Infected by mail.ru virus

Page 2 of 4 FirstFirst 1234 LastLast

  1. Posts : 579
    Windows 10 Home
       #11

    @prikker,


    Post #4. I rather not comment, but you will not see me using that tool, and I am always looking for a 'good find'.
      My Computer


  2. Posts : 14
    Windows10
    Thread Starter
       #12

    SystemLook 30.07.11 by jpshortstuff
    Log created at 00:07 on 24/01/2017 by Sercan
    Administrator - Elevation successful


    ========== filefind ==========


    Searching for "mail.ru"
    No files found.


    Searching for "*mail.ru* "
    C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\calendar. mail.ru.jpeg --a---- 41532 bytes [11:06 23/01/2017] [10:57 23/01/2017] EE307A21F0A103CB7A9919587050CCA2
    C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\games.mai l.ru.jpeg --a---- 76020 bytes [11:06 23/01/2017] [10:57 23/01/2017] 44DF27D4A13972E6C63265367E4473B5
    C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\mail.ru.j peg --a---- 72653 bytes [11:06 23/01/2017] [10:57 23/01/2017] B4626139F1D6FE8E887C2AE84EA66E78
    C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\news.mail .ru.jpeg --a---- 83028 bytes [11:06 23/01/2017] [10:57 23/01/2017] 3C39D32BEE51A01A97D722DA3153F98E
    C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\torg.mail .ru.jpeg --a---- 60098 bytes [11:06 23/01/2017] [10:57 23/01/2017] 6692BA323442F7FE407341185676D1DC
    C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\travel.ma il.ru.jpeg --a---- 80699 bytes [11:06 23/01/2017] [10:57 23/01/2017] AC2D567CB35AFCECE1C492582EC01D38
    C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_cloud.mail.ru_0.localstorage --a---- 3072 bytes [19:10 23/01/2017] [19:11 23/01/2017] CD7EFE1CD49EB743739A5107A7806397
    C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_cloud.mail.ru_0.localstorage-journal --a---- 0 bytes [19:10 23/01/2017] [19:11 23/01/2017] D41D8CD98F00B204E9800998ECF8427E
    C:\Users\Sercan\AppData\Roaming\Microsoft\Windows\Recent\https_cloud.mail.ru_0.indexeddb.leveldb.lnk --a---- 1668 bytes [14:36 23/01/2017] [14:36 23/01/2017] E2C0984BF2EF709B821A4BC64A3E8723


    ========== folderfind ==========


    Searching for "mail.ru"
    No folders found.


    Searching for "*mail.ru* "
    No folders found.


    ========== regfind ==========


    Searching for "mail.ru"
    No data found.


    -= EOF =-
      My Computer


  3. Posts : 382
    Windows 10 Home
       #13

    The tool in post 4 found mywebsearch and deleted it. MBam and AdwCleaner didn't find it.
      My Computer


  4. Posts : 579
    Windows 10 Home
       #14

    cookies1,

    First, follow up with the Zemana instructions:
    How to remove Mail.ru (Chrome, Firefox, IE, Edge)

    Also, try clearing browsing data:
    Clear browsing data - Computer - Chromebook Help

    Next, please run Malwarebytes Anti-Malware in >> Safe Mode:

    Hold down the Shift key while clicking on Power > Restart
    Following the prompts, go to Troubleshoot > Advanced Options > Windows Startup Settings > Press the Restart button
    After the computer restarts, select: Safe Mode

    Find Malwarebytes Anti-Malware, and give it a run.

    Last, if mail.ru is still present, do the following:

    Please use the Farbar Recovery Scan Tool Download
    Save FRST to your Desktop.

    [Note: You need to run the version compatible with your system: 32 bit or 64 bit]

    Double-click FRST to run it.

    When the tool opens click Yes to the disclaimer.

    Next, press the Scan button.

    When done, the tool makes a log (FRST.txt) on the Desktop.
    Also, the first time the tool is run, it makes another log: (Addition.txt).

    Please attach the results of both reports in your reply.
      My Computer


  5. Posts : 579
    Windows 10 Home
       #15

    cookies1,

    Have a change of mind. Just work with running FRST (Farbar Recovery Scan Tool), attaching the results, and do not do anything else.

    Suspecting that FRST may show some Group Policy changes, and, if so, until those are removed, we will get nowhere in a hurry.

    Also, are you running Windows 10 Home, or Pro?

    Hang in there!!
    Last edited by cottonball; 23 Jan 2017 at 22:45.
      My Computer


  6. Posts : 1
    Windows 7
       #16

    Have you checked the Chrome's shortcut? Potentially unwanted programs usually modify your browser shortcuts to automatically load extra web pages or files, hijack your search results, redirect you to unsafe websites, and display endless pop up ads on your webpage are the common thing.
    mail.ru virus may modify your browser shortcuts by adding its harmful files to the shortcut target. So, you should navigate to delete the baleful arguments.
    Right-click your Chrome shortcuts on your desktop and choose Properties option.
    In the opened window, select Shortcuts tab. Locate to the Target field, remove the unwanted homepage link behind exe and then click Apply > OK button after deleting.
      My Computer


  7. Posts : 14
    Windows10
    Thread Starter
       #17

    Hey! I fixed the problem doing these;
    Removed: AVG, FMW 1, Java 8 Update 51, Java 8 Update 51 (64-bit), Restore Point Creator version 3.5, Revo Unistaller Pro 3.1.4, IObit, Bitdefender Agent, mcafee.
    Reset:" hosts" file.
    Cleaned: Appdata\Local\Temp, WINDOWS\Temp, appdata\roaming\.sonoyuncu, downloads\winrarv521.tr.pre-cracked
    Then I installed Kaspersky Internet Security 2017 and scanned my PC. But there is no threat.
    After I've done all these, there is no ad pop-up no more. But I'm suspicious about its files in my PC and I can't see them. Did Kaspersky ignore adverts? Because there is "Anti-Banner" in settings menu. Now is my PC clean or this is just Kaspersky ignore?

    Also my homepage isn't mail.ru. When I noticed a virus in my PC, firstly I deleted homepage and extensions. But there was ad pop-up virus again. I'm using Windows 10 Home Single Language.
    Thanks for your helps, you're so helpful. Also by the way, here you are: FRST results;

