Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
egui.exe Script: Quarantine, Delete, Delete via BC, Terminate	3428			??	error getting file info Command line:
C:\Windows\explorer.exe Script: Quarantine, Delete, Delete via BC, Terminate	3064	Windows Explorer	© Microsoft Corporation. All rights reserved.	??	2803.00 kb, rsAh, created: 30.01.2010 18:03:38, modified: 31.10.2009 07:34:59 Command line:
LCDMon.exe Script: Quarantine, Delete, Delete via BC, Terminate	3596			??	error getting file info Command line:
LGDCore.exe Script: Quarantine, Delete, Delete via BC, Terminate	3372			??	error getting file info Command line:
LGDevAgt.exe Script: Quarantine, Delete, Delete via BC, Terminate	3476			??	error getting file info Command line:
LVPrcSrv.exe Script: Quarantine, Delete, Delete via BC, Terminate	1800			??	error getting file info Command line:
c:\program files (x86)\lexmark 3400 series\lxcymon.exe Script: Quarantine, Delete, Delete via BC, Terminate	3540	Device Monitor		??	284.66 kb, rsAh, created: 18.08.2010 11:57:09, modified: 01.05.2009 13:54:44 Command line: "C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe"
c:\program files (x86)\windows live\messenger\msnmsgr.exe Script: Quarantine, Delete, Delete via BC, Terminate	3608	Windows Live Messenger	© Microsoft Corporation. All rights reserved.	??	3792.83 kb, rsAh, created: 26.07.2009 16:44:34, modified: 26.07.2009 16:44:34 Command line: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
ndsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	1840			??	error getting file info Command line:
sidebar.exe Script: Quarantine, Delete, Delete via BC, Terminate	3676			??	error getting file info Command line:
TrustedInstaller.exe Script: Quarantine, Delete, Delete via BC, Terminate	1000			??	error getting file info Command line:
c:\windows\syswow64\winservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	1964		Copyright (C) 2007	??	176.00 kb, rsAh, created: 06.06.2010 22:03:23, modified: 17.07.2007 15:48:16 Command line: C:\Windows\SysWOW64\WinService.exe
WMPSideShowGadget.exe Script: Quarantine, Delete, Delete via BC, Terminate	3388			??	error getting file info Command line:
Detected:74, recognized as trusted 63

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files (x86)\Lexmark 3400 Series\lxcycfg.dll Script: Quarantine, Delete, Delete via BC	2228224	config	Copyright © 2003	--	3540
C:\Program Files (x86)\Lexmark 3400 Series\lxcycomc.dll Script: Quarantine, Delete, Delete via BC	1694498816	Printer Communication System		--	3540
C:\Program Files (x86)\Lexmark 3400 Series\lxcydrec.dll Script: Quarantine, Delete, Delete via BC	3407872	Data Recorder		--	3540
C:\Program Files (x86)\Lexmark 3400 Series\lxcymonr.dll Script: Quarantine, Delete, Delete via BC	2359296		Copyright © 2005	--	3540
C:\Program Files (x86)\Lexmark 3400 Series\lxcyscw.dll Script: Quarantine, Delete, Delete via BC	268435456			--	3540
C:\Program Files (x86)\Lexmark 3400 Series\lxcytsfw.dll Script: Quarantine, Delete, Delete via BC	3211264	Touchstone Framework		--	3540
C:\Program Files (x86)\Messenger Plus! Live\Detoured.dll Script: Quarantine, Delete, Delete via BC	251658240			--	3608
C:\Program Files (x86)\Messenger Plus! Live\MsgPlusLive.dll Script: Quarantine, Delete, Delete via BC	671088640	Messenger Plus! Live Add-On	Copyright (C) 2001-2010 Yuna Software	--	3608
C:\Program Files (x86)\Messenger Plus! Live\MsgPlusLiveRes.dll Script: Quarantine, Delete, Delete via BC	687865856	Messenger Plus! Live Resources	Copyright (C) 2001-2010 Yuna Software	--	3608
C:\Program Files (x86)\Windows Live\Messenger\MSIMG32.dll Script: Quarantine, Delete, Delete via BC	637534208	Loader for Messenger Plus! Live	Copyright (C) 2001-2010 Yuna Software	--	3608
Modules found:288, recognized as trusted 278

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\system32\drivers\cpuz132_x64.sys Script: Quarantine, Delete, Delete via BC	6DD7000	008000 (32768)	CPUID Driver	© Microsoft Corporation. All rights reserved.
C:\Windows\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, Delete via BC	5DB1000	009000 (36864)
C:\Windows\System32\Drivers\dump_dumpata.sys Script: Quarantine, Delete, Delete via BC	5DA5000	00C000 (49152)
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, Delete via BC	5DBA000	013000 (77824)
C:\Windows\system32\DRIVERS\eamon.sys Script: Quarantine, Delete, Delete via BC	2A36000	0C3000 (798720)	Amon monitor	Copyright (c) ESET 1992-2009. All rights reserved.
C:\Windows\system32\DRIVERS\ehdrv.sys Script: Quarantine, Delete, Delete via BC	2CCC000	023000 (143360)	ESET Helper driver	Copyright (c) ESET 1992-2009. All rights reserved.
C:\Windows\system32\DRIVERS\epfwwfpr.sys Script: Quarantine, Delete, Delete via BC	6DDF000	020000 (131072)	ESET Personal Firewall driver	Copyright (c) ESET 1992-2009. All rights reserved.
C:\Windows\system32\DRIVERS\lmimirr.sys Script: Quarantine, Delete, Delete via BC	4055000	007000 (28672)	LogMeIn Mirror Miniport Driver	Copyright © 2003-2007 LogMeIn, Inc. US patents pending.
C:\Windows\system32\drivers\LMIRfsDriver.sys Script: Quarantine, Delete, Delete via BC	6C07000	013000 (77824)	LogMeIn Rfs Drivemap Driver	Copyright © 2003-2008 LogMeIn, Inc. US patents pending.
C:\Windows\system32\drivers\mbam.sys Script: Quarantine, Delete, Delete via BC	73CD000	00A000 (40960)	Malwarebytes' Anti-Malware	© Malwarebytes Corporation. All rights reserved.
C:\Windows\System32\Drivers\PxHlpa64.sys Script: Quarantine, Delete, Delete via BC	E14000	00C000 (49152)	Px Engine Device Driver for 64-bit Windows	Copyright © Sonic Solutions
C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys Script: Quarantine, Delete, Delete via BC	6C00000	007000 (28672)	RemotelyAnywhere Kernel Information Provider	Copyright © 1998-2007 LogMeIn, Inc. All rights reserved.
C:\Windows\System32\Drivers\spht.sys Script: Quarantine, Delete, Delete via BC	10D1000	126000 (1204224)
C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys Script: Quarantine, Delete, Delete via BC	72AA000	00C000 (49152)	VMware Virtual Storage Volume Driver	Copyright © 1998-2009 VMware, Inc.
Modules found - 222, recognized as trusted - 208

Services

Service	Description	Status	File	Group	Dependencies
AMD External Events Utility Service: Stop, Delete, Disable, Delete via BC	AMD External Events Utility	Running	C:\Windows\system32\atiesrxx.exe Script: Quarantine, Delete, Delete via BC	Event log
KeyIso Service: Stop, Delete, Disable, Delete via BC	CNG Key Isolation	Running	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC		RpcSs
ndsvc Service: Stop, Delete, Disable, Delete via BC	NetDrive Service	Running	C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe Script: Quarantine, Delete, Delete via BC
SamSs Service: Stop, Delete, Disable, Delete via BC	Security Accounts Manager	Running	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC	MS_WindowsLocalValidation	RPCSS
SCM_Service Service: Stop, Delete, Disable, Delete via BC	SCM_Service	Running	C:\Windows\SysWOW64\WinService.exe Script: Quarantine, Delete, Delete via BC
Spooler Service: Stop, Delete, Disable, Delete via BC	Print Spooler	Running	C:\Windows\System32\spoolsv.exe Script: Quarantine, Delete, Delete via BC	SpoolerGroup	RPCSS
sppsvc Service: Stop, Delete, Disable, Delete via BC	Software Protection	Running	C:\Windows\system32\sppsvc.exe Script: Quarantine, Delete, Delete via BC		RpcSs
ALG Service: Stop, Delete, Disable, Delete via BC	Application Layer Gateway Service	Not started	C:\Windows\System32\alg.exe Script: Quarantine, Delete, Delete via BC
aspnet_state Service: Stop, Delete, Disable, Delete via BC	ASP.NET State Service	Not started	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe Script: Quarantine, Delete, Delete via BC
EFS Service: Stop, Delete, Disable, Delete via BC	Encrypting File System (EFS)	Not started	C:\Windows\System32\lsass.exe Script: Quarantine, Delete, Delete via BC		RPCSS
EhttpSrv Service: Stop, Delete, Disable, Delete via BC	ESET HTTP Server	Not started	C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe Script: Quarantine, Delete, Delete via BC
Fax Service: Stop, Delete, Disable, Delete via BC	Fax	Not started	C:\Windows\system32\fxssvc.exe Script: Quarantine, Delete, Delete via BC		TapiSrv
iPod Service Service: Stop, Delete, Disable, Delete via BC	iPod Service	Not started	C:\Program Files\iPod\bin\iPodService.exe Script: Quarantine, Delete, Delete via BC		RpcSs
LBTServ Service: Stop, Delete, Disable, Delete via BC	Logitech Bluetooth Service	Not started	C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe Script: Quarantine, Delete, Delete via BC	PlugPlay	PlugPlay
LMIMaint Service: Stop, Delete, Disable, Delete via BC	LogMeIn Maintenance Service	Not started	C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe Script: Quarantine, Delete, Delete via BC
LogMeIn Service: Stop, Delete, Disable, Delete via BC	LogMeIn	Not started	C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe Script: Quarantine, Delete, Delete via BC		Tcpip
lxcy_device Service: Stop, Delete, Disable, Delete via BC	lxcy_device	Not started	C:\Windows\system32\lxcycoms.exe Script: Quarantine, Delete, Delete via BC
MSDTC Service: Stop, Delete, Disable, Delete via BC	Distributed Transaction Coordinator	Not started	C:\Windows\System32\msdtc.exe Script: Quarantine, Delete, Delete via BC		RPCSS
Netlogon Service: Stop, Delete, Disable, Delete via BC	Netlogon	Not started	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC	MS_WindowsRemoteValidation	LanmanWorkstation
ProtectedStorage Service: Stop, Delete, Disable, Delete via BC	Protected Storage	Not started	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC		RpcSs
RpcLocator Service: Stop, Delete, Disable, Delete via BC	Remote Procedure Call (RPC) Locator	Not started	C:\Windows\system32\locator.exe Script: Quarantine, Delete, Delete via BC
SNMPTRAP Service: Stop, Delete, Disable, Delete via BC	SNMP Trap	Not started	C:\Windows\System32\snmptrap.exe Script: Quarantine, Delete, Delete via BC
TVersityMediaServer Service: Stop, Delete, Disable, Delete via BC	TVersityMediaServer	Not started	C:\Users\Tom\AppData\Local\TVersity\Media Server\MediaServer.exe Script: Quarantine, Delete, Delete via BC		Tcpip
UI0Detect Service: Stop, Delete, Disable, Delete via BC	Interactive Services Detection	Not started	C:\Windows\system32\UI0Detect.exe Script: Quarantine, Delete, Delete via BC
VaultSvc Service: Stop, Delete, Disable, Delete via BC	Credential Manager	Not started	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC		rpcss
vds Service: Stop, Delete, Disable, Delete via BC	Virtual Disk	Not started	C:\Windows\System32\vds.exe Script: Quarantine, Delete, Delete via BC		RpcSs
VSS Service: Stop, Delete, Disable, Delete via BC	Volume Shadow Copy	Not started	C:\Windows\system32\vssvc.exe Script: Quarantine, Delete, Delete via BC		RPCSS
WatAdminSvc Service: Stop, Delete, Disable, Delete via BC	Windows Activation Technologies Service	Not started	C:\Windows\system32\Wat\WatAdminSvc.exe Script: Quarantine, Delete, Delete via BC
wbengine Service: Stop, Delete, Disable, Delete via BC	Block Level Backup Engine Service	Not started	C:\Windows\system32\wbengine.exe Script: Quarantine, Delete, Delete via BC
wlcrasvc Service: Stop, Delete, Disable, Delete via BC	Live Mesh Remote Desktop	Not started	C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe Script: Quarantine, Delete, Delete via BC
wmiApSrv Service: Stop, Delete, Disable, Delete via BC	WMI Performance Adapter	Not started	C:\Windows\system32\wbem\WmiApSrv.exe Script: Quarantine, Delete, Delete via BC
Detected - 188, recognized as trusted - 157

