1. Killer Service V2
2. Parchment Ordering Service V2.9

1. ComboFix 15-05-13.01 - Alit D Putra 14/05/2015 9:15.1.4 - x64
2. Microsoft Windows 8 Pro 6.2.9200.0.1252.62.1033.18.3982.1911 [GMT 8:00]
3. Running from: c:usersAlit D PutraDesktopComboFix.exe
4. AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
5. SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
6. .
7. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
8. .
9. c:program files (x86)bestadblockerjth9IEwCpt4oCw.dat
10. c:program files (x86)bestadblockerjth9IEwCpt4oCw.dll
11. c:program files (x86)bestadblockerjth9IEwCpt4oCw.exe
12. c:program files (x86)bestadblockerjth9IEwCpt4oCw.tlb
13. c:program files (x86)bestadblockerjth9IEwCpt4oCw.x64.dll
14. c:program files (x86)PricaeeMiNuus70YhETOKJyOy9J.dat
15. c:program files (x86)PricaeeMiNuus70YhETOKJyOy9J.dll
16. c:program files (x86)PricaeeMiNuus70YhETOKJyOy9J.exe
17. c:program files (x86)PricaeeMiNuus70YhETOKJyOy9J.tlb
18. c:program files (x86)PricaeeMiNuus70YhETOKJyOy9J.x64.dll
19. c:program files (x86)PriceMinuST83sEhpAZgd1Nz.dat
20. c:program files (x86)PriceMinuST83sEhpAZgd1Nz.dll
21. c:program files (x86)PriceMinuST83sEhpAZgd1Nz.exe
22. c:program files (x86)PriceMinuST83sEhpAZgd1Nz.tlb
23. c:program files (x86)PriceMinuST83sEhpAZgd1Nz.x64.dll
24. c:program files (x86)PRRiCeMInus7GkjjERTBSgrBM.dat
25. c:program files (x86)PRRiCeMInus7GkjjERTBSgrBM.dll
26. c:program files (x86)PRRiCeMInus7GkjjERTBSgrBM.exe
27. c:program files (x86)PRRiCeMInus7GkjjERTBSgrBM.tlb
28. c:program files (x86)PRRiCeMInus7GkjjERTBSgrBM.x64.dll
29. c:programdataRoaming
30. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsK99K@Bm.com
31. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsK99K@Bm.combootstrap.js
32. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsK99K@Bm.comchrome.manifest
33. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsK99K@Bm.comcontentbg.js
34. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsK99K@Bm.cominstall.rdf
35. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsn1z@x.edu
36. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsn1z@x.edubootstrap.js
37. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsn1z@x.educhrome.manifest
38. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsn1z@x.educontentbg.js
39. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsn1z@x.eduinstall.rdf
40. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsNLlmQlWbx@O.org
41. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsNLlmQlWbx@O.orgbootstrap.js
42. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsNLlmQlWbx@O.orgchrome.manifest
43. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsNLlmQlWbx@O.orgcontentbg.js
44. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsNLlmQlWbx@O.orginstall.rdf
45. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsTg@U7l.net
46. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsTg@U7l.netbootstrap.js
47. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsTg@U7l.netchrome.manifest
48. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsTg@U7l.netcontentbg.js
49. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionsTg@U7l.netinstall.rdf
50. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionswWtXd7C@R.com
51. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionswWtXd7C@R.combootstrap.js
52. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionswWtXd7C@R.comchrome.manifest
53. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionswWtXd7C@R.comcontentbg.js
54. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultextensionswWtXd7C@R.cominstall.rdf
55. c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.defaultsearchpluginsWebSearch.xml
56. c:windowsInstaller$PatchCache$Managed68AB67CA7DA7FFFFB744BA000000001011.0.0eula.ini
57. c:windowsInstaller$PatchCache$Managed68AB67CA7DA7FFFFB744BA000000001011.0.0eula.ini2
58. .
59. ((((((((((((((((((((((((( Files Created from 2015-04-14 to 2015-05-14 )))))))))))))))))))))))))))))))
60. .