    Addition
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
    Ran by Sercan (24-01-2017 12:42:22)
    Running from D:\İNDİRİLENLER
    Windows 10 Home Single Language Version 1607 (X64) (2016-09-24 10:10:46)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-2070039639-675289181-3059388584-500 - Administrator - Disabled)
    Guest (S-1-5-21-2070039639-675289181-3059388584-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2070039639-675289181-3059388584-1003 - Limited - Enabled)
    Sercan (S-1-5-21-2070039639-675289181-3059388584-1001 - Administrator - Enabled) => C:\Users\Sercan
    VarsayılanHesap (S-1-5-21-2070039639-675289181-3059388584-503 - Limited - Disabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    µTorrent (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\{B0B387B2-B1E4-43F2-961D-08ABFD759E1A}) (Version: 12.1.9.160 - Adobe Systems, Inc)
    AIDA64 Extreme v5.70 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.70 - FinalWire Ltd.)
    AirTies Network Assistant (HKLM-x32\...\{7B87A4D7-0A08-4468-B8E3-6CA9F23B5C66}) (Version: 1.2.2 - AirTies Wireless Networks)
    Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Application Verifier x64 External Package (Version: 8.100.26936 - Microsoft) Hidden
    Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.1.1003 - Bandisoft.com)
    Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
    Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
    Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
    Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
    Car Mechanic Simulator 2015 (HKLM-x32\...\Car Mechanic Simulator 2015_is1) (Version: 1.0.7.5 - RePack by Valdeni)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
    Don't Starve Together (HKLM\...\Steam App 322330) (Version: - Klei Entertainment)
    FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse)
    GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Grand Theft Auto V Update v1.36 (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
    HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{9CDE90B4-5EEB-4B3C-84DE-3527F92B5BBD}) (Version: 5.0.10.2793 - Intel Corporation)
    Intel® Yonga Kümesi Aygıt Yazılımı (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
    Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
    Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
    Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
    METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{D1D37853-0004-3E36-A7AA-74F4EEA35F64}) (Version: 4.5.50930 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Excel 2007 Help Güncelleştirmesi (KB963678) (HKLM-x32\...\{90120000-0016-041F-0000-0000000FF1CE}_PROPLUS_{E792E914-5172-48B2-A58A-65C3F311C4E2}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Powerpoint 2007 Help Güncelleştirmesi (KB963669) (HKLM-x32\...\{90120000-0018-041F-0000-0000000FF1CE}_PROPLUS_{8C762073-C6A4-4A11-A639-1C73014FAE00}) (Version: - Microsoft)
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Word 2007 Help Güncelleştirmesi (KB963665) (HKLM-x32\...\{90120000-001B-041F-0000-0000000FF1CE}_PROPLUS_{96E44099-EB0F-45A3-8831-40412110810D}) (Version: - Microsoft)
    Microsoft OneDrive (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Mozilla Firefox 50.1.0 (x86 tr) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 tr)) (Version: 50.1.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
    MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
    MSI Development Tools (x32 Version: 8.100.26898 - Microsoft Corporation) Hidden
    Neat Video v3.1.0 Pro plug-in for Sony Vegas (64-bit) (HKLM\...\Neat Video for Sony Vegas_is1) (Version: - Neat Video team, ABSoft)
    NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
    NVIDIA 3D Vision Denetleyici Sürücüsü 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
    NVIDIA 3D Vision Sürücüsü 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
    NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
    NVIDIA Grafik Sürücüsü 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
    NVIDIA HD Ses Sürücüsü 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
    NVIDIA Miracast Sanal Ses 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 355.60 - NVIDIA Corporation)
    NVIDIA PhysX Sistem Yazılımı 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
    NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
    NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
    Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.)
    ORION: Prelude (HKLM\...\Steam App 104900) (Version: - Spiral Game Studios)
    PhoenixSuit (HKLM-x32\...\{EBF1BED9-4321-40D7-8837-177AE54C457C}) (Version: 1.0.5 - AllWinnertech)
    Prison Architect v2.0 (HKLM\...\cHJpc29uYXJjaGl0ZWN0djIw_is1) (Version: 1 - )
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Red Bull Air Race - The Game (HKLM-x32\...\{6577A275-7D02-4DD9-A619-41FF2E30BB2F}_is1) (Version: 0004 - Wingracers Sports Games)
    RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
    Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
    Scratch (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Scratch) (Version: 1.4.00.00 - MIT Media Lab Lifelong Kindergarten)
    SDK Debuggers (x32 Version: 8.100.26936 - Microsoft Corporation) Hidden
    SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
    TeamSpeak 3 Client (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
    The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
    The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.12.0 - GOG.com)
    Trackmania Turbo (HKLM-x32\...\Trackmania Turbo_is1) (Version: - )
    Transformice (HKLM-x32\...\Steam App 335240) (Version: - Atelier 801)
    Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN)
    Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden
    UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
    UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
    Unity Web Player (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
    Windows Driver Package - USB Devices (usbUDisc) USB (01/24/2013 1.0.0.1) (HKLM\...\2968446D00DC8F0F77065B39E80E51761B9DEAC2) (Version: 01/24/2013 1.0.0.1 - USB Devices)
    Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{ed3a6e6d-9661-4357-abe4-fcc03dc57a07}) (Version: 8.100.26936 - Microsoft Corporation)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    WPT Redistributables (x32 Version: 8.100.26936 - Microsoft) Hidden
    WPTx64 (x32 Version: 8.100.26936 - Microsoft) Hidden


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {068AD8FD-1074-43B7-8204-180B6F1472CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
    Task: {0A1B012B-CAC3-40FC-BE04-959464DEDD30} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-23] (Adobe Systems Incorporated)
    Task: {1E0D895E-CBD8-4B74-95E8-89FE72A5BC2E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {2248EEDF-902A-4E6B-B8E7-427F3059A4C4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {3B114FDE-1B9D-46A6-8680-36AE68C99114} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
    Task: {40C8629D-A37A-43CD-B2D8-FEAE0DDA9231} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation)
    Task: {4EF3A0FD-DDA3-4300-93F8-2214455DA24B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {52441D33-0091-40AD-9ADD-D7525D978301} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {580537E4-C5F5-421E-B917-2C9333788781} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
    Task: {5B97AD3B-8EE0-4045-A4B3-67C51A9D1720} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
    Task: {5D54704B-07C6-4DD9-BA73-4F70C02A78BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {606D6271-6DB6-44CC-8995-BE47D99D40C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {61E17290-756A-4AC0-ADA9-7FDA4F6A6AC1} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
    Task: {6FC4CC24-94DB-4444-A2E2-548692F3EA8D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-13] (NVIDIA Corporation)
    Task: {81E04EEF-BEA5-428F-931C-89F1B1257A58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.)
    Task: {8BC4482F-56A2-45F6-915B-F5E6AC363436} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {9F46F74F-2805-44CF-893A-8CA17A288741} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sercan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    Task: {9F7C5B31-607E-46B3-9841-3B7576C15C74} - \WPD\SqmUpload_S-1-5-21-2070039639-675289181-3059388584-1001 -> No File <==== ATTENTION
    Task: {AE2FF9F2-5335-49CE-ACA4-98F1452D1E5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B555BD07-33B4-4CD3-8AF0-0A2C0A4AD2E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {B72F8083-C6F8-45DA-9801-5D3513DEFD50} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {C52A25B4-FF50-4284-97DE-D5069563EAB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {CBAD0ABA-EE4F-4D62-B211-2559BFFB9939} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {CE3CB2DA-6CEB-46EB-9D11-19A02AF25BF9} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
    Task: {DFBB7675-177D-41F5-B586-B3CC4DFDBE2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.)
    Task: {F5AF3A77-3265-4B5A-8582-71A7DD870732} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {FAC0EB01-7BD4-4CE2-9639-20A799280FF2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-13] (Microsoft Corporation)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)


    Shortcut: C:\Users\Sercan\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.android.chrome.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000139\Launcher.vbs ()


    ShortcutWithArgument: C:\Users\Sercan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"


    ==================== Loaded Modules (Whitelisted) ==============


    2016-09-10 20:08 - 2016-12-13 02:36 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
    2016-09-10 20:08 - 2016-12-13 02:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2016-07-16 14:42 - 2016-07-16 14:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-13 21:50 - 2016-12-09 13:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-09-24 13:04 - 2016-12-11 21:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-12-13 21:50 - 2016-12-09 13:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-12-13 21:50 - 2016-12-09 13:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-09-24 14:01 - 2016-09-24 14:01 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-01-10 23:09 - 2016-12-21 10:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-01-10 23:09 - 2016-12-21 09:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-01-10 23:09 - 2016-12-21 09:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-01-10 23:09 - 2016-12-21 09:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-01-10 23:09 - 2016-12-21 09:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-01-10 23:09 - 2016-12-21 09:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-01-23 04:07 - 2017-01-23 04:09 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-01-23 04:07 - 2017-01-23 04:09 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-01-23 04:07 - 2017-01-23 04:09 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2016-12-14 14:30 - 2016-12-14 14:32 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
    2017-01-22 19:30 - 2016-12-08 11:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
    2017-01-22 19:30 - 2016-12-08 11:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
    2016-09-18 17:57 - 2016-06-14 16:35 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
    2016-09-14 20:52 - 2017-01-10 17:24 - 02493440 _____ () D:\Program Dosyalari\Origin\libGLESv2.dll
    2014-02-19 19:51 - 2014-02-19 19:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
    2015-08-15 21:32 - 2016-12-13 02:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2016-09-10 20:08 - 2016-12-13 02:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
    2016-09-10 20:08 - 2016-12-13 02:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2016-02-05 12:54 - 2011-08-12 13:36 - 02289016 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtCore4.dll
    2016-02-05 12:54 - 2011-08-12 13:36 - 08172920 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtGui4.dll
    2016-02-05 12:54 - 2011-08-12 13:36 - 00920448 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtNetwork4.dll
    2016-02-05 12:54 - 2011-08-12 13:38 - 00225664 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\Log4qtApi1.dll
    2016-02-05 12:54 - 2011-08-12 13:36 - 00196472 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtSql4.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 00345976 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtXml4.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 02557320 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtXmlPatterns4.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 10843008 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtWebKit4.dll
    2016-02-05 12:54 - 2011-08-12 13:36 - 00272760 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\phonon4.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 00032632 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\imageformats\qgif4.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 00028024 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\imageformats\qsvg4.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 00282488 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtSvg4.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 00422264 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\sqldrivers\qsqlite4.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 00027024 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\designer\customwidgetplugin.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 00024952 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\designer\qwebview.dll
    2016-02-05 12:54 - 2011-08-12 13:37 - 00027536 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\designer\worldtimeclockplugin.dll
    2016-09-10 20:08 - 2016-12-13 02:33 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
    2016-09-10 20:08 - 2016-12-12 17:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
    2016-09-10 20:08 - 2016-12-12 17:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
    2016-09-10 20:08 - 2016-12-12 17:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
    2016-09-10 20:08 - 2016-12-12 17:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
    2016-09-10 20:08 - 2016-12-12 17:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
    2016-09-10 20:08 - 2016-12-12 17:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
    2016-09-10 20:08 - 2016-12-12 17:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
    2016-12-18 01:28 - 2016-12-12 17:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
    2015-08-24 19:58 - 2016-09-19 17:51 - 53018112 _____ () D:\Program Dosyalari\GalaxyClient\libcef.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00507968 _____ () D:\Program Dosyalari\GalaxyClient\PocoUtil.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 01076800 _____ () D:\Program Dosyalari\GalaxyClient\PocoNet.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 01854528 _____ () D:\Program Dosyalari\GalaxyClient\PocoData.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00393280 _____ () D:\Program Dosyalari\GalaxyClient\PocoDataSQLite.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 01589312 _____ () D:\Program Dosyalari\GalaxyClient\PocoFoundation.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00307776 _____ () D:\Program Dosyalari\GalaxyClient\PocoNetSSL.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00330816 _____ () D:\Program Dosyalari\GalaxyClient\PocoJSON.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00104000 _____ () D:\Program Dosyalari\GalaxyClient\zlib.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00520768 _____ () D:\Program Dosyalari\GalaxyClient\PocoXML.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00272448 _____ () D:\Program Dosyalari\GalaxyClient\PocoZip.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00425536 _____ () D:\Program Dosyalari\GalaxyClient\pcre.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00680000 _____ () D:\Program Dosyalari\GalaxyClient\sqlite.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00157760 _____ () D:\Program Dosyalari\GalaxyClient\PocoCrypto.dll
    2015-08-24 19:58 - 2016-12-21 11:20 - 00152128 _____ () D:\Program Dosyalari\GalaxyClient\expat.dll
    2015-08-24 19:58 - 2016-09-19 17:51 - 01738752 _____ () D:\Program Dosyalari\GalaxyClient\libglesv2.dll
    2015-08-24 19:58 - 2016-09-19 17:51 - 00078848 _____ () D:\Program Dosyalari\GalaxyClient\libegl.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)


