nine

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 Ran by louisa-jeaninne (administrator) on DESKTOP-T6HV9R6 (23-02-2017 16:31:37) Running from C:\Users\louisa-jeaninne\Desktop Loaded Profiles: louisa-jeaninne (Available Profiles: louisa-jeaninne) Platform: Windows 10 Home Version 1607 (X64) Language: Engels (Verenigd Koninkrijk) Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Nolarry\Application\chrome.exe" "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (hxxp://www.amule.org/) C:\Program Files (x86)\walalala co\aMuleCustom\ed2k.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe (Nalpeiron Ltd.) C:\Windows\System32\nlsInterface.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Windows\SysWOW64\PSIService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Google Inc.) C:\Program Files (x86)\Nolarry\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Nolarry\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Microsoft Corporation) C:\Windows\splwow64.exe (MysticCoder) C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe () C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe (QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Google Inc.) C:\Program Files (x86)\Nolarry\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxMail.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7912.40507.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Google Inc.) C:\Program Files (x86)\Nolarry\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [531784 2007-10-31] (Corel, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2016-01-11] (HP Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.) HKLM-x32\...\Run: [Corel File Shell Monitor] => C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] () HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [345000 2017-01-22] (QIHU 360 SOFTWARE CO. LIMITED) HKU\S-1-5-21-547428184-218225385-153729512-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.) HKU\S-1-5-21-547428184-218225385-153729512-1001\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [487424 2011-05-03] (Gadwin Systems, Inc) HKU\S-1-5-21-547428184-218225385-153729512-1001\...\Run: [MysticThumbs] => C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe [461312 2011-01-04] (MysticCoder) HKU\S-1-5-21-547428184-218225385-153729512-1001\...\Run: [GoogleChromeAutoLaunch_C19FDEC061B0A11B3978871A695A3D4E] => C:\Program Files (x86)\Nolarry\Application\chrome.exe [921192 2016-10-12] (Google Inc.) HKU\S-1-5-18\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 195.130.130.4 195.130.131.4 Tcpip\..\Interfaces\{89f65e47-a353-474d-8ab3-71aee1d1ed9c}: [DhcpNameServer] 195.130.130.4 195.130.131.4 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HRTE SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-547428184-218225385-153729512-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-10-18] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-10-18] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-10-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-10-18] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://jigsaw%20puzzle/ CHR StartupUrls: Default -> "hxxp://www.jigsawplanet.com/","hxxp://www.mylucky123.com/?type=hp&ts=1476777238&z=b1292b6b19f427a99b6aeaagbz3m2q2m0m7m0obz2g&from=amule1017&uid=SAMSUNGXMZ7LN256HCHP-000H1_S1ZPNX0H716508" CHR Profile: C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default [2016-12-04] CHR Extension: (Google Presentaties) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-11] CHR Extension: (Google Documenten) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-11] CHR Extension: (Google Drive) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-11] CHR Extension: (YouTube) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-11] CHR Extension: (Google Spreadsheets) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-11] CHR Extension: (Offline Documenten) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-11] CHR Extension: (360 Internet Protection) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2016-10-23] CHR Extension: (https://account.microsoft.com/profile?lang=nl) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijcnbfjfcjlmbdmaijofohaanagmngj [2016-10-11] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-11] CHR Extension: (Bloxorz Block Puzzle) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\phiaicokjaoaobiobphcfkmbeiejdang [2016-10-11] CHR Extension: (Gmail) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-11] CHR Extension: (Chrome Media Router) - C:\Users\louisa-jeaninne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26] CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASTSRV; C:\windows\SysWOW64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation) S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [604280 2016-01-22] (Intel Corporation) S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.) R3 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.) R2 ed2kidle; C:\Program Files (x86)\walalala co\aMuleCustom\ed2k.exe [236544 2016-09-12] (hxxp://www.amule.org/) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation) S3 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [354936 2016-01-22] (Intel Corporation) S2 IlS; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation) S2 IlS; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] R2 IRMTService; C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182336 2015-12-01] (Intel Corporation) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-12-01] (Intel