61. 2015-05-14 01:28 . 2015-05-14 01:28 -------- d-----w- c:usersUpdatusUserAppDataLocaltemp
62. 2015-05-14 01:28 . 2015-05-14 01:28 -------- d-----w- c:usersDefaultAppDataLocaltemp
63. 2015-05-14 00:51 . 2014-05-15 01:02 59424 ----a-w- c:windowssystem32wuauclt.exe
64. 2015-05-14 00:51 . 2014-05-14 22:43 3286528 ----a-w- c:windowssystem32wuaueng.dll
65. 2015-05-14 00:51 . 2014-05-14 22:43 253440 ----a-w- c:windowssystem32WUSettingsProvider.dll
66. 2015-05-14 00:51 . 2014-05-14 22:43 1623040 ----a-w- c:windowssystem32wucltux.dll
67. 2015-05-14 00:51 . 2014-05-14 22:42 176640 ----a-w- c:windowssystem32storewuauth.dll
68. 2015-05-14 00:51 . 2013-08-16 05:21 49152 ----a-w- c:windowssystem32wups2.dll
69. 2015-05-14 00:51 . 2012-11-06 04:00 99328 ----a-w- c:windowssystem32wushareduxresources.dll
70. 2015-05-14 00:51 . 2012-11-06 04:20 17408 ----a-w- c:windowssystem32wuaext.dll
71. 2015-05-14 00:16 . 2015-05-14 00:16 -------- d-----w- c:windowssystem32appmgmt
72. 2015-05-14 00:16 . 2015-05-14 00:16 -------- d-----w- c:windows4E0C6314A8B84026AC15084E8B63AFB5.TMP
73. 2015-05-13 15:41 . 2015-05-13 15:41 -------- d-----w- c:program files (x86)Enigma Software Group
74. 2015-05-13 15:40 . 2015-05-13 15:40 -------- d-----w- c:program files (x86)Common FilesWise Installation Wizard
75. 2015-05-13 14:43 . 2015-05-13 14:43 -------- d-----w- c:usersAlit D PutraAppDataRoamingEZDownloader
76. 2015-05-13 14:42 . 2015-05-13 14:42 -------- d-----w- c:program files (x86)SystemPlus
77. 2015-05-13 14:37 . 2015-05-13 14:41 -------- d-----w- c:program files (x86)LighterModulator
78. 2015-05-13 14:35 . 2015-05-13 14:35 -------- d-----w- c:program files (x86)Bootstrap Twitter Offline Docs
79. 2015-05-13 14:24 . 2015-05-13 14:24 -------- d-----w- c:program files (x86)PriceMinuaS
80. 2015-05-12 12:26 . 2012-06-23 23:24 9013136 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{7F245662-7D34-4512-B2E0-7BCC5231EFFA}mpengine.dll
81. 2015-05-11 10:24 . 2015-05-11 10:24 -------- d-----w- c:programdataIHProtectUpDate
82. 2015-05-09 01:21 . 2015-05-14 01:27 -------- d-----w- c:usersAlit D PutraAppDataLocalassembly
83. 2015-05-05 13:29 . 2015-05-05 13:29 -------- d-----w- c:programdataMicrosoft Visual Studio
84. 2015-05-05 13:27 . 2015-05-05 13:27 -------- d-----w- c:usersAlit D PutraAppDataRoamingNuGet
85. 2015-05-05 12:38 . 2015-05-05 12:38 2089568 ----a-w- c:programdataMicrosoftVisualStudio12.01033ResourceCache.dll
86. 2015-05-05 12:30 . 2015-05-05 12:30 -------- d-----w- c:program files (x86)Microsoft Silverlight
87. 2015-05-05 12:25 . 2015-05-05 12:25 -------- d-----w- c:program filesMicrosoft SQL Server Compact Edition
88. 2015-05-05 12:09 . 2015-05-05 12:09 -------- d-----w- c:program filesApplication Verifier
89. 2015-05-05 12:09 . 2015-05-05 12:09 -------- d-----w- c:program files (x86)Application Verifier
90. 2015-05-05 12:08 . 2015-05-05 12:08 -------- d-----w- c:programdataWindows App Certification Kit
91. 2015-05-05 11:57 . 2015-05-05 11:57 -------- d-----w- c:program files (x86)Common FilesMicrosoft
92. 2015-05-05 11:49 . 2015-05-05 12:18 -------- d-----w- c:program files (x86)Windows Kits
93. 2015-05-05 11:48 . 2015-05-05 11:48 -------- d-----w- c:programdataPreEmptive Solutions
94. 2015-05-05 11:45 . 2015-05-05 11:45 -------- d-----w- c:programdataNuGet
