Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Windows Security Center does not work
Message
<blockquote data-quote="jmz2d" data-source="post: 669636" data-attributes="member: 65757"><p>I could see attach a report/upload a file button before but i can not now so im copying these txt files again:</p><p>[SPOILER="FRST.txt"]</p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017</p><p>Ran by jmz (administrator) on JMZ (11-09-2017 14:13:42)</p><p>Running from C:\Users\MURAT\Desktop</p><p>Loaded Profiles: jmz (Available Profiles: jmz)</p><p>Platform: Windows 10 Home Single Language Version 1703 (X64) Language: Türkçe (Türkiye)</p><p>Internet Explorer Version 11 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxCUIService.exe</p><p>(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe</p><p>(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe</p><p>(Intel Corporation) C:\Windows\System32\ibtsiva.exe</p><p>(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe</p><p>(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe</p><p>(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe</p><p>(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe</p><p>(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\sqlservr.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe</p><p>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe</p><p>() C:\Program Files\CyberLink\Shared files\RichVideo64.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\fdlauncher.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\fdhost.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe</p><p>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxEM.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxHK.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Realtek semiconductor) C:\Windows\RTFTrack.exe</p><p>(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe</p><p>() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe</p><p>(Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe</p><p>(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe</p><p>(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe</p><p>(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe</p><p>(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe</p><p>(© 2015 Microsoft Corporation) C:\Users\MURAT\AppData\Local\Microsoft\BingSvc\BingSvc.exe</p><p>(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe</p><p>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe</p><p>(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe</p><p>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe</p><p>(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe</p><p>(none) C:\murat\WLan\WLAN Optimizer.exe</p><p>() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe</p><p>(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe</p><p>(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe</p><p>(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe</p><p>(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe</p><p>(Microsoft Corporation) C:\Windows\System32\smartscreen.exe</p><p></p><p>==================== Registry (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)</p><p>HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)</p><p>HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401848 2017-06-12] ()</p><p>HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)</p><p>HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)</p><p>HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()</p><p>HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)</p><p>HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)</p><p>HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-16] (Lenovo(beijing) Limited)</p><p>HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-16] (Lenovo(beijing) Limited)</p><p>HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)</p><p>HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-30] (Logitech Inc.)</p><p>HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart</p><p>HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)</p><p>HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)</p><p>HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()</p><p>HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION</p><p>HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)</p><p>HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [BingSvc] => C:\Users\MURAT\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)</p><p>HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)</p><p>HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)</p><p>HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [Discord] => C:\Users\MURAT\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)</p><p>HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-03] (Skype Technologies S.A.)</p><p>HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [1281024 2017-07-11] (Adobe Systems Incorporated)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk [2015-01-09]</p><p>ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-06-28]</p><p>ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)</p><p>CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyServer: [S-1-5-21-1369535705-3180996973-1344369311-1002] => http=127.0.0.1:8896;https=127.0.0.1:8896</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\..\Interfaces\{06d94800-74fb-4dc1-9b73-d0dbaa80cb7b}: [NameServer] 8.8.8.8,8.8.4.4</p><p>Tcpip\..\Interfaces\{06d94800-74fb-4dc1-9b73-d0dbaa80cb7b}: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\..\Interfaces\{be16cd11-9ea3-458e-bea1-1f3d02e278b3}: [DhcpNameServer] 7.254.254.254</p><p>Tcpip\..\Interfaces\{eaaabf1b-b5eb-401b-b9b7-6960eaaff5e5}: [NameServer] 8.8.8.8,8.8.4.4</p><p>Tcpip\..\Interfaces\{eaaabf1b-b5eb-401b-b9b7-6960eaaff5e5}: [DhcpNameServer] 178.233.140.110 46.196.235.90 176.240.150.250</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131354589711227546&GUID=A0F6BAAF-3EEC-45A4-B0B3-7BFB2D82C523</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://<a href="http://www.google.com" target="_blank">www.google.com</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://<a href="http://www.google.com" target="_blank">www.google.com</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://<a href="http://www.google.com" target="_blank">www.google.com</a></p><p>HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131354589711239839&GUID=A0F6BAAF-3EEC-45A4-B0B3-7BFB2D82C523</p><p>HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://<a href="http://www.lenovo.com" target="_blank">www.lenovo.com</a></p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxp://<a href="http://www.bing.com/search?q=" target="_blank">www.bing.com/search?q=</a>{searchTerms}&form=MSSEDF&pc=MSE1</p><p>SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> 37B2E986A7C49C614282CBB00A67777F URL = hxxp://gorsel.yandex.com.tr/yandsearch?win=160&clid=2083124&text={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> A8743C42BF303D0794F58CC80983B1DE URL = hxxp://video.yandex.com.tr/#search?win=160&clid=2083124&text={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> EB57C9901C249E83B1DAABB89A17D035 URL = hxxp://haber.yandex.com.tr/yandsearch?rpt=nnews2&grhow=clutop&win=160&clid=2083124&text={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxp://<a href="http://www.bing.com/search?q=" target="_blank">www.bing.com/search?q=</a>{searchTerms}&form=MSSEDF&pc=MSE1</p><p>BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-20] (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-14] (Oracle Corporation)</p><p>BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-20] (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation)</p><p>BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-28] (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-14] (Oracle Corporation)</p><p>BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-20] (Microsoft Corporation)</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation)</p><p>BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)</p><p>Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)</p><p>Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)</p><p>Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)</p><p>Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)</p><p>Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)</p><p>Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)</p><p>Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)</p><p>Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-08-06]</p><p>FF user.js: