Jump to content
kazmatt

malicious website protection on chrome

Recommended Posts

When i open a new tab in chrome a malicous website protection thing comes up,the domain is blank and there is an ip process is coming from chrome,i have scanned my computer with malwarebytes and nothing came up

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by user (administrator) on DESKTOP-4RU24O0 (02-03-2017 21:14:52)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SweetLabs, Inc) C:\Users\user\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\WhatPulse2\whatpulse.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Program Files (x86)\WhatPulse2\whatpulse-watchdog.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveProxy.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Drive\AcerDriveUI.exe
() C:\OEM\Preload\FubTracking\FubTracking.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 2015-12-04] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322104 2016-03-08] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [91488 2016-08-15] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-1232280872-3454715597-4140770094-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1232280872-3454715597-4140770094-1001\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3837016 2016-07-09] ()
HKU\S-1-5-21-1232280872-3454715597-4140770094-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 210.3.59.66 8.8.8.8 210.3.59.69
Tcpip\..\Interfaces\{210ab07d-3ff9-4398-a4c6-e689cd106fbe}: [DhcpNameServer] 192.168.79.1
Tcpip\..\Interfaces\{615412e4-ba92-4bff-af0f-da4418db64d4}: [DhcpNameServer] 210.3.59.66 8.8.8.8 210.3.59.69

