Logfile of random's system information tool 1.10 (written by random/random)
Run by murat at 2014-12-28 10:01:06
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 314 GB (72%) free of 435 GB
Total RAM: 4003 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:21, on 28/12/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
C:\Program Files (x86)\Launch Manager\OSD.exe
C:\Program Files (x86)\Launch Manager\WButton.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Easy Downloads\easydownloads.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\murat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1419716786&from=amt&uid=HitachiXHTS545050B9A300_101013PBN40317KEY8HEX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1419716786&from=amt&uid=HitachiXHTS545050B9A300_101013PBN40317KEY8HEX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1419716786&from=amt&uid=HitachiXHTS545050B9A300_101013PBN40317KEY8HEX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1419716786&from=amt&uid=HitachiXHTS545050B9A300_101013PBN40317KEY8HEX&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1419716786&from=amt&uid=HitachiXHTS545050B9A300_101013PBN40317KEY8HEX&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1419716786&from=amt&uid=HitachiXHTS545050B9A300_101013PBN40317KEY8HEX
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: 486f39d5be3842d1a5b143880bdcbae60069063 - {11111111-1111-1111-1111-110611901163} - C:\Program Files (x86)\HDQ-1.2cV27.12\HDQ-1.2cV27.12-bho.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Music Search App (Dist. by Bandoo Media, Inc.) - {88d8ecb7-204f-4efd-8134-f6341f76c672} - (no file)
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {88d8ecb7-204f-4efd-8134-f6341f76c672} - (no file)
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files (x86)\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files (x86)\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files (x86)\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [EasyDownloads] "C:\Program Files (x86)\Easy Downloads\easydownloads.exe" -tray
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_B3D8D2F077628A4FEAB49C3927728E32] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/1553-72747-17534-1/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - C:\ElsaWin\bin\wiprot.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:          
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Bandoo Media Inc. - C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: ELSA Administration Service (LcSvrAdm) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAdm.exe
O23 - Service: ELSA Auftragsverwaltungs Service (LcSvrAuf) - Volkswagen AG - C:\ElsaWin\bin\LcSvrAuf.exe
O23 - Service: ELSA DBA Server (LcSvrDba) - Volkswagen AG - C:\ElsaWin\bin\LcSvrDba.exe
O23 - Service: ELSA Historie Server (LcSvrHis) - Volkswagen AG - C:\ElsaWin\bin\LcSvrHis.exe
O23 - Service: ELSA PASS Server (LcSvrPAS) - Volkswagen AG - C:\ElsaWin\bin\LcSvrPas.exe
O23 - Service: ELSA APOSpro Server (LcSvrSaz) - Volkswagen AG - C:\ElsaWin\bin\LcSvrSaz.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WorkshopDBService - Acresso - C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE

--
End of file - 16459 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe

C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Windows\system32\WLANExt.exe 23061504
\??\C:\Windows\system32\conhost.exe "-713271544-179831348716585720041648373693-49155892420403400171155799847723127677
"C:\Program Files\Alwil Software\Avast4\ashServ.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" 
"C:\Windows\System32\hkcmd.exe" 
"C:\Windows\System32\igfxpers.exe" 
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Launch Manager\HotkeyApp.exe" 
"C:\Program Files (x86)\Launch Manager\OSD.exe" 
"C:\Program Files (x86)\Launch Manager\WButton.exe" 
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" 
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" 
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" 
"C:\Program Files\Alwil Software\Avast4\ashDisp.exe" 
"C:\Program Files (x86)\Easy Downloads\easydownloads.exe" -tray
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service
C:\Windows\System32\spoolsv.exe
taskeng.exe {870CCAF3-1C69-4F12-915C-0EAB6D1FAE1E}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\HDQ-1.2cV27.12\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-6.exe" /rawdata=VZK7jgFTVEFoh6pjV7C+1KcEPEOREOYWOGYrxlDOPQ+TxGHodDW33xmLYfevIHoySNsqwHKjs2p7JdkpCIWJ6IW1izxvD+DDOn2stn90J4bXqRjaI8hGtD0pU7mLVBt48U1uUM8xpu+ps/IPbe95/W6Yd6mVvJAy4mEZVNzEosJnLupkpRob8hyaUdW2zpVqWWkUFcLf6kJ4fBPED3hopxn5qcKcEz39lfQT9l0QV7ltD5CTvZu2uw7hVe3nTgiBvM4ybfJXTB0z7oMiuql/fk2ZhOGanvxox+jBmeMh8gaNyM5T8Sz9f0BW+AitBwa5ScsgkdnT6TuCbq8zTwsfE7WDQIhM9Om9vMtawrtmg6BkREj88q6tfrRf6YlxDWQpHV1B/PKagNQdT6UoAY6o+gzZmvRO4NuyBqRrQYgM+7fR62+UemdDCO0FpkrNE7ADTc+oHVj6WY6ov2xbMfsmyOlFQw6+th3Vc92SexQvuZMnRatCd67HTkEGz38KZ+ClPnlprFZFbv6ieVMsl2rZiqHnkNKrce9WSGo71kfM4B+tS0LnHgWEDPpj3M4Ufn75yXJb0VYlx7NYct5yNlYjkBKT4M5kt51HgNJEW4SHcJaROBaZJLkWfvjrjCuW4svoam1bLnTXK7+5p5VPyUTaxdFqij+Q8n24o8a3SSAADu6UvTwS2FWb9/X0Rs1J1x2BOmyN2cwCYYMvL3sA+l3BVJRQ6oewyIPnmQjL8y5GUKf4bUs61VEWZ3OFipyOgo4kvCk/q7ZaOUl6e0PkUzh0LA30xQNxzFhVISV45PJ6YKZlKdu66dTjPESB+Ea/LiGTc69FAymx7L7tOqCB2I075VJA8nTeGEqMnsYfzIsP8+mleDtBzvCbih7LQrAHbukVNwjuGfoCX7IhqETQtPqeV9pOMDbHbiL/bc6nkcp91V0+1YV+jj6l4xkGObRcy+2wn9JgLeSieorpOrTvUZQC1YCscwLGgEoXHkYztIagqtP/KDGiIVvC2S1ztIT6mjBMHvbEP1RDcV4276+JAv41kIr3xHzFib+Sw72l19NyXgTPeRyRiqK9RqxiD8ZehFj1Lm5aIFYqKXln5rPySncqdqWrTQ5YEqypbELvaKlj+v4VqTGvaVjajo7YVEgHNqrnz0jPffebzTgt4e9qrOFyJ13Xk+j7vUwoRw9EiXMciDZ5XzOiGOt2CFZGund56LV8yHqkRIsOCUdksK65Tq7+n6M2gh0mGvyaRJkw6+OQK6ax42fLuBUJU+bOMXFDBVXSoaRh+ppFT1X7Mn0X2D/gKfiVjV81sFTZ6YHev8sG0lF0iiddJuVIbPBvRIs4Z6m9NzCEJ6LRJ4tzqzcdwHntAhcit4ySoItwXZ4lJpbsOlLBt2pSDBUma2oLl4GuRWzGv524h/axChW94sKYxEveKX59ngd5A2xscbpkQfZcfSEGsZkV2ZOlsswwRfggszgtUB7Iu18W823HmGtc+eIfYxHyUUSATj9mwMmyut2Ta/4/PS2T5O3socexKYMNDm9qVrbASW9EyftD2IiyXtYK7L4seWUYade1RUNvz6Fh8ru2zJACaMqZOfacQe/h4TQvVoOS0Z21zJFVXUYM3r3nWplxM5PlBba1MaLi8jWYMD5awypN+gV1htAs1oUepLZJ9ASSiDmpzI+vfa6TSCvJIISr7OMXkcsCjujbvvFR7QFxhYA6QnJH8hvRh7weGW+9rEuITcIrAOXdzb34ZbtbxtCPTRtyU0cGNbDadbb2sRNAowqySfbbYQ/D5MyjKbXHEO9ckvbcL72IeQeo49U3kUGETKQx7jJwiITtpsXaN4LOgU9bjGQB7hoMHo7v+0Yi9yO/EHBOty0ogwxi0Ri9gLVMK6TVa50asC1EtnwM7gALrLx09fAwl+2XYONIjtMr3wKTq8Xwjhc7C0Vr11sad00gLnE0RStNiM8hKcGGE1IsfjJj7TyJFDmorAPQrlKv46xgBbHJeh20FnUumbPQChUYHgggD16UdzdG2bj7vR7JlCYsnTq9ppVJCRFg2aYoKgTB9oE+6GlcvCi2nw5ii5p4pKQ+Wu3xFWZrlTYqskPqW9AJH3X1mcwPB2kCWtEcdQ0EC9AnEUC9oFOxWwIrEixvOTGE7UO0eeR/39x6d1JrPa/4otrVLch1oCnRUigjitP20Es2qAjJtpNwHS2UUtkuO2qV5QG2sAQAJinTy7CTm6yx26RD/YS5bkwABfjpiuwHCFwkL86i2hxie4IbEXNd5apqypxmY+LY6IH50WQIjYR184wI6iI2lvCmL7JXP43mgEVLwvIpOr0k85BJLJ69ZMBUjq0mGe8RzKX9hmOdNhwg24XvfMPsRNz327GzSOca1kR/LacOqt6vitH4QIiVVJ/qB0+2vn+bh8W5VKiYnzyYPHrnxBj3XLuahqvDLCDv+kOiOZWAJBystGMaP4hF2b2jCBDR+klVB2cl14PA/IAqJrnX6EMwWjdiavJ4RIW65jLbiVMCgGEF9jZf/Icu9UREHDSshDVrMXx5nHbrrKc69lklziHx+RgaBbDB
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
crypserv.exe
"C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe" -monitor 472
"C:\Program Files (x86)\Music App\Datamngr\DatamngrUI.exe"
C:\Windows\SysWOW64\srvany.exe
C:\ElsaWin\bin\LcSvrAdm.exe
C:\Windows\KMService.exe
\??\C:\Windows\system32\conhost.exe "-1256267593-16091617011930836232-19270112183225285282054572119-1001630188-1479597217
C:\ElsaWin\bin\LcSvrDba.exe
C:\ElsaWin\bin\LcSvrHis.exe
C:\ElsaWin\bin\LcSvrPas.exe
C:\ElsaWin\bin\LcSvrSaz.exe
"c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE -zglaxservice WorkshopDBService
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
"C:\Program Files (x86)\Vivid WorkshopData ATI\jre\bin\java.exe"  -Xrs -classpath "C:\Program Files (x86)\Vivid WorkshopData ATI\hsqldb.jar;C:\Program Files (x86)\Vivid WorkshopData ATI\lax.jar;" com.zerog.lax.LAX "C:/Program Files (x86)/Vivid WorkshopData ATI/WorkshopDBServer.lax" "C:/Windows/TEMP/laxDFD3.tmp" 
WLIDSvcM.exe 3400
\??\C:\Windows\system32\conhost.exe "1278483021608236198-1606111765-23908069318950740071728096010-11011994781514290094
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\ElsaWin\bin\LcSvrAuf.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
"C:\Program Files (x86)\Launch Manager\WisLMSvc.exe"
"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Internet Explorer\iexplore.exe" 
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5472 CREDAT:275457 /prefetch:2
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5472 CREDAT:1192997 /prefetch:2
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -noframemerging about:blank
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4720 CREDAT:275457 /prefetch:2
ctfmon.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3998879849-3691024730-1580810151-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3998879849-3691024730-1580810151-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"  "1"
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540 
"C:\Users\murat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3Z4LMV1\RSITx64.exe" 

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 
C:\Windows\tasks\DJESCB.job - C:\Users\murat\AppData\Roaming\DJESCB.exe /infocmdline=edgGJAvYROnsV7E18J4TxOx9l2WhiV07OTMcD+GVKUTOX5TBXbhcEAu9A5eluoQ1kPWQ7PUYaQPo+G2qteas32Q//NiPCuhx9VvIhC5soLxYzhFuSpRB/2j5lR3MgjHHkBtPxW+tpIealFQcXE5gqhWDB4ehb76ucZq9ObYhHCSxUmSuhrzV7j+6lXsiUlcEtVMLMvS84GDhkgGYeyTg4v0qgR+a5ccaE74xOQ4xBz/Bem1YU22J9Ux26DopgBfr3Vwji7L9PHWGEv62I0AZjfecEQJ5B61DwGY7D1NKtI8dtoMIjzaa48RUkhGorqaK4WO/2stFgJmN0h3sA/Vw6VMg8USiVbhr/vnsp4st5v/BMWQyi7TL3DbaiOJV+LLr1JCRFyUSsb3Sckj1j1Gg0NR9R5Wc0wItpawDvAQ7B21Qfb9zGoVvx6E76k3cVOhnug6orA95vSuldjzIKAyHepRzII1HZM2HIaHN3m3cXXIehZ0gHcLDiMqNOrqpdt3B
C:\Windows\tasks\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-1.job - C:\Program Files (x86)\HDQ-1.2cV27.12\HDQ-1.2cV27.12-codedownloader.exe /rawdata=TgMCdiv+mIHR+A3b09z65ryOLYwRMae9wVb/4/dS26aAno4piej1AmQovGmmH3TYzWr3wn5QVmzcca/1rT6objFvqyMKlsaXIj46ZkpX6/Tn2X2Ups/HV6bbbnF/RdVtTFdiab3KbXXUa15y8ZnDdsH1vq6srLYF7epRY9khXWdyvLJdLZG0aLAmsDFitr1i50kOkDjw8R3zpWxwyjxfyiSHm/el6vkQc+EHuK0NuX5zTOksRF3XKGqhvfx5xgIPdE46RY+QcbJ0k5wVqh+g7Nc74s1O4fhoIn1F47TEmyJx7fWmEDPtFJW7N3jh3Kc6gY+qKaUNaFOVuS525CIHzUePxJkdfZ1IwckbCzZbXCAATCaLOZE/A78yqXdTPKMsRAHXjL5iSTpmzcev33Sn5pPonPNV0kzm1rW8OFeabhe5FsHlru/nO4fZTm9+FUFb6uYcFx7woUI5wzKo5VJo9SFCEs035+lg7S4B6HLP9MKk8FM1CZUH2/jRxhPsiQuMx/OOMpmtxWVKLfz8G8Tc/xj/HWT7AfJBZGdm8HwkP7dL/sz9XhOzMXHvl9gY+HTbe5ci9V5REWAB9Zx9p2Om2pQP8Yxlt52HHSsqYxddoZeh7109pGQj7c5Bb9nlHNn1n4WfIfN1Ei5jDItpxP6W8hTefxwxu3P1C7p5wej1zpsGd0aCqFpm66B2R/M0JIo0iJ9gP46aU39b69+ZBa50egUWHqGMl7HKKpeFiejiiOXTHBmdir/5XJu5L0BRr18zD/t8/uKTc1Sd7tCuCW7t5J7ell3YCwNqN2AbilVnjcKGvKNo3YgAVkEo4jNb+suY5arMWuXSO9XYoZKgKU0BwqeHDdyt3XXHdSNQ2CiDsogIwtDttcES3leKqJixL7sHGApSkfdCBjPQcPIi/c8UCqVmkPDztY11SqqTyVRvYIRGD2if5n3CThZ40QDbecLkAdjy2b1DU6JX4oq4Itt+CDDNFX/F1ZVMbGXGBaKhiq4x3R2/LGFp75l+KxK4PCMLO6qduxdqoCus4cP0DYVAHtrCU+D8PXP4hC1xzQuRqBNXTV2mYmb95zJql49gXtDxbyE0D6RPrOr1NRq1Hz1/AkxCZ0cl3x3xY1s5f0beBR5N7byLtV7Vr8c6GD9NnN7bGmz5YJoWr1ceaPpdTGvkEf5mx7NBqTi8MqDNASiuPCVx8+oEiKq2xwcTSbG8w1D/5QGHGMZI3G6HF4j3Nrka1ZHiOeyaLLbiBiNnFi62ly/AyQ9kPdmLi780TCE2eFF9F+xz5ME5n/M+QxX/08LMU+dkOn64x5/kHFr8D6c145OC+v6PkyZC45NBt1oTDxdqbjJQwpqO4rIQ35xTzUTOQm0ay5sj5derY1TmObzMeXaXQLXkeAatjOzVqcR7nrzqdckfvN6JVri0Ykz/8OuGK3RvwjzuvFFVEkgxnM3e2OPzDNblNja9N35voJ29pivpE+EQBoHBJN+Bp3yMB5BVO+f6Ou0gMzNrVMpawNLrVL02pnr+FVFe0Nw7ecen0xy1
C:\Windows\tasks\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-2.job - C:\Program Files (x86)\HDQ-1.2cV27.12\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-2.exe /rawdata=S0W0vzypUtL3mYM/Vllb00ZLB7zZfu0ROEIFnUjiBkMIS5tKV0tN0ZYYCAjG2tfzfu9Zlzuvg2pxOZYeV2M99ubeNnzOsSAdI61+xnrcTz5sXpha4fIJ/uyANn2uXHGmc2HoanaV9wXEjBtpIQDSow9MG3AryT3vE3JV1Xaqge+SAsoF+pAxjHmLmLF03jFRwHmRrR9PEccPTnQAoUoOoD0zlVTXK3Ixf/w0TTMgkODwSJ4hc9GpHN/oeAHYck7yukmbBMUu3klHS8AI0ZSRpaG5pGhFaisHKnlIU04pw1fj5yKDy20WLNxGJItkPv5XxgcallcpgXhDhpYgy3FKCweoQQTDe4xIy5bZEqDJSUuNBAHaUNAoeBtOotN7IXh4oPLMrGzbB9C4buIAQV6cU0qapDKKEn8MnDje1VUAYl24RbIPqQnAECr78Tmo/uuHgz/jBqbSOJjB/zs4MskVi9n30D/abaGfyl9RFm0qSN99hTIgk1WmD/46YAv2tSEofHQ51ozQhekQzvtUFsgG1StcUoQITg7aJHCGNkGCbiJqJVVfpuzJB9DVO4NZ+WaDaP2qEr/NqaNyl5Cn9WU5oMaBWzsB8JVUA1zHY+SeSWwN9NMVvhUvtM5T4ohjonyRWZdS9/o936oegIOUQYL1NDZev09kUXZuWaN03+G33SNEojGX0Zct/EnROLbimVuNxfPPA+8y/MdWh1b9ADEcukrEicf/Co90OOtFWD0h+pCF2+oDFFrDu374KwUXteUFdlh+bWOLA+Fy5EgQfsZQMwa4Yyu6hr3yT9g6FCEQTByWg0pF0kX+hV033LyEHW6CDshzwCF17PzVOwOyJ41j6g==
C:\Windows\tasks\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-3.job - C:\Program Files (x86)\HDQ-1.2cV27.12\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-3.exe /rawdata=CBZbLLkXte/mLl7ZN9X1z4yXKo8DSAslmyTNx6bN6cHmcGItl2mtebMa1/F5K+y8RCMeq09fbsm2jJTgZqllfgEpwtsX6Vt9OFf9NjLT7xEkPSTHDOB59cs+WREcFQsUlc7fX1dHH94jE1ANgM/E2qfdx/z7eR29Wlc3Ni003ktBNt9ExZ8pVmSindRisRpbhc228SDENC3ZElJTI+PDcoUtTNbbj0tO6/SW4h7ttPuXkVi/DOfw6DX5Vfh875xqQdFUkmxQuOYvenJSKAO64ilieZEjaCQQZrXLezS9NED68QOweJzOYp37l+NU8KCVk5YH4j0vlHJqGXxyW9UveYlClx4yzzvWC6KvHrhWZMZZlpNebo/IOy3kZEUGqNxbDmOkVsaQ32t5X70Y+wnJl/yLIefEb6RGIT55xcYrBW0+QcUKNT+4qn2mg51LsLKbywwlc+pXT3S4QCDPnPi/qxAL4q5fzy29k4sGj7S7bT42iJQZ2wojSX0aUZ6drmFRu7JI9EV1AuapAprcqo56Kil6duXtVvnVJGLjeLe/zJQ1V2B4d6Wx4RpmmzfIoTjSlgdqz8gTTg2uZtsMd2nrD0sesc9CXwmyUhR9MMYLsJLOEJxjN81pTmpGL/hoM6pYCIND5QbctqyB/87Or7BqScdDoZEC+LouAxzR+PQOmaJAgYfTQkSXtKU6+jPTwaJGrb0wJMM3s9HotHFAC0becUBBPl3xgcwEzDs/Lj9J+4gPj99LHAY5TGzJwvKgr9/k2GeNbM03TExVQntX+WdfcNxsSuuEk1s+meTW9iD3uaHjIXnEPjJ5dFOabS9ZdyHQaLSyUridQPj5ICdlumCP4aeHDdyt3XXHdSNQ2CiDsogIwtDttcES3leKqJixL7sHGApSkfdCBjPQcPIi/c8UCqVmkPDztY11SqqTyVRvYIRGD2if5n3CThZ40QDbecLkAdjy2b1DU6JX4oq4Itt+CDDNFX/F1ZVMbGXGBaKhiq4x3R2/LGFp75l+KxK4PCMLO6qduxdqoCus4cP0DYVAHtrCU+D8PXP4hC1xzQuRqBNXTV2mYmb95zJql49gXtDxbyE0D6RPrOr1NRq1Hz1/AkxCZ0cl3x3xY1s5f0beBR5N7byLtV7Vr8c6GD9NnN7bGmz5YJoWr1ceaPpdTGvkEf5mx7NBqTi8MqDNASiuPCWBm2mMJBlZ5rWdjsHFEUomGMQ+MXe3Mthg4CgGDgXNPWEKVG+Zhik3+jOnFyPEVPoGeP642wDYyJythM3gNmjWttO2OPOKHSbHZCSBK6vzsliy+DBGm0K7Qvws9G7wUAFzrOdrXbn3AtEpAdTpSjygKj1n0U/18kWm7/FxP/cZBQiIKbjAczVpRkS9VmvdBXL8xM3Q7PL2Qd8gbXeACsUXkJwL183vh9zSRlRmLS2j34waXk+ZBECGXbui2CdHLZfT//qLYvteK4pjoHPB5AJa4D+zA9KdcnoCmWL6mHyW4TPBEghqXiQ1tjA5zKcPnvpDjd94IhYjdXCY/MagImHXfnZKGZxg0H6Eb1avsrxBeV04ByHZSHsZXZ2mZ6f0JLRxTPHUZwtANyT9f1Ns8IevKIhPmyJFdEWTAkeyBIM10EMv9yERZXAoBCPHvNQCMvBwbjoFKNXQekGXHu6WGeUIQI/9COlGo1A5XUu4mMg2c9OfxxpakWQpfoNUzp8HgARmPecEdK1WNtb5KeDI02esbcjdoVb2fURj+67bkH6IvxYFMV0uilBnThFnJCgqYEkSa450eBz3egqWN9hMMuuWqgrYJ8grzuxLAWgoQWYgBdAMXQWso/3QkfQpAMUOJiFtp2z5g0MqWoCUEMyFHHUuCKy2QKs89qTHsCWbLSDP9S15RylHDRdhy4LkwKFz7D2GT2CM9MQOoG20N5uoRaftK0CW3JAlJ1Qjkni/sEBmTZu9gqT9lSk1hntqJLJ44/Cs8hivlMVu55rE6add6Rxwdpg2Rt2QZvEWVg98zMjJCAnWfcSKtK1IzrC5nScbdy4bdSVknUPcm8VENiafMlTA
C:\Windows\tasks\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-4.job - C:\Program Files (x86)\HDQ-1.2cV27.12\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-4.exe /rawdata=B6fbl+EfrlFWaYPak5SGcPgEDcidLaUTCk9aRNTQD/zl9JnwFRp1W6djKh8j3c3+EiXkNVfR7OQ77veEfcM8QPWkaUJiiiKRpMGX3elEG3BAdz5BzjakSvw9bRoD55s5DjdYqGegnfkZD3/e/4besS5JwqrAwvsf51KqQrNIz+RuXbjgGNdqaq8oO5NiIjskBuagayKH4sO/ghAQi2/vLeAMpkeXXieCiZVyyihrqFpVB+FXmq349PZdxxy9X0ZRf5RSk+YeS0rPuBA8DTlvmVvR3CNdGhl1TjMXBxEgF4KBMVGdQpi9/4g9KkVxRdj29mcJT4o/v2Fg6dzktmKXdJ8A8w2ERWoh8hobjs54JGeHg9sBsaZRfU47ipSmVv1t8VDqqHuWlOm1sXMyaVecUF3UEOo/tcH7WHj+KkS+hAzyRjLYELmHXr33hOd5QN2YOyT6MfG3QCdiLuCXS2vrg8aRzydmLSmihifgD81xrjgcGzQlDt3hF5ollzjyO+1TfwF3ATgR+4GIqcgJLQCSWbajx1dhRyJTHShLRV4RHDEP2n8RVKnvTuA5tHmvoboh9kRmTOZL92IAxOqX4GBF+ne9q/K6b2CZgBzfWCakdUwWrhaZE5XaYzg6EnXXrxrua0KBCRZe/TGjGaQEcTgxDMJ2yBC5AgNZGJcFE6EnZJ8zjaTBIb5F0qs2luNxQ9nwH/t9wcn4swQPYqrxfstUhht3M48p1r0m0T0MGvH7Imm5At0bme91YWJuYcX1TCA7mzlqCqdrH6LCmH4XEABqBrxl/MsvyXJECEBH86M/+FLUO4XG8WOypxn2/fpbz2eRBJNjdODpX4jV2+lbzdwwUT/OvMTKTYEuw67pLuqnH+qnPRuNq6qDAH3dzVC3VGyfzYmElFCAYwZCbWlztOXBuOji+QIgflp2eiDwBHRL4e8JUj7vQebOztS0fxj1sd1Xnt2RcsEHBHMR4MOQtn2jkc5+/G5bo+TvCbktjUkirj6UBN7Vv4L5ofOhQa4FvFHBn/W9TZcTp3wpPWTDQu0mLhQWWNOzzNJFbySMfaYq+Ys6+n0XduHZc4lpQRUivG9v/190k0E8rHb6gGFF8+sHfVMukkNf4BSB5aXuJu+sboL/ZE0vY4t1Jd824xOQ5D6K7mDVlsWW5RTVigbz5/pw0o5ON1ZFDbk37znmTIhQPYt2MSap2qGHTVANkv4PXb289xXBTwOazYvMCPJnlTxJoCSyXSHBttuilYfVL3uM3lhUgfBzd5vcroW5ksaoTGBe7Aj5mwbsQtrRSjNJ1MSirovOLmOrTGHVKtGsOVdP53BC9rh56OPbVhD81AxkrnYXwdb6sf1Mp7o0BiW2nng2HGuQSbxlI8ARLY/e/XLiMF4p0+Q/2mqEOXtors7v7EimAU1TJOJfn+uL8Osd/HpYC0hLl4DXf6406MPjUEXCRtGKKiiJHjP71vlwWg0VuzRaLMKz4jwIzwvL6TpMoBE2wdRQl4YnC4aulmKOA2cfZCMe7X+8mItKutwKdmE/LkcDZXZBNONiVfB9+0FTguD63NpiScjJ05Q+1/HjBWAMZSDO1tXyyG4/I7SOrV7dcdlMpjf0oQTtiVUdMzvm3EAPRqskkPeUBntyLjqoKz1+Gnf6Zf76C5WsLe/WF8/dN+gkKMnTcssrqlcKr9mA8wGn7cbeo/UL/ncHstfGAGMWMpc/wqk+3GIRNoOggXKBVKvjLxkrqNaigKeZXEZeI3xS6487BDzgImK25npm0xP53zOGLo2Sf8eoe77Dv0sHppeLqH7/IFMuS5SFUVR27lmc6Xn6wDYHZwgZTML4UcJDknGEpvu9vppRqmt7XXvwCXVJGKDCinMBVw/1Z0/W4I4l97xpcj6NUwLb7srInkC2KrHPnrBon5zXbwKCGm5vimXeR73xVvvg0NxeRzqrjRay1R5hfN210zyztQOgxCzWNse5p2nIiIytn5qywAxe3OueFxDKRb3JD4rSgLZky7YYloytqozSmCV9HO2ujeg8e4C+kgwW9YhADOse4rJrelCo
C:\Windows\tasks\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-5.job - C:\Program Files (x86)\HDQ-1.2cV27.12\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-5.exe /rawdata=ENaj2XfYb48mLSMlp9YR0EgnPsgLOhjwiqOncKKqvcuWFBS1xEJrXznnK7kL9TU1oj4PVtqHacVRm9d1sP2TlPt6US02aQZkWE5LdPUcKXNzHZdqvRzoq1l9JWjdOOoVCIXzV22GW5VKwM5UANUtfS77LrT2RZK9Zyodk2aUb0CrFiXHY9yN9kVVjiZ+h9BcZZz1qv+/unbMQ8GYnVslo48mZea6Y4cqiboNFPkG/cmL39a04Tw8wXvk42YdTJDOQcLx4kYnVZ/5V7rFqsCL5t520YQQKX/lVNdxuxATTNDU50yihGEb4947ID1urESZy0qgPZhtfh3JnXwlnvtix1gwGP2ySaTdKDBbDCeZ6j5UKGgg85iyjRoYX6BHOP281kT5qXQavIlmGdWLWQfA7OUE2WgaFMoUStjNx41/VQyASi3m1e5neoJ9I7tRIoyVIl4ZSjzr1ERVQbEkHA34TW8h4HyuCtgzzBjaGrxbJEvi31IdLDJoA1xHBhUgQa/aNuwqsZeH4qxIUgHe3Iv3kB9LYwAickyBfGCv9vfkLSjQwaKZU8FQpz5sq//z8CXI5R1ufY4ruwkUx9g7abz45hgDv0YkCFMY4A7yIAog54lMQI+rnIdzuM7M8HiL+2qx1lD7BuCrHL/grZmd11xxWN8Q7nY/3e06pDKlagHXkt1vd3rivfSrArFM0foNEedttt8jN9/qM/32MZOzsQbV4p3SMI0tAsDe/5ds5rQVL97GI4clgSvF2j86h0409kuJb6kpJX5MN8ZxSD5OJKzE00u53tiHi2k0YmHEo9omW8Ct88pedNQ0KXjIC0Ctz2B+ozNhriTRoGip6Ajwioih/HKELslH7gbgD/tUyZ719Ah/TxqyXeaXEucj6pSQxV5pGqVl7nFSiQY8b4+XpoJMJlbpLTrUUv+ECFWsYQ1TJK+J4f5y1ObHcfLFc2Gf1Dts9VM90f1ArrNkFjKsCiq94tKierTh3rTPJcXEbpra2H43Tfo/Fz9qP4MC8rAPF68A
C:\Windows\tasks\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-5_user.job - C:\Program Files (x86)\HDQ-1.2cV27.12\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-5.exe /rawdata=ENaj2XfYb48mLSMlp9YR0EgnPsgLOhjwiqOncKKqvcuWFBS1xEJrXznnK7kL9TU1oj4PVtqHacVRm9d1sP2TlPt6US02aQZkWE5LdPUcKXNzHZdqvRzoq1l9JWjdOOoVCIXzV22GW5VKwM5UANUtfS77LrT2RZK9Zyodk2aUb0CrFiXHY9yN9kVVjiZ+h9BcZZz1qv+/unbMQ8GYnVslo48mZea6Y4cqiboNFPkG/cmL39a04Tw8wXvk42YdTJDOQcLx4kYnVZ/5V7rFqsCL5t520YQQKX/lVNdxuxATTNDU50yihGEb4947ID1urESZy0qgPZhtfh3JnXwlnvtix1gwGP2ySaTdKDBbDCeZ6j5UKGgg85iyjRoYX6BHOP281kT5qXQavIlmGdWLWQfA7OUE2WgaFMoUStjNx41/VQyASi3m1e5neoJ9I7tRIoyVIl4ZSjzr1ERVQbEkHA34TW8h4HyuCtgzzBjaGrxbJEvi31IdLDJoA1xHBhUgQa/aNuwqsZeH4qxIUgHe3Iv3kB9LYwAickyBfGCv9vfkLSjQwaKZU8FQpz5sq//z8CXI5R1ufY4ruwkUx9g7abz45hgDv0YkCFMY4A7yIAog54lMQI+rnIdzuM7M8HiL+2qx1lD7BuCrHL/grZmd11xxWN8Q7nY/3e06pDKlagHXkt1vd3rivfSrArFM0foNEedttt8jN9/qM/32MZOzsQbV4p3SMI0tAsDe/5ds5rQVL97GI4clgSvF2j86h0409kuJb6kpJX5MN8ZxSD5OJKzE00u53tiHi2k0YmHEo9omW8Ct88pedNQ0KXjIC0Ctz2B+ozNhriTRoGip6Ajwioih/Gse4xqN4TvVZseDg7l3pmwM4Bm9H/pn5fD2UjMK58Ua4ZrsJhRhtuKkwDziOSQ16iaspQiFtvGmY/nM1rOrb6rPs/Q7kSZVOGlPhsMqBmNAM0e2lQtGkj3gXqoIidvs5xtBYRbkivJ3hdF+BvvqtlyT0Ywr8qRgD1jERgjUTN0i
C:\Windows\tasks\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-6.job - C:\Program Files (x86)\HDQ-1.2cV27.12\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-6.exe /rawdata=VZK7jgFTVEFoh6pjV7C+1KcEPEOREOYWOGYrxlDOPQ+TxGHodDW33xmLYfevIHoySNsqwHKjs2p7JdkpCIWJ6IW1izxvD+DDOn2stn90J4bXqRjaI8hGtD0pU7mLVBt48U1uUM8xpu+ps/IPbe95/W6Yd6mVvJAy4mEZVNzEosJnLupkpRob8hyaUdW2zpVqWWkUFcLf6kJ4fBPED3hopxn5qcKcEz39lfQT9l0QV7ltD5CTvZu2uw7hVe3nTgiBvM4ybfJXTB0z7oMiuql/fk2ZhOGanvxox+jBmeMh8gaNyM5T8Sz9f0BW+AitBwa5ScsgkdnT6TuCbq8zTwsfE7WDQIhM9Om9vMtawrtmg6BkREj88q6tfrRf6YlxDWQpHV1B/PKagNQdT6UoAY6o+gzZmvRO4NuyBqRrQYgM+7fR62+UemdDCO0FpkrNE7ADTc+oHVj6WY6ov2xbMfsmyOlFQw6+th3Vc92SexQvuZMnRatCd67HTkEGz38KZ+ClPnlprFZFbv6ieVMsl2rZiqHnkNKrce9WSGo71kfM4B+tS0LnHgWEDPpj3M4Ufn75yXJb0VYlx7NYct5yNlYjkBKT4M5kt51HgNJEW4SHcJaROBaZJLkWfvjrjCuW4svoam1bLnTXK7+5p5VPyUTaxdFqij+Q8n24o8a3SSAADu6UvTwS2FWb9/X0Rs1J1x2BOmyN2cwCYYMvL3sA+l3BVJRQ6oewyIPnmQjL8y5GUKf4bUs61VEWZ3OFipyOgo4kvCk/q7ZaOUl6e0PkUzh0LA30xQNxzFhVISV45PJ6YKZlKdu66dTjPESB+Ea/LiGTc69FAymx7L7tOqCB2I075VJA8nTeGEqMnsYfzIsP8+mleDtBzvCbih7LQrAHbukVNwjuGfoCX7IhqETQtPqeV9pOMDbHbiL/bc6nkcp91V0+1YV+jj6l4xkGObRcy+2wn9JgLeSieorpOrTvUZQC1YCscwLGgEoXHkYztIagqtP/KDGiIVvC2S1ztIT6mjBMHvbEP1RDcV4276+JAv41kIr3xHzFib+Sw72l19NyXgTPeRyRiqK9RqxiD8ZehFj1Lm5aIFYqKXln5rPySncqdqWrTQ5YEqypbELvaKlj+v4VqTGvaVjajo7YVEgHNqrnz0jPffebzTgt4e9qrOFyJ13Xk+j7vUwoRw9EiXMciDZ5XzOiGOt2CFZGund56LV8yHqkRIsOCUdksK65Tq7+n6M2gh0mGvyaRJkw6+OQK6ax42fLuBUJU+bOMXFDBVXSoaRh+ppFT1X7Mn0X2D/gKfiVjV81sFTZ6YHev8sG0lF0iiddJuVIbPBvRIs4Z6m9NzCEJ6LRJ4tzqzcdwHntAhcit4ySoItwXZ4lJpbsOlLBt2pSDBUma2oLl4GuRWzGv524h/axChW94sKYxEveKX59ngd5A2xscbpkQfZcfSEGsZkV2ZOlsswwRfggszgtUB7Iu18W823HmGtc+eIfYxHyUUSATj9mwMmyut2Ta/4/PS2T5O3socexKYMNDm9qVrbASW9EyftD2IiyXtYK7L4seWUYade1RUNvz6Fh8ru2zJACaMqZOfacQe/h4TQvVoOS0Z21zJFVXUYM3r3nWplxM5PlBba1MaLi8jWYMD5awypN+gV1htAs1oUepLZJ9ASSiDmpzI+vfa6TSCvJIISr7OMXkcsCjujbvvFR7QFxhYA6QnJH8hvRh7weGW+9rEuITcIrAOXdzb34ZbtbxtCPTRtyU0cGNbDadbb2sRNAowqySfbbYQ/D5MyjKbXHEO9ckvbcL72IeQeo49U3kUGETKQx7jJwiITtpsXaN4LOgU9bjGQB7hoMHo7v+0Yi9yO/EHBOty0ogwxi0Ri9gLVMK6TVa50asC1EtnwM7gALrLx09fAwl+2XYONIjtMr3wKTq8Xwjhc7C0Vr11sad00gLnE0RStNiM8hKcGGE1IsfjJj7TyJFDmorAPQrlKv46xgBbHJeh20FnUumbPQChUYHgggD16UdzdG2bj7vR7JlCYsnTq9ppVJCRFg2aYoKgTB9oE+6GlcvCi2nw5ii5p4pKQ+Wu3xFWZrlTYqskPqW9AJH3X1mcwPB2kCWtEcdQ0EC9AnEUC9oFOxWwIrEixvOTGE7UO0eeR/39x6d1JrPa/4otrVLch1oCnRUigjitP20Es2qAjJtpNwHS2UUtkuO2qV5QG2sAQAJinTy7CTm6yx26RD/YS5bkwABfjpiuwHCFwkL86i2hxie4IbEXNd5apqypxmY+LY6IH50WQIjYR184wI6iI2lvCmL7JXP43mgEVLwvIpOr0k85BJLJ69ZMBUjq0mGe8RzKX9hmOdNhwg24XvfMPsRNz327GzSOca1kR/LacOqt6vitH4QIiVVJ/qB0+2vn+bh8W5VKiYnzyYPHrnxBj3XLuahqvDLCDv+kOiOZWAJBystGMaP4hF2b2jCBDR+klVB2cl14PA/IAqJrnX6EMwWjdiavJ4RIW65jLbiVMCgGEF9jZf/Icu9UREHDSshDVrMXx5nHbrrKc69lklziHx+RgaBbDB
C:\Windows\tasks\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-7.job - C:\Program Files (x86)\HDQ-1.2cV27.12\e4cb6bf9-f97e-4df4-9f8c-071af949fb9f-7.exe /rawdata=Kz6nYW9Q1HqMPfh4M5zCQ0ioq7dGxqihXp16dUOW3tJdYpOBkS5A+WLb4na8xTpqQFPnsNWOVsVJ6rnwT7pZxpfQ1m0KFTHASkWdm3a+ieGU5aSfrUydm8nfqEt/pkMvJqVe2jMD25c3DbYKIoH2V0ZN6wEKQlSj9IoXC9CsGuQSAWqjUovh3Q/+dd+rwyIE0RsUFa++UiMnVvLBH40oPmB9wTuGNvf65hKgpX8xCdEhyiizRRm6FM9dAnWRduhNoIqaiBk5XY1ioKNdUESSXBYe6hPAOmNgB/c+9c2pl42mm/ZIDAlD6PUfOgHON4PPqz09JPUd//ZMjM+g3mgRJVLwx8VEFb4ylElwENGZeBP5PHf6EqA6g4UNVibJuQMHv6vCO7x65H856/88MOQbz/A/hF2VA/uJgoFnS5ki6kU9gUkpBLiD+eAhtdqJohL241fZuvjjp4L7W30Bomuf/zGxBpQxI3ewkKWg8FrBHzqEQO5Su6M8rC8Zyt5v/re2JF8SkZXuFZ3czj14cOj3Ux+t7x8TelRs84T7CdSxzB6BxEf28+JSb4fvHAbn5ii1zQbXFlv+d5q+I385DgBdpjWJl/Mid6i4zlEMHVBszxqzw9bZaJyAgorKGK5DLS5Fw8Ab2WfVRDhRvYCsz5hiVrlfBCcj8jaaBcdW+j7pKcmZLp18xhlaahoqMlnkgKT05mHliaV908roL7qdq/sM/BdoUIYrr4eZj0NGZTqJwaJGF5B5tuYQMK//xK5W9VTeWURUvMPoaEGVtoKe/StO86mKqaWXcheUw6cL0CSozPvEbtXFs9hl6/ZrFoCBIr/QC3kX45/sE4lYyW8pBwer5p4Qxv1SkZjaRbXpxRMjy32lE2YVBDX6ve3ZjWEq7NDvYfo10VAfOG+p5wF7SAFybnnY9gDLV8/UkHMr5GFmnnHurUCoNOSonN04qJ3cKM0YaeK/Gfn4/QADPv0fc5Zqv+JknRNs1Jsb5rKOtGhDFbVj0CPho4BDT1Ju28WouXobLZLd2GB8GGQrmwCqowpVC3Ew7PRwB5SlpbG7nzZpDVKD0W4sdAJn8Mrz+SdJeu37aR0PhUK4VHHYIt4qDt5ftbiG60Pvn5H8PrbPPEFQv8vrLwl+go7a5VNAh65af5m8NJrN1x0BiD+NUcG2tFrKGE34uyBPpGk8NnmI9WMxUBC2GqirahxrNqpsLzdhscDtkKCgchtSC/9BOOvEvI8WveKSD9Femah5KW9F8l3m8Heb1ZY1RQbJQUCmRlNpfMjL90lE8915X0sg+xNYrfgtQf9w4yxriEkLMtKy2GxhFYdOfpRX2j1jCGXL7uojBH5FgYEMtL7VtU/Z67t29g5NJnegRT3qiglWllvb1TVwA3Fo49EuwowQADCTdZVk9zRqJk5NOI/yXbfhMEyn7O+CsMdAEUWnZ/QQnARuanx6Rcu0rwy0yUtuebKwJLmZBQp2g+GJyQNoDLdG63I7GqnQ0IHJmLe6hQbmOxRyNTiB89lUHnaEHLcuJNwe8hqMubyaGJM4EfoYYKjoTjyb+XXkywnXwc1/N22JisIJaCq1Pey9QXjC929s+DxVu5lkB5qBN3V7wslEl6WvY3MRA48b1PLIxGGecsIJ3y29E9ylpMoEz4CycOAEtH6Qsql1rcn06JYSG+LjD30clU8HVVD/o3j/CXLPiUivebqNBKYMBY+Thswelo3meOmgiGGyO5nYDh30rWR8JkyXyWim6EhpBn6MqvJpK7lMChCrk30nsYubq6d/rizFC7PZeiaRNNKTN9JspDJJXyGtS20Fby44zWeYYeSGConJlEhBL8JTB7b3pnRgZ9+DkLtiPwZwfeLK6XdA/bS5KxVM35LFzvBVZ1SWW9w6TLqu4Pw4q/0oGufYrjQiRWKHvwr15QiX5/G8EMbP2Yo8cOKbLRGYOk9tK2D+UF3ZtIg3QrO2GClFziKPeIB+/pm+Vc685T78n5LDgJ2FVVWHnHkCF3aUkl9C3rtGaZ0HgvwPF1rE8txEPU7ISlpmgA4EpXF7DWGkJbJFm0FYEtT1bJ7iyUBVn2e2XU2zMeRqA0oJMoM3ipCnm/7WEZP7V3naImz8Y3W65rBjOUjmLMIYyfv+Kz870+HmC0WEnQ6bbXoVYuiVZAomWIeELcN0DRk8gnc4ONLuyOz5pxaSQEK5helfstHq9wB513UNV2OG15HhIPpCxXEof/kxgL31u+qSv/RQINGEA2JztoafS+7exAZ6PRKzp88tT6iruTIYFcrVpVVfHmYiY9+nHg1oonmBD/vNtvKw1hW1qgSxve/fYnc16xqcaKh79uhX4awDi3CalhPtLMACufQNfKzE8OY3Akr7gtBxqxNeV4yZwdNZQIvXwCUnnSyWOg==
C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /c
C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\WHXIIII.job - C:\Users\murat\AppData\Roaming\WHXIIII.exe /infocmdline=sEP+CNxUQjmdJLJlkq9bqvbBN7fs0QEbTJI/4Nh+8YZjqYm1+Lo8L4/MH02Y8JcF9ynuA2jChjs0cBTv7F8K6o5qS3H8q89cLEXIitmEO60bLLiVXvsnwR+XiJ4g4EH8CR4S2aFr9KWC7O7i3QxDrI6uOwVnSioNJqC33P5w28Kcl7ExiF8nhjsgJk4VU9xd14T2LJA6f2d4Fw4TT4DrskVrW6ZKUriY6vi6Ud0fgVjh9Gsqi7vmqq4IwhVorXU+kWaZi7BTFohwD04nDqJuUQDumL5M0jdqam19Z8486FJ0yeA0brTS+TKSuGBu+4n146yoHKaAOJ5AhqG+jr5n1ztP7cJvlrOEVK1pGmsc6ean5BT2HfgA50Hs8gEXCbKfkH0UAZ7Ez+8zXu26jOwQrkveqojCou34Y9irZcQpg80dSv6UKwcpqhDuCgDwJhgcuv68idTwQZ99yEkufBJTZJPBteSNza149ifxgjteE6vKFxMwNNL8FiU4j/t7kt+D

=========Mozilla firefox=========

ProfilePath - C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default

prefs.js - "browser.startup.homepage" -  "http://www.mystartsearch.com/?type=hp&ts=1419716786&from=amt&uid=HitachiXHTS545050B9A300_101013PBN40317KEY8HEX"
prefs.js - "keyword.URL" -  "http://dts.search.ask.com/sr?src=ffb&gct=ds&appid=346&systemid=102&v=a14978-487&apn_dtid=BND102&apn_ptnrs=AG7&apn_uid=1082102458214344&o=APN10646&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.2.0]
"Description"=RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.2.0]
"Description"=RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]
"Description"=RealDownloader Plugin
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Description"=globalUpdate Update
"Path"=C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.246 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
Ask.xml
bing.xml
bolcom-nl.xml
google.xml
marktplaats-nl.xml
mystartsearch.xml
wikipedia-nl.xml

C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\extensions\
6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com
faststartff@gmail.com

C:\Users\murat\AppData\Roaming\Mozilla\Firefox\Profiles\of2dehqe.default\searchplugins\