detected! => C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2016-03-06]</p><p>FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Yandex</p><p>FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Yandex</p><p>FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://<a href="http://www.yandex.com.tr/?win=160&clid=2083123" target="_blank">www.yandex.com.tr/?win=160&clid=2083123</a></p><p>FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\gorsel.yandex.com.tr-145713.xml [2015-01-22]</p><p>FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\haber.yandex.com.tr-145713.xml [2015-01-22]</p><p>FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\video.yandex.com.tr-145713.xml [2015-01-22]</p><p>FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.com.tr-145713.xml [2015-01-22]</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()</p><p>FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation)</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)</p><p>FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-28] (Microsoft Corporation)</p><p>FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation)</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation)</p><p>FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-28] (Microsoft Corporation)</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-28] (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)</p><p>FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)</p><p>FF Plugin HKU\S-1-5-21-1369535705-3180996973-1344369311-1002: jpl.nasa.gov/NASAEyes -> C:\Users\MURAT\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-08-23] (Jet Propulsion Laboratory)</p><p></p><p>Chrome: </p><p>=======</p><p>CHR DefaultProfile: Default</p><p>CHR HomePage: Default -> hxxp://<a href="http://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=tr-tr" target="_blank">www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=tr-tr</a></p><p>CHR StartupUrls: Default -> "hxxps://<a href="http://www.google.com.tr/" target="_blank">www.google.com.tr/</a>"</p><p>CHR DefaultSearchURL: Default -> hxxp://<a href="http://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q=" target="_blank">www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q=</a>{searchTerms}</p><p>CHR DefaultSearchKeyword: Default -> bing.com</p><p>CHR Profile: C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default [2017-09-11]</p><p>CHR Extension: (BetterTTV) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-21]</p><p>CHR Extension: (Social Video Downloader - Save Facebook Video) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2017-08-23]</p><p>CHR Extension: (Bitmoji) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgdeiadkckfbkeigkoncpdieiiefpig [2017-07-06]</p><p>CHR Extension: (Steam Inventory Helper) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-08-29]</p><p>CHR Extension: (FrankerFaceZ) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2017-05-05]</p><p>CHR Extension: (AdBlock) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-10]</p><p>CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-02-07]</p><p>CHR Extension: (DotVPN — VPN'den daha iyi.) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2017-05-29]</p><p>CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]</p><p>CHR Extension: (ThemeBeta.com) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\onghcfjakljnchnjocajgcdphaoahkef [2017-03-31]</p><p>CHR Extension: (Chrome Media Router) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]</p><p>CHR Profile: C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-07]</p><p>CHR HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx</p><p>CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx</p><p></p><p>Opera: </p><p>=======</p><p>OPR StartupUrls: "hxxp://<a href="http://www.yandex.com.tr/?win=160&clid=2083123" target="_blank">www.yandex.com.tr/?win=160&clid=2083123</a>" </p><p></p><p>==================== Services (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)</p><p>S3 ALG; C:\WINDOWS\System32\alg.exe [92672 2017-03-18] (Microsoft Corporation)</p><p>S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-05] ()</p><p>R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [394752 2015-07-15] (Apple Inc.) [File not signed]</p><p>R2 CDPUserSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)</p><p>R2 CDPUserSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)</p><p>R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-07-07] (Microsoft Corporation)</p><p>S3 DevicesFlowUserSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)</p><p>S3 DevicesFlowUserSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)</p><p>S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)</p><p>S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-04-26] (EasyAntiCheat Ltd)</p><p>S3 Fax; C:\WINDOWS\system32\fxssvc.exe [637440 2017-03-19] (Microsoft Corporation)</p><p>U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]</p><p>R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)</p><p>R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (Intel Corporation)</p><p>R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]</p><p>S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)</p><p>R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)</p><p>S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)</p><p>R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)</p><p>R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-16] (Lenovo(beijing) Limited)</p><p>R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)</p><p>R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-30] (Logitech Inc.)</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)</p><p>S3 MessagingService_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)</p><p>S3 MessagingService_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)</p><p>S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2017-03-18] (Microsoft Corporation)</p><p>S3 msiserver; C:\WINDOWS\System32\msiexec.exe [66048 2017-03-18] (Microsoft Corporation)</p><p>S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59392 2017-03-18] (Microsoft Corporation)</p><p>R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)</p><p>R2 MSSQL$TEST; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)</p><p>R3 MSSQLFDLauncher$TEST; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)</p><p>S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]</p><p>R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-22] (NVIDIA Corporation)</p><p>S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-22] (NVIDIA Corporation)</p><p>R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)</p><p>R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-08-22] (NVIDIA Corporation)</p><p>R2 OneSyncSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)</p><p>R2 OneSyncSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)</p><p>R3 PimIndexMaintenanceSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)</p><p>R3 PimIndexMaintenanceSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)</p><p>S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]</p><p>R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()</p><p>S3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2017-03-18] (Microsoft Corporation)</p><p>R2 SamSs; C:\WINDOWS\system32\lsass.exe [58488 2017-07-07] (Microsoft Corporation)</p><p>R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [336320 2017-07-07] (Microsoft Corporation)</p><p>S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1284608 2017-03-18] (Microsoft Corporation)</p><p>S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2017-05-31] (Microsoft Corporation)</p><p>S3 spectrum; C:\WINDOWS\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation)</p><p>R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [757760 2017-03-18] (Microsoft Corporation)</p><p>S2 sppsvc; C:\WINDOWS\system32\sppsvc.exe [4574192 2017-03-18] (Microsoft Corporation)</p><p>S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)</p><p>S4 SQLAgent$TEST; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)</p><p>S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]</p><p>R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-06-01] (Synaptics Incorporated)</p><p>S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]</p><p>S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [302592 2017-03-18] (Microsoft Corporation)</p><p>S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH)</p><p>S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [43008 2017-03-18] (Microsoft Corporation)</p><p>R3 