95. 2015-05-05 11:45 . 2015-05-05 11:45 -------- d-----w- c:program files (x86)NuGet
96. 2015-05-05 11:43 . 2015-05-05 11:43 -------- d-----w- c:program files (x86)Microsoft WCF Data Services
97. 2015-05-05 11:06 . 2015-05-05 11:06 -------- d-----w- c:program files (x86)HTML Help Workshop
98. 2015-05-05 11:06 . 2015-05-05 11:06 -------- d-----w- c:windowssymbols
99. 2015-05-05 11:06 . 2015-05-05 11:06 -------- d-----w- c:program files (x86)Microsoft Help Viewer
100. 2015-05-05 10:04 . 2015-05-05 12:33 -------- d-----w- c:program files (x86)Microsoft Visual Studio 12.0
101. 2015-05-05 09:59 . 2015-05-05 09:59 -------- d-----w- c:program filesMicrosoft Visual Studio 12.0
102. 2015-05-05 09:55 . 2013-09-13 13:21 28776 ----a-w- c:windowsSysWow64aspnet_counters.dll
103. 2015-05-05 09:55 . 2013-09-13 13:21 30312 ----a-w- c:windowssystem32aspnet_counters.dll
104. 2015-05-05 08:50 . 2013-11-13 05:47 1283575 ----a-r- c:usersAlit D PutraAppDataRoamingMicrosoftUpdater.vbe
105. 2015-05-05 08:49 . 2015-05-05 08:49 -------- d-----w- c:programdataVisual studio
106. 2015-04-29 16:01 . 2015-04-29 16:01 23200 ----a-w- c:windowssystem32driverswdcsam64.sys
107. 2015-04-15 06:17 . 2015-04-15 06:17 18178736 ----a-w- c:windowsSysWow64FlashPlayerInstaller.exe
108. .
109. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
110. 2015-05-09 15:50 . 2014-11-02 05:18 17536 ----a-w- c:programdataMicrosoftwindowssamplingSqmManifestSqm3.bin
111. .
112. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
113. .
114. *Note* empty entries & legit default entries are not shown
115. .
116. [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)]
117. [HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
118. 2012-10-01 13:33 1720976 ----a-w- c:progra~2MICROS~1Office15GROOVEEX.DLL
119. [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)]
120. [HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
121. 2012-10-01 13:33 1720976 ----a-w- c:progra~2MICROS~1Office15GROOVEEX.DLL
122. [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)]
123. [HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
124. 2012-10-01 13:33 1720976 ----a-w- c:progra~2MICROS~1Office15GROOVEEX.DLL
125. [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
126. 'IDMan'='c:program files (x86)Internet Download ManagerIDMan.exe' [2014-11-06 3878480]
127. 'EADM'='c:program files (x86)OriginOrigin.exe' [2014-08-29 3600216]
128. 'Akamai NetSession Interface'='c:usersAlit D PutraAppDataLocalAkamainetsession_win.exe' [2014-10-29 4673432]
129. [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
130. 'AdobeCS6ServiceManager'='c:program files (x86)Common FilesAdobeCS6ServiceManagerCS6ServiceManager.exe' [2012-03-09 1073312]
131. 'Adobe ARM'='c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe' [2014-12-19 1022152]
132. 'SwitchBoard'='c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe' [2010-02-19 517096]
133. c:usersAlit D PutraAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
134. Dropbox.lnk - c:usersAlit D PutraAppDataRoamingDropboxbinDropbox.exe /systemstartup [2015-1-9 39206888]
135. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
136. 'EnableUIADesktopToggle'= 0 (0x0)
137. 'ConsentPromptBehaviorUser'= 3 (0x3)
138. .