Ask.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901163}]
HDQ-1.2cV27.12 - C:\Program Files (x86)\HDQ-1.2cV27.12\HDQ-1.2cV27.12-bho64.dll [2014-12-27 801768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88d8ecb7-204f-4efd-8134-f6341f76c672}]
Music Search App (Dist. by Bandoo Media, Inc.) - C:\PROGRA~2\MUSICA~1\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll [2014-07-09 131456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-12 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901163}]
HDQ-1.2cV27.12 - C:\Program Files (x86)\HDQ-1.2cV27.12\HDQ-1.2cV27.12-bho.dll [2014-12-27 611304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-08-09 508656]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88d8ecb7-204f-4efd-8134-f6341f76c672}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{88d8ecb7-204f-4efd-8134-f6341f76c672} - Music Search App (Dist. by Bandoo Media, Inc.) - C:\PROGRA~2\MUSICA~1\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll [2014-07-09 131456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{88d8ecb7-204f-4efd-8134-f6341f76c672}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-02-11 10361616]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-09-03 2294568]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-09 11780712]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-03-09 2189416]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-10 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-10 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-10 418328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184]
"GoogleChromeAutoLaunch_B3D8D2F077628A4FEAB49C3927728E32"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2014-12-06 856904]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HotkeyApp"=C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [2010-12-16 207400]
"LMgrVolOSD"=C:\Program Files (x86)\Launch Manager\OSD.exe [2009-12-12 348960]
"Wbutton"=C:\Program Files (x86)\Launch Manager\Wbutton.exe [2010-06-21 436264]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-11-17 113288]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]
"YouCam Mirage"=C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-10-29 136488]
"YouCam Tray"=C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [2010-10-29 224352]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2008-11-26 81000]
"EasyDownloads"=C:\Program Files (x86)\Easy Downloads\easydownloads.exe [2011-10-29 854040]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2012-05-31 336992]
"DivXMediaServer"=C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [2014-02-14 450560]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2014-01-10 1861968]

C:\Users\murat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2010 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-01-27 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2023-04-03 14:06:00 ----A---- C:\Windows\SYSWOW64\vbSendMail.dll
2014-12-28 10:01:06 ----D---- C:\rsit
2014-12-27 22:49:27 ----D---- C:\Program Files (x86)\e780127d-f207-4f1d-bb8d-b3877ccf9939
2014-12-27 22:48:52 ----D---- C:\Program Files (x86)\globalUpdate
2014-12-27 22:48:46 ----D---- C:\Program Files (x86)\HDQ-1.2cV27.12
2014-12-27 22:47:47 ----D---- C:\Users\murat\AppData\Roaming\tricomfi
2014-12-27 22:47:41 ----D---- C:\ProgramData\WindowsMangerProtect
2014-12-27 22:47:38 ----D---- C:\Program Files (x86)\SupTab
2014-12-27 22:46:44 ----D---- C:\Users\murat\AppData\Roaming\mystartsearch
2014-12-20 14:23:57 ----D---- C:\ProgramData\Datamngr
2014-12-19 00:12:45 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-12-19 00:12:45 ----A---- C:\Windows\system32\ieUnatt.exe
2014-12-10 16:53:26 ----D---- C:\Windows\system32\appraiser
2014-12-10 11:01:46 ----A---- C:\Windows\SYSWOW64\mferror.dll
2014-12-10 11:01:46 ----A---- C:\Windows\system32\mfpmp.exe
2014-12-10 11:01:46 ----A---- C:\Windows\system32\mferror.dll
2014-12-10 11:01:45 ----A---- C:\Windows\SYSWOW64\rrinstaller.exe
2014-12-10 11:01:45 ----A---- C:\Windows\SYSWOW64\mfps.dll
2014-12-10 11:01:45 ----A---- C:\Windows\SYSWOW64\mfpmp.exe
2014-12-10 11:01:45 ----A---- C:\Windows\SYSWOW64\mf.dll
2014-12-10 11:01:45 ----A---- C:\Windows\system32\rrinstaller.exe
2014-12-10 11:01:45 ----A---- C:\Windows\system32\mfps.dll
2014-12-10 11:01:43 ----A---- C:\Windows\system32\mf.dll
2014-12-10 10:54:00 ----A---- C:\Windows\system32\aitstatic.exe
2014-12-10 10:53:59 ----A---- C:\Windows\system32\appraiser.dll
2014-12-10 10:53:59 ----A---- C:\Windows\system32\aepic.dll
2014-12-10 10:53:59 ----A---- C:\Windows\system32\aeinv.dll
2014-12-10 10:53:58 ----A---- C:\Windows\system32\invagent.dll
2014-12-10 10:53:57 ----A---- C:\Windows\system32\generaltel.dll
2014-12-10 10:53:57 ----A---- C:\Windows\system32\devinv.dll
2014-12-10 10:53:56 ----A---- C:\Windows\system32\aepdu.dll
2014-12-10 10:53:44 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-10 10:53:43 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-10 10:53:41 ----A---- C:\Windows\system32\drivers\tdx.sys