UnistoreSvc_74e5e55; C:\WINDOWS\System32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)</p><p>R3 UnistoreSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)</p><p>R3 UserDataSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)</p><p>R3 UserDataSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)</p><p>S3 vds; C:\WINDOWS\System32\vds.exe [643072 2017-03-18] (Microsoft Corporation)</p><p>R3 VSS; C:\WINDOWS\system32\vssvc.exe [1550848 2017-03-18] (Microsoft Corporation)</p><p>S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)</p><p>S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]</p><p>S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]</p><p>S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)</p><p>S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [2136480 2017-06-20] (Microsoft Corporation)</p><p>R2 WpnUserService_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)</p><p>R2 WpnUserService_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)</p><p>R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [933376 2017-06-03] (Microsoft Corporation)</p><p>R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [797184 2017-06-03] (Microsoft Corporation)</p><p>R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]</p><p></p><p>===================== Drivers (Whitelisted) ======================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-05-29] (SteelSeries Corporation) [File not signed]</p><p>S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)</p><p>S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)</p><p>R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-06-05] (Disc Soft Ltd)</p><p>R1 FACEIT; C:\WINDOWS\System32\Drivers\FACEIT.sys [7976416 2017-06-21] ()</p><p>R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)</p><p>S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.)</p><p>R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)</p><p>R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-30] (Logitech Inc.)</p><p>S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2016-09-30] (Logitech Inc.)</p><p>S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)</p><p>S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)</p><p>R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)</p><p>R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_fbb126b6a28109b9\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)</p><p>S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-08-22] (NVIDIA Corporation)</p><p>R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)</p><p>R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)</p><p>R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek )</p><p>R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)</p><p>R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)</p><p>S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation) [File not signed]</p><p>S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()</p><p>R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)</p><p>R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-01-14] (Synaptics Incorporated)</p><p>R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)</p><p>S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45904 2017-06-19] (SteelSeries ApS)</p><p>S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)</p><p>R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)</p><p>S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2016-11-14] () [File not signed]</p><p>S3 VCSVADHWSer; C:\WINDOWS\system32\DRIVERS\vcsvad.sys [29320 2015-10-01] (AVSOFT Corp.)</p><p>S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)</p><p>S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)</p><p>S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)</p><p>S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-09-11 14:13 - 2017-09-11 14:14 - 000037572 _____ C:\Users\MURAT\Desktop\FRST.txt</p><p>2017-09-11 14:08 - 2017-09-11 01:18 - 002396672 _____ (Farbar) C:\Users\MURAT\Desktop\FRST64.exe</p><p>2017-09-11 14:08 - 2017-09-07 09:35 - 000000712 _____ C:\Users\MURAT\Desktop\Fixlog.txt</p><p>2017-09-10 18:38 - 2017-09-10 18:38 - 000195346 _____ C:\Users\MURAT\Downloads\wu170509.diagcab</p><p>2017-09-09 22:29 - 2017-09-11 02:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC</p><p>2017-09-08 11:22 - 2017-09-08 11:23 - 145457432 _____ (Microsoft Corporation) C:\Users\MURAT\Downloads\mpam-fe.exe</p><p>2017-09-08 10:50 - 2017-09-08 10:50 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R944A08A2-46BE-4C39-8AFE-DD9393F07D14</p><p>2017-09-08 09:28 - 2017-09-08 09:28 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R5D25C63D-7C84-4C63-AD19-A73F1359F4F5</p><p>2017-09-07 17:44 - 2017-09-07 17:44 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0</p><p>2017-09-07 16:20 - 2017-09-07 17:44 - 000003332 _____ C:\WINDOWS\System32\Tasks\RunAsStdUser Task</p><p>2017-09-07 16:20 - 2017-09-07 17:43 - 000000000 ____D C:\Program Files (x86)\Moo0</p><p>2017-09-07 16:14 - 2017-09-07 16:18 - 000000000 ____D C:\Program Files (x86)\MyVideoConverter</p><p>2017-09-07 16:14 - 2017-09-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Drivers\mycodec</p><p>2017-09-07 16:03 - 2017-09-07 16:06 - 000000000 ____D C:\Program Files (x86)\Total Video Converter</p><p>2017-09-07 09:37 - 2017-09-07 09:37 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R3207B9EA-080D-4683-9EFC-FEC0C2E6A300</p><p>2017-09-06 10:57 - 2017-09-11 14:13 - 000000000 ____D C:\FRST</p><p>2017-09-05 17:28 - 2017-09-05 17:28 - 000000000 ____D C:\Users\MURAT\source</p><p>2017-09-05 17:25 - 2017-09-05 17:27 - 000000000 ____D C:\Users\MURAT\AppData\Local\.IdentityService</p><p>2017-09-05 17:02 - 2017-09-05 17:02 - 000000000 ____D C:\Users\MURAT\AppData\LocalLow\Jet Propulsion Laboratory</p><p>2017-09-05 17:01 - 2017-09-05 17:01 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes</p><p>2017-09-05 17:01 - 2017-09-05 17:01 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\JPL-NASA-Caltech</p><p>2017-09-05 14:22 - 2017-09-05 17:40 - 000000000 ____D C:\Users\MURAT\Documents\Visual Studio 2017</p><p>2017-09-05 14:22 - 2017-09-05 14:22 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity</p><p>2017-09-05 14:18 - 2017-09-05 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017</p><p>2017-09-05 14:16 - 2017-09-05 14:16 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk</p><p>2017-09-05 14:15 - 2017-09-05 14:23 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Visual Studio Setup</p><p>2017-09-05 14:15 - 2017-09-05 14:16 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio</p><p>2017-09-05 14:15 - 2017-09-05 14:15 - 000001370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk</p><p>2017-09-05 14:15 - 2017-09-05 14:15 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\vstelemetry</p><p>2017-09-05 14:15 - 2017-09-05 14:15 - 000000000 ____D C:\Users\MURAT\AppData\Local\ServiceHub</p><p>2017-09-05 14:03 - 2017-09-05 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.1.1f1 (64-bit)</p><p>2017-09-02 13:43 - 2017-09-02 13:43 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2RBA69CF24-8574-451D-AF01-8DE279FA02AB</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json</p><p>2017-09-01 20:58 - 2017-08-22 04:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json</p><p>2017-09-01 20:30 - 2017-09-01 20:30 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R3935B218-0AFF-465B-9E4B-33EE4AB5C4E2</p><p>2017-08-26 21:32 - 2017-08-26 21:34 - 000000000 ____D C:\Users\MURAT\AppData\Local\Celavimus3</p><p>2017-08-25 11:40 - 2017-08-25 11:40 - 000004849 _____ C:\Users\MURAT\AppData\Local\recently-used.xbel</p><p>2017-08-25 10:36 - 2017-08-25 10:36 - 000000000 ____D C:\Users\MURAT\AppData\Local\pip</p><p>2017-08-25 09:26 - 2017-08-25 09:26 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R9E85005E-667B-45D6-B561-06AB8CFBF0EA</p><p>2017-08-24 15:55 - 2017-08-24 15:55 - 000000000 ____D C:\Users\MURAT\AnacondaProjects</p><p>2017-08-24 15:54 - 2017-08-24 15:54 - 000000000 ____D C:\Users\MURAT\.jupyter</p><p>2017-08-24 09:58 - 2017-08-24 09:58 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R74C36CE2-F6E8-471B-96DA-D216C21D4239</p><p>2017-08-22 09:45 - 2017-08-22 09:45 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2RF411A19D-8C00-4666-9605-69C1FF6862D2</p><p>2017-08-22 04:44 - 2017-08-22 04:44 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R71E88B32-570A-4D59-9983-7869466B7F9D</p><p>2017-08-21 00:43 - 2017-08-21 00:43 - 000000000 ____D C:\Users\MURAT\Documents\League of Legends</p><p>2017-08-20 23:54 - 2017-08-20 23:54 - 000000000 ____D C:\ProgramData\Riot Games</p><p>2017-08-20 23:53 - 