    AlternateDataStreams: C:\Users\Sercan\Downloads\MSIAfterburnerSetup.zip:BDU [1]


    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2016-01-02 00:48 - 2017-01-23 22:26 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts




    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-2070039639-675289181-3059388584-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sercan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\assassins_ creed_syndicate_video_game-wide.jpg
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    HKLM\...\StartupApproved\Run: => "InstallerLauncher"
    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
    HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\StartupApproved\Run: => "CCleaner Monitoring"


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{67F62E9C-F35A-443F-B4D1-822E4568C014}] => D:\Program Dosyalari\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
    FirewallRules: [{DF38EE52-3084-4967-983A-54D9752D72A1}] => D:\Program Dosyalari\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
    FirewallRules: [{DF2690E7-FA36-447D-AF48-C33330B19E62}] => C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe
    FirewallRules: [{44D4D5C0-F776-43FC-B3BF-FB2EEC1083BC}] => C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe
    FirewallRules: [UDP Query User{9A5ED880-2E48-4541-90BA-E9C0B6272751}C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe] => C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe
    FirewallRules: [TCP Query User{2C17120C-5430-4870-BD54-54F916961AFA}C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe] => C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe
    FirewallRules: [{66A14E99-B1F6-42A7-B820-600E456C2D55}] => C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
    FirewallRules: [{11B0D42D-9FF8-4963-B205-CEAAA1D23276}] => C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
    FirewallRules: [UDP Query User{4A3A8D7F-55D2-4418-9D37-7A685F7D3522}C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe] => C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
    FirewallRules: [TCP Query User{4BBCB306-3171-42CB-8FAC-54032066F073}C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe] => C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
    FirewallRules: [UDP Query User{5C8E6514-E0C1-48D9-B9AC-C1279F42B75B}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => C:\program files\java\jre1.8.0_51\bin\javaw.exe
    FirewallRules: [TCP Query User{42385F75-3A54-4D6C-AA7F-7343BDCD7FA7}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => C:\program files\java\jre1.8.0_51\bin\javaw.exe
    FirewallRules: [{0159DA93-24AE-4D89-9969-B301F5050354}] => D:\Program Dosyalari\Steam\bin\steamwebhelper.exe
    FirewallRules: [{5F7D2239-A19A-4A30-96FB-FC1227105BD2}] => D:\Program Dosyalari\Steam\bin\steamwebhelper.exe
    FirewallRules: [{30303652-9B81-45B1-9FAA-DE1797CC862E}] => D:\Program Dosyalari\Steam\Steam.exe
    FirewallRules: [{4B44F63E-F8CC-427E-B2B7-BE0AACF327A7}] => D:\Program Dosyalari\Steam\Steam.exe
    FirewallRules: [UDP Query User{184AB0F3-9E24-4F1A-B59F-A267D28D3D55}C:\users\sercan\appdata\roaming\utorrent\utorrent.exe] => C:\users\sercan\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [TCP Query User{F395CE33-ECF0-4E15-A5C5-FC08CD36774C}C:\users\sercan\appdata\roaming\utorrent\utorrent.exe] => C:\users\sercan\appdata\roaming\utorrent\utorrent.exe
    FirewallRules: [UDP Query User{5C542CC8-D849-4B10-AD42-11AA5D0C7720}D:\program dosyaları\grand theft auto v\gta5.exe] => D:\program dosyaları\grand theft auto v\gta5.exe
    FirewallRules: [TCP Query User{8F8B0623-E506-4D3D-9810-A5ECEE8CD083}D:\program dosyaları\grand theft auto v\gta5.exe] => D:\program dosyaları\grand theft auto v\gta5.exe
    FirewallRules: [{A60A47A1-5343-48BB-83D5-F9C835D1691A}] => C:\Users\Sercan\AppData\Local\Temp\Rar$EXa0.539\App\uTorrent\uTorrent.exe
    FirewallRules: [{FA7BD7E2-59E2-463A-955E-CFDCE72B94BD}] => C:\Users\Sercan\AppData\Local\Temp\Rar$EXa0.539\App\uTorrent\uTorrent.exe
    FirewallRules: [{7FEAB72E-512A-4F8E-941D-07D16D3A6C06}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{78E4799B-30E4-4422-B7A7-B5D9912A11C6}] => D:\Program Dosyalari\Steam\steamapps\common\Transformice\Transformice.exe
    FirewallRules: [{3B6AA48F-45B5-4B3E-9F2F-95144B4A6F29}] => D:\Program Dosyalari\Steam\steamapps\common\Transformice\Transformice.exe
    FirewallRules: [{A38D89B6-6E3D-46CF-9C85-E539CB1AE217}] => D:\Program Dosyalari\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
    FirewallRules: [{7AA703FE-5610-44C6-BA30-7DF92EA0E66D}] => D:\Program Dosyalari\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
    FirewallRules: [{179919BD-2D75-4377-B890-7D8FA4419DD9}] => LPort=8317
    FirewallRules: [{3F88057C-B79B-4817-BE5C-6A0BF059B7E3}] => D:\Program Dosyalari\Yeni klasör\firefox.exe
    FirewallRules: [{ECC7A5E1-D4D9-4C47-A08D-8CA0A44ECF0E}] => D:\Program Dosyalari\Yeni klasör\firefox.exe
    FirewallRules: [{B4E91DC4-5A88-40EF-AB33-1396209B9C9B}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{C8840167-44AE-4C2D-A137-52016F1A9D17}] => D:\Program Dosyalari\Mozilla Firefox\firefox.exe
    FirewallRules: [{C4BCA940-1526-4D71-AD78-288A894FC7A0}] => D:\Program Dosyalari\Mozilla Firefox\firefox.exe
    FirewallRules: [{C1A76838-8BDE-4DDB-8BC4-FAFB1532A51D}] => D:\Program Dosyalari\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{221DD836-FB1A-400B-9DBA-F010D9522EAA}] => D:\Program Dosyalari\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{1F13E684-744E-4BAB-AF8B-02656CCF79BC}] => D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{6B1C162F-4A23-498F-B61C-B5470534F70F}] => D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{4889D8C7-1D1A-4DD8-B801-E235B607773D}] => D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{8634280F-5800-4FAD-827F-96195CC3AAAB}] => D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{52AF2BDA-9149-4A19-AAFD-A837C52CC192}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{6E48666F-D115-4D6E-B5C0-79E186EB3903}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
    FirewallRules: [{78C77EB4-D3BA-4192-8F9F-7ABBC2246A0A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{A1B1FEC6-8F22-484A-907A-C0098F07E05D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{E7D62983-229B-439E-A08C-F968247CBA4B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{D098AFF3-7258-4AF3-9750-75D38EEE140B}] => D:\Program Dosyalari\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{4B4C2D1F-0127-407E-BA77-3C36CE2CA947}] => D:\Program Dosyalari\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{42697464-C4E0-42C5-9425-70B86588ABD0}] => D:\Program Dosyalari\Grand Theft Auto V\GTA5.exe
    FirewallRules: [{352DC362-406B-4908-8A25-6106F41F6CCC}] => D:\Program Dosyalari\Grand Theft Auto V\GTA5.exe
    FirewallRules: [{67C871BB-4359-4E02-87F0-EBCB160346D4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Restore Points =========================