139. [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]
140. 'AppInit_DLLs'=c:windowsSysWOW64nvinit.dll
141. R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:windowssystem32DRIVERSamppal.sys;c:windowsSYSNATIVEDRIVERSamppal.sys [x]
142. R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:windowsSystem32Driversssadadb.sys;c:windowsSYSNATIVEDriversssadadb.sys [x]
143. R3 BprotectEx;Baidu ProtectEx;c:windowsSystem32driversBprotectEx.sys;c:windowsSYSNATIVEdriversBprotectEx.sys [x]
144. R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:windowssystem32DRIVERSssudbus.sys;c:windowsSYSNATIVEDRIVERSssudbus.sys [x]
145. R3 EagleX64;EagleX64;c:windowssystem32driversEagleX64.sys;c:windowsSYSNATIVEdriversEagleX64.sys [x]
146. R3 esgiguard;esgiguard;c:program files (x86)Enigma Software GroupSpyHunteresgiguard.sys;c:program files (x86)Enigma Software GroupSpyHunteresgiguard.sys [x]
147. R3 FairplayKD;FairplayKD;c:programdataMTA San Andreas AllCommontempFairplayKD.sys;c:programdataMTA San Andreas AllCommontempFairplayKD.sys [x]
148. R3 hxsyol;hxsyol;d:hellInternet ExplorerAuraKingdomavitalhxsy64.sys;d:hellInternet ExplorerAuraKingdomavitalhxsy64.sys [x]
149. R3 massfilter;Mass Storage Filter Driver;c:windowssystem32driversmassfilter.sys;c:windowsSYSNATIVEdriversmassfilter.sys [x]
150. R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:program filesIntelWiFibinPanDhcpDns.exe;c:program filesIntelWiFibinPanDhcpDns.exe [x]
151. R3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des;c:windowsSYSNATIVEGameMon.des [x]
152. R3 PCFApiUtil;PCFApiUtil;c:program files (x86)Baidu SecurityPC Faster4.0.0.0PCFApiUtil64.sys;c:program files (x86)Baidu SecurityPC Faster4.0.0.0PCFApiUtil64.sys [x]
153. R3 PROLiNKusbdiag;PROLiNK DataCard Diagnostic Port;c:windowssystem32DRIVERSPROLiNKusbdiag.sys;c:windowsSYSNATIVEDRIVERSPROLiNKusbdiag.sys [x]
154. R3 PROLiNKusbmodem;PROLiNK DataCard Proprietary USB Driver;c:windowssystem32DRIVERSPROLiNKusbmodem.sys;c:windowsSYSNATIVEDRIVERSPROLiNKusbmodem.sys [x]
155. R3 PROLiNKusbnmea;PROLiNK DataCard NMEA Port;c:windowssystem32DRIVERSPROLiNKusbnmea.sys;c:windowsSYSNATIVEDRIVERSPROLiNKusbnmea.sys [x]
156. R3 PROLiNKusbvoice;PROLiNK DataCard Voice Port;c:windowssystem32DRIVERSPROLiNKusbvoice.sys;c:windowsSYSNATIVEDRIVERSPROLiNKusbvoice.sys [x]
157. R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowsSystem32driversssadbus.sys;c:windowsSYSNATIVEdriversssadbus.sys [x]
158. R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:windowssystem32DRIVERSssadmdfl.sys;c:windowsSYSNATIVEDRIVERSssadmdfl.sys [x]
159. R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:windowssystem32DRIVERSssadmdm.sys;c:windowsSYSNATIVEDRIVERSssadmdm.sys [x]
160. R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:windowssystem32DRIVERSssadserd.sys;c:windowsSYSNATIVEDRIVERSssadserd.sys [x]
161. R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:windowssystem32DRIVERSssudmdm.sys;c:windowsSYSNATIVEDRIVERSssudmdm.sys [x]
162. R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:windowssystem32DRIVERSssudserd.sys;c:windowsSYSNATIVEDRIVERSssudserd.sys [x]
163. R3 SwitchBoard;Adobe SwitchBoard;c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe;c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [x]
164. R3 Te.Service;Te.Service;c:program files (x86)Windows Kits8.1TestingRuntimesTAEFWex.Services.exe;c:program files (x86)Windows Kits8.1TestingRuntimesTAEFWex.Services.exe [x]
165. R3 vmci;VMware VMCI Bus Driver;c:windowsSystem32driversvmci.sys;c:windowsSYSNATIVEdriversvmci.sys [x]
166. R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:program filesMicrosoft Visual Studio 12.0Common7PackagesDebuggerServicesVsEtwService.exe;c:program filesMicrosoft Visual Studio 12.0Common7PackagesDebuggerServicesVsEtwService.exe [x]
167. R3 WDC_SAM;WD SCSI Pass Thru driver;c:windowsSystem32driverswdcsam64.sys;c:windowsSYSNATIVEdriverswdcsam64.sys [x]
168. R3 X6va017;X6va017;c:windowsSysWOW64DriversX6va017;c:windowsSysWOW64DriversX6va017 [x]
169. R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:windowssystem32DRIVERSCT_ZTEMT_U_USBSER.sys;c:windowsSYSNATIVEDRIVERSCT_ZTEMT_U_USBSER.sys [x]