Internet Explorer:
==================
HKU\S-1-5-21-1232280872-3454715597-4140770094-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer15.msn.com/?pc=ACTE
HKU\S-1-5-21-1232280872-3454715597-4140770094-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 38w3cfrk.default
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\38w3cfrk.default [2017-03-02]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\38w3cfrk.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\38w3cfrk.default -> hxxps://www.google.com.hk
FF Extension: (English (US) Language Pack) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\38w3cfrk.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-02-03]
FF Extension: (uBlock Origin) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\38w3cfrk.default\Extensions\uBlock0@raymondhill.net.xpi [2017-02-02]
FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\38w3cfrk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-02]
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.0.3.706\npxbdcntb.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1232280872-3454715597-4140770094-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com.hk/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com.hk/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-02-11]
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-02]
CHR Extension: (ezpp!) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aimihpobjpagjiakhcpijibnaafdniol [2017-02-12]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-11]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-11]
CHR Extension: (uBlock Origin) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-11]
CHR Extension: (Session Buddy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-02-11]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-11]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-15] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18488 2016-03-08] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-20] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-03] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-03] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-06-17] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-10-08] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-02] (acer)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S3 GPU-Z; C:\Users\user\AppData\Local\Temp\GPU-Z.sys [27008 2017-02-25] () <==== ATTENTION
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-15] (Intel Corporation)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7231248 2016-06-17] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvaei.inf_amd64_c775b5e628cf6269\nvlddmkm.sys [14516664 2017-02-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Users\user\Desktop\realtemp\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 21:14 - 2017-03-02 21:15 - 00018406 _____ C:\Users\user\Downloads\FRST.txt
2017-03-02 21:14 - 2017-03-02 21:14 - 00000000 ____D C:\FRST
2017-03-02 21:13 - 2017-03-02 21:14 - 02423808 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2017-03-01 22:36 - 2017-03-01 22:36 - 00000222 _____ C:\Users\user\Desktop\Undertale.url
2017-02-27 23:02 - 2017-02-27 23:02 - 06450408 _____ C:\Users\user\Downloads\X18.zip
2017-02-27 23:02 - 2017-02-27 23:02 - 00946030 _____ C:\Users\user\Downloads\nokia_3310_bytaza.zip
2017-02-27 19:07 - 2017-02-27 19:11 - 00000000 ____D C:\Users\user\Downloads\misshitsound
2017-02-26 12:21 - 2017-02-26 12:21 - 00000222 _____ C:\Users\user\Desktop\Megadimension Neptunia VII.url
2017-02-26 12:21 - 2017-02-26 12:21 - 00000222 _____ C:\Users\user\Desktop\Hyperdimension Neptunia Re;Birth3 V Generation.url
2017-02-26 09:32 - 2017-02-26 09:32 - 00000000 ____D C:\Users\user\AppData\Local\FlatOut Ultimate Carnage
2017-02-26 08:47 - 2017-02-26 08:47 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-26 08:47 - 2017-02-10 06:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-26 08:47 - 2017-01-26 08:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-26 08:47 - 2017-01-26 08:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-26 08:47 - 2017-01-26 08:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-26 08:47 - 2017-01-26 08:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-25 21:38 - 2017-02-25 21:38 - 00000222 _____ C:\Users\user\Desktop\Flatout 3.url
2017-02-25 21:38 - 2017-02-25 21:38 - 00000221 _____ C:\Users\user\Desktop\FlatOut Ultimate Carnage.url
2017-02-25 21:38 - 2017-02-25 21:38 - 00000220 _____ C:\Users\user\Desktop\FlatOut.url
2017-02-25 21:38 - 2017-02-25 21:38 - 00000220 _____ C:\Users\user\Desktop\FlatOut 2.url
2017-02-25 14:17 - 2017-02-25 14:17 - 00739392 _____ (Oracle Corporation) C:\Users\user\Downloads\JavaSetup8u121.exe
2017-02-25 14:15 - 2017-02-25 14:15 - 00000000 ____D C:\NVIDIA
2017-02-25 14:13 - 2017-02-25 14:15 - 400200032 _____ (NVIDIA Corporation) C:\Users\user\Downloads\378.66-desktop-win10-64bit-international-whql (1).exe
2017-02-25 14:12 - 2017-02-25 14:12 - 392628288 _____ (NVIDIA Corporation) C:\Users\user\Downloads\378.66-desktop-win8-win7-64bit-international-whql (1).exe
2017-02-25 13:36 - 2017-02-25 13:36 - 392628288 _____ (NVIDIA Corporation) C:\Users\user\Downloads\378.66-desktop-win8-win7-64bit-international-whql.exe
2017-02-25 10:45 - 2017-02-25 10:45 - 02109736 _____ (techPowerUp (www.techpowerup.com)) C:\Users\user\Downloads\GPU-Z.1.17.0.exe
2017-02-25 10:45 - 2017-02-25 10:45 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2017-02-25 10:45 - 2017-02-25 10:45 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2017-02-25 10:15 - 2017-02-25 10:15 - 00002196 _____ C:\Users\Public\Desktop\3DMark2001 SE.lnk
2017-02-25 10:15 - 2017-02-25 10:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MadOnion.com
2017-02-25 10:15 - 2017-02-25 10:15 - 00000000 ____D C:\Program Files (x86)\MadOnion.com
2017-02-25 10:14 - 2017-02-25 10:15 - 41780867 _____ (MadOnion.com) C:\Users\user\Downloads\3DMark2001SE.exe
2017-02-25 09:59 - 2017-02-25 14:14 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-25 09:48 - 2017-02-25 09:48 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-25 09:45 - 2017-02-25 09:48 - 00000000 ____D C:\Users\user\Desktop\New folder
2017-02-25 09:45 - 2017-02-25 09:46 - 00000000 ____D C:\Users\user\Desktop\msi afterburner