Drivers

Service	Description	Status	File	Group	Dependencies
1394ohci Driver: Unload, Delete, Disable, Delete via BC	1394 OHCI Compliant Host Controller	Running	C:\Windows\system32\DRIVERS\1394ohci.sys Script: Quarantine, Delete, Delete via BC
ACPI Driver: Unload, Delete, Disable, Delete via BC	Microsoft ACPI Driver	Running	C:\Windows\system32\DRIVERS\ACPI.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
AFD Driver: Unload, Delete, Disable, Delete via BC	Ancillary Function Driver for Winsock	Running	C:\Windows\system32\drivers\afd.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
amdkmdag Driver: Unload, Delete, Disable, Delete via BC	amdkmdag	Running	C:\Windows\system32\DRIVERS\atipmdag.sys Script: Quarantine, Delete, Delete via BC	Video
amdkmdap Driver: Unload, Delete, Disable, Delete via BC	amdkmdap	Running	C:\Windows\system32\DRIVERS\atikmpag.sys Script: Quarantine, Delete, Delete via BC	Video
amdxata Driver: Unload, Delete, Disable, Delete via BC	amdxata	Running	C:\Windows\system32\DRIVERS\amdxata.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
atapi Driver: Unload, Delete, Disable, Delete via BC	IDE Channel	Running	C:\Windows\system32\DRIVERS\atapi.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
AtiHdmiService Driver: Unload, Delete, Disable, Delete via BC	ATI Function Driver for High Definition Audio Service	Running	C:\Windows\system32\drivers\AtiHdmi.sys Script: Quarantine, Delete, Delete via BC
Beep Driver: Unload, Delete, Disable, Delete via BC	Beep	Running	Beep.sys Script: Quarantine, Delete, Delete via BC	Base
blbdrive Driver: Unload, Delete, Disable, Delete via BC	blbdrive	Running	C:\Windows\system32\DRIVERS\blbdrive.sys Script: Quarantine, Delete, Delete via BC
bowser Driver: Unload, Delete, Disable, Delete via BC	Browser Support Driver	Running	C:\Windows\system32\DRIVERS\bowser.sys Script: Quarantine, Delete, Delete via BC	Network
cdrom Driver: Unload, Delete, Disable, Delete via BC	CD-ROM Driver	Running	C:\Windows\system32\DRIVERS\cdrom.sys Script: Quarantine, Delete, Delete via BC	SCSI CDROM Class
CLFS Driver: Unload, Delete, Disable, Delete via BC	Common Log (CLFS)	Running	C:\Windows\System32\CLFS.sys Script: Quarantine, Delete, Delete via BC	Filter
CNG Driver: Unload, Delete, Disable, Delete via BC	CNG	Running	C:\Windows\System32\Drivers\cng.sys Script: Quarantine, Delete, Delete via BC	Base
CompositeBus Driver: Unload, Delete, Disable, Delete via BC	Composite Bus Enumerator Driver	Running	C:\Windows\system32\DRIVERS\CompositeBus.sys Script: Quarantine, Delete, Delete via BC	Extended Base
cpuz132 Driver: Unload, Delete, Disable, Delete via BC	cpuz132	Running	C:\Windows\system32\drivers\cpuz132_x64.sys Script: Quarantine, Delete, Delete via BC
CSC Driver: Unload, Delete, Disable, Delete via BC	Offline Files Driver	Running	C:\Windows\system32\drivers\csc.sys Script: Quarantine, Delete, Delete via BC	network	rdbss
DfsC Driver: Unload, Delete, Disable, Delete via BC	DFS Namespace Client Driver	Running	C:\Windows\system32\Drivers\dfsc.sys Script: Quarantine, Delete, Delete via BC	Network	Mup
discache Driver: Unload, Delete, Disable, Delete via BC	System Attribute Cache	Running	C:\Windows\system32\drivers\discache.sys Script: Quarantine, Delete, Delete via BC
Disk Driver: Unload, Delete, Disable, Delete via BC	Disk Driver	Running	C:\Windows\system32\DRIVERS\disk.sys Script: Quarantine, Delete, Delete via BC
DXGKrnl Driver: Unload, Delete, Disable, Delete via BC	LDDM Graphics Subsystem	Running	C:\Windows\System32\drivers\dxgkrnl.sys Script: Quarantine, Delete, Delete via BC	Video Init
eamon Driver: Unload, Delete, Disable, Delete via BC	eamon	Running	C:\Windows\system32\DRIVERS\eamon.sys Script: Quarantine, Delete, Delete via BC	FSFilter Anti-Virus
ehdrv Driver: Unload, Delete, Disable, Delete via BC	ehdrv	Running	C:\Windows\system32\DRIVERS\ehdrv.sys Script: Quarantine, Delete, Delete via BC	Base
epfwwfpr Driver: Unload, Delete, Disable, Delete via BC	epfwwfpr	Running	C:\Windows\system32\DRIVERS\epfwwfpr.sys Script: Quarantine, Delete, Delete via BC
FileInfo Driver: Unload, Delete, Disable, Delete via BC	File Information FS MiniFilter	Running	C:\Windows\system32\drivers\fileinfo.sys Script: Quarantine, Delete, Delete via BC	FSFilter Bottom	fltmgr
FltMgr Driver: Unload, Delete, Disable, Delete via BC	FltMgr	Running	C:\Windows\system32\drivers\fltmgr.sys Script: Quarantine, Delete, Delete via BC	FSFilter Infrastructure
fvevol Driver: Unload, Delete, Disable, Delete via BC	Bitlocker Drive Encryption Filter Driver	Running	C:\Windows\System32\DRIVERS\fvevol.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
hcmon Driver: Unload, Delete, Disable, Delete via BC	VMware hcmon	Running	C:\Windows\system32\drivers\hcmon.sys Script: Quarantine, Delete, Delete via BC	Extended base
HdAudAddService Driver: Unload, Delete, Disable, Delete via BC	Microsoft 1.1 UAA Function Driver for High Definition Audio Service	Running	C:\Windows\system32\drivers\HdAudio.sys Script: Quarantine, Delete, Delete via BC
HDAudBus Driver: Unload, Delete, Disable, Delete via BC	Microsoft UAA Bus Driver for High Definition Audio	Running	C:\Windows\system32\DRIVERS\HDAudBus.sys Script: Quarantine, Delete, Delete via BC	Extended Base
HidUsb Driver: Unload, Delete, Disable, Delete via BC	Microsoft HID Class Driver	Running	C:\Windows\system32\DRIVERS\hidusb.sys Script: Quarantine, Delete, Delete via BC	extended base
HTTP Driver: Unload, Delete, Disable, Delete via BC	HTTP	Running	C:\Windows\system32\drivers\HTTP.sys Script: Quarantine, Delete, Delete via BC
hwpolicy Driver: Unload, Delete, Disable, Delete via BC	Hardware Policy Driver	Running	C:\Windows\System32\drivers\hwpolicy.sys Script: Quarantine, Delete, Delete via BC
intelppm Driver: Unload, Delete, Disable, Delete via BC	Intel Processor Driver	Running	C:\Windows\system32\DRIVERS\intelppm.sys Script: Quarantine, Delete, Delete via BC	Extended Base
kbdclass Driver: Unload, Delete, Disable, Delete via BC	Keyboard Class Driver	Running	C:\Windows\system32\DRIVERS\kbdclass.sys Script: Quarantine, Delete, Delete via BC	Keyboard Class
kbdhid Driver: Unload, Delete, Disable, Delete via BC	Keyboard HID Driver	Running	C:\Windows\system32\DRIVERS\kbdhid.sys Script: Quarantine, Delete, Delete via BC	Keyboard Port
KSecDD Driver: Unload, Delete, Disable, Delete via BC	KSecDD	Running	C:\Windows\System32\Drivers\ksecdd.sys Script: Quarantine, Delete, Delete via BC	Base
KSecPkg Driver: Unload, Delete, Disable, Delete via BC	KSecPkg	Running	C:\Windows\System32\Drivers\ksecpkg.sys Script: Quarantine, Delete, Delete via BC	Cryptography
ksthunk Driver: Unload, Delete, Disable, Delete via BC	Kernel Streaming Thunks	Running	C:\Windows\system32\drivers\ksthunk.sys Script: Quarantine, Delete, Delete via BC	PNP Filter
LGBusEnum Driver: Unload, Delete, Disable, Delete via BC	Logitech GamePanel Virtual Bus Enumerator Driver	Running	C:\Windows\system32\drivers\LGBusEnum.sys Script: Quarantine, Delete, Delete via BC	Extended Base
LGVirHid Driver: Unload, Delete, Disable, Delete via BC	Logitech Gamepanel Virtual HID Device Driver	Running	C:\Windows\system32\drivers\LGVirHid.sys Script: Quarantine, Delete, Delete via BC	Extended Base
LHidFilt Driver: Unload, Delete, Disable, Delete via BC	Logitech SetPoint KMDF HID Filter Driver	Running	C:\Windows\system32\DRIVERS\LHidFilt.Sys Script: Quarantine, Delete, Delete via BC	Pointer Port
lltdio Driver: Unload, Delete, Disable, Delete via BC	Link-Layer Topology Discovery Mapper I/O Driver	Running	C:\Windows\system32\DRIVERS\lltdio.sys Script: Quarantine, Delete, Delete via BC	NDIS
LMIInfo Driver: Unload, Delete, Disable, Delete via BC	LogMeIn Kernel Information Provider	Running	C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys Script: Quarantine, Delete, Delete via BC
lmimirr Driver: Unload, Delete, Disable, Delete via BC	lmimirr	Running	C:\Windows\system32\DRIVERS\lmimirr.sys Script: Quarantine, Delete, Delete via BC	Video
LMIRfsDriver Driver: Unload, Delete, Disable, Delete via BC	LogMeIn Remote File System Driver	Running	C:\Windows\system32\drivers\LMIRfsDriver.sys Script: Quarantine, Delete, Delete via BC
LMouFilt Driver: Unload, Delete, Disable, Delete via BC	Logitech SetPoint KMDF Mouse Filter Driver	Running	C:\Windows\system32\DRIVERS\LMouFilt.Sys Script: Quarantine, Delete, Delete via BC	Pointer Port
luafv Driver: Unload, Delete, Disable, Delete via BC	UAC File Virtualization	Running	C:\Windows\system32\drivers\luafv.sys Script: Quarantine, Delete, Delete via BC	FSFilter Virtualization	FltMgr
LUsbFilt Driver: Unload, Delete, Disable, Delete via BC	Logitech SetPoint KMDF USB Filter	Running	C:\Windows\system32\Drivers\LUsbFilt.Sys Script: Quarantine, Delete, Delete via BC	Extended Base
LVPr2M64 Driver: Unload, Delete, Disable, Delete via BC	Logitech LVPr2M64 Driver	Running	C:\Windows\system32\DRIVERS\LVPr2M64.sys Script: Quarantine, Delete, Delete via BC
ManyCam Driver: Unload, Delete, Disable, Delete via BC	ManyCam Virtual Webcam, WDM Video Capture Driver	Running	C:\Windows\system32\DRIVERS\ManyCam_x64.sys Script: Quarantine, Delete, Delete via BC
MBAMProtector Driver: Unload, Delete, Disable, Delete via BC	MBAMProtector	Running	C:\Windows\system32\drivers\mbam.sys Script: Quarantine, Delete, Delete via BC	FSFilter Anti-Virus	FltMgr
monitor Driver: Unload, Delete, Disable, Delete via BC	Microsoft Monitor Class Function Driver Service	Running	C:\Windows\system32\DRIVERS\monitor.sys Script: Quarantine, Delete, Delete via BC
mouclass Driver: Unload, Delete, Disable, Delete via BC	Mouse Class Driver	Running	C:\Windows\system32\DRIVERS\mouclass.sys Script: Quarantine, Delete, Delete via BC	Pointer Class
mouhid Driver: Unload, Delete, Disable, Delete via BC	Mouse HID Driver	Running	C:\Windows\system32\DRIVERS\mouhid.sys Script: Quarantine, Delete, Delete via BC	Pointer Port
mountmgr Driver: Unload, Delete, Disable, Delete via BC	Mount Point Manager	Running	C:\Windows\System32\drivers\mountmgr.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
mpsdrv Driver: Unload, Delete, Disable, Delete via BC	Windows Firewall Authorization Driver	Running	C:\Windows\system32\drivers\mpsdrv.sys Script: Quarantine, Delete, Delete via BC	network
mrxsmb Driver: Unload, Delete, Disable, Delete via BC	SMB MiniRedirector Wrapper and Engine	Running	C:\Windows\system32\DRIVERS\mrxsmb.sys Script: Quarantine, Delete, Delete via BC	Network	rdbss
mrxsmb10 Driver: Unload, Delete, Disable, Delete via BC	SMB 1.x MiniRedirector	Running	C:\Windows\system32\DRIVERS\mrxsmb10.sys Script: Quarantine, Delete, Delete via BC	Network	mrxsmb
mrxsmb20 Driver: Unload, Delete, Disable, Delete via BC	SMB 2.0 MiniRedirector	Running	C:\Windows\system32\DRIVERS\mrxsmb20.sys Script: Quarantine, Delete, Delete via BC	Network	mrxsmb
Msfs Driver: Unload, Delete, Disable, Delete via BC	Msfs	Running	Msfs.sys Script: Quarantine, Delete, Delete via BC	File system
msisadrv Driver: Unload, Delete, Disable, Delete via BC	msisadrv	Running	C:\Windows\system32\DRIVERS\msisadrv.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
mssmbios Driver: Unload, Delete, Disable, Delete via BC	Microsoft System Management BIOS Driver	Running	C:\Windows\system32\DRIVERS\mssmbios.sys Script: Quarantine, Delete, Delete via BC
Mup Driver: Unload, Delete, Disable, Delete via BC	Mup	Running	C:\Windows\System32\Drivers\mup.sys Script: Quarantine, Delete, Delete via BC	Network
NativeWifiP Driver: Unload, Delete, Disable, Delete via BC	NativeWiFi Filter	Running	C:\Windows\system32\DRIVERS\nwifi.sys Script: Quarantine, Delete, Delete via BC	NDIS
NDIS Driver: Unload, Delete, Disable, Delete via BC	NDIS System Driver	Running	C:\Windows\system32\drivers\ndis.sys Script: Quarantine, Delete, Delete via BC	NDIS Wrapper
NdisTapi Driver: Unload, Delete, Disable, Delete via BC	Remote Access NDIS TAPI Driver	Running	C:\Windows\system32\DRIVERS\ndistapi.sys Script: Quarantine, Delete, Delete via BC
Ndisuio Driver: Unload, Delete, Disable, Delete via BC	NDIS Usermode I/O Protocol	Running	C:\Windows\system32\DRIVERS\ndisuio.sys Script: Quarantine, Delete, Delete via BC	NDIS
NdisWan Driver: Unload, Delete, Disable, Delete via BC	Remote Access NDIS WAN Driver	Running	C:\Windows\system32\DRIVERS\ndiswan.sys Script: Quarantine, Delete, Delete via BC
NDProxy Driver: Unload, Delete, Disable, Delete via BC	NDIS Proxy	Running	NDProxy.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