    23-01-2017 14:03:11 Revo Uninstaller Pro's restore point - Amigo
    23-01-2017 14:04:18 Revo Uninstaller Pro's restore point - Служба автоматического обновления программ
    23-01-2017 15:18:52 Revo Uninstaller Pro's restore point - Exterminate It!
    23-01-2017 16:17:06 Revo Uninstaller Pro's restore point - ESET Smart Security
    23-01-2017 16:21:10 Revo Uninstaller Pro's restore point - ESET Smart Security
    23-01-2017 17:32:38 Revo Uninstaller Pro's restore point - SUPERAntiSpyware
    23-01-2017 18:08:47 JRT Pre-Junkware Removal
    23-01-2017 19:28:56 Revo Uninstaller Pro's restore point - SpyHunter 4
    23-01-2017 20:55:33 Revo Uninstaller Pro's restore point - Zemana AntiMalware
    23-01-2017 21:22:42 Revo Uninstaller Pro's restore point - UnHackMe 8.50
    23-01-2017 21:22:55 Revo Uninstaller Pro's restore point - UnHackMe 8.50
    23-01-2017 22:00:43 Revo Uninstaller Pro's restore point - Zemana AntiMalware
    23-01-2017 22:11:27 Removed Java 8 Update 51
    23-01-2017 22:11:40 Removed Java 8 Update 51 (64-bit)
    23-01-2017 22:12:16 Revo Uninstaller Pro's restore point - CCleaner
    23-01-2017 22:13:54 Revo Uninstaller Pro's restore point - Kaspersky Total Security
    23-01-2017 22:15:29 Revo Uninstaller Pro's restore point - Kaspersky Secure Connection
    23-01-2017 22:16:17 Revo Uninstaller Pro's restore point - herdProtect Anti-Malware Scanner


    ==================== Faulty Device Manager Devices =============




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (01/23/2017 11:00:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASPER_NIRVANA)
    Description: Microsoft.MicrosoftJigsaw_8wekyb3d8bbwe!App uygulamasının etkinleştirilmesi şu hatayla başarısız oldu: -2144927148 Ek bilgi için Microsoft-Windows-TWinUI/Operational günlüğüne bakın.


    Error: (01/23/2017 10:58:29 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Hatalı uygulama adı: igfxCUIService.exe, sürüm: 6.15.10.3960, zaman damgası: 0x54299ab0
    Hatalı modül adı: igfxCUIService.exe, sürüm: 6.15.10.3960, zaman damgası: 0x54299ab0
    Özel durum kodu: 0xc0000005
    Hata uzaklığı 0x0000000000012bb8
    Hatalı işlem kimliği: 0x630
    Uygulama başlangıç zamanı: 0x01d275b30e7a3f42
    Hatalı uygulama yolu: C:\Windows\system32\igfxCUIService.exe
    Hatalı modül yolu: C:\Windows\system32\igfxCUIService.exe
    Rapor kimliği: 0c56a852-46ed-44e7-9d85-ea65a58ceb80
    Hatalı paket tam adı:
    Hatalı paketle ilgili uygulama kimliği:


    Error: (01/23/2017 10:30:03 PM) (Source: LiveUpdate.exe) (EventID: 0) (User: )
    Description: Event-ID 0


    Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Bağlantı Katmanı Bulma Protokolü.


    System Error:
    Erişim engellendi.
    .


    Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klupd_klif_mark.


    System Error:
    Sistem belirtilen dosyayı bulamıyor.
    .


    Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klupd_klif_klbg.


    System Error:
    Sistem belirtilen dosyayı bulamıyor.
    .


    Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klupd_klif_klark.


    System Error:
    Sistem belirtilen dosyayı bulamıyor.
    .


    Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary klupd_klif_arkmon.


    System Error:
    Sistem belirtilen dosyayı bulamıyor.
    .


    Error: (01/23/2017 10:16:17 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu. hr = 0x80070005, Erişim engellendi.
    .
    Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.




    İşlem:
    Yazıcı Verileri Toplanıyor


    Bağlam:
    Yazıcı Sınıf Kimliği: {e8132975-6f93-4464-a53e-1050253ae220}
    Yazıcı Adı: System Writer
    Yazıcı Örnek Kimliği: {5f2ffbf1-310d-45ed-a457-7520f243bd94}


    Error: (01/23/2017 10:15:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Bağlantı Katmanı Bulma Protokolü.


    System Error:
    Erişim engellendi.
    .




    System errors:
    =============
    Error: (01/24/2017 12:39:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} sunucusu belirtilen zaman aşımı süresi içinde DCOM'a kayıt yaptıramadı.


    Error: (01/24/2017 12:36:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: uygulamaya özgü izin ayarları
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    CLSID'sine ve
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.


    Error: (01/24/2017 05:17:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: uygulamaya özgü izin ayarları
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    CLSID'sine ve
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.


    Error: (01/24/2017 12:59:02 AM) (Source: bowser) (EventID: 8003) (User: )
    Description: Ana tarayıcı kendisinin etki alanı için ana tarayıcı olduğunu sanan AIR6372SO-NAS bilgisayarından
    NetBT_Tcpip_{F553D58B-9442-4589-A2DE-64173A557DFC} ulaşım hizmeti üzerinden bir sunucu duyurusu aldı.
    Ana tarayıcı duruyor veya bir seçim yapılıyor.


    Error: (01/24/2017 12:57:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} sunucusu belirtilen zaman aşımı süresi içinde DCOM'a kayıt yaptıramadı.


    Error: (01/24/2017 12:54:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: uygulamaya özgü izin ayarları
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    CLSID'sine ve
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.


    Error: (01/24/2017 12:52:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: uygulamaya özgü izin ayarları
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    CLSID'sine ve
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.


    Error: (01/23/2017 11:12:34 PM) (Source: KLIF) (EventID: 0) (User: )
    Description: Event-ID 0


    Error: (01/23/2017 11:01:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} sunucusu belirtilen zaman aşımı süresi içinde DCOM'a kayıt yaptıramadı.


    Error: (01/23/2017 10:58:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: uygulamaya özgü izin ayarları
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    CLSID'sine ve
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.




    CodeIntegrity:
    ===================================
    Date: 2017-01-23 18:00:01.879
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


    Date: 2017-01-23 17:59:59.840
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


    Date: 2017-01-23 16:11:29.056
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    Date: 2017-01-23 14:20:53.708
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-01-23 14:10:55.536
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


    Date: 2017-01-23 14:10:54.486
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


    Date: 2017-01-23 14:10:51.377
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


    Date: 2017-01-23 14:04:55.891
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-01-23 14:04:55.649
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-01-23 14:02:18.180
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
    Percentage of memory in use: 26%
    Total physical RAM: 16327.9 MB
    Available physical RAM: 12046.13 MB
    Total Virtual: 17351.9 MB
    Available Virtual: 12724.56 MB


    ==================== Drives ================================


    Drive c: (Windows) (Fixed) (Total:96.03 GB) (Free:34.35 GB) NTFS
    Drive d: (CASPER) (Fixed) (Total:1863.01 GB) (Free:1352.72 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (Size: 111.8 GB) (Disk ID: C11F4CAB)


    Partition: GPT.


    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 64A06A24)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================

    FRST
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
    Ran by Sercan (administrator) on CASPER_NIRVANA (24-01-2017 12:41:59)
    Running from D:\İNDİRİLENLER
    Loaded Profiles: Sercan (Available Profiles: Sercan)
    Platform: Windows 10 Home Single Language Version 1607 (X64) Language: Türkçe (Türkiye)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Electronic Arts) D:\Program Dosyalari\Origin\OriginWebHelperService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
    (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
    (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (AirTies Wireless Networks) C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\AnaGui.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (GOG.com) D:\Program Dosyalari\GalaxyClient\GalaxyClient.exe
    (GOG.com) D:\Program Dosyalari\GalaxyClient\GalaxyClient Helper.exe
    (GOG.com) D:\Program Dosyalari\GalaxyClient\GalaxyClient Helper.exe
    (GOG.com) D:\Program Dosyalari\GalaxyClient\GalaxyClient Helper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-47 (the data entry has 36 more characters).
    HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => D:\Program Dosyalari\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
    HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Run: [GalaxyClient] => D:\Program Dosyalari\GalaxyClient\GalaxyClient.exe [3971648 2016-12-21] (GOG.com)
    HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Program Dosyalari\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
    HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3994736 2016-10-01] (Tonec Inc.)
    HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\MountPoints2: {6e3e4549-3c39-11e6-82d4-d8cb8a34a717} - "F:\setup.exe"
    HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\MountPoints2: {84821c0b-69b3-11e5-827d-d8cb8a34a717} - "F:\iStudio.exe"
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AirTies Network Assistant.lnk [2016-02-05]
    ShortcutTarget: AirTies Network Assistant.lnk -> C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\AnaGui.exe (AirTies Wireless Networks)
    GroupPolicy: Restriction <======= ATTENTION
    GroupPolicy\User: Restriction <======= ATTENTION