2008-07-12 08:18 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll</p><p>2017-08-20 23:53 - 2008-07-12 08:18 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll</p><p>2017-08-20 23:53 - 2008-07-12 08:18 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll</p><p>2017-08-20 23:51 - 2017-09-01 19:12 - 000000000 ____D C:\Program Files (x86)\Riot Games</p><p>2017-08-20 23:50 - 2017-08-20 23:53 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Riot Games</p><p>2017-08-18 10:23 - 2017-08-18 10:23 - 000000032 _____ C:\Users\MURAT\.defaults-0.1.0.ini</p><p>2017-08-18 10:07 - 2017-08-18 10:07 - 000000000 ____D C:\Users\MURAT\Documents\FeedbackHub</p><p>2017-08-17 16:26 - 2017-09-03 02:20 - 000000000 ____D C:\Users\MURAT\.spyder</p><p>2017-08-17 16:00 - 2017-08-17 16:00 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)</p><p>2017-08-17 15:55 - 2017-08-17 16:00 - 000000000 ____D C:\Users\MURAT\Anaconda2</p><p>2017-08-17 14:58 - 2017-08-17 14:58 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\jupyter</p><p>2017-08-17 14:58 - 2017-08-17 14:58 - 000000000 ____D C:\Users\MURAT\.ipython</p><p>2017-08-17 14:57 - 2017-09-03 02:20 - 000000000 ____D C:\Users\MURAT\.matplotlib</p><p>2017-08-17 14:57 - 2017-08-24 15:54 - 000000043 _____ C:\Users\MURAT\.condarc</p><p>2017-08-17 14:57 - 2017-08-17 15:36 - 000000000 ____D C:\Users\MURAT\.spyder-py3</p><p>2017-08-17 14:57 - 2017-08-17 14:57 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Jedi</p><p>2017-08-17 14:56 - 2017-08-24 15:55 - 000000000 ____D C:\Users\MURAT\.conda</p><p>2017-08-17 14:56 - 2017-08-17 14:56 - 000000000 ____D C:\Users\MURAT\AppData\Local\conda</p><p>2017-08-17 14:56 - 2017-08-17 14:56 - 000000000 ____D C:\Users\MURAT\.anaconda</p><p>2017-08-17 14:54 - 2017-08-25 16:45 - 000000000 ____D C:\Users\MURAT\Documents\Python Scripts</p><p>2017-08-17 14:28 - 2017-08-17 14:28 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6</p><p>2017-08-17 14:28 - 2017-08-17 14:28 - 000000000 ____D C:\Users\MURAT\AppData\Local\Package Cache</p><p>2017-08-16 09:22 - 2017-08-16 09:22 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R121C8B4D-0BDA-4349-B2B2-63E524F949B0</p><p>2017-08-15 23:55 - 2017-08-10 03:34 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438528.dll</p><p>2017-08-15 23:55 - 2017-08-10 03:34 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438528.dll</p><p>2017-08-15 23:01 - 2017-08-15 23:01 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R6F526ED0-363B-4576-8084-CD3EA542A241</p><p>2017-08-14 17:12 - 2017-08-14 17:12 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\DYA_VPPVDWTJFSDDMUTMB</p><p>2017-08-14 17:12 - 2017-08-14 17:12 - 000000000 ____D C:\ProgramData\DYA_VPPVDWTJFSDDMUTMB</p><p>2017-08-13 23:45 - 2017-08-13 23:45 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2017-09-11 14:04 - 2016-01-18 21:00 - 000000000 ____D C:\Users\MURAT\AppData\Local\CrashDumps</p><p>2017-09-11 13:28 - 2017-05-31 04:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy</p><p>2017-09-11 12:25 - 2017-05-31 05:02 - 000000000 ____D C:\ProgramData\NVIDIA</p><p>2017-09-11 10:54 - 2015-09-22 03:05 - 000000000 ____D C:\Program Files (x86)\Steam</p><p>2017-09-11 09:35 - 2017-05-31 06:08 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS</p><p>2017-09-11 09:34 - 2017-05-31 05:02 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat</p><p>2017-09-11 02:22 - 2017-05-31 05:05 - 000000000 ____D C:\Users\MURAT</p><p>2017-09-11 02:05 - 2014-12-21 12:47 - 000000000 ____D C:\Users\MURAT\AppData\Local\Adobe</p><p>2017-09-11 00:08 - 2016-06-24 10:18 - 000737320 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys</p><p>2017-09-10 22:16 - 2017-05-31 06:08 - 000004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2FC2BD6-817C-4036-B10D-BDF010B0A5D4}</p><p>2017-09-10 14:07 - 2016-12-14 02:53 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\steelseries-engine-3-client</p><p>2017-09-10 13:57 - 2017-05-31 05:03 - 003437436 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2017-09-10 13:57 - 2017-03-20 07:02 - 001510216 _____ C:\WINDOWS\system32\perfh01F.dat</p><p>2017-09-10 13:57 - 2017-03-20 07:02 - 000401600 _____ C:\WINDOWS\system32\perfc01F.dat</p><p>2017-09-09 22:30 - 2017-06-30 17:23 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1369535705-3180996973-1344369311-1002</p><p>2017-09-09 22:30 - 2015-07-30 01:12 - 000002386 _____ C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk</p><p>2017-09-09 22:30 - 2015-03-03 00:52 - 000000000 ___RD C:\Users\MURAT\OneDrive</p><p>2017-09-09 22:26 - 2014-12-23 21:24 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys</p><p>2017-09-09 22:25 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF</p><p>2017-09-08 17:42 - 2017-01-18 08:45 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios</p><p>2017-09-08 17:41 - 2017-05-31 06:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2017-09-08 17:41 - 2017-03-18 14:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI</p><p>2017-09-08 15:16 - 2014-12-21 18:01 - 000000000 ___RD C:\murat</p><p>2017-09-08 15:16 - 2014-12-21 07:07 - 000000000 ____D C:\Users\MURAT\AppData\Local\Packages</p><p>2017-09-08 12:52 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp</p><p>2017-09-08 11:11 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\NDF</p><p>2017-09-08 11:09 - 2017-07-06 09:31 - 000000000 __SHD C:\zec</p><p>2017-09-08 10:25 - 2017-05-31 04:57 - 005352544 _____ C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2017-09-08 09:56 - 2017-07-06 09:31 - 000003572 _____ C:\WINDOWS\System32\Tasks\Google Update</p><p>2017-09-08 09:56 - 2017-07-06 09:31 - 000003570 _____ C:\WINDOWS\System32\Tasks\GoogleUpdate</p><p>2017-09-07 15:47 - 2015-07-25 02:08 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\MPC-HC</p><p>2017-09-06 16:32 - 2016-11-01 02:43 - 000000000 ____D C:\Users\MURAT\Documents\Visual Studio 2015</p><p>2017-09-05 15:19 - 2016-11-08 17:07 - 000000000 ____D C:\Users\MURAT\AppData\LocalLow\Unity</p><p>2017-09-05 15:11 - 2016-11-08 17:07 - 000000000 ____D C:\ProgramData\Unity</p><p>2017-09-05 14:22 - 2016-11-08 16:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity</p><p>2017-09-05 14:21 - 2014-09-16 00:28 - 000000000 ____D C:\ProgramData\Package Cache</p><p>2017-09-05 14:18 - 2017-05-31 04:36 - 000000000 ____D C:\Program Files (x86)\MSBuild</p><p>2017-09-05 14:05 - 2016-11-08 16:06 - 000000000 ____D C:\Program Files\Unity</p><p>2017-09-05 11:41 - 2015-07-09 11:41 - 000000132 _____ C:\Users\MURAT\AppData\Roaming\Adobe PNG Format CS6 Prefs</p><p>2017-09-05 09:51 - 2015-01-22 15:26 - 000000000 ____D C:\Users\MURAT\AppData\Local\ElevatedDiagnostics</p><p>2017-09-05 09:45 - 2017-07-13 16:33 - 000002259 _____ C:\WINDOWS\epplauncher.mif</p><p>2017-09-05 08:59 - 2016-03-06 21:43 - 000000000 ____D C:\ProgramData\ProductData</p><p>2017-09-03 00:43 - 2017-02-07 13:33 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\obs-studio</p><p>2017-09-02 13:26 - 2014-09-16 01:11 - 000000000 ____D C:\ProgramData\Energy Manager</p><p>2017-09-01 21:03 - 2017-05-31 05:02 - 000000000 ____D C:\ProgramData\NVIDIA Corporation</p><p>2017-09-01 21:02 - 2017-06-15 23:36 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2017-09-01 21:02 - 2017-05-31 06:08 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2017-09-01 21:02 - 2017-05-31 06:08 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2017-09-01 21:01 - 2017-05-31 06:08 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2017-09-01 21:01 - 2017-05-31 06:08 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2017-09-01 21:01 - 2017-05-31 06:08 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2017-09-01 21:01 - 2017-05-31 06:08 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2017-09-01 21:01 - 2017-05-31 06:08 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2017-09-01 21:01 - 2017-05-31 05:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation</p><p>2017-09-01 21:01 - 2017-05-31 05:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation</p><p>2017-09-01 21:01 - 2016-03-12 01:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT</p><p>2017-08-29 09:20 - 2015-07-30 10:03 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</p><p>2017-08-25 16:13 - 2015-03-21 03:00 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Skype</p><p>2017-08-25 11:42 - 2017-06-19 14:02 - 000000000 ____D C:\Users\MURAT\.gimp-2.8</p><p>2017-08-25 00:46 - 2016-01-01 19:33 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys</p><p>2017-08-22 04:01 - 2017-07-30 07:19 - 000046453 _____ C:\WINDOWS\system32\nvinfo.pb</p><p>2017-08-22 04:01 - 2017-06-28 