2014-12-10 10:53:32 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-10 10:53:32 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-10 10:53:32 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-12-10 10:53:32 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-12-10 10:53:32 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-12-10 10:53:31 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-10 10:53:31 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-10 10:53:31 ----A---- C:\Windows\system32\iernonce.dll
2014-12-10 10:53:31 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-10 10:53:30 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-10 10:53:30 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-12-10 10:53:30 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-10 10:53:30 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 10:53:29 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-10 10:53:27 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-10 10:53:27 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-12-10 10:53:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-10 10:53:26 ----A---- C:\Windows\system32\urlmon.dll
2014-12-10 10:53:26 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-10 10:53:25 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-10 10:53:25 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-12-10 10:53:25 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 10:53:24 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-10 10:53:24 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 10:53:24 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-10 10:53:23 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-12-10 10:53:23 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-10 10:52:18 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-10 10:52:17 ----A---- C:\Windows\system32\iesetup.dll
2014-12-10 10:52:16 ----A---- C:\Windows\system32\ieapfltr.dll
2014-12-10 10:52:13 ----A---- C:\Windows\system32\iertutil.dll
2014-12-10 10:52:12 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-12-10 10:52:11 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-12-10 10:52:11 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-10 10:52:10 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-10 10:52:10 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-10 10:52:09 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-10 10:52:09 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-12-10 10:52:08 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-10 10:52:07 ----A---- C:\Windows\system32\ieui.dll
2014-12-10 10:52:06 ----A---- C:\Windows\system32\ieframe.dll
2014-12-10 10:52:05 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-10 10:52:04 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-12-10 10:52:03 ----A---- C:\Windows\system32\jscript9diag.dll
2014-12-10 10:52:03 ----A---- C:\Windows\system32\jscript9.dll
2014-12-10 10:52:02 ----A---- C:\Windows\system32\vbscript.dll
2014-12-10 10:52:01 ----A---- C:\Windows\system32\wininet.dll
2014-12-10 10:51:59 ----A---- C:\Windows\system32\msrating.dll
2014-12-10 10:51:59 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-12-10 10:51:58 ----A---- C:\Windows\system32\mshtml.dll
2014-12-10 10:50:37 ----A---- C:\Windows\system32\charmap.exe
2014-12-10 10:50:36 ----A---- C:\Windows\SYSWOW64\charmap.exe
2014-12-10 10:50:35 ----A---- C:\Windows\system32\WsmSvc.dll
2014-12-10 10:50:34 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2014-12-10 10:50:34 ----A---- C:\Windows\system32\WsmWmiPl.dll
2014-12-10 10:50:33 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 10:50:33 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 10:50:32 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2014-12-10 10:50:32 ----A---- C:\Windows\SYSWOW64\WsmAuto.dll
2014-12-10 10:50:32 ----A---- C:\Windows\SYSWOW64\WSManMigrationPlugin.dll
2014-12-10 10:50:32 ----A---- C:\Windows\SYSWOW64\WSManHTTPConfig.exe
2014-12-10 10:50:32 ----A---- C:\Windows\system32\WsmAuto.dll
2014-12-10 10:50:20 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-12-10 10:50:20 ----A---- C:\Windows\system32\tzres.dll
2014-12-01 23:54:10 ----D---- C:\opt
2014-12-01 23:49:29 ----A---- C:\Windows\tbwin.ini
2014-12-01 23:49:29 ----A---- C:\Windows\d2kinst.bat
2014-12-01 23:49:03 ----N---- C:\Windows\wluninst.dll
2014-12-01 23:48:58 ----A---- C:\Windows\lic_key.dat
2014-12-01 23:43:08 ----D---- C:\var
2014-12-01 23:43:00 ----N---- C:\Windows\SYSWOW64\hp_nls.dll

======List of files/folders modified in the last 1 month======

2014-12-28 10:01:18 ----D---- C:\Program Files\trend micro
2014-12-28 09:57:35 ----D---- C:\Windows\Temp
2014-12-28 09:56:14 ----D---- C:\Windows\SYSWOW64\drivers
2014-12-28 09:55:37 ----D---- C:\Windows\system32\config
2014-12-28 09:55:33 ----HD---- C:\ProgramData
2014-12-28 09:55:33 ----D---- C:\ProgramData\organiser
2014-12-28 00:33:48 ----D---- C:\Windows\inf
2014-12-28 00:33:28 ----D---- C:\Windows
2014-12-27 23:39:01 ----D---- C:\Windows\system32\Tasks
2014-12-27 23:08:03 ----D---- C:\Windows\debug
2014-12-27 22:50:45 ----RD---- C:\Program Files (x86)
2014-12-27 22:50:42 ----D---- C:\Windows\Tasks
2014-12-27 22:49:49 ----D---- C:\Program Files (x86)\AMI
2014-12-27 22:49:02 ----SHD---- C:\Windows\Installer
2014-12-19 16:12:13 ----D---- C:\Windows\System32
2014-12-19 16:12:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-19 15:55:06 ----D---- C:\Windows\winsxs
2014-12-19 15:54:33 ----D---- C:\Windows\SysWOW64