170. R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesMicrosoft SQL Server100SharedSQLADHLP.EXE;c:program filesMicrosoft SQL Server100SharedSQLADHLP.EXE [x]
171. R4 RsFx0153;RsFx0153 Driver;c:windowssystem32DRIVERSRsFx0153.sys;c:windowsSYSNATIVEDRIVERSRsFx0153.sys [x]
172. R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:program filesMicrosoft SQL ServerMSSQL10_50.SQLEXPRESSMSSQLBinnSQLAGENT.EXE;c:program filesMicrosoft SQL ServerMSSQL10_50.SQLEXPRESSMSSQLBinnSQLAGENT.EXE [x]
173. S0 nvpciflt;nvpciflt;c:windowssystem32DRIVERSnvpciflt.sys;c:windowsSYSNATIVEDRIVERSnvpciflt.sys [x]
174. S1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64;{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64;c:windowssystem32drivers{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys;c:windowsSYSNATIVEdrivers{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys [x]
175. S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:program filesIntelBluetoothHSBTHSAmpPalService.exe;c:program filesIntelBluetoothHSBTHSAmpPalService.exe [x]
176. S2 AtherosSvc;AtherosSvc;c:program files (x86)Bluetooth Suiteadminservice.exe;c:program files (x86)Bluetooth Suiteadminservice.exe [x]
177. S2 ba96e052;SystemPlus;c:windowssystem32rundll32.exe;c:windowsSYSNATIVErundll32.exe [x]
178. S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:program filesIntelBluetoothHSBTHSSecurityMgr.exe;c:program filesIntelBluetoothHSBTHSSecurityMgr.exe [x]
179. S2 Decor8;Stardock Decor8;c:program files (x86)StardockDecor8Decor8Srv.exe;c:program files (x86)StardockDecor8Decor8Srv.exe [x]
180. S2 IDMWFP;IDMWFP;c:windowssystem32DRIVERSidmwfp.sys;c:windowsSYSNATIVEDRIVERSidmwfp.sys [x]
181. S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:program filesCommon FilesProtexisLicense ServicePsiService_2.exe;c:program filesCommon FilesProtexisLicense ServicePsiService_2.exe [x]
182. S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:program filesMicrosoft SQL ServerMSRS10_50.SQLEXPRESSReporting ServicesReportServerbinReportingServicesService.exe;c:program filesMicrosoft SQL ServerMSRS10_50.SQLEXPRESSReporting ServicesReportServerbinReportingServicesService.exe [x]
183. S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:program files (x86)Bluetooth SuiteAth_CoexAgent.exe;c:program files (x86)Bluetooth SuiteAth_CoexAgent.exe [x]
184. S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:program filesIntelWiFibinZeroConfigService.exe;c:program filesIntelWiFibinZeroConfigService.exe [x]
185. S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:windowsSystem32driversAMPPAL.sys;c:windowsSYSNATIVEdriversAMPPAL.sys [x]
186. S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:windowssystem32DRIVERSbtath_flt.sys;c:windowsSYSNATIVEDRIVERSbtath_flt.sys [x]
187. S3 ATP;ASUS PS/2 Port Input Device;c:windowsSystem32driversAsusTP.sys;c:windowsSYSNATIVEdriversAsusTP.sys [x]
188. S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:windowsSystem32driversbtath_bus.sys;c:windowsSYSNATIVEdriversbtath_bus.sys [x]
189. S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:windowsSystem32driversbtath_hcrp.sys;c:windowsSYSNATIVEdriversbtath_hcrp.sys [x]
190. S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:windowssystem32DRIVERSbtath_lwflt.sys;c:windowsSYSNATIVEDRIVERSbtath_lwflt.sys [x]
191. S3 BtFilter;BtFilter;c:windowssystem32DRIVERSbtfilter.sys;c:windowsSYSNATIVEDRIVERSbtfilter.sys [x]
192. S3 BthLEEnum;Bluetooth Low Energy Driver;c:windowssystem32DRIVERSBthLEEnum.sys;c:windowsSYSNATIVEDRIVERSBthLEEnum.sys [x]
193. S3 HIDSwitch;ASUS Wireless Radio Control;c:windowsSystem32driversAsHIDSwitch64.sys;c:windowsSYSNATIVEdriversAsHIDSwitch64.sys [x]
194. S3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);c:program filesMicrosoft SQL ServerMSSQL10_50.SQLEXPRESSMSSQLBinnfdlauncher.exe;c:program filesMicrosoft SQL ServerMSSQL10_50.SQLEXPRESSMSSQLBinnfdlauncher.exe [x]
195. S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:windowssystem32DRIVERSRtsBaStor.sys;c:windowsSYSNATIVEDRIVERSRtsBaStor.sys [x]
196. S3 RTL8168;Realtek 8168 NT Driver;c:windowssystem32DRIVERSRt630x64.sys;c:windowsSYSNATIVEDRIVERSRt630x64.sys [x]
197. S3 WUDFWpdMtp;WUDFWpdMtp;c:windowssystem32DRIVERSWUDFRd.sys;c:windowsSYSNATIVEDRIVERSWUDFRd.sys [x]
198. .