2017-02-25 09:44 - 2017-02-25 09:44 - 400200032 _____ (NVIDIA Corporation) C:\Users\user\Downloads\378.66-desktop-win10-64bit-international-whql.exe
2017-02-23 19:22 - 2017-02-23 19:22 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-23 19:20 - 2017-02-10 10:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-23 19:20 - 2017-02-10 10:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-21 22:27 - 2017-02-21 22:42 - 480832709 _____ C:\Users\user\Downloads\DesertHighway.zip
2017-02-21 22:27 - 2017-02-21 22:41 - 373476553 _____ C:\Users\user\Downloads\KOS_V01.zip
2017-02-20 16:15 - 2017-02-20 16:16 - 09261616 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup527.exe
2017-02-18 14:26 - 2017-02-18 14:26 - 00000000 ____D C:\Users\user\AppData\Local\PopcornTime
2017-02-18 14:25 - 2017-02-18 14:40 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2017-02-15 22:17 - 2017-02-15 22:17 - 00000222 _____ C:\Users\user\Desktop\NEKOPARA Vol. 1.url
2017-02-15 22:17 - 2017-02-15 22:17 - 00000222 _____ C:\Users\user\Desktop\NEKOPARA Vol. 0.url
2017-02-13 20:46 - 2017-03-02 21:08 - 00583214 _____ C:\WINDOWS\system32\prfh0404.dat
2017-02-13 20:46 - 2017-03-02 21:08 - 00174278 _____ C:\WINDOWS\system32\prfc0404.dat
2017-02-13 20:46 - 2017-02-13 20:45 - 00119662 _____ C:\WINDOWS\system32\prfi0404.dat
2017-02-13 20:46 - 2017-02-13 20:45 - 00033362 _____ C:\WINDOWS\system32\prfd0404.dat
2017-02-13 20:45 - 2017-02-13 20:45 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HANT
2017-02-13 20:45 - 2017-02-13 20:45 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-02-13 20:45 - 2017-02-13 20:45 - 00000000 ____D C:\WINDOWS\system32\zh-HANT
2017-02-13 20:40 - 2017-02-13 20:40 - 00001696 _____ C:\WINDOWS\SysWOW64\NOISE.CHT
2017-02-13 20:40 - 2017-02-13 20:40 - 00001696 _____ C:\WINDOWS\system32\NOISE.CHT
2017-02-13 20:40 - 2016-07-15 19:29 - 09720320 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0404.dll
2017-02-13 20:40 - 2016-07-15 19:29 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0404.dll
2017-02-13 20:40 - 2016-07-15 19:24 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70404.dll
2017-02-13 20:40 - 2016-07-15 19:14 - 02352640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0404.dll
2017-02-13 20:40 - 2016-07-15 18:40 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70404.dll
2017-02-13 20:40 - 2016-07-15 18:30 - 02267136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0404.dll
2017-02-13 20:39 - 2017-02-13 20:39 - 00001696 _____ C:\WINDOWS\SysWOW64\NOISE.CHS
2017-02-13 20:39 - 2017-02-13 20:39 - 00001696 _____ C:\WINDOWS\system32\NOISE.CHS
2017-02-13 20:39 - 2017-02-13 20:39 - 00001055 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-02-13 20:39 - 2016-07-15 19:29 - 02963968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0804.dll
2017-02-13 20:39 - 2016-07-15 19:29 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0804.dll
2017-02-13 20:39 - 2016-07-15 19:25 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70804.dll
2017-02-13 20:39 - 2016-07-15 19:17 - 03430912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0804.dll
2017-02-13 20:39 - 2016-07-15 18:39 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70804.dll
2017-02-13 20:39 - 2016-07-15 18:36 - 03361792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0804.dll
2017-02-12 20:16 - 2017-02-12 20:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Romero Games Ltd
2017-02-12 20:16 - 2017-02-12 20:16 - 00000000 ____D C:\Users\user\AppData\Local\Romero Games Ltd
2017-02-12 20:15 - 2017-02-12 20:15 - 00000222 _____ C:\Users\user\Desktop\Gunman Taco Truck.url
2017-02-12 17:54 - 2017-02-12 17:54 - 00000000 ____D C:\Users\user\Downloads\HuniePop_Digital_Art_Collection
2017-02-12 12:34 - 2017-02-12 12:34 - 00000219 _____ C:\Users\user\Desktop\Counter-Strike Condition Zero Deleted Scenes.url
2017-02-12 10:19 - 2017-02-12 10:20 - 212291411 _____ C:\Users\user\Downloads\HuniePop_Digital_Art_Collection.zip
2017-02-11 23:25 - 2017-02-11 23:25 - 00000000 ____D C:\Users\user\AppData\LocalLow\HuniePot
2017-02-11 23:23 - 2017-02-11 23:23 - 00000222 _____ C:\Users\user\Desktop\HuniePop.url
2017-02-11 09:32 - 2017-02-11 09:32 - 15598712 _____ (Mythicsoft Ltd) C:\Users\user\Downloads\AgentRansack_865 (1).exe
2017-02-11 09:31 - 2017-02-11 09:31 - 14328216 _____ (Mythicsoft Ltd) C:\Users\user\Downloads\AgentRansack_828.exe
2017-02-11 09:29 - 2017-02-11 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack
2017-02-11 09:29 - 2017-02-11 09:29 - 00000000 ____D C:\Users\user\AppData\Roaming\Mythicsoft
2017-02-11 09:29 - 2017-02-11 09:29 - 00000000 ____D C:\Program Files\Mythicsoft
2017-02-11 09:28 - 2017-02-11 09:28 - 15598712 _____ (Mythicsoft Ltd) C:\Users\user\Downloads\AgentRansack_865.exe
2017-02-11 09:13 - 2017-02-11 09:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-06 16:07 - 2017-02-20 16:16 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-06 16:07 - 2017-02-06 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-06 16:07 - 2017-02-06 16:07 - 00000000 ____D C:\Program Files\CCleaner
2017-02-06 16:06 - 2017-02-06 16:07 - 08813488 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup526.exe
2017-02-06 16:05 - 2017-02-06 16:05 - 00009972 _____ C:\Users\user\Documents\cc_20170206_160540.reg
2017-02-05 14:58 - 2017-02-10 10:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-05 14:58 - 2017-01-24 08:00 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-02-05 14:58 - 2017-01-21 00:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-02-05 14:58 - 2017-01-21 00:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-02-05 14:58 - 2017-01-21 00:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-02-05 14:58 - 2017-01-21 00:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-02-04 11:26 - 2017-02-04 11:26 - 00130210 _____ C:\Users\user\Downloads\replay-0_816327_2051916173.osr
2017-02-03 08:38 - 2017-03-02 21:02 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2017-02-03 04:12 - 2017-02-05 17:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-01 17:23 - 2017-02-01 17:23 - 00000000 ____D C:\Users\user\AppData\Local\DaysOfWar
2017-02-01 12:15 - 2017-02-01 12:15 - 11634948 _____ C:\Users\user\Downloads\rrtyui.osk