Corporation) S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] () R2 nlsInterface; C:\windows\system32\nlsInterface.exe [72192 2009-04-03] (Nalpeiron Ltd.) [File not signed] R2 ProtexisLicensing; C:\windows\SysWOW64\PSIService.exe [177704 2007-06-05] () R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [928168 2017-01-22] (QIHU 360 SOFTWARE CO. LIMITED) S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-23] (Realtek Semiconductor) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation) R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [160768 2016-09-28] (360.cn) R3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2016-11-25] (360.cn) R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2017-01-22] (360.cn) R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [339456 2017-01-22] (360.cn) S3 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [57856 2016-09-28] (360.cn) R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [400384 2016-09-28] (360.cn) S3 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2016-03-31] (Advanced Micro Devices, Inc.) R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [197632 2016-09-28] (360.cn) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [341256 2016-03-18] (Intel Corporation) R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [33512 2015-12-01] (Intel Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation) S3 pmxdrv; C:\windows\system32\drivers\pmxdrv.sys [31152 2016-09-17] () R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-12-17] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-23 16:31 - 2017-02-23 16:31 - 00022370 _____ C:\Users\louisa-jeaninne\Desktop\FRST.txt 2017-02-23 16:31 - 2017-02-23 16:31 - 00000000 ____D C:\FRST 2017-02-23 16:29 - 2017-02-23 16:30 - 02423296 _____ (Farbar) C:\Users\louisa-jeaninne\Desktop\FRST64.exe 2017-02-22 20:45 - 2017-02-22 20:45 - 00000000 ____D C:\Users\louisa-jeaninne\Desktop\s23+24 2017-02-20 20:25 - 2017-02-20 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead GIF-X.Plugin 2.0 2017-02-20 20:18 - 2017-02-20 20:25 - 00000016 _____ C:\WINDOWS\Wininit.ini 2017-02-20 20:18 - 2017-02-20 20:25 - 00000000 ____D C:\Program Files (x86)\Ulead GIF-X.Plugin 2.0 2017-02-20 20:18 - 2017-02-20 20:18 - 00000000 ____D C:\WINDOWS\PreviewSoft 2017-02-20 20:16 - 2017-02-20 20:25 - 00000000 ____D C:\WINDOWS\Noslip 2017-02-20 20:16 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe 2017-02-08 10:24 - 2017-02-08 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2017-01-25 11:55 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-25 11:55 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-23 15:18 - 2016-10-23 16:18 - 00000000 ____D C:\Users\louisa-jeaninne\AppData\LocalLow\360WD 2017-02-23 15:07 - 2016-09-07 18:57 - 00000000 ___RD C:\Users\louisa-jeaninne\Dropbox 2017-02-23 11:57 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-23 10:40 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-22 21:55 - 2016-10-23 16:18 - 00000000 ____D C:\ProgramData\360safe 2017-02-22 21:54 - 2016-11-16 18:13 - 00000000 __SHD C:\$360Section 2017-02-22 21:54 - 2016-10-23 16:19 - 00000000 ____D C:\ProgramData\360Quarant 2017-02-22 21:29 - 2016-09-10 19:02 - 00000000 ____D C:\Users\louisa-jeaninne\AppData\Local\Corel 2017-02-22 20:46 - 2016-09-10 19:02 - 00001056 ___SH C:\WINDOWS\SysWOW64\KGyGaAvL.sys 2017-02-21 22:22 - 2016-09-29 22:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-20 20:52 - 2016-09-14 19:41 - 00000000 ____D C:\Users\louisa-jeaninne\Desktop\animatie groep 2017-02-20 20:25 - 2016-09-18 16:23 - 00000000 ____D C:\Users\louisa-jeaninne\bureaublad 2017-02-18 19:26 - 2016-09-29 22:48 - 00003336 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForlouisa-jeaninne 2017-02-18 19:26 - 2016-09-17 20:51 - 00000404 _____ C:\WINDOWS\Tasks\HPCeeScheduleForlouisa-jeaninne.job 2017-02-18 18:33 - 2016-10-11 18:51 - 00003502 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-02-18 18:33 - 2016-10-11 18:51 - 00003278 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-02-18 15:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-02-12 17:42 - 2016-09-11 22:06 - 00000000 ___RD C:\Users\louisa-jeaninne\Desktop\nieuwe tubes 2017-02-10 19:02 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache 2017-02-08 10:24 - 2016-07-22 20:06 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-07 21:19 - 2016-11-13 19:26 - 00000000 ____D C:\Users\louisa-jeaninne\Desktop\sica 2017-02-07 09:48 - 2016-10-11 18:51 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-05 19:26 - 2016-09-30 22:25 - 00000699 _____ C:\Users\louisa-jeaninne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xenofex 2 Manual.lnk 2017-02-05 19:24 - 2016-10-12 19:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-01-30 20:15 - 2016-09-09 18:58 - 00000000 ___RD C:\Users\louisa-jeaninne\Desktop\logins - allerhande 2017-01-29 14:57 - 2016-10-23 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center 2017-01-27 19:30 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp ==================== Files in the root of some directories ======= 2016-09-10 19:02 - 2016-09-10 19:02 - 0008192 _____ () C:\Users\louisa-jeaninne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Some files in TEMP: ==================== 2017-01-21 21:24 - 2000-06-12 11:30 - 0040960 _____ () C:\Users\louisa-jeaninne\AppData\Local\Temp\INST01.dll 2017-02-05 19:25 - 2002-06-27 16:32 - 0053248 _____ () C:\Users\louisa-jeaninne\AppData\Local\Temp\INST011.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-14 19:21 ==================== End of FRST.txt ============================