199. .
200. 2015-05-14 c:windowsTasksAdobe Flash Player Updater.job
201. - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2014-04-03 06:18]
202. .
203. .
204. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro1 (ErrorConflict)]
205. [HKEY_CLASSES_ROOTCLSID{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
206. 2012-10-01 13:47 2322576 ----a-w- c:progra~1MICROS~1Office15GROOVEEX.DLL
207. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro2 (SyncInProgress)]
208. [HKEY_CLASSES_ROOTCLSID{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
209. 2012-10-01 13:47 2322576 ----a-w- c:progra~1MICROS~1Office15GROOVEEX.DLL
210. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers SkyDrivePro3 (InSync)]
211. [HKEY_CLASSES_ROOTCLSID{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
212. 2012-10-01 13:47 2322576 ----a-w- c:progra~1MICROS~1Office15GROOVEEX.DLL
213. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers'DropboxExt1']
214. [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
215. 2014-06-24 21:08 164760 ----a-w- c:usersAlit D PutraAppDataRoamingDropboxbinDropboxExt64.24.dll
216. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers'DropboxExt2']
217. [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
218. 2014-06-24 21:08 164760 ----a-w- c:usersAlit D PutraAppDataRoamingDropboxbinDropboxExt64.24.dll
219. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers'DropboxExt3']
220. [HKEY_CLASSES_ROOTCLSID{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
221. 2014-06-24 21:08 164760 ----a-w- c:usersAlit D PutraAppDataRoamingDropboxbinDropboxExt64.24.dll
222. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers'DropboxExt4']
223. [HKEY_CLASSES_ROOTCLSID{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
224. 2014-06-24 21:08 164760 ----a-w- c:usersAlit D PutraAppDataRoamingDropboxbinDropboxExt64.24.dll
225. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers'DropboxExt5']
226. [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
227. 2014-06-24 21:08 164760 ----a-w- c:usersAlit D PutraAppDataRoamingDropboxbinDropboxExt64.24.dll
228. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers'DropboxExt6']
229. [HKEY_CLASSES_ROOTCLSID{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
230. 2014-06-24 21:08 164760 ----a-w- c:usersAlit D PutraAppDataRoamingDropboxbinDropboxExt64.24.dll
231. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers'DropboxExt7']
232. [HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
233. 2014-06-24 21:08 164760 ----a-w- c:usersAlit D PutraAppDataRoamingDropboxbinDropboxExt64.24.dll
234. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers'DropboxExt8']
235. [HKEY_CLASSES_ROOTCLSID{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
236. 2014-06-24 21:08 164760 ----a-w- c:usersAlit D PutraAppDataRoamingDropboxbinDropboxExt64.24.dll
237. [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersIDM Shell Extension]
238. [HKEY_CLASSES_ROOTCLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
239. 2014-04-21 10:02 25112 ----a-w- c:program files (x86)Internet Download ManagerIDMShellExt64.dll
240. [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
241. 'IgfxTray'='c:windowssystem32igfxtray.exe' [2014-01-24 391128]
242. 'HotKeysCmds'='c:windowssystem32hkcmd.exe' [2014-01-24 771544]
243. 'Persistence'='c:windowssystem32igfxpers.exe' [2014-01-24 770520]
244. 'AdobeAAMUpdater-1.0'='c:program files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe' [2014-02-27 558496]
245. 'RTHDVCPL'='c:program filesRealtekAudioHDARAVCpl64.exe' [2012-08-30 13192848]
246. 'BtTray'='c:program files (x86)Bluetooth SuiteBtTray.exe' [2012-10-31 766080]
247. 'BtvStack'='c:program files (x86)Bluetooth SuiteBtvStack.exe' [2012-10-31 127616]