2017-02-01 01:36 - 2017-02-01 01:36 - 12352226 _____ C:\Users\user\Downloads\rrtyui.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 21:11 - 2017-01-22 21:17 - 00000000 ____D C:\Users\user\AppData\Local\whatpulse
2017-03-02 21:08 - 2016-04-01 22:40 - 02265450 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-02 21:06 - 2016-11-14 15:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-02 21:06 - 2016-11-05 15:24 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-02 21:01 - 2016-11-14 16:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-02 21:01 - 2016-11-05 19:03 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-02 21:01 - 2016-07-16 14:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-03-02 20:37 - 2016-11-05 15:34 - 00000000 ____D C:\Users\user\Documents\BeamNG.drive
2017-03-02 19:29 - 2016-11-14 15:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-02 17:20 - 2016-04-01 22:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-02 16:01 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-02 16:01 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-02 15:58 - 2016-11-06 05:04 - 00000000 ____D C:\Users\user\AppData\Local\Host App Service
2017-03-02 15:57 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-01 22:36 - 2016-11-05 15:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-28 20:14 - 2016-11-05 15:42 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-26 21:32 - 2016-11-05 17:29 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-02-26 16:47 - 2016-11-13 18:23 - 00000011 _____ C:\Users\user\Desktop\beamng speed.txt
2017-02-26 12:17 - 2016-11-05 19:04 - 00000016 _____ C:\Users\user\Desktop\spendings.txt
2017-02-26 08:50 - 2016-11-05 19:09 - 00000534 _____ C:\Users\user\Desktop\osu!.lnk
2017-02-26 08:50 - 2016-11-05 19:09 - 00000534 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2017-02-26 08:48 - 2016-11-14 15:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-26 08:48 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-26 08:47 - 2016-11-14 15:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-25 10:15 - 2016-11-06 05:04 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2017-02-25 10:15 - 2016-04-01 22:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-23 15:59 - 2016-11-05 15:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 15:58 - 2016-11-05 15:36 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 19:23 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-19 08:46 - 2016-11-14 15:56 - 00413736 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-17 19:29 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-13 20:45 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-02-13 20:45 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-02-13 20:45 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-02-13 20:45 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-02-13 20:45 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-02-13 20:45 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-02-13 20:45 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-02-13 20:45 - 2016-07-16 22:14 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\Com
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\IME
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Help
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-13 20:45 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-13 20:45 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-13 20:45 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-13 20:45 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-13 20:45 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\servicing
2017-02-13 20:40 - 2016-07-16 22:15 - 00000000 ____D C:\WINDOWS\OCR
2017-02-11 09:35 - 2016-11-05 16:55 - 00000000 ____D C:\Users\user\AppData\Local\MicrosoftEdge
2017-02-10 17:31 - 2016-11-23 20:57 - 00000000 ____D C:\Users\user\Desktop\based stuff
2017-02-10 10:33 - 2016-10-28 02:08 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 10:33 - 2016-10-28 02:07 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 10:33 - 2016-10-28 01:12 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 07:13 - 2016-12-03 15:32 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 06:57 - 2016-11-14 15:57 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 06:57 - 2016-11-14 15:57 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 06:57 - 2016-11-14 15:57 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 06:57 - 2016-11-14 15:57 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 06:57 - 2016-11-14 15:57 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 06:57 - 2016-11-14 15:57 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 06:57 - 2016-11-14 15:57 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 06:57 - 2016-11-14 15:57 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-07 20:48 - 2016-11-05 15:16 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 20:48 - 2016-11-05 15:16 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-07 03:48 - 2016-07-16 19:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 03:48 - 2016-07-16 19:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 16:07 - 2017-01-27 07:49 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-05 17:14 - 2016-04-01 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-05 15:00 - 2016-11-14 15:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-05 14:56 - 2016-12-15 19:06 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-05 14:56 - 2016-12-03 15:32 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-05 14:56 - 2016-12-03 15:32 - 00001493 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-05 14:55 - 2016-12-03 15:32 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-05 14:55 - 2016-12-03 15:32 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-05 14:55 - 2016-12-03 15:32 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-05 14:55 - 2016-12-03 15:32 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-05 14:55 - 2016-12-03 15:32 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-01 17:23 - 2016-11-19 16:18 - 00000000 ____D C:\Users\user\AppData\Local\UnrealEngine
2017-02-01 01:49 - 2017-01-27 14:41 - 00000418 _____ C:\WINDOWS\Tasks\update-sys.job
2017-02-01 01:49 - 2017-01-27 14:41 - 00000418 _____ C:\WINDOWS\Tasks\update-S-1-5-21-1232280872-3454715597-4140770094-1001.job