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{f553d58b-9442-4589-a2de-64173a557dfc}: [DhcpNameServer] 192.168.2.1


    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-2070039639-675289181-3059388584-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File


    FireFox:
    ========
    FF ProfilePath: C:\Users\Sercan\AppData\Roaming\Mozilla\Firefox\Profiles\sx7hpokk.default [2017-01-23]
    FF NewTab: Mozilla\Firefox\Profiles\sx7hpokk.default -> about:newtab
    FF Homepage: Mozilla\Firefox\Profiles\sx7hpokk.default -> Google
    FF Extension: (Disable youtube html5 player) - C:\Users\Sercan\AppData\Roaming\Mozilla\Firefox\Profiles\sx7hpokk.default\Extensions\@disableyoutube html5player.xpi [2016-11-11]
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-09-21]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
    FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-26]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
    FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
    FF HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Sercan\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Sercan\AppData\Roaming\IDM\idmmzcc5 [2017-01-23] [not signed]
    FF HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-23] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-23] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-07-23] (Adobe Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-22] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-22] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2070039639-675289181-3059388584-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sercan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
    StartMenuInternet: FIREFOX.EXE - D:\Program Dosyalari\Mozilla Firefox\firefox.exe


    Chrome:
    =======
    CHR DefaultProfile: Profile 1
    CHR Profile: C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-24]
    CHR Extension: (tab packager by tab.bz) - C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2017-01-23]
    CHR Extension: (Assassin's Creed 4 Black Flag) - C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lldfhamljhbognenjcohoodlecghkeei [2017-01-23]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
    CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-16]
    CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
    R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
    R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
    R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
    R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
    S3 Disc Soft Lite Bus Service; D:\Program Dosyalari\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
    S3 fussvc; D:\Programlar\Windows Kits\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [File not signed]
    S3 GalaxyClientService; D:\Program Dosyalari\GalaxyClient\GalaxyClientService.exe [284224 2016-12-21] (GOG.com)
    S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
    S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
    R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
    S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
    S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
    R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
    R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
    S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
    R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
    R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-13] (NVIDIA Corporation)
    R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-13] (NVIDIA Corporation)
    S3 Origin Client Service; D:\Program Dosyalari\Origin\OriginClientService.exe [2119176 2017-01-10] (Electronic Arts)
    R2 Origin Web Helper Service; D:\Program Dosyalari\Origin\OriginWebHelperService.exe [2181648 2017-01-10] (Electronic Arts)
    S3 Te.Service; D:\Programlar\Windows Kits\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
    R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
    R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-09-08] (Disc Soft Ltd)
    S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2015-08-15] (Disc Soft Ltd)
    S3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2015-08-15] (Disc Soft Ltd)
    S3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2015-08-15] (Disc Soft Ltd)
    R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
    R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
    R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
    R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
    S0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
    S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
    R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
    R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-12-26] (AO Kaspersky Lab)
    R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2017-01-23] (AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-26] (AO Kaspersky Lab)
    R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-26] (AO Kaspersky Lab)
    S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
    R4 klkbdflt2; C:\WINDOWS\system32\DRIVERS\klkbdflt2.sys [43440 2016-05-23] (AO Kaspersky Lab)
    S3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
    R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
    U0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2017-01-23] (AO Kaspersky Lab)
    U3 klupd_klif_arkmon_66516A70; C:\ProgramData\Kaspersky Lab\AVP17.0.0\temp\66516A704F1D378E58B85D79633C103D\klupd_klif_arkmon.sys [218920 2017-01-23] (AO Kaspersky Lab)
    U3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [85984 2017-01-23] ()
    U3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2017-01-23] (AO Kaspersky Lab)
    U0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2017-01-23] (AO Kaspersky Lab)
    U3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2017-01-23] (AO Kaspersky Lab)
    R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
    R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-26] (AO Kaspersky Lab)
    R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-01-23] (Malwarebytes)
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-13] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-13] (NVIDIA Corporation)
    U5 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [451216 2014-11-04] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-13] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
    R3 tpfilter; C:\WINDOWS\System32\drivers\tpfilter.sys [25928 2015-11-22] (TP Microelectronic)
    S3 usbUDisc; C:\WINDOWS\System32\drivers\USBDrv_AMD64.sys [18392 2013-01-25] (Scott)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-24] (Intel Corporation)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-23] (Zemana Ltd.)
    U0 aswVmm; no ImagePath
    U0 Partizan; system32\drivers\Partizan.sys [X]
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-01-24 12:41 - 2017-01-24 12:41 - 00000000 ____D C:\FRST
    2017-01-24 12:36 - 2017-01-24 12:36 - 00000000 ___HD C:\OneDriveTemp
    2017-01-23 23:20 - 2017-01-23 23:20 - 00245512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
    2017-01-23 23:15 - 2017-01-23 23:15 - 00218920 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
    2017-01-23 23:15 - 2017-01-23 23:15 - 00164888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
    2017-01-23 23:15 - 2017-01-23 23:15 - 00104720 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
    2017-01-23 23:15 - 2017-01-23 23:15 - 00085984 _____ C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
    2017-01-23 23:12 - 2017-01-23 23:15 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
    2017-01-23 23:12 - 2017-01-23 23:12 - 00002230 _____ C:\Users\Public\Desktop\Safe Money.lnk
    2017-01-23 23:12 - 2017-01-23 23:12 - 00002212 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
    2017-01-23 23:12 - 2017-01-23 23:12 - 00001454 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
    2017-01-23 23:12 - 2017-01-23 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
    2017-01-23 23:12 - 2017-01-23 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
    2017-01-23 23:12 - 2017-01-23 23:12 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
    2017-01-23 23:12 - 2016-12-26 22:03 - 01019616 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
    2017-01-23 23:12 - 2016-12-26 22:03 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
    2017-01-23 23:12 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
    2017-01-23 23:12 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
    2017-01-23 22:50 - 2017-01-23 22:50 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2017-01-23 22:50 - 2017-01-23 22:50 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\Sun
    2017-01-23 22:50 - 2017-01-23 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-01-23 22:50 - 2017-01-23 22:50 - 00000000 ____D C:\Program Files (x86)\Java
    2017-01-23 22:11 - 2017-01-23 22:11 - 00000000 _____ C:\WINDOWS\SysWOW64\RENE7ED.tmp
    2017-01-23 21:51 - 2017-01-23 21:51 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
    2017-01-23 21:51 - 2017-01-23 21:51 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
    2017-01-23 21:19 - 2017-01-23 21:22 - 00000154 _____ C:\WINDOWS\SysWOW64\Partizan.RRI
    2017-01-23 21:13 - 2017-01-23 21:19 - 00000000 ____D C:\Users\Sercan\Documents\RegRun2
    2017-01-23 21:13 - 2017-01-23 21:13 - 00000002 RSHOT C:\WINDOWS\winstart.bat
    2017-01-23 21:13 - 2017-01-23 21:13 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
    2017-01-23 21:13 - 2017-01-23 21:13 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
    2017-01-23 21:13 - 2017-01-23 21:13 - 00000000 ____D C:\ProgramData\RegRun
    2017-01-23 20:25 - 2017-01-24 12:41 - 00249569 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-01-23 20:25 - 2017-01-23 22:00 - 00071915 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-01-23 20:25 - 2017-01-23 20:25 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-01-23 20:16 - 2017-01-23 20:16 - 05483584 _____ ( ) C:\Users\Sercan\Downloads\Zemana.AntiMalware.Setup.exe
    2017-01-23 19:33 - 2017-01-23 19:33 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\ProductData
    2017-01-23 18:09 - 2017-01-23 18:09 - 00001902 _____ C:\Users\Sercan\Desktop\JRT.txt
    2017-01-23 18:08 - 2017-01-23 18:08 - 01663040 _____ (Malwarebytes) C:\Users\Sercan\Downloads\JRT.exe
    2017-01-23 14:10 - 2017-01-23 14:10 - 00000279 _____ C:\Users\Sercan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geri Dönüşüm Kutusu.lnk
    2017-01-23 03:01 - 2017-01-23 03:01 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-01-23 03:01 - 2017-01-23 03:01 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-01-23 01:07 - 2017-01-23 01:07 - 00218834 _____ C:\ProgramData\cl.uninstall.1485122769.bdinstall.bin
    2017-01-23 01:06 - 2017-01-23 01:06 - 00000336 _____ C:\WINDOWS\system32\㩃坜义佄南呜䵅屐浸㙬〲⸳浴p翸
    2017-01-23 01:06 - 2017-01-23 01:06 - 00000328 _____ C:\WINDOWS\system32\㩃坜义佄南呜䵅屐浸㕬䉆⸸浴p翸
    2017-01-23 01:06 - 2017-01-23 01:06 - 00000326 _____ C:\WINDOWS\system32\㩃坜义佄南呜䵅屐浸㙬〲⸴浴p翸
    2017-01-23 00:30 - 2017-01-23 00:30 - 00401025 _____ C:\ProgramData\cl.1485120489.bdinstall.bin
    2017-01-23 00:01 - 2017-01-23 00:01 - 00028871 _____ C:\ProgramData\agent.1485118862.bdinstall.bin
    2017-01-22 23:57 - 2017-01-22 23:57 - 00028879 _____ C:\ProgramData\agent.1485118630.bdinstall.bin
    2017-01-22 23:56 - 2017-01-22 23:57 - 10333355 _____ C:\Users\Sercan\Downloads\bitdefender_antivirus.rar
    2017-01-22 23:56 - 2017-01-22 23:56 - 00029017 _____ C:\ProgramData\agent.1485118561.bdinstall.bin
    2017-01-22 23:52 - 2017-01-22 23:52 - 00006704 _____ C:\Users\Sercan\Desktop\Scan_2017-1-22-23-52.txt
    2017-01-22 23:45 - 2017-01-22 23:45 - 02941567 _____ C:\Users\Sercan\Desktop\GSI6_CASPER_NIRVANA_Sercan_01_22_2017_23_41_32.zip
    2017-01-22 23:44 - 2017-01-22 23:44 - 00000000 ____D C:\Program Files\Reason
    2017-01-22 23:43 - 2017-01-22 23:44 - 02873112 _____ (Reason Company Software Inc.) C:\Users\Sercan\Downloads\herdProtectScan_Setup.exe
    2017-01-22 23:37 - 2017-01-22 23:41 - 11011656 _____ (AO Kaspersky Lab) C:\Users\Sercan\Downloads\GetSystemInfo6.1.exe
    2017-01-22 23:33 - 2017-01-22 23:33 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\AVG
    2017-01-22 23:32 - 2017-01-22 23:32 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\TuneUp Software
    2017-01-22 23:31 - 2017-01-22 23:31 - 00000000 ____D C:\Users\Sercan\AppData\Local\MFAData
    2017-01-22 23:29 - 2017-01-22 23:29 - 00000000 ____D C:\Users\Sercan\AppData\Local\Chromium
    2017-01-22 22:47 - 2017-01-22 22:47 - 00028882 _____ C:\ProgramData\agent.1485114476.bdinstall.bin
    2017-01-22 19:30 - 2017-01-22 19:30 - 00002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-01-22 19:30 - 2017-01-22 19:30 - 00002335 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-01-22 19:24 - 2017-01-22 20:29 - 00003538 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-01-22 19:24 - 2017-01-22 20:29 - 00003414 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-01-22 19:23 - 2017-01-22 19:24 - 01065376 _____ (Google Inc.) C:\Users\Sercan\Downloads\ChromeSetup (2).exe
    2017-01-22 16:05 - 2017-01-23 17:39 - 00000000 ____D C:\Users\Sercan\Desktop\BİRGİ BELGESEL ÇEKİMİ
    2017-01-22 14:20 - 2017-01-23 20:47 - 00000000 ____D C:\AdwCleaner
    2017-01-21 19:04 - 2017-01-21 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2017-01-15 14:13 - 2017-01-15 15:18 - 00000308 _____ C:\Users\Sercan\Desktop\PS4.txt
    2017-01-11 18:53 - 2017-01-11 18:53 - 00000000 ____D C:\ProgramData\Socialclub
    2017-01-11 18:46 - 2017-01-11 18:46 - 00000000 ____D C:\Program Files\Rockstar Games
    2017-01-11 18:46 - 2017-01-11 18:46 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
    2017-01-11 18:20 - 2017-01-11 18:51 - 00000559 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
    2017-01-11 18:20 - 2017-01-11 18:51 - 00000559 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk
    2017-01-10 23:09 - 2016-12-21 11:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2017-01-10 23:09 - 2016-12-21 11:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