248. ------- Supplementary Scan -------
249. uLocal Page = c:windowssystem32blank.htm
250. uStart Page = hxxp://websearch.goodforsearch.info/?pid=3889&r=2015/05/13&hid=599155046585705363&lg=EN&cc=ID&unqvl=86
251. uDefault_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1431339870&z=50f19e7fa518b20545f96fbgaz5ceg3c4c8t5bam5o&from=ient05110&uid=TOSHIBAXMQ01ABD075_83BQP3QATXX83BQP3QAT&q={searchTerms}
252. mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1407595414&from=smt&uid=TOSHIBAXMQ01ABD075_83BQP3QATXX83BQP3QAT&q={searchTerms}
253. mStart Page = hxxp://websearch.goodforsearch.info/?pid=3889&r=2015/05/13&hid=599155046585705363&lg=EN&cc=ID&unqvl=86
254. mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1407595414&from=smt&uid=TOSHIBAXMQ01ABD075_83BQP3QATXX83BQP3QAT&q={searchTerms}
255. IE: Download dengan IDM - c:program files (x86)Internet Download ManagerIEExt.htm
256. IE: Download semua link dengan IDM - c:program files (x86)Internet Download ManagerIEGetAll.htm
257. IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office15EXCEL.EXE/3000
258. IE: Se&nd to OneNote - c:progra~2MICROS~1Office15ONBttnIE.dll/105
259. FF - ProfilePath - c:usersAlit D PutraAppDataRoamingMozillaFirefoxProfilesvjj8yw9b.default
260. FF - prefs.js: browser.search.defaulturl - hxxp://websearch.goodforsearch.info/?pid=3889&r=2015/05/13&hid=599155046585705363&lg=EN&cc=ID&unqvl=86&l=1&q=
261. FF - prefs.js: browser.search.selectedEngine - WebSearch
262. FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
263. FF - prefs.js: keyword.URL - hxxp://websearch.goodforsearch.info/?pid=3889&r=2015/05/13&hid=599155046585705363&lg=EN&cc=ID&unqvl=86&l=1&q=
264. FF - prefs.js: keyword.url - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
265. # Mozilla User Preferences
266. *
267. * If you make changes to this file while the application is running,
268. * the changes will be overwritten when the application exits.
269. * To make a manual change to preferences, you can visit the URL about:config
270. FF - user.js: browser.startup.homepage - hxxp://www.google.com/
271. .
272. .
273. BHO-{003565a1-15e1-4b00-b14c-a3956fff46f8} - c:program files (x86)PriceMinuST83sEhpAZgd1Nz.dll
274. BHO-{a7af3940-86de-444e-a1e5-9334e4e352c6} - c:program files (x86)PRRiCeMInus7GkjjERTBSgrBM.dll
275. BHO-{edf30400-9d07-474a-a612-962a4722c8d3} - c:program files (x86)bestadblockerjth9IEwCpt4oCw.dll
276. BHO-{f07fcc0a-3383-4593-a3d9-ba520a45ada9} - c:program files (x86)PricaeeMiNuus70YhETOKJyOy9J.dll
277. Wow6432Node-HKCU-Run-CatalinaGroup Update - c:usersAlit D PutraAppDataLocalCatalinaGroupUpdateCatalinaUpdate.exe
278. Wow6432Node-HKLM-Run-WinampAgent - c:program files (x86)Winampwinampa.exe
279. c:usersAlit D PutraAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCrack.lnk - c:programdata{369395cb-5784-c3ad-3693-395cb578572d}Crack.exe --startup=1
280. BHO-{003565a1-15e1-4b00-b14c-a3956fff46f8} - c:program files (x86)PriceMinuST83sEhpAZgd1Nz.x64.dll
281. BHO-{a7af3940-86de-444e-a1e5-9334e4e352c6} - c:program files (x86)PRRiCeMInus7GkjjERTBSgrBM.x64.dll
282. BHO-{edf30400-9d07-474a-a612-962a4722c8d3} - c:program files (x86)bestadblockerjth9IEwCpt4oCw.x64.dll
283. BHO-{f07fcc0a-3383-4593-a3d9-ba520a45ada9} - c:program files (x86)PricaeeMiNuus70YhETOKJyOy9J.x64.dll
284. AddRemove-Naruto Shippuden Ultimate Ninja Storm Revolution_is1 - d:lInternet ExplorerNaruto UltimateNew DirectoryNaruto Shippuden Ultimate Ninja Storm Revolutionunins000.exe
285. AddRemove-{06B99631-BFA2-3B7A-F58B-D067C2BA59B7} - c:program files (x86)PRRiCeMInus7GkjjERTBSgrBM.exe
286. AddRemove-{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f6d5a24} - c:progra~2LIGHTE~1LIGHTE~1.DLL
287. AddRemove-{4820778D-AB0D-6D18-C316-52A6A0E1D507} - c:program files (x86)bestadblockerjth9IEwCpt4oCw.exe
288. .