deze twee zijn het...ik heb geen idee waarvoor het dient... nine

360 Total Security Scan Log Scan Time:2017-02-22 21:05:17 Time Taken:00:42:37 Object(s) Scanned:493990 Threat(s) Found:1 Threat(s) Resolved:1 Scan Settings ---------------------- Compressed Files Scan:No Scan Engine:Bitdefender Engine Scan Scope ---------------------- Full Scan Scan Result ====================== High-risk Items ---------------------- C:\Windows\Temp\nsi1F5D.tmp\Lancer.dll Gen:Variant.Application.Elex.95 Resolved

360 Total Security Scan Log Scan Time:2017-02-10 17:56:39 Time Taken:00:42:18 Object(s) Scanned:492355 Threat(s) Found:4 Threat(s) Resolved:4 Scan Settings ---------------------- Compressed Files Scan:No Scan Engine:Bitdefender Engine Scan Scope ---------------------- Full Scan Scan Result ====================== High-risk Items ---------------------- C:\Windows\Temp\nsi14CF.tmp\amule_update.dll-201701221856.dll.exe Win32/Trojan.aef Resolved C:\Windows\Temp\nsi14CF.tmp\GubedZL.dll Gen:Variant.Adware.Elex.10 Resolved C:\Windows\Temp\nsi14CF.tmp\Lancer.dll Gen:Variant.Adware.Elex.7 Resolved C:\Windows\Temp\nsi14CF.tmp\yacqq.exe Adware.GenericKD.4222348 Resolved

oei...met m'n virusscanner 360 Total Security....en ik wist niet op welk topic dit moest dus heb ik dit genomen...Nine

2017-02-22 21:05:17 Full Scan 1 threat(s) found, 1 resolved 2017-02-10 17:56:39 Full Scan 4 threat(s) found, 4 resolved iemand die weet wat ik hiermee moet doen??? amvast bedankt, Nine

Beste Wensen voor iedereen

dit mag afgesloten worden Droske, ik wil iedereen bedanken voor de geboden hulp...fijn weekend nog

dacht dat ik dat gedaan had Droske....niet dus...beter oogskes open houden, bedankt voor de reactie..

Hallo, ik heb er een ander scherm aangehangen en dan heb ik het probleem niet, dus terug m'n alledaags scherm eraan, en ja hoor, het werkt, ik ga in de toekomst eerst de bekabeling checken...dat zal al een uitsluitsel geven iedereen bedankt voor de spontane hulp groetjes

falstring, bedoel je dat het m'n beeldscherm is? zou best kunnen, is al zo'n 10 jaar oud, m'n pc 3 maanden...als het dat is zal het snel opgelost zijn...bedankt voor je reactie Falstring, ben ik blij mee

hallo Louisa, fijn dat je reageert, eerst..het is geen laptop maar een nieuwe desktop...alleen het scherm is al 10 jaar oud...ik dacht eerst dat het daaraan zou kunnen liggen, de pc zelf is zo'n maand of 3 oude... ScreenShot010.bmp ScreenShot009.bmp

hallo, ik krijg rode lijntjes in m'n tekst maar ook op gezichten enzo, ik doe beelbewerking, dus knap lastig.. enig idee hoe dit komt? ik doe er een printscreen bij... ScreenShot007.bmp ScreenShot009.bmp