    2017-01-10 23:09 - 2016-12-21 11:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-01-10 23:09 - 2016-12-21 10:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2017-01-10 23:09 - 2016-12-21 10:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-01-10 23:09 - 2016-12-21 10:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-01-10 23:09 - 2016-12-21 10:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2017-01-10 23:09 - 2016-12-21 10:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2017-01-10 23:09 - 2016-12-21 10:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-01-10 23:09 - 2016-12-21 10:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-01-10 23:09 - 2016-12-21 10:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-01-10 23:09 - 2016-12-21 10:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2017-01-10 23:09 - 2016-12-21 10:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2017-01-10 23:09 - 2016-12-21 10:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-01-10 23:09 - 2016-12-21 10:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-01-10 23:09 - 2016-12-21 10:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-01-10 23:09 - 2016-12-21 10:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-01-10 23:09 - 2016-12-21 10:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2017-01-10 23:09 - 2016-12-21 10:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2017-01-10 23:09 - 2016-12-21 10:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2017-01-10 23:09 - 2016-12-21 10:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2017-01-10 23:09 - 2016-12-21 10:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
    2017-01-10 23:09 - 2016-12-21 10:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
    2017-01-10 23:09 - 2016-12-21 10:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2017-01-10 23:09 - 2016-12-21 10:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
    2017-01-10 23:09 - 2016-12-21 10:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2017-01-10 23:09 - 2016-12-21 10:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-01-10 23:09 - 2016-12-21 10:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
    2017-01-10 23:09 - 2016-12-21 10:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-01-10 23:09 - 2016-12-21 10:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-01-10 23:09 - 2016-12-21 10:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-01-10 23:09 - 2016-12-21 10:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
    2017-01-10 23:09 - 2016-12-21 10:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-01-10 23:09 - 2016-12-21 10:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-01-10 23:09 - 2016-12-21 10:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-01-10 23:09 - 2016-12-21 10:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
    2017-01-10 23:09 - 2016-12-21 10:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2017-01-10 23:09 - 2016-12-21 10:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-01-10 23:09 - 2016-12-21 10:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
    2017-01-10 23:09 - 2016-12-21 09:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-01-10 23:09 - 2016-12-21 09:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2017-01-10 23:09 - 2016-12-21 09:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-01-10 23:09 - 2016-12-21 09:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
    2017-01-10 23:09 - 2016-12-21 09:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
    2017-01-10 23:09 - 2016-12-21 09:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
    2017-01-10 23:09 - 2016-12-21 09:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-01-10 23:09 - 2016-12-21 09:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2017-01-10 23:09 - 2016-12-21 09:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
    2017-01-10 23:09 - 2016-12-21 09:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-01-10 23:09 - 2016-12-21 09:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-01-10 23:09 - 2016-12-21 09:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-01-10 23:09 - 2016-12-21 09:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2017-01-10 23:09 - 2016-12-21 09:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2017-01-10 23:09 - 2016-12-21 09:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-01-10 23:09 - 2016-12-21 09:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-01-10 23:09 - 2016-12-21 09:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2017-01-10 23:09 - 2016-12-21 09:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-01-10 23:09 - 2016-12-21 09:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-01-10 23:09 - 2016-12-21 09:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-01-10 23:09 - 2016-12-21 08:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
    2017-01-10 23:09 - 2016-12-21 08:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2017-01-10 23:09 - 2016-12-21 08:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-01-10 23:09 - 2016-12-21 08:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-01-10 23:09 - 2016-12-21 08:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2017-01-10 23:09 - 2016-12-21 08:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2017-01-10 23:09 - 2016-12-21 08:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2017-01-10 23:09 - 2016-12-21 08:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2017-01-10 23:09 - 2016-12-21 08:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-01-10 23:09 - 2016-12-21 07:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2017-01-10 23:09 - 2016-12-21 07:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
    2017-01-10 23:09 - 2016-12-21 07:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
    2017-01-10 23:09 - 2016-12-21 07:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2017-01-10 23:09 - 2016-12-21 07:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-01-10 23:09 - 2016-12-21 07:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
    2017-01-10 23:09 - 2016-12-21 07:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
    2017-01-10 23:09 - 2016-12-21 07:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-01-10 23:09 - 2016-12-21 07:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-01-10 23:09 - 2016-12-21 07:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-01-10 23:09 - 2016-12-21 07:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2017-01-10 23:09 - 2016-12-21 07:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-01-10 23:09 - 2016-12-21 07:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
    2017-01-10 23:09 - 2016-12-21 07:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-01-10 23:09 - 2016-12-21 07:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-01-10 23:09 - 2016-12-21 07:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-01-10 23:09 - 2016-12-21 07:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
    2017-01-10 23:09 - 2016-12-21 07:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-01-10 23:09 - 2016-12-21 07:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
    2017-01-10 23:09 - 2016-12-21 07:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
    2017-01-10 23:09 - 2016-12-21 07:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2017-01-10 23:09 - 2016-12-21 07:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-01-10 23:09 - 2016-12-21 07:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-01-10 23:09 - 2016-12-21 07:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-01-10 23:09 - 2016-12-21 07:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-01-10 23:09 - 2016-12-21 07:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-01-10 23:09 - 2016-12-21 07:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2017-01-10 23:09 - 2016-12-21 07:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-01-10 23:09 - 2016-12-14 08:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-01-10 23:09 - 2016-12-14 08:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-01-10 23:09 - 2016-12-14 08:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2017-01-10 23:09 - 2016-12-14 08:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2017-01-10 23:09 - 2016-12-14 08:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-01-10 23:09 - 2016-12-14 08:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2017-01-10 23:09 - 2016-12-14 08:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2017-01-10 23:09 - 2016-12-14 08:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-01-10 23:09 - 2016-12-14 08:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2017-01-10 23:09 - 2016-12-14 08:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2017-01-10 23:09 - 2016-12-14 08:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-01-10 23:09 - 2016-12-14 08:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2017-01-10 23:09 - 2016-12-14 08:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2017-01-10 23:09 - 2016-12-14 08:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-01-10 23:09 - 2016-12-14 08:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2017-01-10 23:09 - 2016-12-14 08:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-01-10 23:09 - 2016-12-14 08:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2017-01-10 23:09 - 2016-12-14 08:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2017-01-10 23:09 - 2016-12-14 07:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-01-10 23:09 - 2016-12-14 07:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-01-10 23:09 - 2016-12-14 07:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-01-10 23:09 - 2016-12-14 07:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2017-01-10 23:09 - 2016-12-14 07:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
    2017-01-10 23:09 - 2016-12-14 07:42 - 00384000 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
    2017-01-10 23:09 - 2016-12-14 07:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2017-01-10 23:09 - 2016-12-14 07:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
    2017-01-10 23:09 - 2016-12-14 07:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
    2017-01-10 23:09 - 2016-12-14 07:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
    2017-01-10 23:09 - 2016-12-14 07:41 - 00362496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
    2017-01-10 23:09 - 2016-12-14 07:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-01-10 23:09 - 2016-12-14 07:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2017-01-10 23:09 - 2016-12-14 07:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
    2017-01-10 23:09 - 2016-12-14 07:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
    2017-01-10 23:09 - 2016-12-14 07:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
    2017-01-10 23:09 - 2016-12-14 07:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
    2017-01-10 23:09 - 2016-12-14 07:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2017-01-10 23:09 - 2016-12-14 07:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-01-10 23:09 - 2016-12-14 07:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
    2017-01-10 23:09 - 2016-12-14 07:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-01-10 23:09 - 2016-12-14 07:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-01-10 23:09 - 2016-12-14 07:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
    2017-01-10 23:09 - 2016-12-14 07:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
    2017-01-10 23:09 - 2016-12-14 07:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2017-01-10 23:09 - 2016-12-14 07:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-01-10 23:09 - 2016-12-14 07:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-01-10 23:09 - 2016-12-14 07:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2017-01-10 23:09 - 2016-12-14 07:35 - 02220032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
    2017-01-10 23:09 - 2016-12-14 07:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-01-10 23:09 - 2016-12-14 07:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-01-10 23:09 - 2016-12-14 07:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2017-01-10 23:09 - 2016-12-14 07:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
    2017-01-10 23:09 - 2016-12-14 07:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2017-01-10 23:09 - 2016-12-14 07:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2017-01-10 23:09 - 2016-12-14 07:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2017-01-10 23:09 - 2016-12-14 07:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-01-10 23:09 - 2016-12-14 07:25 - 02795520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
    2017-01-10 23:09 - 2016-12-14 07:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2017-01-10 23:09 - 2016-12-14 07:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2017-01-10 23:09 - 2016-12-14 07:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2017-01-10 23:09 - 2016-12-14 07:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2017-01-10 23:09 - 2016-12-14 07:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2017-01-10 23:09 - 2016-12-14 07:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-01-10 23:09 - 2016-12-14 07:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2017-01-10 23:09 - 2016-12-14 07:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-01-10 23:09 - 2016-12-14 07:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-01-10 23:09 - 2016-12-14 07:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-01-10 23:09 - 2016-12-14 07:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-01-10 23:09 - 2016-12-14 07:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-01-10 23:09 - 2016-11-02 15:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-01-10 23:09 - 2016-11-02 14:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-01-10 23:09 - 2016-11-02 13:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2017-01-10 23:09 - 2016-11-02 13:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-01-10 23:09 - 2016-11-02 13:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-01-10 23:09 - 2016-08-02 07:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-01-07 19:55 - 2017-01-07 19:55 - 00000000 ____D C:\Users\Sercan\Documents\Rockstar Games
    2016-12-30 22:00 - 2016-12-31 09:19 - 00000407 _____ C:\Users\Sercan\Desktop\DİNLEME METİNLERİ.txt
    2016-12-27 19:21 - 2016-12-27 19:21 - 00000141 _____ C:\Users\Sercan\Desktop\OSMANLICA SINAV ÖNCESİ.txt
    2016-12-26 22:03 - 2016-12-26 22:03 - 00134880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
    2016-12-26 22:03 - 2016-12-26 22:03 - 00057424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
    2016-12-25 12:59 - 2016-12-25 18:28 - 00005251 _____ C:\Users\Sercan\Desktop\COĞRAFYA DERS NOTLARI (EBA).txt