10:01 - 000179320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll</p><p>2017-08-22 04:01 - 2017-06-28 10:01 - 000146552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll</p><p>2017-08-22 04:01 - 2017-05-31 05:02 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat</p><p>2017-08-22 04:01 - 2017-05-11 11:20 - 004210360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll</p><p>2017-08-22 04:01 - 2017-05-11 11:20 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll</p><p>2017-08-22 04:01 - 2017-05-11 11:20 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys</p><p>2017-08-22 04:01 - 2017-04-09 23:42 - 001923192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll</p><p>2017-08-22 04:01 - 2017-04-09 23:42 - 001755256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll</p><p>2017-08-22 04:01 - 2017-04-09 23:42 - 001505912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll</p><p>2017-08-22 04:01 - 2017-04-09 23:42 - 001317496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll</p><p>2017-08-22 04:01 - 2017-04-09 23:42 - 000121464 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll</p><p>2017-08-22 04:01 - 2017-04-09 23:41 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat</p><p>2017-08-22 02:10 - 2017-05-31 05:02 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll</p><p>2017-08-22 02:10 - 2017-05-31 05:02 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll</p><p>2017-08-22 02:10 - 2017-05-31 05:02 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll</p><p>2017-08-22 02:10 - 2017-05-31 05:02 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll</p><p>2017-08-22 02:10 - 2017-05-31 05:02 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll</p><p>2017-08-22 02:10 - 2017-05-31 05:02 - 000147576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll</p><p>2017-08-22 02:10 - 2017-05-31 05:02 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll</p><p>2017-08-22 02:10 - 2017-05-31 05:02 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll</p><p>2017-08-19 22:35 - 2014-12-30 03:08 - 000000000 ____D C:\Users\MURAT\Documents\Max Payne 2 Savegames</p><p>2017-08-19 10:10 - 2017-05-31 05:02 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin</p><p>2017-08-19 00:22 - 2015-01-06 14:28 - 000000000 ____D C:\Users\MURAT\AppData\Local\NVIDIA Corporation</p><p>2017-08-17 09:23 - 2015-06-29 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive</p><p>2017-08-15 23:13 - 2015-06-14 09:41 - 000000000 ____D C:\Program Files (x86)\Rockstar Games</p><p>2017-08-15 23:12 - 2015-06-14 09:41 - 000000000 ____D C:\Program Files\Rockstar Games</p><p>2017-08-15 14:54 - 2017-01-16 00:45 - 000000000 ____D C:\Users\MURAT\.chatty</p><p>2017-08-15 10:01 - 2014-12-21 15:45 - 000000000 ____D C:\Users\MURAT\Documents\Visual Studio 2010</p><p>2017-08-14 11:25 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\Branding</p><p>2017-08-13 23:45 - 2016-04-18 21:58 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\discord</p><p>2017-08-13 23:45 - 2016-04-18 21:58 - 000000000 ____D C:\Users\MURAT\AppData\Local\Discord</p><p>2017-08-13 00:00 - 2017-03-29 15:58 - 000002432 _____ C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk</p><p>2017-08-12 22:55 - 2014-12-21 16:38 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\TS3Client</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2016-08-06 15:56 - 2016-08-06 16:23 - 000000132 _____ () C:\Users\MURAT\AppData\Roaming\Adobe BMP Format CS6 Prefs</p><p>2015-07-09 11:41 - 2017-09-05 11:41 - 000000132 _____ () C:\Users\MURAT\AppData\Roaming\Adobe PNG Format CS6 Prefs</p><p>2017-08-25 11:40 - 2017-08-25 11:40 - 000004849 _____ () C:\Users\MURAT\AppData\Local\recently-used.xbel</p><p>2015-04-01 14:58 - 2015-04-01 14:58 - 000007609 _____ () C:\Users\MURAT\AppData\Local\Resmon.ResmonCfg</p><p>2016-08-31 10:57 - 2016-08-31 10:57 - 000000003 _____ () C:\Users\MURAT\AppData\Local\updater.log</p><p>2016-08-31 10:57 - 2016-08-31 10:57 - 000000424 _____ () C:\Users\MURAT\AppData\Local\UserProducts.xml</p><p>2017-05-31 05:02 - 2017-05-31 05:02 - 000000000 ____H () C:\ProgramData\DP45977C.lfl</p><p>2016-12-16 16:19 - 2017-01-10 23:20 - 000015106 _____ () C:\ProgramData\NvTelemetryContainer.log</p><p>2016-12-16 16:19 - 2017-01-05 01:44 - 000033432 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1</p><p></p><p>==================== Bamital & volsnap ======================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2017-09-06 10:42</p><p></p><p>==================== End of FRST.txt ============================</p><p>[/SPOILER]</p></blockquote><p></p>
[QUOTE="jmz2d, post: 669636, member: 65757"] I could see attach a report/upload a file button before but i can not now so im copying these txt files again: [SPOILER="FRST.txt"] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017 Ran by jmz (administrator) on JMZ (11-09-2017 14:13:42) Running from C:\Users\MURAT\Desktop Loaded Profiles: jmz (Available Profiles: jmz) Platform: Windows 10 Home Single Language Version 1703 (X64) Language: Türkçe (Türkiye) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\sqlservr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\fdhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (© 2015 Microsoft Corporation) C:\Users\MURAT\AppData\Local\Microsoft\BingSvc\BingSvc.exe (SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (none) C:\murat\WLan\WLAN Optimizer.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor) HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401848 2017-06-12] () HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-16] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-16] (Lenovo(beijing) Limited) HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-30] (Logitech Inc.) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] () HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd) HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [BingSvc] => C:\Users\MURAT\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation) HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd) HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [Discord] => C:\Users\MURAT\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.) HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-03] (Skype Technologies S.A.) HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [1281024 2017-07-11] (Adobe Systems Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk [2015-01-09] ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-06-28] ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-1369535705-3180996973-1344369311-1002] => http=127.0.0.1:8896;https=127.0.0.1:8896 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{06d94800-74fb-4dc1-9b73-d0dbaa80cb7b}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{06d94800-74fb-4dc1-9b73-d0dbaa80cb7b}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{be16cd11-9ea3-458e-bea1-1f3d02e278b3}: [DhcpNameServer] 7.254.254.254 Tcpip\..\Interfaces\{eaaabf1b-b5eb-401b-b9b7-6960eaaff5e5}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{eaaabf1b-b5eb-401b-b9b7-6960eaaff5e5}: [DhcpNameServer] 178.233.140.110 46.196.235.90 176.240.150.250 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131354589711227546&GUID=A0F6BAAF-3EEC-45A4-B0B3-7BFB2D82C523 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.google.com"]www.google.com[/URL] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://[URL="http://www.google.com"]www.google.com[/URL] HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131354589711239839&GUID=A0F6BAAF-3EEC-45A4-B0B3-7BFB2D82C523 HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://[URL="http://www.lenovo.com"]www.lenovo.com[/URL] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxp://[URL="http://www.bing.com/search?q="]www.bing.com/search?q=[/URL]{searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> 37B2E986A7C49C614282CBB00A67777F URL = hxxp://gorsel.yandex.com.tr/yandsearch?win=160&clid=2083124&text={searchTerms} SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> A8743C42BF303D0794F58CC80983B1DE URL = hxxp://video.yandex.com.tr/#search?win=160&clid=2083124&text={searchTerms} SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> EB57C9901C249E83B1DAABB89A17D035 URL = hxxp://haber.yandex.com.tr/yandsearch?rpt=nnews2&grhow=clutop&win=160&clid=2083124&text={searchTerms} SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxp://[URL="http://www.bing.com/search?q="]www.bing.com/search?q=[/URL]{searchTerms}&form=MSSEDF&pc=MSE1 