2014-12-19 15:54:11 ----SHD---- C:\System Volume Information
2014-12-19 00:08:57 ----D---- C:\Windows\system32\catroot
2014-12-17 12:53:56 ----D---- C:\NOHAU
2014-12-15 17:56:10 ----D---- C:\Windows\system32\catroot2
2014-12-14 13:36:19 ----D---- C:\Windows\SYSWOW64\nl-NL
2014-12-14 13:36:19 ----D---- C:\Windows\system32\nl-NL
2014-12-11 20:16:04 ----A---- C:\Windows\Acroread.ini
2014-12-10 19:34:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-10 16:53:26 ----SD---- C:\Windows\system32\CompatTel
2014-12-10 16:53:26 ----D---- C:\Windows\AppCompat
2014-12-10 16:53:25 ----SD---- C:\ProgramData\Microsoft
2014-12-10 16:53:22 ----D---- C:\Windows\system32\drivers
2014-12-10 16:53:22 ----D---- C:\Program Files\Internet Explorer
2014-12-10 16:53:20 ----D---- C:\Windows\SYSWOW64\en-US
2014-12-10 16:53:19 ----D---- C:\Windows\system32\en-US
2014-12-10 16:53:19 ----D---- C:\Windows\PolicyDefinitions
2014-12-10 16:53:16 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-10 11:17:48 ----D---- C:\ProgramData\Microsoft Help
2014-12-10 11:13:45 ----D---- C:\Windows\system32\MRT
2014-12-10 11:06:45 ----A---- C:\Windows\system32\MRT.exe
2014-12-02 00:24:12 ----A---- C:\Windows\mbcase.ini
2014-12-01 23:16:44 ----RSD---- C:\Windows\Fonts
2014-12-01 23:16:22 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-06 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 27216]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 89168]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 57936]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-01-16 46368]
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222; \??\C:\Program Files (x86)\Music App\Datamngr\x64\setmgrc3.cfg [2014-12-11 46152]
R1 NetworkX;NetworkX; C:\Windows\syswow64\ckldrv.sys []
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2012-05-31 126944]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 22096]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 64592]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2006-12-04 314368]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-02-16 261632]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-10-29 31088]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-01-27 12273408]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-03-09 2789992]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-02-24 8591872]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2011-02-10 181760]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\drivers\SynTP.sys [2010-09-03 1392688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
S2 hlemu;hlemu; C:\Windows\System32\drivers\hlemu.SYS []
S2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS []
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol; C:\Windows\system32\DRIVERS\amppal.sys [2011-02-16 261632]
S3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2014-01-13 79592]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2010-10-21 299520]
S3 Sntnlusb;Rainbow USB SuperPro; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbser;USB RS-232 Emulation Driver; C:\Windows\system32\DRIVERS\usbser.sys [2010-11-21 32768]
S3 WinUsb;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-02-17 1133568]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-02-09 134928]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2008-05-08 122880]
R2 DatamngrCoordinator;Datamngr Coordinator; C:\Program Files (x86)\Music App\Datamngr\DatamngrCoordinator.exe [2014-12-11 3574472]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-02-05 1515792]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 KMService;KMService; C:\Windows\syswow64\srvany.exe [2011-12-19 8192]
R2 LcSvrAdm;ELSA Administration Service; C:\ElsaWin\bin\LcSvrAdm.exe [2013-01-17 240640]
R2 LcSvrDba;ELSA DBA Server; C:\ElsaWin\bin\LcSvrDba.exe [2013-01-17 392704]
R2 LcSvrHis;ELSA Historie Server; C:\ElsaWin\bin\LcSvrHis.exe [2013-01-17 335360]
R2 LcSvrPAS;ELSA PASS Server; C:\ElsaWin\bin\LcSvrPas.exe [2013-01-17 478208]
R2 LcSvrSaz;ELSA APOSpro Server; C:\ElsaWin\bin\LcSvrSaz.exe [2013-01-17 373248]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-10 189728]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-02-05 836880]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2010-12-14 244904]
R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [2014-12-27 485888]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R2 WorkshopDBService;WorkshopDBService; C:\PROGRA~2\VIVIDW~1\WORKSH~1.EXE [2011-10-10 114688]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service; C:\ElsaWin\bin\LcSvrAuf.exe [2013-01-17 1321984]
R3 WisLMSvc;WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 globalUpdate;globalUpdate Update Service (globalUpdate); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-27 68608]
S2 gupdate;Google Updateservice (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10 267440]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem); C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-27 68608]
S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26 107912]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-22 114688]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-05 340240]
S3 ose;Office  Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-01 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------