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-01-24 12:39 - 2016-09-24 13:09 - 00004196 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{01DE6044-421D-486D-96AA-6101FD0E0137}
    2017-01-24 12:37 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-01-24 12:36 - 2016-09-24 13:04 - 00000000 ____D C:\ProgramData\NVIDIA
    2017-01-24 12:36 - 2016-05-14 10:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2017-01-24 12:36 - 2015-08-12 12:47 - 00000000 ___RD C:\Users\Sercan\OneDrive
    2017-01-24 01:03 - 2016-07-16 14:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-01-24 00:52 - 2016-09-24 13:04 - 00000000 ____D C:\Users\Sercan
    2017-01-24 00:52 - 2015-08-22 22:40 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\DMCache
    2017-01-24 00:51 - 2016-08-31 00:58 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\Origin
    2017-01-24 00:51 - 2016-08-31 00:50 - 00000000 ____D C:\ProgramData\Origin
    2017-01-24 00:00 - 2015-08-14 20:27 - 00000000 ____D C:\Users\Sercan\Desktop\Notlar ve Bilgiler
    2017-01-23 23:42 - 2016-12-22 21:45 - 00000000 ____D C:\Users\Sercan\AppData\LocalLow\Mozilla
    2017-01-23 23:15 - 2015-08-12 22:37 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-01-23 23:13 - 2016-07-16 14:45 - 00000000 ____D C:\WINDOWS\INF
    2017-01-23 23:12 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
    2017-01-23 23:12 - 2016-07-16 09:04 - 00131072 _____ C:\WINDOWS\system32\config\ELAM
    2017-01-23 23:05 - 2016-07-17 01:12 - 00935906 _____ C:\WINDOWS\system32\perfh01F.dat
    2017-01-23 23:05 - 2016-07-17 01:12 - 00237544 _____ C:\WINDOWS\system32\perfc01F.dat
    2017-01-23 23:05 - 2015-08-24 13:52 - 02417458 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-01-23 22:59 - 2016-09-22 00:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
    2017-01-23 22:58 - 2016-12-18 01:28 - 00006776 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
    2017-01-23 22:58 - 2016-09-24 13:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-01-23 22:58 - 2016-07-16 09:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
    2017-01-23 22:51 - 2015-08-12 22:53 - 00000000 ____D C:\ProgramData\Oracle
    2017-01-23 22:23 - 2015-08-20 19:16 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\.sonoyuncu
    2017-01-23 22:03 - 2015-08-13 19:59 - 00000000 ____D C:\Users\Sercan\AppData\Local\CrashDumps
    2017-01-23 20:30 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2017-01-23 17:58 - 2016-12-11 22:41 - 00000814 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2017-01-23 16:55 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-01-23 16:55 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2017-01-23 16:08 - 2016-09-24 13:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-01-23 14:06 - 2015-09-14 21:06 - 00000000 ____D C:\Users\Sercan\AppData\Local\Unity
    2017-01-23 14:00 - 2015-08-13 15:24 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\PhotoScape
    2017-01-23 10:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\rescache
    2017-01-23 01:06 - 2016-02-17 01:33 - 00042960 _____ C:\bdlog.txt
    2017-01-22 20:19 - 2015-11-07 13:50 - 00000000 ____D C:\Users\Sercan\ATUDB
    2017-01-22 19:30 - 2015-08-12 12:53 - 00000000 ____D C:\Users\Sercan\AppData\Local\Google
    2017-01-22 19:29 - 2015-08-12 12:53 - 00000000 ____D C:\Program Files (x86)\Google
    2017-01-22 18:39 - 2016-10-16 16:17 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\IDM
    2017-01-22 18:39 - 2016-09-24 14:03 - 00000000 ___DC C:\WINDOWS\Panther
    2017-01-22 18:39 - 2015-09-08 00:49 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\DAEMON Tools Lite
    2017-01-22 18:39 - 2015-08-12 23:54 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\uTorrent
    2017-01-22 15:24 - 2015-10-12 22:03 - 00000000 ____D C:\Users\Sercan\Desktop\DERSLER VE SINAVLAR
    2017-01-22 14:09 - 2015-08-28 16:05 - 00021504 ____H C:\Users\Sercan\Desktop\photothumb.db
    2017-01-22 07:30 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-01-21 23:13 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2017-01-21 23:13 - 2013-08-22 18:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2017-01-21 00:04 - 2015-08-29 22:58 - 00000000 ____D C:\Users\Sercan\Documents\The Witcher 3
    2017-01-14 10:46 - 2016-09-24 13:03 - 00280280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\Provisioning
    2017-01-13 21:27 - 2015-08-13 12:46 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-01-13 21:25 - 2016-07-16 14:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-01-13 21:25 - 2015-08-13 12:46 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-01-13 18:29 - 2016-12-09 18:28 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-01-13 18:29 - 2015-08-24 13:51 - 00002392 _____ C:\Users\Sercan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-01-07 19:18 - 2014-12-06 04:28 - 00000000 ____D C:\ProgramData\Package Cache
    2017-01-07 17:32 - 2016-01-21 22:12 - 00000000 ____D C:\Users\Sercan\AppData\Local\ElevatedDiagnostics
    2017-01-01 00:29 - 2016-12-16 21:59 - 00037887 _____ C:\Users\Sercan\Desktop\TARİH DERS NOTLARI (Benim Hocam).txt