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-20] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-14] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-20] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-14] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-20] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation) BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-08-06] FF user.js: detected! => C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2016-03-06] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Yandex FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Yandex FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://[URL="http://www.yandex.com.tr/?win=160&clid=2083123"]www.yandex.com.tr/?win=160&clid=2083123[/URL] FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\gorsel.yandex.com.tr-145713.xml [2015-01-22] FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\haber.yandex.com.tr-145713.xml [2015-01-22] FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\video.yandex.com.tr-145713.xml [2015-01-22] FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.com.tr-145713.xml [2015-01-22] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] () FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-28] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-28] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-28] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems) FF Plugin HKU\S-1-5-21-1369535705-3180996973-1344369311-1002: jpl.nasa.gov/NASAEyes -> C:\Users\MURAT\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-08-23] (Jet Propulsion Laboratory) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://[URL="http://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=tr-tr"]www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=tr-tr[/URL] CHR StartupUrls: Default -> "hxxps://[URL="http://www.google.com.tr/"]www.google.com.tr/[/URL]" CHR DefaultSearchURL: Default -> hxxp://[URL="http://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q="]www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q=[/URL]{searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default [2017-09-11] CHR Extension: (BetterTTV) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-21] CHR Extension: (Social Video Downloader - Save Facebook Video) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2017-08-23] CHR Extension: (Bitmoji) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgdeiadkckfbkeigkoncpdieiiefpig [2017-07-06] CHR Extension: (Steam Inventory Helper) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-08-29] CHR Extension: (FrankerFaceZ) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2017-05-05] CHR Extension: (AdBlock) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-10] CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-02-07] CHR Extension: (DotVPN — VPN'den daha iyi.) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2017-05-29] CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (ThemeBeta.com) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\onghcfjakljnchnjocajgcdphaoahkef [2017-03-31] CHR Extension: (Chrome Media Router) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08] CHR Profile: C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-07] CHR HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx Opera: ======= OPR StartupUrls: "hxxp://[URL="http://www.yandex.com.tr/?win=160&clid=2083123"]www.yandex.com.tr/?win=160&clid=2083123[/URL]" ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) S3 ALG; C:\WINDOWS\System32\alg.exe [92672 2017-03-18] (Microsoft Corporation) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-05] () R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [394752 2015-07-15] (Apple Inc.) [File not signed] R2 CDPUserSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) R2 CDPUserSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-07-07] (Microsoft Corporation) S3 DevicesFlowUserSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 DevicesFlowUserSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd) S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-04-26] (EasyAntiCheat Ltd) S3 Fax; C:\WINDOWS\system32\fxssvc.exe [637440 2017-03-19] (Microsoft Corporation) U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo) R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.) R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-16] (Lenovo(beijing) Limited) R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-30] (Logitech Inc.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 MessagingService_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 MessagingService_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL) S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2017-03-18] (Microsoft Corporation) S3 msiserver; C:\WINDOWS\System32\msiexec.exe [66048 2017-03-18] (Microsoft Corporation) S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59392 2017-03-18] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) R2 MSSQL$TEST; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation) R3 MSSQLFDLauncher$TEST; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-22] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-22] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-08-22] (NVIDIA Corporation) R2 OneSyncSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) R2 OneSyncSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) R3 PimIndexMaintenanceSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) R3 PimIndexMaintenanceSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed] R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] () S3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2017-03-18] (Microsoft Corporation) R2 SamSs; C:\WINDOWS\system32\lsass.exe [58488 2017-07-07] (Microsoft Corporation) R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [336320 2017-07-07] (Microsoft Corporation) S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1284608 2017-03-18] (Microsoft Corporation) S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2017-05-31] (Microsoft Corporation) S3 spectrum; C:\WINDOWS\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation) R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [757760 2017-03-18] (Microsoft Corporation) S2 sppsvc; C:\WINDOWS\system32\sppsvc.exe [4574192 2017-03-18] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) S4 SQLAgent$TEST; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-06-01] (Synaptics Incorporated) S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed] S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [302592 2017-03-18] (Microsoft Corporation) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH) S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [43008 2017-03-18] (Microsoft Corporation) R3 UnistoreSvc_74e5e55; C:\WINDOWS\System32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) R3 UnistoreSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) R3 UserDataSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) R3 UserDataSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) S3 vds; C:\WINDOWS\System32\vds.exe [643072 2017-03-18] (Microsoft Corporation) R3 VSS; C:\WINDOWS\system32\vssvc.exe [1550848 2017-03-18] (Microsoft Corporation) S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation) S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed] S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [2136480 2017-06-20] (Microsoft Corporation) R2 WpnUserService_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) R2 WpnUserService_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [933376 2017-06-03] (Microsoft Corporation) R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [797184 2017-06-03] (Microsoft Corporation) R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-05-29] (SteelSeries Corporation) [File not signed] S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-06-05] (Disc Soft Ltd) R1 FACEIT; C:\WINDOWS\System32\Drivers\FACEIT.sys [7976416 2017-06-21] () R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation) S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-30] (Logitech Inc.) S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2016-09-30] (Logitech Inc.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_fbb126b6a28109b9\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-08-22] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.) S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation) [File not signed] S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-01-14] (Synaptics Incorporated) R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS) S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45904 2017-06-19] (SteelSeries ApS) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH) S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2016-11-14] () [File not signed] S3 VCSVADHWSer; C:\WINDOWS\system32\DRIVERS\vcsvad.sys [29320 2015-10-01] (AVSOFT Corp.