289. [HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesnpggsvc]
290. 'ImagePath'='c:windowssystem32GameMon.des -service'
291. [HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesX6va017]
292. 'ImagePath'='??c:windowsSysWOW64DriversX6va017'
293. --------------------- LOCKED REGISTRY KEYS ---------------------
294. [HKEY_USERSS-1-5-21-891726533-3861945677-857593788-1001_ClassesWow6432NodeCLSID{076c161d-d3c7-4c6c-8921-72eecd731844}]
295. @Allowed: (Read) (RestrictedCode)
296. 'Model'=dword:000000db
297. 'MData'=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
298. 38,95,44,0b,81,bc,f1,a7,e5,35,7d,35,09,65,22,c0,65,51,8a,3a,e8,6e,f5,db,c5,
299. [HKEY_USERSS-1-5-21-891726533-3861945677-857593788-1001_ClassesWow6432NodeCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
300. 'scansk'=hex(0):4b,15,eb,47,28,02,c0,1b,9e,41,46,68,71,13,2b,e5,4d,a0,2d,64,a7,
301. dc,bc,e2,b9,8a,69,8a,05,20,65,72,0d,cf,a3,3a,1b,48,83,c4,00,00,00,00,00,00,
302. [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
303. 'Solution'='{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}'
304. [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane3]
305. .
306. [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane30]
307. 'Location'='c:Program Files (x86)Common FilesMicrosoft SharedVSTOActionsPane3.xsd'
308. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4d36e96d-e325-11ce-bfc1-08002be10318}0001AllUserSettings]
309. @Denied: (A) (Everyone)
310. 'BlindDial'=dword:00000000
311. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4d36e96d-e325-11ce-bfc1-08002be10318}0002AllUserSettings]
312. @Denied: (A) (Everyone)
313. 'BlindDial'=dword:00000000
314. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4d36e96d-e325-11ce-bfc1-08002be10318}0003AllUserSettings]
315. @Denied: (A) (Everyone)
316. 'BlindDial'=dword:00000000
317. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4d36e96d-e325-11ce-bfc1-08002be10318}0004AllUserSettings]
318. @Denied: (A) (Everyone)
319. 'BlindDial'=dword:00000000
320. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4d36e96d-e325-11ce-bfc1-08002be10318}0005AllUserSettings]
321. @Denied: (A) (Everyone)
322. 'BlindDial'=dword:00000000
323. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4d36e96d-e325-11ce-bfc1-08002be10318}0006AllUserSettings]
324. @Denied: (A) (Everyone)
325. 'BlindDial'=dword:00000000
326. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4d36e96d-e325-11ce-bfc1-08002be10318}0008AllUserSettings]
327. @Denied: (A) (Everyone)
328. 'BlindDial'=dword:00000000
329. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4d36e96d-e325-11ce-bfc1-08002be10318}0009AllUserSettings]
330. @Denied: (A) (Everyone)
331. 'BlindDial'=dword:00000000
332. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4d36e96d-e325-11ce-bfc1-08002be10318}0010AllUserSettings]
333. @Denied: (A) (Everyone)
334. 'BlindDial'=dword:00000000
335. [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
336. @SACL=(02 0000)
337. ------------------------ Other Running Processes ------------------------
338. c:program files (x86)Common FilesAdobeARM1.0armsvc.exe
339. c:program files (x86)SmadavSMc:windowsSysWOW64rundll32.exe
340. c:program files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe
341. c:program files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
342. **************************************************************************
343. Completion time: 2015-05-14 09:39:50 - machine was rebooted
344. .
345. Post-Run: 83.522.633.728 bytes free
346. - - End Of File - - 86120B51244954B0D99C3DBBD82946D3

Killer Service V2

Jun 05, 2015  Sounds like you are describing Protexis Licensing Service. Ares.com musica gratis en espa. I must admit I've never experienced the 'takeover' you described though. You can disable it under Services and the display name is Corel License Validation Service V2, Powered by arvato.

Parchment Ordering Service V2.9

1. No EXECUTAR vc tem que procurar por COREL LICENSE VALIDATION SERVICE V2, POWERED BY ARVATO e. PROTEXIS LICENSING V2, procurar por COREL LICENSE VALIDATION.
2. If you are seeing Protexis Licensing V2 service, use the next guide. Raspberry Pi powered paper wallet printer for bitcoin cold storage. I had copied the file PSIKey-03000201.dll to all the Corel sub-folders and renamed it to. The following will work on 64 bit windows for PSPX4 as the location is the program files x86.