    ==================== Files in the root of some directories =======


    2016-11-10 18:41 - 2016-06-03 17:30 - 0000073 _____ () C:\Users\Sercan\AppData\Roaming\registered-vaults.xml.bkp
    2016-05-14 09:42 - 2016-05-14 09:42 - 0343843 _____ () C:\Users\Sercan\AppData\Local\ars.cache
    2016-05-14 09:42 - 2016-05-14 09:42 - 0429657 _____ () C:\Users\Sercan\AppData\Local\census.cache
    2015-12-23 19:55 - 2016-12-08 18:24 - 0006656 _____ () C:\Users\Sercan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-02-05 12:56 - 2016-02-05 12:56 - 0018432 _____ () C:\Users\Sercan\AppData\Local\HnmDb.db
    2016-05-14 09:22 - 2016-05-14 09:22 - 0000036 _____ () C:\Users\Sercan\AppData\Local\housecall.guid.cache
    2016-05-14 09:39 - 2016-05-14 09:39 - 0000010 _____ () C:\Users\Sercan\AppData\Local\sponge.last.runtime.cache
    2016-11-10 18:43 - 2016-11-10 18:43 - 0028762 _____ () C:\ProgramData\agent.1478792576.bdinstall.bin
    2016-11-10 19:43 - 2016-11-10 19:43 - 0046363 _____ () C:\ProgramData\agent.1478796188.bdinstall.bin
    2016-11-10 19:44 - 2016-11-10 19:44 - 0027089 _____ () C:\ProgramData\agent.1478796238.bdinstall.bin
    2016-11-10 19:58 - 2016-11-10 19:58 - 0028760 _____ () C:\ProgramData\agent.1478797088.bdinstall.bin
    2016-12-10 23:21 - 2016-12-10 23:21 - 0029015 _____ () C:\ProgramData\agent.1481401276.bdinstall.bin
    2016-12-10 23:21 - 2016-12-10 23:21 - 0029020 _____ () C:\ProgramData\agent.1481401302.bdinstall.bin
    2016-12-11 19:59 - 2016-12-11 19:59 - 0029017 _____ () C:\ProgramData\agent.1481475575.bdinstall.bin
    2017-01-22 22:47 - 2017-01-22 22:47 - 0028882 _____ () C:\ProgramData\agent.1485114476.bdinstall.bin
    2017-01-22 23:56 - 2017-01-22 23:56 - 0029017 _____ () C:\ProgramData\agent.1485118561.bdinstall.bin
    2017-01-22 23:57 - 2017-01-22 23:57 - 0028879 _____ () C:\ProgramData\agent.1485118630.bdinstall.bin
    2017-01-23 00:01 - 2017-01-23 00:01 - 0028871 _____ () C:\ProgramData\agent.1485118862.bdinstall.bin
    2017-01-23 00:30 - 2017-01-23 00:30 - 0401025 _____ () C:\ProgramData\cl.1485120489.bdinstall.bin
    2017-01-23 01:07 - 2017-01-23 01:07 - 0218834 _____ () C:\ProgramData\cl.uninstall.1485122769.bdinstall.bin
    2016-11-10 18:42 - 2016-11-10 18:42 - 0055266 _____ () C:\ProgramData\dm.1478792549.bdinstall.bin
    2016-11-10 18:45 - 2016-11-10 18:45 - 0034738 _____ () C:\ProgramData\dm.1478792698.bdinstall.bin
    2016-11-10 19:57 - 2016-11-10 19:57 - 0055170 _____ () C:\ProgramData\dm.1478797054.bdinstall.bin
    2016-11-18 06:43 - 2016-11-18 06:43 - 0040265 _____ () C:\ProgramData\dm.1479440630.bdinstall.bin
    2016-12-11 20:10 - 2016-12-11 20:10 - 0035344 _____ () C:\ProgramData\dm.1481476190.bdinstall.bin
    2016-09-24 13:04 - 2016-09-24 13:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-12-18 01:28 - 2017-01-24 12:36 - 0004604 _____ () C:\ProgramData\NvTelemetryContainer.log
    2016-12-18 01:28 - 2017-01-23 22:58 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2017-01-22 19:36


    ==================== End of FRST.txt ============================
      My Computer


  8. Posts : 579
    Windows 10 Home
       #18

    cookies1,

    Thanks for the reports.

    For some reason, did not get notified of your post.

    As you can see, the logs are lengthy, so it will take me a while to go through them. The old eyes are not what they used to be!

    Will get back with the next step later this PM, maybe evening, but will try to do so sooner.

    Thanks for your patience.
      My Computer


  9. Posts : 579
    Windows 10 Home
       #19

    cookies1,

    Any reason why this was run from D:\ vs. the Desktop in C:\?
    Is D:\ an external hard drive?


    Please do the following:

    Press the Windows and R keys at the same time. This opens the Run box.
    Type Notepad and click OK.

    Next, please copy the entire contents inside the code box below to Notepad:

    Code:
    Start
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    GroupPolicy: Restriction <======= ATTENTION
    GroupPolicy\User: Restriction <======= ATTENTION
    Toolbar: HKU\S-1-5-21-2070039639-675289181-3059388584-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
    U0 Partizan; system32\drivers\Partizan.sys [X]
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
    C:\WINDOWS\system32\?????????????p?
    Task: {1E0D895E-CBD8-4B74-95E8-89FE72A5BC2E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {5D54704B-07C6-4DD9-BA73-4F70C02A78BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {606D6271-6DB6-44CC-8995-BE47D99D40C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {4EF3A0FD-DDA3-4300-93F8-2214455DA24B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {8BC4482F-56A2-45F6-915B-F5E6AC363436} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {9F7C5B31-607E-46B3-9841-3B7576C15C74} - \WPD\SqmUpload_S-1-5-21-2070039639-675289181-3059388584-1001 -> No File <==== ATTENTION
    Task: {AE2FF9F2-5335-49CE-ACA4-98F1452D1E5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B555BD07-33B4-4CD3-8AF0-0A2C0A4AD2E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {B72F8083-C6F8-45DA-9801-5D3513DEFD50} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {C52A25B4-FF50-4284-97DE-D5069563EAB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {CBAD0ABA-EE4F-4D62-B211-2559BFFB9939} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {F5AF3A77-3265-4B5A-8582-71A7DD870732} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    
    Reboot:
    End
    Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be running from D:\INDIRILENLER vs. the Desktop. They both need to be in the same place, preferably the Desktop.

    Next, run FRST and click Fix only once, and wait.

    When done, the tool creates a log: (Fixlog.txt)
    Please attach it to your reply.

    Also, let us know how it is going.
      My Computer


  10. Posts : 579
    Windows 10 Home
       #20

    cookies1,

    How is it going?

    Running FRST with the fixlist presented above is in your best interest.

    Mail.ru has a modus operandi of its own, and we need to do our best to keep it off the computer.
    Creators of this browser hijacker (and others) can manipulate Group Policy to change some settings so they cannot be easily removed or disabled. There are two entries in the FRST report which point to Group Policy restriction.
    They need to be removed.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:57.
Find Us




Windows 10 Forums