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-11 14:13 - 2017-09-11 14:14 - 000037572 _____ C:\Users\MURAT\Desktop\FRST.txt 2017-09-11 14:08 - 2017-09-11 01:18 - 002396672 _____ (Farbar) C:\Users\MURAT\Desktop\FRST64.exe 2017-09-11 14:08 - 2017-09-07 09:35 - 000000712 _____ C:\Users\MURAT\Desktop\Fixlog.txt 2017-09-10 18:38 - 2017-09-10 18:38 - 000195346 _____ C:\Users\MURAT\Downloads\wu170509.diagcab 2017-09-09 22:29 - 2017-09-11 02:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2017-09-08 11:22 - 2017-09-08 11:23 - 145457432 _____ (Microsoft Corporation) C:\Users\MURAT\Downloads\mpam-fe.exe 2017-09-08 10:50 - 2017-09-08 10:50 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R944A08A2-46BE-4C39-8AFE-DD9393F07D14 2017-09-08 09:28 - 2017-09-08 09:28 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R5D25C63D-7C84-4C63-AD19-A73F1359F4F5 2017-09-07 17:44 - 2017-09-07 17:44 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0 2017-09-07 16:20 - 2017-09-07 17:44 - 000003332 _____ C:\WINDOWS\System32\Tasks\RunAsStdUser Task 2017-09-07 16:20 - 2017-09-07 17:43 - 000000000 ____D C:\Program Files (x86)\Moo0 2017-09-07 16:14 - 2017-09-07 16:18 - 000000000 ____D C:\Program Files (x86)\MyVideoConverter 2017-09-07 16:14 - 2017-09-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Drivers\mycodec 2017-09-07 16:03 - 2017-09-07 16:06 - 000000000 ____D C:\Program Files (x86)\Total Video Converter 2017-09-07 09:37 - 2017-09-07 09:37 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R3207B9EA-080D-4683-9EFC-FEC0C2E6A300 2017-09-06 10:57 - 2017-09-11 14:13 - 000000000 ____D C:\FRST 2017-09-05 17:28 - 2017-09-05 17:28 - 000000000 ____D C:\Users\MURAT\source 2017-09-05 17:25 - 2017-09-05 17:27 - 000000000 ____D C:\Users\MURAT\AppData\Local\.IdentityService 2017-09-05 17:02 - 2017-09-05 17:02 - 000000000 ____D C:\Users\MURAT\AppData\LocalLow\Jet Propulsion Laboratory 2017-09-05 17:01 - 2017-09-05 17:01 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes 2017-09-05 17:01 - 2017-09-05 17:01 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\JPL-NASA-Caltech 2017-09-05 14:22 - 2017-09-05 17:40 - 000000000 ____D C:\Users\MURAT\Documents\Visual Studio 2017 2017-09-05 14:22 - 2017-09-05 14:22 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity 2017-09-05 14:18 - 2017-09-05 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017 2017-09-05 14:16 - 2017-09-05 14:16 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk 2017-09-05 14:15 - 2017-09-05 14:23 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Visual Studio Setup 2017-09-05 14:15 - 2017-09-05 14:16 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2017-09-05 14:15 - 2017-09-05 14:15 - 000001370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk 2017-09-05 14:15 - 2017-09-05 14:15 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\vstelemetry 2017-09-05 14:15 - 2017-09-05 14:15 - 000000000 ____D C:\Users\MURAT\AppData\Local\ServiceHub 2017-09-05 14:03 - 2017-09-05 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.1.1f1 (64-bit) 2017-09-02 13:43 - 2017-09-02 13:43 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2RBA69CF24-8574-451D-AF01-8DE279FA02AB 2017-09-01 20:58 - 2017-08-22 04:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2017-09-01 20:58 - 2017-08-22 04:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json 2017-09-01 20:58 - 2017-08-22 04:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json 2017-09-01 20:30 - 2017-09-01 20:30 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R3935B218-0AFF-465B-9E4B-33EE4AB5C4E2 2017-08-26 21:32 - 2017-08-26 21:34 - 000000000 ____D C:\Users\MURAT\AppData\Local\Celavimus3 2017-08-25 11:40 - 2017-08-25 11:40 - 000004849 _____ C:\Users\MURAT\AppData\Local\recently-used.xbel 2017-08-25 10:36 - 2017-08-25 10:36 - 000000000 ____D C:\Users\MURAT\AppData\Local\pip 2017-08-25 09:26 - 2017-08-25 09:26 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R9E85005E-667B-45D6-B561-06AB8CFBF0EA 2017-08-24 15:55 - 2017-08-24 15:55 - 000000000 ____D C:\Users\MURAT\AnacondaProjects 2017-08-24 15:54 - 2017-08-24 15:54 - 000000000 ____D C:\Users\MURAT\.jupyter 2017-08-24 09:58 - 2017-08-24 09:58 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R74C36CE2-F6E8-471B-96DA-D216C21D4239 2017-08-22 09:45 - 2017-08-22 09:45 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2RF411A19D-8C00-4666-9605-69C1FF6862D2 2017-08-22 04:44 - 2017-08-22 04:44 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R71E88B32-570A-4D59-9983-7869466B7F9D 2017-08-21 00:43 - 2017-08-21 00:43 - 000000000 ____D C:\Users\MURAT\Documents\League of Legends 2017-08-20 23:54 - 2017-08-20 23:54 - 000000000 ____D C:\ProgramData\Riot Games 2017-08-20 23:53 - 2008-07-12 08:18 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2017-08-20 23:53 - 2008-07-12 08:18 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2017-08-20 23:53 - 2008-07-12 08:18 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2017-08-20 23:51 - 2017-09-01 19:12 - 000000000 ____D C:\Program Files (x86)\Riot Games 2017-08-20 23:50 - 2017-08-20 23:53 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Riot Games 2017-08-18 10:23 - 2017-08-18 10:23 - 000000032 _____ C:\Users\MURAT\.defaults-0.1.0.ini 2017-08-18 10:07 - 2017-08-18 10:07 - 000000000 ____D C:\Users\MURAT\Documents\FeedbackHub 2017-08-17 16:26 - 2017-09-03 02:20 - 000000000 ____D C:\Users\MURAT\.spyder 2017-08-17 16:00 - 2017-08-17 16:00 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit) 2017-08-17 15:55 - 2017-08-17 16:00 - 000000000 ____D C:\Users\MURAT\Anaconda2 2017-08-17 14:58 - 2017-08-17 14:58 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\jupyter 2017-08-17 14:58 - 2017-08-17 14:58 - 000000000 ____D C:\Users\MURAT\.ipython 2017-08-17 14:57 - 2017-09-03 02:20 - 000000000 ____D C:\Users\MURAT\.matplotlib 2017-08-17 14:57 - 2017-08-24 15:54 - 000000043 _____ C:\Users\MURAT\.condarc 2017-08-17 14:57 - 2017-08-17 15:36 - 000000000 ____D C:\Users\MURAT\.spyder-py3 2017-08-17 14:57 - 2017-08-17 14:57 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Jedi 2017-08-17 14:56 - 2017-08-24 15:55 - 000000000 ____D C:\Users\MURAT\.conda 2017-08-17 14:56 - 2017-08-17 14:56 - 000000000 ____D C:\Users\MURAT\AppData\Local\conda 2017-08-17 14:56 - 2017-08-17 14:56 - 000000000 ____D C:\Users\MURAT\.anaconda 2017-08-17 14:54 - 2017-08-25 16:45 - 000000000 ____D C:\Users\MURAT\Documents\Python Scripts 2017-08-17 14:28 - 2017-08-17 14:28 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6 2017-08-17 14:28 - 2017-08-17 14:28 - 000000000 ____D C:\Users\MURAT\AppData\Local\Package Cache 2017-08-16 09:22 - 2017-08-16 09:22 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R121C8B4D-0BDA-4349-B2B2-63E524F949B0 2017-08-15 23:55 - 2017-08-10 03:34 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438528.dll 2017-08-15 23:55 - 2017-08-10 03:34 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438528.dll 2017-08-15 23:01 - 2017-08-15 23:01 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R6F526ED0-363B-4576-8084-CD3EA542A241 2017-08-14 17:12 - 2017-08-14 17:12 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\DYA_VPPVDWTJFSDDMUTMB 2017-08-14 17:12 - 2017-08-14 17:12 - 000000000 ____D C:\ProgramData\DYA_VPPVDWTJFSDDMUTMB 2017-08-13 23:45 - 2017-08-13 23:45 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-11 14:04 - 2016-01-18 21:00 - 000000000 ____D C:\Users\MURAT\AppData\Local\CrashDumps 2017-09-11 13:28 - 2017-05-31 04:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-09-11 12:25 - 2017-05-31 05:02 - 000000000 ____D C:\ProgramData\NVIDIA 2017-09-11 10:54 - 2015-09-22 03:05 - 000000000 ____D C:\Program Files (x86)\Steam 2017-09-11 09:35 - 2017-05-31 06:08 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS 2017-09-11 09:34 - 2017-05-31 05:02 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2017-09-11 02:22 - 2017-05-31 05:05 - 000000000 ____D C:\Users\MURAT 2017-09-11 02:05 - 2014-12-21 12:47 - 000000000 ____D C:\Users\MURAT\AppData\Local\Adobe 2017-09-11 00:08 - 2016-06-24 10:18 - 000737320 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2017-09-10 22:16 - 2017-05-31 06:08 - 000004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2FC2BD6-817C-4036-B10D-BDF010B0A5D4} 2017-09-10 14:07 - 2016-12-14 02:53 