NetBIOS Driver: Unload, Delete, Disable, Delete via BC	NetBIOS Interface	Running	C:\Windows\system32\DRIVERS\netbios.sys Script: Quarantine, Delete, Delete via BC	NetBIOSGroup
NetBT Driver: Unload, Delete, Disable, Delete via BC	NetBT	Running	C:\Windows\system32\DRIVERS\netbt.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tdx
NPF Driver: Unload, Delete, Disable, Delete via BC	NetGroup Packet Filter Driver	Running	C:\Windows\system32\drivers\npf.sys Script: Quarantine, Delete, Delete via BC
Npfs Driver: Unload, Delete, Disable, Delete via BC	Npfs	Running	Npfs.sys Script: Quarantine, Delete, Delete via BC	File system
nsiproxy Driver: Unload, Delete, Disable, Delete via BC	NSI proxy service driver.	Running	C:\Windows\system32\drivers\nsiproxy.sys Script: Quarantine, Delete, Delete via BC
Ntfs Driver: Unload, Delete, Disable, Delete via BC	Ntfs	Running	Ntfs.sys Script: Quarantine, Delete, Delete via BC	Boot File System
Null Driver: Unload, Delete, Disable, Delete via BC	Null	Running	Null.sys Script: Quarantine, Delete, Delete via BC	Base
partmgr Driver: Unload, Delete, Disable, Delete via BC	Partition Manager	Running	C:\Windows\System32\drivers\partmgr.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
pci Driver: Unload, Delete, Disable, Delete via BC	PCI Bus Driver	Running	C:\Windows\system32\DRIVERS\pci.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
pciide Driver: Unload, Delete, Disable, Delete via BC	pciide	Running	C:\Windows\system32\DRIVERS\pciide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
pcw Driver: Unload, Delete, Disable, Delete via BC	Performance Counters for Windows Driver	Running	C:\Windows\System32\drivers\pcw.sys Script: Quarantine, Delete, Delete via BC	Base
PEAUTH Driver: Unload, Delete, Disable, Delete via BC	PEAUTH	Running	C:\Windows\system32\drivers\peauth.sys Script: Quarantine, Delete, Delete via BC
PptpMiniport Driver: Unload, Delete, Disable, Delete via BC	WAN Miniport (PPTP)	Running	C:\Windows\system32\DRIVERS\raspptp.sys Script: Quarantine, Delete, Delete via BC
Psched Driver: Unload, Delete, Disable, Delete via BC	QoS Packet Scheduler	Running	C:\Windows\system32\DRIVERS\pacer.sys Script: Quarantine, Delete, Delete via BC	NDIS
PxHlpa64 Driver: Unload, Delete, Disable, Delete via BC	PxHlpa64	Running	C:\Windows\System32\Drivers\PxHlpa64.sys Script: Quarantine, Delete, Delete via BC	Filter
RasAgileVpn Driver: Unload, Delete, Disable, Delete via BC	WAN Miniport (IKEv2)	Running	C:\Windows\system32\DRIVERS\AgileVpn.sys Script: Quarantine, Delete, Delete via BC
Rasl2tp Driver: Unload, Delete, Disable, Delete via BC	WAN Miniport (L2TP)	Running	C:\Windows\system32\DRIVERS\rasl2tp.sys Script: Quarantine, Delete, Delete via BC
RasPppoe Driver: Unload, Delete, Disable, Delete via BC	Remote Access PPPOE Driver	Running	C:\Windows\system32\DRIVERS\raspppoe.sys Script: Quarantine, Delete, Delete via BC
RasSstp Driver: Unload, Delete, Disable, Delete via BC	WAN Miniport (SSTP)	Running	C:\Windows\system32\DRIVERS\rassstp.sys Script: Quarantine, Delete, Delete via BC
rdbss Driver: Unload, Delete, Disable, Delete via BC	Redirected Buffering Sub Sysytem	Running	C:\Windows\system32\DRIVERS\rdbss.sys Script: Quarantine, Delete, Delete via BC	Network	Mup
rdpbus Driver: Unload, Delete, Disable, Delete via BC	Remote Desktop Device Redirector Bus Driver	Running	C:\Windows\system32\DRIVERS\rdpbus.sys Script: Quarantine, Delete, Delete via BC
RDPCDD Driver: Unload, Delete, Disable, Delete via BC	RDPCDD	Running	C:\Windows\system32\DRIVERS\RDPCDD.sys Script: Quarantine, Delete, Delete via BC	Video Save
RDPDISPM Driver: Unload, Delete, Disable, Delete via BC	RDPDISPM	Running	C:\Windows\system32\DRIVERS\rdpdispm.sys Script: Quarantine, Delete, Delete via BC	Video
RDPENCDD Driver: Unload, Delete, Disable, Delete via BC	RDP Encoder Mirror Driver	Running	C:\Windows\system32\drivers\rdpencdd.sys Script: Quarantine, Delete, Delete via BC	Video Save
RDPREFMP Driver: Unload, Delete, Disable, Delete via BC	Reflector Display Driver used to gain access to graphics data	Running	C:\Windows\system32\drivers\rdprefmp.sys Script: Quarantine, Delete, Delete via BC	Video Save
rdyboost Driver: Unload, Delete, Disable, Delete via BC	ReadyBoost	Running	C:\Windows\System32\drivers\rdyboost.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
rspndr Driver: Unload, Delete, Disable, Delete via BC	Link-Layer Topology Discovery Responder	Running	C:\Windows\system32\DRIVERS\rspndr.sys Script: Quarantine, Delete, Delete via BC	NDIS
RTL8167 Driver: Unload, Delete, Disable, Delete via BC	Realtek 8167 NT Driver	Running	C:\Windows\system32\DRIVERS\Rt64win7.sys Script: Quarantine, Delete, Delete via BC	NDIS
SCMNdisP Driver: Unload, Delete, Disable, Delete via BC	General NDIS Protocol Driver	Running	C:\Windows\system32\DRIVERS\scmndisp.sys Script: Quarantine, Delete, Delete via BC	NDIS
secdrv Driver: Unload, Delete, Disable, Delete via BC	Security Driver	Running	secdrv.sys Script: Quarantine, Delete, Delete via BC
Serenum Driver: Unload, Delete, Disable, Delete via BC	Serenum Filter Driver	Running	C:\Windows\system32\DRIVERS\serenum.sys Script: Quarantine, Delete, Delete via BC	PNP Filter
Serial Driver: Unload, Delete, Disable, Delete via BC	Serial port driver	Running	C:\Windows\system32\DRIVERS\serial.sys Script: Quarantine, Delete, Delete via BC	Extended base
spldr Driver: Unload, Delete, Disable, Delete via BC	Security Processor Loader Driver	Running	spldr.sys Script: Quarantine, Delete, Delete via BC
sptd Driver: Unload, Delete, Disable, Delete via BC	sptd	Running	C:\Windows\System32\Drivers\sptd.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
srv Driver: Unload, Delete, Disable, Delete via BC	Server SMB 1.xxx Driver	Running	C:\Windows\system32\DRIVERS\srv.sys Script: Quarantine, Delete, Delete via BC	Network	srv2
srv2 Driver: Unload, Delete, Disable, Delete via BC	Server SMB 2.xxx Driver	Running	C:\Windows\system32\DRIVERS\srv2.sys Script: Quarantine, Delete, Delete via BC	Network	srvnet
srvnet Driver: Unload, Delete, Disable, Delete via BC	srvnet	Running	C:\Windows\system32\DRIVERS\srvnet.sys Script: Quarantine, Delete, Delete via BC	Network
storflt Driver: Unload, Delete, Disable, Delete via BC	Disk Virtual Machine Bus Acceleration Filter Driver	Running	C:\Windows\system32\DRIVERS\vmstorfl.sys Script: Quarantine, Delete, Delete via BC	Extended Base
swenum Driver: Unload, Delete, Disable, Delete via BC	Software Bus Driver	Running	C:\Windows\system32\DRIVERS\swenum.sys Script: Quarantine, Delete, Delete via BC
tap0901 Driver: Unload, Delete, Disable, Delete via BC	TAP-Win32 Adapter V9	Running	C:\Windows\system32\DRIVERS\tap0901.sys Script: Quarantine, Delete, Delete via BC	NDIS
Tcpip Driver: Unload, Delete, Disable, Delete via BC	TCP/IP Protocol Driver	Running	C:\Windows\System32\drivers\tcpip.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
tcpipreg Driver: Unload, Delete, Disable, Delete via BC	TCP/IP Registry Compatibility	Running	C:\Windows\system32\drivers\tcpipreg.sys Script: Quarantine, Delete, Delete via BC		tcpip
tdx Driver: Unload, Delete, Disable, Delete via BC	NetIO Legacy TDI Support Driver	Running	C:\Windows\system32\DRIVERS\tdx.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tcpip
teamviewervpn Driver: Unload, Delete, Disable, Delete via BC	TeamViewer VPN Adapter	Running	C:\Windows\system32\DRIVERS\teamviewervpn.sys Script: Quarantine, Delete, Delete via BC	NDIS
TermDD Driver: Unload, Delete, Disable, Delete via BC	Terminal Device Driver	Running	C:\Windows\system32\DRIVERS\termdd.sys Script: Quarantine, Delete, Delete via BC
tunnel Driver: Unload, Delete, Disable, Delete via BC	Microsoft Tunnel Miniport Adapter Driver	Running	C:\Windows\system32\DRIVERS\tunnel.sys Script: Quarantine, Delete, Delete via BC	NDIS
umbus Driver: Unload, Delete, Disable, Delete via BC	UMBus Enumerator Driver	Running	C:\Windows\system32\DRIVERS\umbus.sys Script: Quarantine, Delete, Delete via BC	Extended Base
usbccgp Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB Generic Parent Driver	Running	C:\Windows\system32\DRIVERS\usbccgp.sys Script: Quarantine, Delete, Delete via BC	Base
usbehci Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB 2.0 Enhanced Host Controller Miniport Driver	Running	C:\Windows\system32\DRIVERS\usbehci.sys Script: Quarantine, Delete, Delete via BC	Base
usbhub Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB Standard Hub Driver	Running	C:\Windows\system32\DRIVERS\usbhub.sys Script: Quarantine, Delete, Delete via BC	Base
usbuhci Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB Universal Host Controller Miniport Driver	Running	C:\Windows\system32\DRIVERS\usbuhci.sys Script: Quarantine, Delete, Delete via BC	Base
vdrvroot Driver: Unload, Delete, Disable, Delete via BC	Microsoft Virtual Drive Enumerator Driver	Running	C:\Windows\system32\DRIVERS\vdrvroot.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
VgaSave Driver: Unload, Delete, Disable, Delete via BC	VgaSave	Running	C:\Windows\System32\drivers\vga.sys Script: Quarantine, Delete, Delete via BC	Video Save
vmci Driver: Unload, Delete, Disable, Delete via BC	VMware vmci	Running	C:\Windows\system32\drivers\vmci.sys Script: Quarantine, Delete, Delete via BC	Extended base
vmkbd Driver: Unload, Delete, Disable, Delete via BC	VMware kbd	Running	C:\Windows\system32\drivers\VMkbd.sys Script: Quarantine, Delete, Delete via BC	Keyboard Port
VMnetAdapter Driver: Unload, Delete, Disable, Delete via BC	VMware Virtual Ethernet Adapter Driver	Running	C:\Windows\system32\DRIVERS\vmnetadapter.sys Script: Quarantine, Delete, Delete via BC	NDIS
VMnetBridge Driver: Unload, Delete, Disable, Delete via BC	VMware Bridge Protocol	Running	C:\Windows\system32\DRIVERS\vmnetbridge.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
VMnetuserif Driver: Unload, Delete, Disable, Delete via BC	VMware Network Application Interface	Running	C:\Windows\system32\drivers\vmnetuserif.sys Script: Quarantine, Delete, Delete via BC
vmx86 Driver: Unload, Delete, Disable, Delete via BC	VMware vmx86	Running	C:\Windows\system32\drivers\vmx86.sys Script: Quarantine, Delete, Delete via BC	Extended base
volmgr Driver: Unload, Delete, Disable, Delete via BC	Volume Manager Driver	Running	C:\Windows\system32\DRIVERS\volmgr.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
volmgrx Driver: Unload, Delete, Disable, Delete via BC	Dynamic Volume Manager	Running	C:\Windows\System32\drivers\volmgrx.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
volsnap Driver: Unload, Delete, Disable, Delete via BC	Storage volumes	Running	C:\Windows\system32\DRIVERS\volsnap.sys Script: Quarantine, Delete, Delete via BC
vstor2-mntapi10 Driver: Unload, Delete, Disable, Delete via BC	Vstor2 MntApi 1.0 Driver	Running	C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vstor2-mntapi10.sys Script: Quarantine, Delete, Delete via BC
Wanarpv6 Driver: Unload, Delete, Disable, Delete via BC	Remote Access IPv6 ARP Driver	Running	C:\Windows\system32\DRIVERS\wanarp.sys Script: Quarantine, Delete, Delete via BC
Wdf01000 Driver: Unload, Delete, Disable, Delete via BC	Kernel Mode Driver Frameworks service	Running	C:\Windows\system32\drivers\Wdf01000.sys Script: Quarantine, Delete, Delete via BC	WdfLoadGroup
WfpLwf Driver: Unload, Delete, Disable, Delete via BC	WFP Lightweight Filter	Running	C:\Windows\system32\DRIVERS\wfplwf.sys Script: Quarantine, Delete, Delete via BC	NDIS
ws2ifsl Driver: Unload, Delete, Disable, Delete via BC	Windows Socket 2.0 Non-IFS Service Provider Support Environment	Running	C:\Windows\system32\drivers\ws2ifsl.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
WudfPf Driver: Unload, Delete, Disable, Delete via BC	User Mode Driver Frameworks Platform Driver	Running	C:\Windows\system32\drivers\WudfPf.sys Script: Quarantine, Delete, Delete via BC	base
AcpiPmi Driver: Unload, Delete, Disable, Delete via BC	ACPI Power Meter Driver	Not started	C:\Windows\system32\DRIVERS\acpipmi.sys Script: Quarantine, Delete, Delete via BC
adp94xx Driver: Unload, Delete, Disable, Delete via BC	adp94xx	Not started	C:\Windows\system32\DRIVERS\adp94xx.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
adpahci Driver: Unload, Delete, Disable, Delete via BC	adpahci	Not started	C:\Windows\system32\DRIVERS\adpahci.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
