and it didn't complain. In FF it complained but I hit Advanced then allowed an exception and it did finish the download.

Comcast often puts the password on a label on the bottom or the back of the router. Just open a browser and go to the

10.0.0.1 and it should give you a login prompt.

#14
mythica

Posted 08 December 2017 - 05:00 PM

Member

Topic Starter
Member
13 posts

I changed the channel. And I downloaded the inssider from a different location. I figured out the best channel to use. and have changed it. I may run speccy again but there are so many connections on the same stupid router system as I am and they only give us access to change it to six different ones and each and every one has between 3 and 6 on them.

Boot scan came back nothing on it.

cleaned out the dirt and it seems to be happier has stayed at around 30C all morning.

SFC is currently running.

Thank you so much for helping me figure this out. I think something was screwing with it and made it angry enough for me to figure out that the motherboard was wearing a fur coat. lol