==================== Files in the root of some directories =======

2016-11-05 17:03 - 2016-12-03 13:20 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2017-01-27 14:41 - 2017-01-27 14:41 - 0000003 _____ () C:\Users\user\AppData\Local\updater.log
2017-01-27 14:41 - 2017-01-27 14:41 - 0000424 _____ () C:\Users\user\AppData\Local\UserProducts.xml
2016-11-14 15:56 - 2016-11-14 15:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-15 19:06 - 2017-01-25 17:13 - 0010941 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-15 19:06 - 2017-01-22 01:09 - 0031260 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-25 14:20 - 2017-02-10 06:39 - 0868152 _____ (NVIDIA Corporation) C:\Users\user\AppData\Local\Temp\nvSCPAPI64.dll
2017-02-26 08:45 - 2017-02-10 06:39 - 0352704 _____ (NVIDIA Corporation) C:\Users\user\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-27 20:18

==================== End of FRST.txt ============================

Addition.txt

Edited by kazmatt
misinterpreted the tutorial for making a topic

Share this post


Link to post
Share on other sites
1 hour ago, kazmatt said:

When i open a new tab in chrome a malicous website protection thing comes up,the domain is blank and there is an ip process is coming from chrome,i have scanned my computer with malwarebytes and nothing came up

Good timing you have. I'm searching for the answer to a very similar problem, but I think this is a Ublock Origin and Malwarebytes problem.

Could you disable your Ublock extension in Chrome and see if that stops that the pop ups.

Share this post


Link to post
Share on other sites

Hi all

This false positive will now be fixed with the most recent database update > 1.0.1404

Again our sincerest apologies on this guys.

* As this issue is confirmed to be resolved i will lock the thread now.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.