adpu320 Driver: Unload, Delete, Disable, Delete via BC	adpu320	Not started	C:\Windows\system32\DRIVERS\adpu320.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
agp440 Driver: Unload, Delete, Disable, Delete via BC	Intel AGP Bus Filter	Not started	C:\Windows\system32\DRIVERS\agp440.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
aliide Driver: Unload, Delete, Disable, Delete via BC	aliide	Not started	C:\Windows\system32\DRIVERS\aliide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
ALSysIO Driver: Unload, Delete, Disable, Delete via BC	ALSysIO	Not started	C:\Users\Tom\AppData\Local\Temp\ALSysIO64.sys Script: Quarantine, Delete, Delete via BC
amdide Driver: Unload, Delete, Disable, Delete via BC	amdide	Not started	C:\Windows\system32\DRIVERS\amdide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
AmdK8 Driver: Unload, Delete, Disable, Delete via BC	AMD K8 Processor Driver	Not started	C:\Windows\system32\DRIVERS\amdk8.sys Script: Quarantine, Delete, Delete via BC	Extended Base
AmdPPM Driver: Unload, Delete, Disable, Delete via BC	AMD Processor Driver	Not started	C:\Windows\system32\DRIVERS\amdppm.sys Script: Quarantine, Delete, Delete via BC	Extended Base
amdsata Driver: Unload, Delete, Disable, Delete via BC	amdsata	Not started	C:\Windows\system32\DRIVERS\amdsata.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
amdsbs Driver: Unload, Delete, Disable, Delete via BC	amdsbs	Not started	C:\Windows\system32\DRIVERS\amdsbs.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
AppID Driver: Unload, Delete, Disable, Delete via BC	AppID Driver	Not started	C:\Windows\system32\drivers\appid.sys Script: Quarantine, Delete, Delete via BC		FltMgr
arc Driver: Unload, Delete, Disable, Delete via BC	arc	Not started	C:\Windows\system32\DRIVERS\arc.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
arcsas Driver: Unload, Delete, Disable, Delete via BC	arcsas	Not started	C:\Windows\system32\DRIVERS\arcsas.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AsyncMac Driver: Unload, Delete, Disable, Delete via BC	RAS Asynchronous Media Driver	Not started	C:\Windows\system32\DRIVERS\asyncmac.sys Script: Quarantine, Delete, Delete via BC
b06bdrv Driver: Unload, Delete, Disable, Delete via BC	Broadcom NetXtreme II VBD	Not started	C:\Windows\system32\DRIVERS\bxvbda.sys Script: Quarantine, Delete, Delete via BC	base
b57nd60a Driver: Unload, Delete, Disable, Delete via BC	Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0	Not started	C:\Windows\system32\DRIVERS\b57nd60a.sys Script: Quarantine, Delete, Delete via BC	NDIS
bmdrvr Driver: Unload, Delete, Disable, Delete via BC	Modified Clusters Tracking Driver	Not started	C:\Windows\SysWOW64\drivers\bmdrvr.sys Script: Quarantine, Delete, Delete via BC
BrFiltLo Driver: Unload, Delete, Disable, Delete via BC	Brother USB Mass-Storage Lower Filter Driver	Not started	C:\Windows\system32\DRIVERS\BrFiltLo.sys Script: Quarantine, Delete, Delete via BC	extended base
BrFiltUp Driver: Unload, Delete, Disable, Delete via BC	Brother USB Mass-Storage Upper Filter Driver	Not started	C:\Windows\system32\DRIVERS\BrFiltUp.sys Script: Quarantine, Delete, Delete via BC	extended base
Brserid Driver: Unload, Delete, Disable, Delete via BC	Brother MFC Serial Port Interface Driver (WDM)	Not started	C:\Windows\System32\Drivers\Brserid.sys Script: Quarantine, Delete, Delete via BC
BrSerWdm Driver: Unload, Delete, Disable, Delete via BC	Brother WDM Serial driver	Not started	C:\Windows\System32\Drivers\BrSerWdm.sys Script: Quarantine, Delete, Delete via BC
BrUsbMdm Driver: Unload, Delete, Disable, Delete via BC	Brother MFC USB Fax Only Modem	Not started	C:\Windows\System32\Drivers\BrUsbMdm.sys Script: Quarantine, Delete, Delete via BC
BrUsbSer Driver: Unload, Delete, Disable, Delete via BC	Brother MFC USB Serial WDM Driver	Not started	C:\Windows\System32\Drivers\BrUsbSer.sys Script: Quarantine, Delete, Delete via BC
BTHMODEM Driver: Unload, Delete, Disable, Delete via BC	Bluetooth Serial Communications Driver	Not started	C:\Windows\system32\DRIVERS\bthmodem.sys Script: Quarantine, Delete, Delete via BC
cdfs Driver: Unload, Delete, Disable, Delete via BC	CD/DVD File System Reader	Not started	C:\Windows\system32\DRIVERS\cdfs.sys Script: Quarantine, Delete, Delete via BC	Boot File System	+SCSI CDROM Class
circlass Driver: Unload, Delete, Disable, Delete via BC	Consumer IR Devices	Not started	C:\Windows\system32\DRIVERS\circlass.sys Script: Quarantine, Delete, Delete via BC	Extended Base
CmBatt Driver: Unload, Delete, Disable, Delete via BC	Microsoft ACPI Control Method Battery Driver	Not started	C:\Windows\system32\DRIVERS\CmBatt.sys Script: Quarantine, Delete, Delete via BC
cmdide Driver: Unload, Delete, Disable, Delete via BC	cmdide	Not started	C:\Windows\system32\DRIVERS\cmdide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
Compbatt Driver: Unload, Delete, Disable, Delete via BC	Compbatt	Not started	C:\Windows\system32\DRIVERS\compbatt.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
cpuz131 Driver: Unload, Delete, Disable, Delete via BC	cpuz131	Not started	C:\Users\Tom\AppData\Local\Temp\cpuz131\cpuz_x64.sys Script: Quarantine, Delete, Delete via BC
crcdisk Driver: Unload, Delete, Disable, Delete via BC	Crcdisk Filter Driver	Not started	C:\Windows\system32\DRIVERS\crcdisk.sys Script: Quarantine, Delete, Delete via BC	Pnp Filter
drmkaud Driver: Unload, Delete, Disable, Delete via BC	Microsoft Trusted Audio Drivers	Not started	C:\Windows\system32\drivers\drmkaud.sys Script: Quarantine, Delete, Delete via BC
ebdrv Driver: Unload, Delete, Disable, Delete via BC	Broadcom NetXtreme II 10 GigE VBD	Not started	C:\Windows\system32\DRIVERS\evbda.sys Script: Quarantine, Delete, Delete via BC	base
elxstor Driver: Unload, Delete, Disable, Delete via BC	elxstor	Not started	C:\Windows\system32\DRIVERS\elxstor.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
ErrDev Driver: Unload, Delete, Disable, Delete via BC	Microsoft Hardware Error Device Driver	Not started	C:\Windows\system32\DRIVERS\errdev.sys Script: Quarantine, Delete, Delete via BC	Extended Base
exfat Driver: Unload, Delete, Disable, Delete via BC	exFAT File System Driver	Not started	exfat.sys Script: Quarantine, Delete, Delete via BC	Boot File System
fastfat Driver: Unload, Delete, Disable, Delete via BC	FAT12/16/32 File System Driver	Not started	fastfat.sys Script: Quarantine, Delete, Delete via BC	Boot File System
fdc Driver: Unload, Delete, Disable, Delete via BC	Floppy Disk Controller Driver	Not started	C:\Windows\system32\DRIVERS\fdc.sys Script: Quarantine, Delete, Delete via BC
Filetrace Driver: Unload, Delete, Disable, Delete via BC	Filetrace	Not started	C:\Windows\system32\drivers\filetrace.sys Script: Quarantine, Delete, Delete via BC	FSFilter Activity Monitor	FltMgr
flpydisk Driver: Unload, Delete, Disable, Delete via BC	Floppy Disk Driver	Not started	C:\Windows\system32\DRIVERS\flpydisk.sys Script: Quarantine, Delete, Delete via BC
FsDepends Driver: Unload, Delete, Disable, Delete via BC	File System Dependency Minifilter	Not started	C:\Windows\system32\drivers\FsDepends.sys Script: Quarantine, Delete, Delete via BC	Filter	fltmgr
gagp30kx Driver: Unload, Delete, Disable, Delete via BC	Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms	Not started	C:\Windows\system32\DRIVERS\gagp30kx.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
hcw85cir Driver: Unload, Delete, Disable, Delete via BC	Hauppauge Consumer Infrared Receiver	Not started	C:\Windows\system32\drivers\hcw85cir.sys Script: Quarantine, Delete, Delete via BC	Extended Base
HidBatt Driver: Unload, Delete, Disable, Delete via BC	HID UPS Battery Driver	Not started	C:\Windows\system32\DRIVERS\HidBatt.sys Script: Quarantine, Delete, Delete via BC
HidBth Driver: Unload, Delete, Disable, Delete via BC	Microsoft Bluetooth HID Miniport	Not started	C:\Windows\system32\DRIVERS\hidbth.sys Script: Quarantine, Delete, Delete via BC	extended base
HidIr Driver: Unload, Delete, Disable, Delete via BC	Microsoft Infrared HID Driver	Not started	C:\Windows\system32\DRIVERS\hidir.sys Script: Quarantine, Delete, Delete via BC	extended base
HpSAMD Driver: Unload, Delete, Disable, Delete via BC	HpSAMD	Not started	C:\Windows\system32\DRIVERS\HpSAMD.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
i8042prt Driver: Unload, Delete, Disable, Delete via BC	i8042 Keyboard and PS/2 Mouse Port Driver	Not started	C:\Windows\system32\DRIVERS\i8042prt.sys Script: Quarantine, Delete, Delete via BC	Keyboard Port
iaStorV Driver: Unload, Delete, Disable, Delete via BC	iaStorV	Not started	C:\Windows\system32\DRIVERS\iaStorV.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
iirsp Driver: Unload, Delete, Disable, Delete via BC	iirsp	Not started	C:\Windows\system32\DRIVERS\iirsp.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
intelide Driver: Unload, Delete, Disable, Delete via BC	intelide	Not started	C:\Windows\system32\DRIVERS\intelide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
IpFilterDriver Driver: Unload, Delete, Disable, Delete via BC	IP Traffic Filter Driver	Not started	C:\Windows\system32\DRIVERS\ipfltdrv.sys Script: Quarantine, Delete, Delete via BC		Tcpip
IPMIDRV Driver: Unload, Delete, Disable, Delete via BC	IPMIDRV	Not started	C:\Windows\system32\DRIVERS\IPMIDrv.sys Script: Quarantine, Delete, Delete via BC
IPNAT Driver: Unload, Delete, Disable, Delete via BC	IP Network Address Translator	Not started	C:\Windows\system32\drivers\ipnat.sys Script: Quarantine, Delete, Delete via BC		Tcpip
IRENUM Driver: Unload, Delete, Disable, Delete via BC	IR Bus Enumerator	Not started	C:\Windows\system32\drivers\irenum.sys Script: Quarantine, Delete, Delete via BC
isapnp Driver: Unload, Delete, Disable, Delete via BC	isapnp	Not started	C:\Windows\system32\DRIVERS\isapnp.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
iScsiPrt Driver: Unload, Delete, Disable, Delete via BC	iScsiPort Driver	Not started	C:\Windows\system32\DRIVERS\msiscsi.sys Script: Quarantine, Delete, Delete via BC
L8042mou Driver: Unload, Delete, Disable, Delete via BC	SetPoint PS/2 Mouse Filter Driver	Not started	C:\Windows\system32\DRIVERS\L8042mou.Sys Script: Quarantine, Delete, Delete via BC	Pointer Port
LMIRfsClientNP Driver: Unload, Delete, Disable, Delete via BC	LMIRfsClientNP	Not started	LMIRfsClientNP.sys Script: Quarantine, Delete, Delete via BC	NetworkProvider
LMouKE Driver: Unload, Delete, Disable, Delete via BC	SetPoint Mouse Filter Driver	Not started	C:\Windows\system32\DRIVERS\LMouKE.Sys Script: Quarantine, Delete, Delete via BC	Pointer Port
LSI_FC Driver: Unload, Delete, Disable, Delete via BC	LSI_FC	Not started	C:\Windows\system32\DRIVERS\lsi_fc.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
LSI_SAS Driver: Unload, Delete, Disable, Delete via BC	LSI_SAS	Not started	C:\Windows\system32\DRIVERS\lsi_sas.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
LSI_SAS2 Driver: Unload, Delete, Disable, Delete via BC	LSI_SAS2	Not started	C:\Windows\system32\DRIVERS\lsi_sas2.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
LSI_SCSI Driver: Unload, Delete, Disable, Delete via BC	LSI_SCSI	Not started	C:\Windows\system32\DRIVERS\lsi_scsi.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
LVPr2Mon Driver: Unload, Delete, Disable, Delete via BC	LVPr2M64 Driver	Not started	C:\Windows\system32\DRIVERS\LVPr2M64.sys Script: Quarantine, Delete, Delete via BC
LVUSBS64 Driver: Unload, Delete, Disable, Delete via BC	Logitech USB Monitor Filter	Not started	C:\Windows\system32\DRIVERS\LVUSBS64.sys Script: Quarantine, Delete, Delete via BC
megasas Driver: Unload, Delete, Disable, Delete via BC	megasas	Not started	C:\Windows\system32\DRIVERS\megasas.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
MegaSR Driver: Unload, Delete, Disable, Delete via BC	MegaSR	Not started	C:\Windows\system32\DRIVERS\MegaSR.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
Modem Driver: Unload, Delete, Disable, Delete via BC	Modem	Not started	C:\Windows\system32\drivers\modem.sys Script: Quarantine, Delete, Delete via BC	Extended base
mpio Driver: Unload, Delete, Disable, Delete via BC	mpio	Not started	C:\Windows\system32\DRIVERS\mpio.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
MRxDAV Driver: Unload, Delete, Disable, Delete via BC	WebDav Client Redirector Driver	Not started	C:\Windows\system32\drivers\mrxdav.sys Script: Quarantine, Delete, Delete via BC		rdbss