mijn logje... 2016-12-13 11:33:19 Modify driver or service [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\P1481625159AM\[Start] Content: 1 Process: C:\Users\louisa-jeaninne\AppData\Local\Temp\bk52CE.tmp\p1481625159.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-12-13 11:32:47 Modify driver or service [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\P1481625159AM\[Type] Content: 1 Process: C:\Users\louisa-jeaninne\AppData\Local\Temp\bk52CE.tmp\p1481625159.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-12-13 11:32:33 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi1E21.tmp\ClearLog.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-12-13 11:32:33 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi1E21.tmp Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-12-11 21:46:51 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-12-11 21:46:51 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-12-11 18:39:30 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-12-11 18:13:36 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MSK_AUTO_FILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde Process: C:\WINDOWS\Sysnative\OpenWith.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-12-11 18:11:41 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-12-09 19:58:45 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-12-09 19:58:44 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-12-09 19:29:36 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-MS-WMA\[Extension] Content: .wma Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:29:36 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/WAV\[Extension] Content: .wav Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP\[Extension] Content: .3gp Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/X-MS-WMV\[Extension] Content: .wmv Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/MP4\[Extension] Content: .mp4 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/X-MATROSKA\[Extension] Content: .mkv Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/X-M4V\[Extension] Content: .m4v Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP\[Extension] Content: .3gpp Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP2\[Extension] Content: .3gp2 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-09 19:28:52 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\VIDEO/3GPP2\[Extension] Content: .3g2 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-08 17:34:02 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\TEXT/VCARD\[Extension] Content: .vcf Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process: , (0) 2016-12-06 20:30:21 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1E886174-DC88-4B83-8BC5-66409EC75F16}\LOCALSERVER32\[] Content: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-06 20:30:14 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BOOTSTRAP.VSTO.1\SHELL\OPEN\COMMAND\[] Content: rundll32.exe "C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll",InstallVstoSolution %1 Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-06 20:29:04 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-VISIO.VIEWER\[Extension] Content: .vdx Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-12-06 20:29:04 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-VISIO.VIEWER\[Extension] Content: .vsd Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.MSG.15\SHELL\PRINT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /p "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.OFT.15\SHELL\NEW\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.OFT.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /t "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.OFT.15\SHELL\PRINT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /p "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.PST.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /pst "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.VCF.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /v "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00020D09-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F005-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F006-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F020-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F01E-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F01F-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F023-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F024-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F011-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:02 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F030-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:01 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.EML.15\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE /eml "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:01 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.HOL.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /hol "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:01 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.ICS.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:29:01 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\OUTLOOK.FILE.MSG.15\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F063-0000-0000-C000-000000000046}\TREATAS\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\TYPELIB\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\PROXYSTUBCLSID32\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\TYPELIB\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\PROXYSTUBCLSID32\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:58 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/MSACCESS.FTEMPLATE\[Extension] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:58 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\TEXT/CALENDAR\[Extension] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 20:28:58 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F033-0000-0000-C000-000000000046}\TREATAS\[] Content: Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process: , (0) 2016-12-06 19:00:35 Detected Trojan: Win32/Application.0fd [Removed] Details: Trojan name: Win32/Application.0fd Path: C:\WINDOWS\TEMP\nsi725F.tmp\update.dll-201612061623.dll.exe 2016-12-06 19:00:22 Process Creation [Auto-blocked] Details: Process: C:\Program Files (x86)\walalala co\aMuleCustom\ed2k.exe Action: Process creation Path: C:\Windows\SysWOW64\rundll32.exe 2016-12-02 11:16:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-12-02 11:16:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-12-01 21:58:24 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0) 2016-12-01 21:58:24 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-MS-WMA\[Extension] Content: .wma Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/WAV\[Extension] Content: .wav Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/MP3\[Extension] Content: .mp3 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4R\[Extension] Content: .m4r Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4A\[Extension] Content: .m4a Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AAC\[Extension] Content: .aac Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-12-01 15:33:59 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AMR\[Extension] Content: .amr Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-30 21:46:15 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-29 20:49:18 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-29 18:05:22 Modify driver or service [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\THEMES\[DependOnService] Content: iThemes5 Process: C:\Windows\Temp\nsi68A5.tmp\de_svr.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-29 18:05:15 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi68A5.tmp\Lancer.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-29 18:05:05 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi68A5.tmp\ClearLog.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-29 18:05:05 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\waitlist.dat \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys \??\C:\Windows.old\windows\System32\DriverStore\FileReposi Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-29 17:47:15 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 3B 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-29 17:47:15 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 3A 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 23:18:15 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 36 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 23:18:15 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 37 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 19:04:51 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 34 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 19:04:51 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 35 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-28 08:49:13 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-28 08:49:13 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-27 20:58:51 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\WINDOWS\Sysnative\OpenWith.exe , (0) 2016-11-27 20:53:13 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\JGD_AUTO_FILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde Process: C:\WINDOWS\Sysnative\OpenWith.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-24 21:05:34 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1C 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-24 21:05:34 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1D 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-24 10:34:22 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 18 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-24 10:34:22 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 19 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-22 11:23:53 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-COMPRESSED\[Extension] Content: .solitairetheme8 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-21 11:20:50 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\AG64.dll Process: C:\WINDOWS\Sysnative\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-21 11:20:50 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\ClearLog.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-21 11:20:40 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\AG.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-21 11:20:40 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\AG64.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-21 11:20:40 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\Lancer.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-21 11:20:06 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsiE314.tmp\Aa.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-19 21:05:31 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-19 21:04:56 Modify search engine [Allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}\ Content: http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 Process: C:\Program Files\Internet Explorer\iexplore.exe Parent Process:C:\WINDOWS\Sysnative\OpenWith.exe , (0) 2016-11-19 21:04:56 Modify search engine [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\[DefaultScope] Content: {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Process: C:\Program Files\Internet Explorer\iexplore.exe Parent Process:C:\WINDOWS\Sysnative\OpenWith.exe , (0) 2016-11-19 21:04:22 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HTMLFILE\SHELL\EDIT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0) 2016-11-19 21:04:22 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\HTMLFILE\SHELL\PRINT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0) 2016-11-19 21:04:22 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MHTMLFILE\SHELL\EDIT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0) 2016-11-19 21:04:22 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MHTMLFILE\SHELL\PRINT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 Process: C:\Program Files (x86)\Microsoft Office\Office12\MSOHTMED.EXE Parent Process:C:\WINDOWS\Sysnative\msiexec.exe , (0) 2016-11-19 21:04:21 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb open "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:21 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\EDIT\COMMAND\[] Content: "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb edit "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[] Content: {0D452EE1-E08F-101A-852E-02608C4D0BB4} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[Version] Content: 2.0 Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[] Content: {00024517-0000-0000-C000-000000000046} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TYPELIB\[Version] Content: 1.0 Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000C0601-0000-0000-C000-000000000046}\PROXYSTUBCLSID\[] Content: {00020424-0000-0000-C000-000000000046} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000C0601-0000-0000-C000-000000000046}\PROXYSTUBCLSID32\[] Content: {00020424-0000-0000-C000-000000000046} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000C0601-0000-0000-C000-000000000046}\TYPELIB\[] Content: {C04E4E5E-89E6-43C0-92BD-D3F2C7FBA5C4} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:20 Modify browser communication protocol [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\MS-HELP\[CLSID] Content: {314111c7-a502-11d2-bbca-00c04f8ec294} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:19 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELLEX\ICONHANDLER\[] Content: Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:19 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00020906-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:15 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELLEX\ICONHANDLER\[] Content: {AB968F1E-E20B-403A-9EB8-72EB0EB6797E} Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:15 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb open "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:15 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\XMLFILE\SHELL\EDIT\COMMAND\[] Content: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE" /verb edit "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:04:07 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ODCFILE\SHELL\EDITTEXT\COMMAND\[] Content: NOTEPAD.EXE "%1" Process: C:\WINDOWS\Sysnative\msiexec.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-19 21:01:23 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-19 21:01:23 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-19 18:03:00 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-19 18:03:00 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-WORD.DOCUMENT.12\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-WORD.TEMPLATE.12\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-POWERPOINT.12\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-EXCEL.12\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/X-COMPRESSED\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/ZIP\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.OASIS.OPENDOCUMENT.TEXT\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.OASIS.OPENDOCUMENT.PRESENTATION\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.OASIS.OPENDOCUMENT.SPREADSHEET\[Extension] Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} Content: Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:42:00 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\APPLICATION/VND.MS-WORD.DOCUMENT.12\[Extension] Content: .docx Process: C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe Parent Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe , (0) 2016-11-18 10:41:56 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{00020906-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ODCFILE\SHELL\EDITTEXT\COMMAND\[] Content: "C:\Program Files (x86)\Microsoft Office\root\client\appvlp.exe" NOTEPAD.EXE "%1" Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0006F023-0000-0000-C000-000000000046}\LOCALSERVER32\[] Content: C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020910-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020911-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020912-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020913-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020914-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020915-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020916-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020917-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020918-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:55 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{00020919-0000-0000-C000-000000000046}\TYPELIB\[Version] Content: 8.7 Process: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-18 10:41:25 Modify key system file [Auto-allowed] Detailed description: Process:C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.7466.2038\OfficeClickToRun.exe Action:Rename Path:C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe 2016-11-17 20:25:51 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-17 20:24:44 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1C 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-17 20:24:44 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1D 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-17 19:59:23 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-17 19:59:23 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-17 19:51:35 Detected Trojan: Win32/Virus.Downloader.6e5 [Removed] Details: Trojan name: Win32/Virus.Downloader.6e5 Path: C:\WINDOWS\TEMP\nsi542.tmp\update.dll-201611171511.dll.exe 2016-11-17 19:51:06 Process Creation [Auto-blocked] Details: Process: C:\Program Files (x86)\walalala co\aMuleCustom\ed2k.exe Action: Process creation Path: C:\Windows\SysWOW64\rundll32.exe 2016-11-16 21:31:29 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\APPLICATION/PDF\[Extension] Content: .pdf Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-16 19:59:06 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 14 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-16 19:59:06 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 15 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-16 18:14:08 Detected Trojan: Win32/Trojan.68f [Removed] Details: Trojan name: Win32/Trojan.68f Path: C:\WINDOWS\TEMP\nsiAFD8.tmp\update.dll-201611161632.dll.exe 2016-11-13 16:32:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-13 16:32:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-13 10:57:38 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-13 10:57:38 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-12 17:59:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-12 10:57:40 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0) 2016-11-12 10:57:40 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe , (0) 2016-11-12 10:57:26 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DropboxExt Content: Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\Programmable Content: Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 Content: Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\BACKGROUND\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\COPYHOOKHANDLERS\DROPBOXCOPYHOOK\[] Content: {FBC9D74C-AF55-4309-9FB2-C426E071637F} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT1\[] Content: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT2\[] Content: {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT3\[] Content: {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT4\[] Content: {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT5\[] Content: {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT6\[] Content: {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT7\[] Content: {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT8\[] Content: {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT9\[] Content: {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT10\[] Content: {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} Process: C:\Windows\SysWOW64\regsvr32.exe Parent Process:C:\Program Files (x86)\Dropbox\Client_14.4.19\Dropbox.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\[] Content: ContextMenuHandler Class Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\INPROCSERVER32\[] Content: C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\INPROCSERVER32\[ThreadingModel] Content: Apartment Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\DropboxExt Content: Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\BACKGROUND\SHELLEX\CONTEXTMENUHANDLERS\DROPBOXEXT\[] Content: {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\COPYHOOKHANDLERS\DROPBOXCOPYHOOK\[] Content: {FBC9D74C-AF55-4309-9FB2-C426E071637F} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT1\[] Content: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT2\[] Content: {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT3\[] Content: {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT4\[] Content: {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT5\[] Content: {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT6\[] Content: {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT7\[] Content: {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT8\[] Content: {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT9\[] Content: {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:26 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT10\[] Content: {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-12 10:57:25 Modify context menu [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\INPROCSERVER32\[ThreadingModel] Content: Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-11-11 10:56:03 Modify pending file operation [Allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi861A.tmp\A2.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-11 10:55:30 Modify pending file operation [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi861A.tmp\ClearLog.dll Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-11-11 10:55:30 Modify pending file operation [Auto-blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\WINDOWS\TEMP\nsi861A.tmp\waitlist.dat Process: C:\Windows\SysWOW64\rundll32.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (0) 2016-11-09 18:02:56 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-09 18:02:56 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-09 09:23:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-09 09:23:49 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-11-08 21:28:52 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ANIMATIONSHOP3.WORKSPACEFILE\SHELL\OPEN\COMMAND\[] Content: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe "%1" Process: C:\Program Files (x86)\Jasc Software Inc\Animation Shop 3\Anim.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-08 20:59:59 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{2DB46B4D-4BAB-497E-9EC1-466982BBA2A7}\LOCALSERVER32\[] Content: C:\PROGRA~2\Corel\CORELP~1\CORELP~1.EXE Process: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-11-08 11:33:25 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-08 11:33:25 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-08 08:45:43 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-08 08:45:43 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-06 16:13:57 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\TUB_AUTO_FILE\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" /dde Process: C:\WINDOWS\Sysnative\OpenWith.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-05 14:00:51 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\TEXT/VCARD\[Extension] Content: .vcf Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-11-04 19:25:38 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 26 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-04 19:25:38 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 27 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 23:14:03 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\FTP\USERCHOICE\[Hash] Content: Zg1nRwMfrtY= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:14:02 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\FTP\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:14:00 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\FTP\USERCHOICE\[Hash] Content: bikSZHjOReg= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:58 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: cTovoZkWtOg= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:57 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:55 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId] Content: AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9 Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:54 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[Hash] Content: 3TH2eBS2PZ4= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: uTblUkIpZmo= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:51 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: zz6OqJCK4+E= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: LlJ/LQ3kTsc= Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 23:13:23 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: 3iDrjnA6LNk= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 22:07:58 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 20 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 22:07:58 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 21 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 18:57:32 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1F 