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\steelseries-engine-3-client 2017-09-10 13:57 - 2017-05-31 05:03 - 003437436 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-09-10 13:57 - 2017-03-20 07:02 - 001510216 _____ C:\WINDOWS\system32\perfh01F.dat 2017-09-10 13:57 - 2017-03-20 07:02 - 000401600 _____ C:\WINDOWS\system32\perfc01F.dat 2017-09-09 22:30 - 2017-06-30 17:23 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1369535705-3180996973-1344369311-1002 2017-09-09 22:30 - 2015-07-30 01:12 - 000002386 _____ C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-09-09 22:30 - 2015-03-03 00:52 - 000000000 ___RD C:\Users\MURAT\OneDrive 2017-09-09 22:26 - 2014-12-23 21:24 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-09-09 22:25 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF 2017-09-08 17:42 - 2017-01-18 08:45 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2017-09-08 17:41 - 2017-05-31 06:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-09-08 17:41 - 2017-03-18 14:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI 2017-09-08 15:16 - 2014-12-21 18:01 - 000000000 ___RD C:\murat 2017-09-08 15:16 - 2014-12-21 07:07 - 000000000 ____D C:\Users\MURAT\AppData\Local\Packages 2017-09-08 12:52 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-09-08 11:11 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-09-08 11:09 - 2017-07-06 09:31 - 000000000 __SHD C:\zec 2017-09-08 10:25 - 2017-05-31 04:57 - 005352544 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-09-08 09:56 - 2017-07-06 09:31 - 000003572 _____ C:\WINDOWS\System32\Tasks\Google Update 2017-09-08 09:56 - 2017-07-06 09:31 - 000003570 _____ C:\WINDOWS\System32\Tasks\GoogleUpdate 2017-09-07 15:47 - 2015-07-25 02:08 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\MPC-HC 2017-09-06 16:32 - 2016-11-01 02:43 - 000000000 ____D C:\Users\MURAT\Documents\Visual Studio 2015 2017-09-05 15:19 - 2016-11-08 17:07 - 000000000 ____D C:\Users\MURAT\AppData\LocalLow\Unity 2017-09-05 15:11 - 2016-11-08 17:07 - 000000000 ____D C:\ProgramData\Unity 2017-09-05 14:22 - 2016-11-08 16:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity 2017-09-05 14:21 - 2014-09-16 00:28 - 000000000 ____D C:\ProgramData\Package Cache 2017-09-05 14:18 - 2017-05-31 04:36 - 000000000 ____D C:\Program Files (x86)\MSBuild 2017-09-05 14:05 - 2016-11-08 16:06 - 000000000 ____D C:\Program Files\Unity 2017-09-05 11:41 - 2015-07-09 11:41 - 000000132 _____ C:\Users\MURAT\AppData\Roaming\Adobe PNG Format CS6 Prefs 2017-09-05 09:51 - 2015-01-22 15:26 - 000000000 ____D C:\Users\MURAT\AppData\Local\ElevatedDiagnostics 2017-09-05 09:45 - 2017-07-13 16:33 - 000002259 _____ C:\WINDOWS\epplauncher.mif 2017-09-05 08:59 - 2016-03-06 21:43 - 000000000 ____D C:\ProgramData\ProductData 2017-09-03 00:43 - 2017-02-07 13:33 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\obs-studio 2017-09-02 13:26 - 2014-09-16 01:11 - 000000000 ____D C:\ProgramData\Energy Manager 2017-09-01 21:03 - 2017-05-31 05:02 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2017-09-01 21:02 - 2017-06-15 23:36 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-01 21:02 - 2017-05-31 06:08 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-01 21:02 - 2017-05-31 06:08 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-01 21:01 - 2017-05-31 06:08 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-01 21:01 - 2017-05-31 06:08 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-01 21:01 - 2017-05-31 06:08 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-01 21:01 - 2017-05-31 06:08 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-01 21:01 - 2017-05-31 06:08 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-09-01 21:01 - 2017-05-31 05:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-09-01 21:01 - 2017-05-31 05:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-09-01 21:01 - 2016-03-12 01:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2017-08-29 09:20 - 2015-07-30 10:03 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-25 16:13 - 2015-03-21 03:00 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Skype 2017-08-25 11:42 - 2017-06-19 14:02 - 000000000 ____D C:\Users\MURAT\.gimp-2.8 2017-08-25 00:46 - 2016-01-01 19:33 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys 2017-08-22 04:01 - 2017-07-30 07:19 - 000046453 _____ C:\WINDOWS\system32\nvinfo.pb 2017-08-22 04:01 - 2017-06-28 10:01 - 000179320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2017-08-22 04:01 - 2017-06-28 10:01 - 000146552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2017-08-22 04:01 - 2017-05-31 05:02 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2017-08-22 04:01 - 2017-05-11 11:20 - 004210360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2017-08-22 04:01 - 2017-05-11 11:20 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2017-08-22 04:01 - 2017-05-11 11:20 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2017-08-22 04:01 - 2017-04-09 23:42 - 001923192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2017-08-22 04:01 - 2017-04-09 23:42 - 001755256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2017-08-22 04:01 - 2017-04-09 23:42 - 001505912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2017-08-22 04:01 - 2017-04-09 23:42 - 001317496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2017-08-22 04:01 - 2017-04-09 23:42 - 000121464 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll 2017-08-22 04:01 - 2017-04-09 23:41 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat 2017-08-22 02:10 - 2017-05-31 05:02 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2017-08-22 02:10 - 2017-05-31 05:02 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2017-08-22 02:10 - 2017-05-31 05:02 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2017-08-22 02:10 - 2017-05-31 05:02 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2017-08-22 02:10 - 2017-05-31 05:02 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2017-08-22 02:10 - 2017-05-31 05:02 - 000147576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll 2017-08-22 02:10 - 2017-05-31 05:02 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2017-08-22 02:10 - 2017-05-31 05:02 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2017-08-19 22:35 - 2014-12-30 03:08 - 000000000 ____D C:\Users\MURAT\Documents\Max Payne 2 Savegames 2017-08-19 10:10 - 2017-05-31 05:02 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin 2017-08-19 00:22 - 2015-01-06 14:28 - 000000000 ____D C:\Users\MURAT\AppData\Local\NVIDIA Corporation 2017-08-17 09:23 - 2015-06-29 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2017-08-15 23:13 - 2015-06-14 09:41 - 000000000 ____D C:\Program Files (x86)\Rockstar Games 2017-08-15 23:12 - 2015-06-14 09:41 - 000000000 ____D C:\Program Files\Rockstar Games 2017-08-15 14:54 - 2017-01-16 00:45 - 000000000 ____D C:\Users\MURAT\.chatty 2017-08-15 10:01 - 2014-12-21 15:45 - 000000000 ____D C:\Users\MURAT\Documents\Visual Studio 2010 2017-08-14 11:25 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\Branding 2017-08-13 23:45 - 2016-04-18 21:58 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\discord 2017-08-13 23:45 - 2016-04-18 21:58 - 000000000 ____D C:\Users\MURAT\AppData\Local\Discord 2017-08-13 00:00 - 2017-03-29 15:58 - 000002432 _____ C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk 2017-08-12 22:55 - 2014-12-21 16:38 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\TS3Client ==================== Files in the root of some directories ======= 2016-08-06 15:56 - 2016-08-06 16:23 - 000000132 _____ () C:\Users\MURAT\AppData\Roaming\Adobe BMP Format CS6 Prefs 2015-07-09 11:41 - 2017-09-05 11:41 - 000000132 _____ () C:\Users\MURAT\AppData\Roaming\Adobe PNG Format CS6 Prefs 2017-08-25 11:40 - 2017-08-25 11:40 - 000004849 _____ () C:\Users\MURAT\AppData\Local\recently-used.xbel 2015-04-01 14:58 - 2015-04-01 14:58 - 000007609 _____ () C:\Users\MURAT\AppData\Local\Resmon.ResmonCfg 2016-08-31 10:57 - 2016-08-31 10:57 - 000000003 _____ () C:\Users\MURAT\AppData\Local\updater.log 2016-08-31 10:57 - 2016-08-31 10:57 - 000000424 _____ () C:\Users\MURAT\AppData\Local\UserProducts.xml 2017-05-31 05:02 - 2017-05-31 05:02 - 000000000 ____H () C:\ProgramData\DP45977C.lfl 2016-12-16 16:19 - 2017-01-10 23:20 - 000015106 _____ () C:\ProgramData\NvTelemetryContainer.log 2016-12-16 16:19 - 2017-01-05 01:44 - 000033432 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1 ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-06 10:42 ==================== End of FRST.txt ============================ [/SPOILER] [/QUOTE]
Insert quotes…
Verification
Post reply
Top