msahci Driver: Unload, Delete, Disable, Delete via BC	msahci	Not started	C:\Windows\system32\DRIVERS\msahci.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
msdsm Driver: Unload, Delete, Disable, Delete via BC	msdsm	Not started	C:\Windows\system32\DRIVERS\msdsm.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
mshidkmdf Driver: Unload, Delete, Disable, Delete via BC	Pass-through HID to KMDF Filter Driver	Not started	C:\Windows\System32\drivers\mshidkmdf.sys Script: Quarantine, Delete, Delete via BC	Base
MSKSSRV Driver: Unload, Delete, Disable, Delete via BC	Microsoft Streaming Service Proxy	Not started	C:\Windows\system32\drivers\MSKSSRV.sys Script: Quarantine, Delete, Delete via BC	Extended Base
MSPCLOCK Driver: Unload, Delete, Disable, Delete via BC	Microsoft Streaming Clock Proxy	Not started	C:\Windows\system32\drivers\MSPCLOCK.sys Script: Quarantine, Delete, Delete via BC	Extended Base
MSPQM Driver: Unload, Delete, Disable, Delete via BC	Microsoft Streaming Quality Manager Proxy	Not started	C:\Windows\system32\drivers\MSPQM.sys Script: Quarantine, Delete, Delete via BC	Extended Base
MsRPC Driver: Unload, Delete, Disable, Delete via BC	MsRPC	Not started	MsRPC.sys Script: Quarantine, Delete, Delete via BC
MSTEE Driver: Unload, Delete, Disable, Delete via BC	Microsoft Streaming Tee/Sink-to-Sink Converter	Not started	C:\Windows\system32\drivers\MSTEE.sys Script: Quarantine, Delete, Delete via BC	Extended Base
MTConfig Driver: Unload, Delete, Disable, Delete via BC	Microsoft Input Configuration Driver	Not started	C:\Windows\system32\DRIVERS\MTConfig.sys Script: Quarantine, Delete, Delete via BC	Extended Base
mv2 Driver: Unload, Delete, Disable, Delete via BC	mv2	Not started	C:\Windows\system32\DRIVERS\mv2.sys Script: Quarantine, Delete, Delete via BC	Video
NdisCap Driver: Unload, Delete, Disable, Delete via BC	NDIS Capture LightWeight Filter	Not started	C:\Windows\system32\DRIVERS\ndiscap.sys Script: Quarantine, Delete, Delete via BC	NDIS
nfrd960 Driver: Unload, Delete, Disable, Delete via BC	nfrd960	Not started	C:\Windows\system32\DRIVERS\nfrd960.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
nv_agp Driver: Unload, Delete, Disable, Delete via BC	NVIDIA nForce AGP Bus Filter	Not started	C:\Windows\system32\DRIVERS\nv_agp.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
nvraid Driver: Unload, Delete, Disable, Delete via BC	nvraid	Not started	C:\Windows\system32\DRIVERS\nvraid.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
nvstor Driver: Unload, Delete, Disable, Delete via BC	nvstor	Not started	C:\Windows\system32\DRIVERS\nvstor.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
ohci1394 Driver: Unload, Delete, Disable, Delete via BC	1394 OHCI Compliant Host Controller (Legacy)	Not started	C:\Windows\system32\DRIVERS\ohci1394.sys Script: Quarantine, Delete, Delete via BC
Parport Driver: Unload, Delete, Disable, Delete via BC	Parallel port driver	Not started	C:\Windows\system32\DRIVERS\parport.sys Script: Quarantine, Delete, Delete via BC	Parallel arbitrator
pcmcia Driver: Unload, Delete, Disable, Delete via BC	pcmcia	Not started	C:\Windows\system32\DRIVERS\pcmcia.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
PID_PEPI Driver: Unload, Delete, Disable, Delete via BC	Logitech QuickCam IM(PID_PEPI)	Not started	C:\Windows\system32\DRIVERS\LV302V64.SYS Script: Quarantine, Delete, Delete via BC
Processor Driver: Unload, Delete, Disable, Delete via BC	Processor Driver	Not started	C:\Windows\system32\DRIVERS\processr.sys Script: Quarantine, Delete, Delete via BC	Extended Base
ql2300 Driver: Unload, Delete, Disable, Delete via BC	ql2300	Not started	C:\Windows\system32\DRIVERS\ql2300.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
ql40xx Driver: Unload, Delete, Disable, Delete via BC	ql40xx	Not started	C:\Windows\system32\DRIVERS\ql40xx.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
QWAVEdrv Driver: Unload, Delete, Disable, Delete via BC	QWAVE driver	Not started	C:\Windows\system32\drivers\qwavedrv.sys Script: Quarantine, Delete, Delete via BC
RasAcd Driver: Unload, Delete, Disable, Delete via BC	Remote Access Auto Connection Driver	Not started	C:\Windows\system32\DRIVERS\rasacd.sys Script: Quarantine, Delete, Delete via BC	Streams Drivers
RDPDR Driver: Unload, Delete, Disable, Delete via BC	Terminal Server Device Redirector Driver	Not started	C:\Windows\system32\drivers\rdpdr.sys Script: Quarantine, Delete, Delete via BC		RDBSS
RDPWD Driver: Unload, Delete, Disable, Delete via BC	RDP Winstation Driver	Not started	RDPWD.sys Script: Quarantine, Delete, Delete via BC
RTL8187 Driver: Unload, Delete, Disable, Delete via BC	NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver	Not started	C:\Windows\system32\DRIVERS\wg111v2.sys Script: Quarantine, Delete, Delete via BC	NDIS
s3cap Driver: Unload, Delete, Disable, Delete via BC	s3cap	Not started	C:\Windows\system32\DRIVERS\vms3cap.sys Script: Quarantine, Delete, Delete via BC	Video
sbp2port Driver: Unload, Delete, Disable, Delete via BC	sbp2port	Not started	C:\Windows\system32\DRIVERS\sbp2port.sys Script: Quarantine, Delete, Delete via BC
scfilter Driver: Unload, Delete, Disable, Delete via BC	Smart card PnP Class Filter Driver	Not started	C:\Windows\system32\DRIVERS\scfilter.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
sermouse Driver: Unload, Delete, Disable, Delete via BC	Serial Mouse Driver	Not started	C:\Windows\system32\DRIVERS\sermouse.sys Script: Quarantine, Delete, Delete via BC	Pointer Port
sffdisk Driver: Unload, Delete, Disable, Delete via BC	SFF Storage Class Driver	Not started	C:\Windows\system32\DRIVERS\sffdisk.sys Script: Quarantine, Delete, Delete via BC
sffp_mmc Driver: Unload, Delete, Disable, Delete via BC	SFF Storage Protocol Driver for MMC	Not started	C:\Windows\system32\DRIVERS\sffp_mmc.sys Script: Quarantine, Delete, Delete via BC
sffp_sd Driver: Unload, Delete, Disable, Delete via BC	SFF Storage Protocol Driver for SDBus	Not started	C:\Windows\system32\DRIVERS\sffp_sd.sys Script: Quarantine, Delete, Delete via BC
sfloppy Driver: Unload, Delete, Disable, Delete via BC	High-Capacity Floppy Disk Drive	Not started	C:\Windows\system32\DRIVERS\sfloppy.sys Script: Quarantine, Delete, Delete via BC
SiSRaid2 Driver: Unload, Delete, Disable, Delete via BC	SiSRaid2	Not started	C:\Windows\system32\DRIVERS\SiSRaid2.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
SiSRaid4 Driver: Unload, Delete, Disable, Delete via BC	SiSRaid4	Not started	C:\Windows\system32\DRIVERS\sisraid4.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
Smb Driver: Unload, Delete, Disable, Delete via BC	Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)	Not started	C:\Windows\system32\DRIVERS\smb.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tcpip
stexstor Driver: Unload, Delete, Disable, Delete via BC	stexstor	Not started	C:\Windows\system32\DRIVERS\stexstor.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
storvsc Driver: Unload, Delete, Disable, Delete via BC	storvsc	Not started	C:\Windows\system32\DRIVERS\storvsc.sys Script: Quarantine, Delete, Delete via BC	Base
taphss Driver: Unload, Delete, Disable, Delete via BC	Anchorfree HSS Adapter	Not started	C:\Windows\system32\DRIVERS\taphss.sys Script: Quarantine, Delete, Delete via BC	NDIS
TCPIP6 Driver: Unload, Delete, Disable, Delete via BC	Microsoft IPv6 Protocol Driver	Not started	C:\Windows\system32\DRIVERS\tcpip.sys Script: Quarantine, Delete, Delete via BC		Tcpip
TDPIPE Driver: Unload, Delete, Disable, Delete via BC	TDPIPE	Not started	C:\Windows\system32\drivers\tdpipe.sys Script: Quarantine, Delete, Delete via BC
TDTCP Driver: Unload, Delete, Disable, Delete via BC	TDTCP	Not started	C:\Windows\system32\drivers\tdtcp.sys Script: Quarantine, Delete, Delete via BC
tssecsrv Driver: Unload, Delete, Disable, Delete via BC	Remote Desktop Services Security Filter Driver	Not started	C:\Windows\system32\DRIVERS\tssecsrv.sys Script: Quarantine, Delete, Delete via BC
uagp35 Driver: Unload, Delete, Disable, Delete via BC	Microsoft AGPv3.5 Filter	Not started	C:\Windows\system32\DRIVERS\uagp35.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
udfs Driver: Unload, Delete, Disable, Delete via BC	udfs	Not started	C:\Windows\system32\DRIVERS\udfs.sys Script: Quarantine, Delete, Delete via BC	Boot File System
uliagpkx Driver: Unload, Delete, Disable, Delete via BC	Uli AGP Bus Filter	Not started	C:\Windows\system32\DRIVERS\uliagpkx.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
UmPass Driver: Unload, Delete, Disable, Delete via BC	Microsoft UMPass Driver	Not started	C:\Windows\system32\DRIVERS\umpass.sys Script: Quarantine, Delete, Delete via BC	Extended Base
USBAAPL64 Driver: Unload, Delete, Disable, Delete via BC	Apple Mobile USB Driver	Not started	C:\Windows\system32\Drivers\usbaapl64.sys Script: Quarantine, Delete, Delete via BC	Base
usbaudio Driver: Unload, Delete, Disable, Delete via BC	USB Audio Driver (WDM)	Not started	C:\Windows\system32\drivers\usbaudio.sys Script: Quarantine, Delete, Delete via BC
usbcir Driver: Unload, Delete, Disable, Delete via BC	eHome Infrared Receiver (USBCIR)	Not started	C:\Windows\system32\DRIVERS\usbcir.sys Script: Quarantine, Delete, Delete via BC	Extended Base
usbohci Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB Open Host Controller Miniport Driver	Not started	C:\Windows\system32\DRIVERS\usbohci.sys Script: Quarantine, Delete, Delete via BC	Base
usbprint Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB PRINTER Class	Not started	C:\Windows\system32\DRIVERS\usbprint.sys Script: Quarantine, Delete, Delete via BC	extended base
usbscan Driver: Unload, Delete, Disable, Delete via BC	USB Scanner Driver	Not started	C:\Windows\system32\DRIVERS\usbscan.sys Script: Quarantine, Delete, Delete via BC	Base
USBSTOR Driver: Unload, Delete, Disable, Delete via BC	USB Mass Storage Driver	Not started	C:\Windows\system32\DRIVERS\USBSTOR.SYS Script: Quarantine, Delete, Delete via BC
vga Driver: Unload, Delete, Disable, Delete via BC	vga	Not started	C:\Windows\system32\DRIVERS\vgapnp.sys Script: Quarantine, Delete, Delete via BC	Video
vhdmp Driver: Unload, Delete, Disable, Delete via BC	vhdmp	Not started	C:\Windows\system32\DRIVERS\vhdmp.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
viaide Driver: Unload, Delete, Disable, Delete via BC	viaide	Not started	C:\Windows\system32\DRIVERS\viaide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
vmbus Driver: Unload, Delete, Disable, Delete via BC	Virtual Machine Bus	Not started	C:\Windows\system32\DRIVERS\vmbus.sys Script: Quarantine, Delete, Delete via BC	Extended Base
VMBusHID Driver: Unload, Delete, Disable, Delete via BC	VMBusHID	Not started	C:\Windows\system32\DRIVERS\VMBusHID.sys Script: Quarantine, Delete, Delete via BC	Extended Base
vmusb Driver: Unload, Delete, Disable, Delete via BC	VMware USB Client Driver	Not started	C:\Windows\system32\Drivers\vmusb.sys Script: Quarantine, Delete, Delete via BC
vsmraid Driver: Unload, Delete, Disable, Delete via BC	vsmraid	Not started	C:\Windows\system32\DRIVERS\vsmraid.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
vwifibus Driver: Unload, Delete, Disable, Delete via BC	Virtual WiFi Bus Driver	Not started	C:\Windows\System32\drivers\vwifibus.sys Script: Quarantine, Delete, Delete via BC
WacomPen Driver: Unload, Delete, Disable, Delete via BC	Wacom Serial Pen HID Driver	Not started	C:\Windows\system32\DRIVERS\wacompen.sys Script: Quarantine, Delete, Delete via BC	Extended Base
WANARP Driver: Unload, Delete, Disable, Delete via BC	Remote Access IP ARP Driver	Not started	C:\Windows\system32\DRIVERS\wanarp.sys Script: Quarantine, Delete, Delete via BC
Wd Driver: Unload, Delete, Disable, Delete via BC	Wd	Not started	C:\Windows\system32\DRIVERS\wd.sys Script: Quarantine, Delete, Delete via BC
WinRing0_1_2_0 Driver: Unload, Delete, Disable, Delete via BC	WinRing0_1_2_0	Not started	C:\Users\Tom\Desktop\REALTEMP3\WinRing0x64.sys Script: Quarantine, Delete, Delete via BC
WinUsb Driver: Unload, Delete, Disable, Delete via BC	WinUsb	Not started	C:\Windows\system32\DRIVERS\WinUsb.sys Script: Quarantine, Delete, Delete via BC
WmiAcpi Driver: Unload, Delete, Disable, Delete via BC	Microsoft Windows Management Interface for ACPI	Not started	C:\Windows\system32\DRIVERS\wmiacpi.sys Script: Quarantine, Delete, Delete via BC	Extended Base
Detected - 286, recognized as trusted - 5