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 18:57:32 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1E 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 18:15:01 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1C 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 18:15:01 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 1D 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 16:35:09 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.INI\OPENWITHPROGIDS\[inifile] Content: Process: C:\Windows\explorer.exe Parent Process:C:\Windows\System32\userinit.exe , (0) 2016-11-03 11:26:08 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 19 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 11:26:07 Modify key settings [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SAM\SAM\DOMAINS\ACCOUNT\[F] Content: 02 00 01 00 00 00 00 00 73 A9 92 88 98 15 D1 01 18 00 00 00 00 00 00 00 00 80 A6 0A FF DE FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 CC 1D CF FB FF FF FF 00 CC 1D CF FB FF FF FF 00 00 00 00 00 00 00 00 EA 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 01 00 00 00 00 00 01 00 01 00 00 00 38 00 00 00 B7 B0 4E E4 E4 C8 71 23 8F 0C 02 9C 03 7A 76 A8 F3 E7 3F F5 40 92 94 E8 8B 4A 0F BA AD AC DF 6E F8 11 A7 1E 43 1D B7 10 7B 52 4B 71 05 B7 33 FD 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 38 00 00 00 9B 6D 09 A9 8B 28 FF 06 C3 EE B6 5F 16 8A 34 B1 F1 C9 8B D6 14 4C 49 89 3D BC 0D 13 E6 BC 69 A7 5C 92 73 04 34 0B F7 C6 A7 BA D0 25 08 E9 DA 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 Process: C:\WINDOWS\Sysnative\lsass.exe Parent Process: , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: I4cjQNQpLKI= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: /FZhjjIbfaE= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: Nkf6dYM+70w= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:02:04 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: a405RB8L8Uc= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: D42M701QEZc= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId] Content: AppXq0fevzme2pys62n3e0fbqa7peapykr8v Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: H1JwgYOi9Zg= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId] Content: AppX90nv6nhay5n6a98fnetv7tpk64pp35es Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\CLIENTS\STARTMENUINTERNET\[] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: WpHe5ma/2UA= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[ProgId] Content: AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9 Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: kNLX/SUjuWs= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId] Content: AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9 Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:50 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.3GP\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.ASF\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.AVI\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTML\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.M2TS\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHT\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHT\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHTML\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MHTML\USERCHOICE\[Hash] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MKV\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MOV\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MP2V\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MP4\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MPEG\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify file association [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.MPG\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:49 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.SHTML\USERCHOICE\[ProgId] Content: Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-11-03 09:01:27 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: mTQKxCMp5xE= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: ryqSYkx1BYo= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:52 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\FILEEXTS\.HTM\USERCHOICE\[Hash] Content: 9CDhmCG+ImA= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:51 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: +NSxWkB1IJc= Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-29 18:05:51 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId] Content: ChromeHTML Process: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT1\[] Content: {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT3\[] Content: {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT4\[] Content: {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT5\[] Content: {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT6\[] Content: {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT7\[] Content: {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT2\[] Content: {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT9\[] Content: {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT10\[] Content: {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-28 20:27:23 Modify sensitive system setting [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLICONOVERLAYIDENTIFIERS\ DROPBOXEXT8\[] Content: {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} Process: C:\WINDOWS\Sysnative\regsvr32.exe Parent Process:C:\Windows\SysWOW64\regsvr32.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-MS-WMA\[Extension] Content: .wma Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/WAV\[Extension] Content: .wav Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/MP3\[Extension] Content: .mp3 Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4R\[Extension] Content: .m4r Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AMR\[Extension] Content: .amr Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/AAC\[Extension] Content: .aac Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 20:03:28 Modify key COM component [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\MIME\DATABASE\CONTENT TYPE\AUDIO/X-M4A\[Extension] Content: .m4a Process: C:\WINDOWS\Sysnative\svchost.exe Parent Process:C:\WINDOWS\Sysnative\services.exe , (0) 2016-10-27 19:57:01 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: Dropbox Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-10-27 19:56:59 Modify SHELL namespace [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\[] Content: dropbox-NamespaceExtensionRole.Personal Process: C:\Program Files (x86)\Dropbox\Client\Dropbox.exe Parent Process: , (0) 2016-10-27 14:50:59 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\drivers\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-27 14:50:59 Modify pending file operation [Auto-allowed] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SESSION MANAGER\[PendingFileRenameOperations] Content: \??\C:\Windows.old\windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_12e2eb5912c0f66f\IntcDAud.sys Process: C:\WINDOWS\Sysnative\taskhostw.exe Parent Process:C:\WINDOWS\Sysnative\svchost.exe , (0) 2016-10-26 11:39:09 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[Hash] Content: fTzROqo8x+U= Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-10-26 11:39:09 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTP\USERCHOICE\[ProgId] Content: AppXq0fevzme2pys62n3e0fbqa7peapykr8v Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-10-26 11:39:09 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[Hash] Content: 22q9GIhyELI= Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-10-26 11:39:09 Modify default browser [Auto-allowed] Detailed description: Registry: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\SHELL\ASSOCIATIONS\URLASSOCIATIONS\HTTPS\USERCHOICE\[ProgId] Content: AppX90nv6nhay5n6a98fnetv7tpk64pp35es Process: C:\Program Files (x86)\Nolarry\Application\chrome.exe Parent Process:C:\Windows\explorer.exe , (0) 2016-10-26 11:38:21 Modify default browser [Blocked] Detailed description: Registry: HKEY_CURRENT_USER\Software\Classes\HTTPS\SHELL\OPEN\COMMAND\[] Content: "C:\Program Files (x86)\Nolarry\Application\chrome.exe" "%1" Process: C:\Windows\Temp\nsiF190.tmp\ttff.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103) 2016-10-26 11:38:11 Modify driver or service [Blocked] Detailed description: Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\ILS\PARAMETERS\[ServiceDll] Content: C:\ProgramData\Tencent\QQ\qmdr\dr.dll Process: C:\Windows\Temp\nsiF190.tmp\ttff.exe Parent Process:C:\Windows\SysWOW64\rundll32.exe , (103)