Autoruns

File name	Status	Startup method	Description
C:\Program Files (x86)\FreeVPN\FreeVPN.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeVPN.lnk,
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd, EventMessageFile
C:\Program Files (x86)\LogMeIn\x64\rahook.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\LogMeIn, EventMessageFile
C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam 2.4.lnk,
C:\Program Files (x86)\NewsLeecher\newsLeecher.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\NewsLeecher.lnk,
C:\Program Files (x86)\Songbird\songbird.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Songbird.lnk,
C:\Program Files (x86)\\DVD Maker\DVDMaker.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile
C:\Program Files (x86)\\Windows Defender\MpEvMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
C:\Program Files (x86)\\Windows Defender\mpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinDefend\Parameters, ServiceDll Delete
C:\Program Files\UltraVNC\logmessages.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\UltraVnc, EventMessageFile
C:\Users\Tom\AppData\Local\Temp\202fbh.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, a5x3tq Delete
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk Script: Quarantine, Delete, Delete via BC	Active	File in Startup folder	C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk,
C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk Script: Quarantine, Delete, Delete via BC	Active	File in Startup folder	C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk,
C:\Windows\System32\Audiosrv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll Delete
C:\Windows\System32\Audiosrv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters, ServiceDll Delete
C:\Windows\System32\AxInstSV.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll Delete
C:\Windows\System32\AxInstSv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
C:\Windows\System32\DFDTS.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
C:\Windows\System32\DispCI.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
C:\Windows\System32\Drivers\Pcmcia.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\Windows\System32\Drivers\VolSnap.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\Windows\System32\Drivers\acpi.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\Windows\System32\Drivers\hidbth.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\Windows\System32\RpcEpMap.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll Delete
C:\Windows\System32\SCardSvr.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll Delete
C:\Windows\System32\TabSvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll Delete
C:\Windows\System32\UI0Detect.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
C:\Windows\System32\VSSVC.EXE Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
C:\Windows\System32\WUDFSvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll Delete
C:\Windows\System32\aelupsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll Delete
C:\Windows\System32\aelupsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile
C:\Windows\System32\appidsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll Delete
C:\Windows\System32\appinfo.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll Delete
C:\Windows\System32\bfe.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll Delete
C:\Windows\System32\browser.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll Delete
C:\Windows\System32\cscsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CscService\Parameters, ServiceDll Delete
C:\Windows\System32\dnsrslvr.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll Delete
C:\Windows\System32\dot3svc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll Delete
C:\Windows\System32\drivers\MTConfig.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\Windows\System32\drivers\amdk8.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\Windows\System32\drivers\amdppm.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdap, EventMessageFile
C:\Windows\System32\drivers\b57nd60a.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60a, EventMessageFile
C:\Windows\System32\drivers\bxvbda.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\Windows\System32\drivers\evbda.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\Windows\System32\drivers\fltmgr.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\Windows\System32\drivers\i8042prt.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\Windows\System32\drivers\iaStorV.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\Windows\System32\drivers\intelppm.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\Windows\System32\drivers\ipmidrv.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
C:\Windows\System32\drivers\isapnp.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\Windows\System32\drivers\kbdclass.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\Windows\System32\drivers\kbdhid.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\Windows\System32\drivers\mouclass.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\Windows\System32\drivers\mouhid.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\Windows\System32\drivers\mpio.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio, EventMessageFile
C:\Windows\System32\drivers\mv2.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mv2, EventMessageFile
C:\Windows\System32\drivers\nvstor.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\Windows\System32\drivers\parport.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\Windows\System32\drivers\processr.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\Windows\System32\drivers\rdpdispm.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RDPDISPM, EventMessageFile
C:\Windows\System32\drivers\sbp2port.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\Windows\System32\drivers\serial.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\Windows\System32\drivers\sermouse.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\Windows\System32\drivers\vgapnp.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vga, EventMessageFile
C:\Windows\System32\drivers\vmusb.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vmusb, EventMessageFile
C:\Windows\System32\drivers\wacompen.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\Windows\System32\drivers\wd.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile
C:\Windows\System32\gpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll Delete
C:\Windows\System32\ikeext.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll Delete
C:\Windows\System32\iphlpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll Delete
C:\Windows\System32\ipnathlp.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll Delete
C:\Windows\System32\ipsecsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll Delete
C:\Windows\System32\iscsiexe.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
C:\Windows\System32\iscsilog.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
C:\Windows\System32\lltdsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll Delete
C:\Windows\System32\lmhsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll Delete
C:\Windows\System32\lsasrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
C:\Windows\System32\lsasrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
C:\Windows\System32\mctadmin.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin Delete
C:\Windows\System32\mctadmin.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin Delete
C:\Windows\System32\mdsched.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
C:\Windows\System32\netman.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll Delete
C:\Windows\System32\nlasvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll Delete
C:\Windows\System32\pcasvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll Delete
C:\Windows\System32\profsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
C:\Windows\System32\profsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
C:\Windows\System32\qmgr.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll Delete
C:\Windows\System32\rasauto.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll Delete
C:\Windows\System32\rasmans.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll Delete
C:\Windows\System32\relpost.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
C:\Windows\System32\samsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
C:\Windows\System32\samsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
C:\Windows\System32\snmptrap.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
C:\Windows\System32\ssdpsrv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll Delete
C:\Windows\System32\sstpsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile
C:\Windows\System32\swprv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll Delete
C:\Windows\System32\tcpmon.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
C:\Windows\System32\termsrv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll Delete
C:\Windows\System32\trkwks.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll Delete
C:\Windows\System32\umpnpmgr.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile
C:\Windows\System32\umpo.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
C:\Windows\System32\umrdp.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UmRdpService\Parameters, ServiceDll Delete
C:\Windows\System32\umrdp.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UmRdpService, EventMessageFile
C:\Windows\System32\uxsms.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UxSms\Parameters, ServiceDll Delete
C:\Windows\System32\vmbusres.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vmbus, EventMessageFile
C:\Windows\System32\vmictimeprovider.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider, DllName Delete
C:\Windows\System32\vmstorfltres.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\storflt, EventMessageFile
C:\Windows\System32\wbiosrvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll Delete
C:\Windows\System32\wercplsupport.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll Delete
C:\Windows\System32\wersvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
C:\Windows\System32\wevtsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\System32\wevtsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\System32\wiaservc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll Delete
C:\Windows\System32\wiaservc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
C:\Windows\System32\win32k.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\Windows\System32\wininit.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wininit, EventMessageFile
C:\Windows\System32\winlogon.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
C:\Windows\System32\winlogon.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
C:\Windows\System32\wkssvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll Delete
C:\Windows\System32\wlansvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters, ServiceDll Delete
C:\Windows\System32\wscsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll Delete
C:\Windows\System32\wscsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
C:\Windows\System32\wwansvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll Delete
C:\Windows\system32\BlbEvents.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
C:\Windows\system32\DRIVERS\vmnetadapter.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VMnetAdapter, EventMessageFile
C:\Windows\system32\DRIVERS\vmnetbridge.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VMnetBridge, EventMessageFile
C:\Windows\system32\FntCache.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll Delete
C:\Windows\system32\ListSvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll Delete
C:\Windows\system32\Mcx2Svc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Mcx2Svc\Parameters, ServiceDll Delete
C:\Windows\system32\WINSAT.EXE Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
C:\Windows\system32\WUDFPlatform.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
C:\Windows\system32\Wat\WatUX.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies, EventMessageFile
C:\Windows\system32\acaptuser32.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs
C:\Windows\system32\bthserv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll Delete
C:\Windows\system32\certprop.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
C:\Windows\system32\cofiredm.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
C:\Windows\system32\cofiredm.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
C:\Windows\system32\cscsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-OfflineFiles, EventMessageFile
C:\Windows\system32\csrsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
C:\Windows\system32\dfdts.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
C:\Windows\system32\drivers\HTTP.SYS Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
C:\Windows\system32\drivers\Wdf01000.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
C:\Windows\system32\drivers\fltmgr.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
C:\Windows\system32\drivers\fvevol.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
C:\Windows\system32\drivers\hcmon.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\hcmon, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
C:\Windows\system32\drivers\vmnetuserif.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VMnetuserif, EventMessageFile
C:\Windows\system32\dwm.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
C:\Windows\system32\eapsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
C:\Windows\system32\fdPHost.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll Delete
C:\Windows\system32\fdphost.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
C:\Windows\system32\fdrespub.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll Delete
C:\Windows\system32\fdrespub.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
C:\Windows\system32\fveapi.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile
C:\Windows\system32\fxsevent.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\Windows\system32\gpsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
C:\Windows\system32\ipbusenum.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IPBusEnum\Parameters, ServiceDll Delete
C:\Windows\system32\ipbusenum.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum, EventMessageFile
C:\Windows\system32\iphlpsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
C:\Windows\system32\iscsiexe.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll Delete
C:\Windows\system32\lpksetup.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
C:\Windows\system32\lsm.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
C:\Windows\system32\microsoft-windows-hal-events.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-power-events.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
C:\Windows\system32\mmcss.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MMCSS\Parameters, ServiceDll Delete
C:\Windows\system32\mmcss.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\THREADORDER\Parameters, ServiceDll Delete
C:\Windows\system32\mpssvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll Delete
C:\Windows\system32\mpssvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
C:\Windows\system32\msdtckrm.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll Delete
C:\Windows\system32\nsisvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll Delete
C:\Windows\system32\oobe\winsetup.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
C:\Windows\system32\peerdistsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PeerDistSvc\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll Delete
C:\Windows\system32\profsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll Delete
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\Windows\system32\qmgr.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
C:\Windows\system32\recovery.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery, EventMessageFile
C:\Windows\system32\regsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll Delete
C:\Windows\system32\schedsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll Delete
C:\Windows\system32\schedsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
C:\Windows\system32\sdclt.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath,
C:\Windows\system32\seclogon.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll Delete
C:\Windows\system32\sensrsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll Delete
C:\Windows\system32\services.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
C:\Windows\system32\sppsvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
C:\Windows\system32\sppsvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
C:\Windows\system32\sppuinotify.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\sppuinotify\Parameters, ServiceDll Delete
C:\Windows\system32\srvsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll Delete
C:\Windows\system32\sstpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library Delete
C:\Windows\system32\tbssvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS, EventMessageFile
C:\Windows\system32\termsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
C:\Windows\system32\themeservice.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll Delete
C:\Windows\system32\umpnpmgr.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll Delete
C:\Windows\system32\umpnpmgr.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
C:\Windows\system32\umpo.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll Delete
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll Delete
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName Delete
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName Delete
C:\Windows\system32\wbem\WMIsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll Delete
C:\Windows\system32\wecsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll Delete
C:\Windows\system32\wecsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\system32\wecsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
C:\Windows\system32\wecsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\system32\wininit.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Wininit, EventMessageFile
C:\Windows\system32\winlogon.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
C:\Windows\system32\winsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
C:\Windows\system32\wlansvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
C:\Windows\system32\wpdbusenum.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll Delete
C:\Windows\system32\wuaueng.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll Delete
C:\Windows\system32\wuaueng.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
LMIRfsClientNP.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LMIRfsClientNP\NetworkProvider, ProviderPath Delete
rdpclip Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items found - 690, recognized as trusted - 466

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
	BHO			{5C255C8A-E604-49b4-9D64-90988571CECB} Delete
C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll Script: Quarantine, Delete, Delete via BC	BHO	Mega Manager IE Click Catcher	Copyright (c) 2009 Megaupload Limited	{bf00e119-21a3-4fd1-b178-3b8537e75c92} Delete
C:\PROGRA~2\TEXTware\QUICKF~1\PlugIns\IEHelp.dll Script: Quarantine, Delete, Delete via BC	BHO			{C08DF07A-3E49-4E25-9AB0-D3882835F153} Delete
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Script: Quarantine, Delete, Delete via BC	BHO	Ask Toolbar	(c) Ask. All rights reserved.	{D4027C7F-154A-4066-A1AD-4243D8127440} Delete
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll Script: Quarantine, Delete, Delete via BC	Toolbar	Ask Toolbar	(c) Ask. All rights reserved.	{D4027C7F-154A-4066-A1AD-4243D8127440} Delete
	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
	Extension module			{92780B25-18CC-41C8-B9BE-3C9C571A8263} Delete
C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk Script: Quarantine, Delete, Delete via BC	Extension module			{d9288080-1baa-4bc4-9cf8-a92d743db949} Delete
C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm Script: Quarantine, Delete, Delete via BC	Extension module			{E19ADC6E-3909-43E4-9A89-B7B676377EE3} Delete
Items found - 33, recognized as trusted - 24

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	Catalyst Context Menu extension			{5E2121EE-0300-11D4-8D3B-444553540000} Delete
Items found - 25, recognized as trusted - 24

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
C:\Windows\system32\lxcylmpm.dll Script: Quarantine, Delete, Delete via BC	Monitor	3400 Series Port	Printer Communication System
AdobePDF.dll Script: Quarantine, Delete, Delete via BC	Monitor	Adobe PDF Port Monitor
localspl.dll Script: Quarantine, Delete, Delete via BC	Monitor	Local Port
LMIport.dll Script: Quarantine, Delete, Delete via BC	Monitor	LogMeIn Printer Port Monitor
FXSMON.DLL Script: Quarantine, Delete, Delete via BC	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll Script: Quarantine, Delete, Delete via BC	Monitor	Standard TCP/IP Port
usbmon.dll Script: Quarantine, Delete, Delete via BC	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, Delete via BC	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, Delete via BC	Provider	HTTP Print Services
Items found - 10, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
Items found - 2, recognized as trusted - 2

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 7, recognized as trusted - 7

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 12, recognized as trusted - 12
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
21 LISTENING 0.0.0.0 0 [1736] c:\program files (x86)\filezilla server\filezilla server.exe
Script: Quarantine, Delete, Delete via BC, Terminate
135 LISTENING 0.0.0.0 0 [800] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
912 LISTENING 0.0.0.0 0 [2584] c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2869 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
5354 LISTENING 0.0.0.0 0 [1636] c:\program files (x86)\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5938 LISTENING 0.0.0.0 0 [1892] c:\program files (x86)\teamviewer\version5\teamviewer.exe
Script: Quarantine, Delete, Delete via BC, Terminate
9089 LISTENING 0.0.0.0 0 [2120] c:\program files (x86)\vmware\vmware vcenter converter standalone\vmware-converter-a.exe
Script: Quarantine, Delete, Delete via BC, Terminate
9997 LISTENING 0.0.0.0 0 [1892] c:\program files (x86)\teamviewer\version5\teamviewer.exe
Script: Quarantine, Delete, Delete via BC, Terminate
10000 LISTENING 0.0.0.0 0 [3744] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate
14147 LISTENING 0.0.0.0 0 [1736] c:\program files (x86)\filezilla server\filezilla server.exe
Script: Quarantine, Delete, Delete via BC, Terminate
27015 LISTENING 0.0.0.0 0 [1572] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate
33124 LISTENING 0.0.0.0 0 [3744] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49152 LISTENING 0.0.0.0 0 [472] wininit.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49153 LISTENING 0.0.0.0 0 [936] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49154 LISTENING 0.0.0.0 0 [1008] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49155 LISTENING 0.0.0.0 0 [552] lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49166 LISTENING 0.0.0.0 0 [528] services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49167 LISTENING 0.0.0.0 0 [2072] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
500 LISTENING -- -- [1008] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [4068] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [3744] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [4068] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
4500 LISTENING -- -- [1008] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- [1636] c:\program files (x86)\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5355 LISTENING -- -- [1208] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
6771 LISTENING -- -- [3744] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate
33124 LISTENING -- -- [3744] c:\program files (x86)\utorrent\utorrent.exe
Script: Quarantine, Delete, Delete via BC, Terminate
44301 LISTENING -- -- [1940] c:\windows\syswow64\pnkbstra.exe
Script: Quarantine, Delete, Delete via BC, Terminate
52272 LISTENING -- -- [1636] c:\program files (x86)\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55587 LISTENING -- -- [4068] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55588 LISTENING -- -- [4068] svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
62003 LISTENING -- -- [3676] sidebar.exe
Script: Quarantine, Delete, Delete via BC, Terminate
65240 LISTENING -- -- [3796] c:\program files (x86)\windows media player\wmplayer.exe
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 3, recognized as trusted - 3

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 19, recognized as trusted - 19

Active Setup

File name Description Manufacturer CLSID
Items found - 9, recognized as trusted - 9

HOSTS file

Hosts file record
яю1
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Items found - 21, recognized as trusted - 18