thx voor je reactie Passer, ik wacht wel even tot iemand zich aandient die er iets van weet, ik weet het ook niet...fijne avond nog

hallo, al de tekst die op de werkbalk staat als op het bureaublad maar ook op uitwerkingen van forums kleurt rood, evenals gezichten...ik heb daarstraks een scan gedaan, niks helpt... ik doe er printscreen bij... ScreenShot009.bmp

ok dank je wel, het lijkt allemaal terug ok te zijn...bedankt maar weeral...ik kan weer verder...

ik ga dat straks doen bij het afsluiten, maar even een vraag, bij instellingen in het kadertje staat "google chrome instellen als mijn standaard browser" daarnet onder staat "google chrome is momenteel niet je standaard browser" is dit normaal?

heb de instellingen voor google chrome terug gezet zoals hierboven beschreven, nu heb ik die L....Y 123 weer...het spookt hier serieus, halloween is toch voorbij hé enig woordje uitleg is altijd welkom...alvast bedankt

nu snap ik er niks meer van, ik start m'n pc op en nu heb ik weer geen google chrom meer maar (en ik laat de klinkers weg) D.Z.N S..RCH C.M enig idee hoe dit nu weer kan???

het is in orde Abbs, dank je wel voor de goeie zorgen, prettig om aan iemand iets te kunnen vragen en dan zo'n goeie uitleg te krijgen...tot de volgende vraag...

ook dan zal het wel kloppen zekers...anders probeer ik vanavond nog een keertje en hou ik m'n ogen beter open bedankt Abbs voor de info

die Delfix die je hierboven vermeld hebt... ik heb die gedownload, geknipt en geplakt op m'n bureaublad en dan uitgevoerd als administrator en toen kreeg ik iets geschreven op een kladblokpapier en ik kreeg de boel niet draaiende want het was niet meer op m'n bureaublad terug te vinden, dat was de boodschap...

dit lukt me niet abbs...hij staat niet meer op m'n bureaublad is de boodschap...