Suspicious objects

File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.35
Scanning started at 11.09.2010 17:40:58
Database loaded: signatures - 279220, NN profile(s) - 2, malware removal microprograms - 56, signature database released 10.09.2010 23:50
Heuristic microprograms loaded: 383
PVS microprograms loaded: 9
Digital signatures of system files loaded: 221698
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7600,  ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
Function user32.dll:DefDlgProcA (1657) intercepted, method - ProcAddressHijack.GetProcAddress ->757B5F5A->771E8954
Function user32.dll:DefDlgProcW (1658) intercepted, method - ProcAddressHijack.GetProcAddress ->757B5F75->771D3F44
Function user32.dll:DefWindowProcA (1664) intercepted, method - ProcAddressHijack.GetProcAddress ->757B5F90->771B28B3
Function user32.dll:DefWindowProcW (1665) intercepted, method - ProcAddressHijack.GetProcAddress ->757B5FAB->771A243D
 Analysis: advapi32.dll, export table found in section .text
Function advapi32.dll:AddMandatoryAce (1029) intercepted, method - ProcAddressHijack.GetProcAddress ->756424B5->756DC334
Function advapi32.dll:I_QueryTagInformation (1361) intercepted, method - ProcAddressHijack.GetProcAddress ->75642655->74EB72D8
Function advapi32.dll:I_ScIsSecurityProcess (1362) intercepted, method - ProcAddressHijack.GetProcAddress ->7564268C->74EB733F
Function advapi32.dll:I_ScPnPGetServiceName (1363) intercepted, method - ProcAddressHijack.GetProcAddress ->756426C3->74EB7C40
Function advapi32.dll:I_ScQueryServiceConfig (1364) intercepted, method - ProcAddressHijack.GetProcAddress ->756426FA->74EB5F8A
Function advapi32.dll:I_ScSendPnPMessage (1365) intercepted, method - ProcAddressHijack.GetProcAddress ->75642732->74EB5E7D
Function advapi32.dll:I_ScSendTSMessage (1366) intercepted, method - ProcAddressHijack.GetProcAddress ->75642766->74EB71C5
Function advapi32.dll:I_ScValidatePnPService (1369) intercepted, method - ProcAddressHijack.GetProcAddress ->75642799->74EB6B9D
Function advapi32.dll:IsValidRelativeSecurityDescriptor (1389) intercepted, method - ProcAddressHijack.GetProcAddress ->756427D1->756DC5DF
Function advapi32.dll:PerfCreateInstance (1515) intercepted, method - ProcAddressHijack.GetProcAddress ->75642858->73E02187
Function advapi32.dll:PerfDecrementULongCounterValue (1516) intercepted, method - ProcAddressHijack.GetProcAddress ->75642871->73E02A1D
Function advapi32.dll:PerfDecrementULongLongCounterValue (1517) intercepted, method - ProcAddressHijack.GetProcAddress ->75642896->73E02B3C
Function advapi32.dll:PerfDeleteInstance (1519) intercepted, method - ProcAddressHijack.GetProcAddress ->756428BF->73E02259
Function advapi32.dll:PerfIncrementULongCounterValue (1522) intercepted, method - ProcAddressHijack.GetProcAddress ->756428D8->73E027B9
Function advapi32.dll:PerfIncrementULongLongCounterValue (1523) intercepted, method - ProcAddressHijack.GetProcAddress ->756428FD->73E028D6
Function advapi32.dll:PerfQueryInstance (1528) intercepted, method - ProcAddressHijack.GetProcAddress ->75642926->73E02373
Function advapi32.dll:PerfSetCounterRefValue (1529) intercepted, method - ProcAddressHijack.GetProcAddress ->7564293E->73E02447
Function advapi32.dll:PerfSetCounterSetInfo (1530) intercepted, method - ProcAddressHijack.GetProcAddress ->7564295B->73E020B0
Function advapi32.dll:PerfSetULongCounterValue (1531) intercepted, method - ProcAddressHijack.GetProcAddress ->75642977->73E02565
Function advapi32.dll:PerfSetULongLongCounterValue (1532) intercepted, method - ProcAddressHijack.GetProcAddress ->75642996->73E02680
Function advapi32.dll:PerfStartProvider (1533) intercepted, method - ProcAddressHijack.GetProcAddress ->756429B9->73E01FED
Function advapi32.dll:PerfStartProviderEx (1534) intercepted, method - ProcAddressHijack.GetProcAddress ->756429D1->73E01F34
Function advapi32.dll:PerfStopProvider (1535) intercepted, method - ProcAddressHijack.GetProcAddress ->756429EB->73E02026
Function advapi32.dll:SystemFunction035 (1753) intercepted, method - ProcAddressHijack.GetProcAddress ->75642A3C->73673EA8
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
Function netapi32.dll:DavAddConnection (1) intercepted, method - ProcAddressHijack.GetProcAddress ->73703B10->729C29DD
Function netapi32.dll:DavDeleteConnection (2) intercepted, method - ProcAddressHijack.GetProcAddress ->73703B29->729C181B
Function netapi32.dll:DavFlushFile (3) intercepted, method - ProcAddressHijack.GetProcAddress ->73703B45->729C1713
Function netapi32.dll:DavGetExtendedError (4) intercepted, method - ProcAddressHijack.GetProcAddress ->73703B5A->729C2347
Function netapi32.dll:DavGetHTTPFromUNCPath (5) intercepted, method - ProcAddressHijack.GetProcAddress ->73703B76->729C275B
Function netapi32.dll:DavGetUNCFromHTTPPath (6) intercepted, method - ProcAddressHijack.GetProcAddress ->73703B94->729C257D
Function netapi32.dll:DsAddressToSiteNamesA (7) intercepted, method - ProcAddressHijack.GetProcAddress ->73703BB2->724A4A4D
Function netapi32.dll:DsAddressToSiteNamesExA (8) intercepted, method - ProcAddressHijack.GetProcAddress ->73703BD1->724A4D79
Function netapi32.dll:DsAddressToSiteNamesExW (9) intercepted, method - ProcAddressHijack.GetProcAddress ->73703BF2->724A5049
Function netapi32.dll:DsAddressToSiteNamesW (10) intercepted, method - ProcAddressHijack.GetProcAddress ->73703C13->724A4C29
Function netapi32.dll:DsDeregisterDnsHostRecordsA (11) intercepted, method - ProcAddressHijack.GetProcAddress ->73703C32->724A6DD9
Function netapi32.dll:DsDeregisterDnsHostRecordsW (12) intercepted, method - ProcAddressHijack.GetProcAddress ->73703C57->724A6D59
Function netapi32.dll:DsEnumerateDomainTrustsA (13) intercepted, method - ProcAddressHijack.GetProcAddress ->73703C7C->724A6771
Function netapi32.dll:DsEnumerateDomainTrustsW (14) intercepted, method - ProcAddressHijack.GetProcAddress ->73703C9E->724960BC
Function netapi32.dll:DsGetDcCloseW (15) intercepted, method - ProcAddressHijack.GetProcAddress ->73703CC0->724A495D
Function netapi32.dll:DsGetDcNameA (16) intercepted, method - ProcAddressHijack.GetProcAddress ->73703CD7->724A5BB2
Function netapi32.dll:DsGetDcNameW (17) intercepted, method - ProcAddressHijack.GetProcAddress ->73703CED->72494CA8
Function netapi32.dll:DsGetDcNameWithAccountA (18) intercepted, method - ProcAddressHijack.GetProcAddress ->73703D03->724A55E9
Function netapi32.dll:DsGetDcNameWithAccountW (19) intercepted, method - ProcAddressHijack.GetProcAddress ->73703D24->72494CD1
Function netapi32.dll:DsGetDcNextA (20) intercepted, method - ProcAddressHijack.GetProcAddress ->73703D45->724A4896
Function netapi32.dll:DsGetDcNextW (21) intercepted, method - ProcAddressHijack.GetProcAddress ->73703D5B->724A47ED
Function netapi32.dll:DsGetDcOpenA (22) intercepted, method - ProcAddressHijack.GetProcAddress ->73703D71->724A473D
Function netapi32.dll:DsGetDcOpenW (23) intercepted, method - ProcAddressHijack.GetProcAddress ->73703D87->724A46AB
Function netapi32.dll:DsGetDcSiteCoverageA (24) intercepted, method - ProcAddressHijack.GetProcAddress ->73703D9D->724A5239
Function netapi32.dll:DsGetDcSiteCoverageW (25) intercepted, method - ProcAddressHijack.GetProcAddress ->73703DBB->724A5409
Function netapi32.dll:DsGetForestTrustInformationW (26) intercepted, method - ProcAddressHijack.GetProcAddress ->73703DD9->724A6E6F
Function netapi32.dll:DsGetSiteNameA (27) intercepted, method - ProcAddressHijack.GetProcAddress ->73703DFF->724A5B39
Function netapi32.dll:DsGetSiteNameW (28) intercepted, method - ProcAddressHijack.GetProcAddress ->73703E17->72495F24
Function netapi32.dll:DsMergeForestTrustInformationW (29) intercepted, method - ProcAddressHijack.GetProcAddress ->73703E2F->724A6F71
Function netapi32.dll:DsRoleAbortDownlevelServerUpgrade (30) intercepted, method - ProcAddressHijack.GetProcAddress ->73703E57->72694339
Function netapi32.dll:DsRoleCancel (31) intercepted, method - ProcAddressHijack.GetProcAddress ->73703E80->726934A9
Function netapi32.dll:DsRoleDcAsDc (32) intercepted, method - ProcAddressHijack.GetProcAddress ->73703E94->72693EAD
Function netapi32.dll:DsRoleDcAsReplica (33) intercepted, method - ProcAddressHijack.GetProcAddress ->73703EA8->72693F99
Function netapi32.dll:DsRoleDemoteDc (34) intercepted, method - ProcAddressHijack.GetProcAddress ->73703EC1->72694189
Function netapi32.dll:DsRoleDnsNameToFlatName (35) intercepted, method - ProcAddressHijack.GetProcAddress ->73703ED7->726932B5
Function netapi32.dll:DsRoleFreeMemory (36) intercepted, method - ProcAddressHijack.GetProcAddress ->73703EF6->726919A9
Function netapi32.dll:DsRoleGetDatabaseFacts (37) intercepted, method - ProcAddressHijack.GetProcAddress ->73703F0E->72693651
Function netapi32.dll:DsRoleGetDcOperationProgress (38) intercepted, method - ProcAddressHijack.GetProcAddress ->73703F2C->72693351
Function netapi32.dll:DsRoleGetDcOperationResults (39) intercepted, method - ProcAddressHijack.GetProcAddress ->73703F50->72693401
Function netapi32.dll:DsRoleGetPrimaryDomainInformation (40) intercepted, method - ProcAddressHijack.GetProcAddress ->73703F73->72691F3D
Function netapi32.dll:DsRoleIfmHandleFree (41) intercepted, method - ProcAddressHijack.GetProcAddress ->73703F9C->72693539
Function netapi32.dll:DsRoleServerSaveStateForUpgrade (42) intercepted, method - ProcAddressHijack.GetProcAddress ->73703FB7->726935C9
Function netapi32.dll:DsRoleUpgradeDownlevelServer (43) intercepted, method - ProcAddressHijack.GetProcAddress ->73703FDE->72694261
Function netapi32.dll:DsValidateSubnetNameA (44) intercepted, method - ProcAddressHijack.GetProcAddress ->73704002->724A5AF9
Function netapi32.dll:DsValidateSubnetNameW (45) intercepted, method - ProcAddressHijack.GetProcAddress ->73704021->724A49E1
Function netapi32.dll:I_BrowserDebugCall (46) intercepted, method - ProcAddressHijack.GetProcAddress ->73704040->72DF24A9
Function netapi32.dll:I_BrowserDebugTrace (47) intercepted, method - ProcAddressHijack.GetProcAddress ->7370405B->72DF2581
Function netapi32.dll:I_BrowserQueryEmulatedDomains (48) intercepted, method - ProcAddressHijack.GetProcAddress ->73704077->72DF29F9
Function netapi32.dll:I_BrowserQueryOtherDomains (49) intercepted, method - ProcAddressHijack.GetProcAddress ->7370409D->72DF22C1
Function netapi32.dll:I_BrowserQueryStatistics (50) intercepted, method - ProcAddressHijack.GetProcAddress ->737040C0->72DF2651
Function netapi32.dll:I_BrowserResetNetlogonState (51) intercepted, method - ProcAddressHijack.GetProcAddress ->737040E1->72DF23D1
Function netapi32.dll:I_BrowserResetStatistics (52) intercepted, method - ProcAddressHijack.GetProcAddress ->73704105->72DF2729
Function netapi32.dll:I_BrowserServerEnum (53) intercepted, method - ProcAddressHijack.GetProcAddress ->73704126->72DF20BF
Function netapi32.dll:I_BrowserSetNetlogonState (54) intercepted, method - ProcAddressHijack.GetProcAddress ->73704142->72DF2919
Function netapi32.dll:I_DsUpdateReadOnlyServerDnsRecords (55) intercepted, method - ProcAddressHijack.GetProcAddress ->73704164->724A5569
Function netapi32.dll:I_NetAccountDeltas (56) intercepted, method - ProcAddressHijack.GetProcAddress ->73704190->724A63AB
Function netapi32.dll:I_NetAccountSync (57) intercepted, method - ProcAddressHijack.GetProcAddress ->737041AC->724A63AB
Function netapi32.dll:I_NetChainSetClientAttributes (59) intercepted, method - ProcAddressHijack.GetProcAddress ->737041C6->724A6FA6
Function netapi32.dll:I_NetChainSetClientAttributes2 (58) intercepted, method - ProcAddressHijack.GetProcAddress ->737041ED->724A7029
Function netapi32.dll:I_NetDatabaseDeltas (60) intercepted, method - ProcAddressHijack.GetProcAddress ->73704215->724A6391
Function netapi32.dll:I_NetDatabaseRedo (61) intercepted, method - ProcAddressHijack.GetProcAddress ->73704232->724A6521
Function netapi32.dll:I_NetDatabaseSync (63) intercepted, method - ProcAddressHijack.GetProcAddress ->7370424D->724A6391
Function netapi32.dll:I_NetDatabaseSync2 (62) intercepted, method - ProcAddressHijack.GetProcAddress ->73704268->724A639E
Function netapi32.dll:I_NetDfsGetVersion (64) intercepted, method - ProcAddressHijack.GetProcAddress ->73704284->736D7CA1
Function netapi32.dll:I_NetDfsIsThisADomainName (65) intercepted, method - ProcAddressHijack.GetProcAddress ->7370429E->6C604E39
Function netapi32.dll:I_NetGetDCList (66) intercepted, method - ProcAddressHijack.GetProcAddress ->737042BF->724A5D9C
Function netapi32.dll:I_NetGetForestTrustInformation (67) intercepted, method - ProcAddressHijack.GetProcAddress ->737042D7->724A6EF1
Function netapi32.dll:I_NetLogonControl (69) intercepted, method - ProcAddressHijack.GetProcAddress ->737042FF->724A63B8
Function netapi32.dll:I_NetLogonControl2 (68) intercepted, method - ProcAddressHijack.GetProcAddress ->7370431A->724A6439
Function netapi32.dll:I_NetLogonGetDomainInfo (70) intercepted, method - ProcAddressHijack.GetProcAddress ->73704336->724964A4
Function netapi32.dll:I_NetLogonSamLogoff (71) intercepted, method - ProcAddressHijack.GetProcAddress ->73704357->724A6091
Function netapi32.dll:I_NetLogonSamLogon (72) intercepted, method - ProcAddressHijack.GetProcAddress ->73704374->724A5F39
Function netapi32.dll:I_NetLogonSamLogonEx (73) intercepted, method - ProcAddressHijack.GetProcAddress ->73704390->724A5FE1
Function netapi32.dll:I_NetLogonSamLogonWithFlags (74) intercepted, method - ProcAddressHijack.GetProcAddress ->737043AE->7249B22A
Function netapi32.dll:I_NetLogonSendToSam (75) intercepted, method - ProcAddressHijack.GetProcAddress ->737043D3->724A6111
Function netapi32.dll:I_NetLogonUasLogoff (76) intercepted, method - ProcAddressHijack.GetProcAddress ->737043F0->724A5EC9
Function netapi32.dll:I_NetLogonUasLogon (77) intercepted, method - ProcAddressHijack.GetProcAddress ->7370440D->724A5E53
Function netapi32.dll:I_NetServerAuthenticate (80) intercepted, method - ProcAddressHijack.GetProcAddress ->73704429->724A6191
Function netapi32.dll:I_NetServerAuthenticate2 (78) intercepted, method - ProcAddressHijack.GetProcAddress ->7370444A->724A6211
Function netapi32.dll:I_NetServerAuthenticate3 (79) intercepted, method - ProcAddressHijack.GetProcAddress ->7370446C->72496393
Function netapi32.dll:I_NetServerGetTrustInfo (81) intercepted, method - ProcAddressHijack.GetProcAddress ->7370448E->724A6C61
Function netapi32.dll:I_NetServerPasswordGet (82) intercepted, method - ProcAddressHijack.GetProcAddress ->737044AF->724A6B61
Function netapi32.dll:I_NetServerPasswordSet (84) intercepted, method - ProcAddressHijack.GetProcAddress ->737044CF->724A6291
Function netapi32.dll:I_NetServerPasswordSet2 (83) intercepted, method - ProcAddressHijack.GetProcAddress ->737044EF->724A6311
Function netapi32.dll:I_NetServerReqChallenge (85) intercepted, method - ProcAddressHijack.GetProcAddress ->73704510->72496424
Function netapi32.dll:I_NetServerSetServiceBits (86) intercepted, method - ProcAddressHijack.GetProcAddress ->73704531->736D426D
Function netapi32.dll:I_NetServerSetServiceBitsEx (87) intercepted, method - ProcAddressHijack.GetProcAddress ->73704552->736D6D11
Function netapi32.dll:I_NetServerTrustPasswordsGet (88) intercepted, method - ProcAddressHijack.GetProcAddress ->73704575->724A6BE1
Function netapi32.dll:I_NetlogonComputeClientDigest (89) intercepted, method - ProcAddressHijack.GetProcAddress ->7370459B->72495C20
Function netapi32.dll:I_NetlogonComputeServerDigest (90) intercepted, method - ProcAddressHijack.GetProcAddress ->737045C2->724A6AEC
Function netapi32.dll:NetAddAlternateComputerName (97) intercepted, method - ProcAddressHijack.GetProcAddress ->737045E9->736C5B21
Function netapi32.dll:NetAddServiceAccount (98) intercepted, method - ProcAddressHijack.GetProcAddress ->7370460C->724A70B1
Function netapi32.dll:NetApiBufferAllocate (101) intercepted, method - ProcAddressHijack.GetProcAddress ->7370462A->736F1415
Function netapi32.dll:NetApiBufferFree (102) intercepted, method - ProcAddressHijack.GetProcAddress ->73704648->736F13D2
Function netapi32.dll:NetApiBufferReallocate (103) intercepted, method - ProcAddressHijack.GetProcAddress ->73704662->736F3729
Function netapi32.dll:NetApiBufferSize (104) intercepted, method - ProcAddressHijack.GetProcAddress ->73704682->736F3771
Function netapi32.dll:NetBrowserStatisticsGet (108) intercepted, method - ProcAddressHijack.GetProcAddress ->7370469C->72DF2801
Function netapi32.dll:NetConnectionEnum (112) intercepted, method - ProcAddressHijack.GetProcAddress ->737046BC->736D5521
Function netapi32.dll:NetDfsAdd (113) intercepted, method - ProcAddressHijack.GetProcAddress ->737046D5->6C6078FD
Function netapi32.dll:NetDfsAddFtRoot (114) intercepted, method - ProcAddressHijack.GetProcAddress ->737046E6->6C606859
Function netapi32.dll:NetDfsAddRootTarget (115) intercepted, method - ProcAddressHijack.GetProcAddress ->737046FD->6C607401
Function netapi32.dll:NetDfsAddStdRoot (116) intercepted, method - ProcAddressHijack.GetProcAddress ->73704718->6C602B1E
Function netapi32.dll:NetDfsAddStdRootForced (117) intercepted, method - ProcAddressHijack.GetProcAddress ->73704730->6C602BB1
Function netapi32.dll:NetDfsEnum (118) intercepted, method - ProcAddressHijack.GetProcAddress ->7370474E->6C6070F9
Function netapi32.dll:NetDfsGetClientInfo (119) intercepted, method - ProcAddressHijack.GetProcAddress ->73704760->6C603F25
Function netapi32.dll:NetDfsGetDcAddress (120) intercepted, method - ProcAddressHijack.GetProcAddress ->7370477B->6C602C51
Function netapi32.dll:NetDfsGetFtContainerSecurity (121) intercepted, method - ProcAddressHijack.GetProcAddress ->73704795->6C605363
Function netapi32.dll:NetDfsGetInfo (122) intercepted, method - ProcAddressHijack.GetProcAddress ->737047B9->6C602D69
Function netapi32.dll:NetDfsGetSecurity (123) intercepted, method - ProcAddressHijack.GetProcAddress ->737047CE->6C607741
Function netapi32.dll:NetDfsGetStdContainerSecurity (124) intercepted, method - ProcAddressHijack.GetProcAddress ->737047E7->6C603AD5
Function netapi32.dll:NetDfsGetSupportedNamespaceVersion (125) intercepted, method - ProcAddressHijack.GetProcAddress ->7370480C->6C605C19
Function netapi32.dll:NetDfsManagerGetConfigInfo (126) intercepted, method - ProcAddressHijack.GetProcAddress ->73704836->6C602E9C
Function netapi32.dll:NetDfsManagerInitialize (127) intercepted, method - ProcAddressHijack.GetProcAddress ->73704858->6C602F91
Function netapi32.dll:NetDfsManagerSendSiteInfo (128) intercepted, method - ProcAddressHijack.GetProcAddress ->73704877->6C6072C5
Function netapi32.dll:NetDfsMove (129) intercepted, method - ProcAddressHijack.GetProcAddress ->73704898->6C605651
Function netapi32.dll:NetDfsRemove (130) intercepted, method - ProcAddressHijack.GetProcAddress ->737048AA->6C607A19
Function netapi32.dll:NetDfsRemoveFtRoot (131) intercepted, method - ProcAddressHijack.GetProcAddress ->737048BE->6C606A99
Function netapi32.dll:NetDfsRemoveFtRootForced (132) intercepted, method - ProcAddressHijack.GetProcAddress ->737048D8->6C606BE5
Function netapi32.dll:NetDfsRemoveRootTarget (133) intercepted, method - ProcAddressHijack.GetProcAddress ->737048F8->6C605879
Function netapi32.dll:NetDfsRemoveStdRoot (134) intercepted, method - ProcAddressHijack.GetProcAddress ->73704916->6C602CE1
Function netapi32.dll:NetDfsRename (135) intercepted, method - ProcAddressHijack.GetProcAddress ->73704931->6C602E91
Function netapi32.dll:NetDfsSetClientInfo (136) intercepted, method - ProcAddressHijack.GetProcAddress ->73704945->6C604301
Function netapi32.dll:NetDfsSetFtContainerSecurity (137) intercepted, method - ProcAddressHijack.GetProcAddress ->73704960->6C6053AF
Function netapi32.dll:NetDfsSetInfo (138) intercepted, method - ProcAddressHijack.GetProcAddress ->73704984->6C606D8B
Function netapi32.dll:NetDfsSetSecurity (139) intercepted, method - ProcAddressHijack.GetProcAddress ->73704999->6C607822
Function netapi32.dll:NetDfsSetStdContainerSecurity (140) intercepted, method - ProcAddressHijack.GetProcAddress ->737049B2->6C603B24
Function netapi32.dll:NetEnumerateComputerNames (141) intercepted, method - ProcAddressHijack.GetProcAddress ->737049D7->736C5E39
Function netapi32.dll:NetEnumerateServiceAccounts (142) intercepted, method - ProcAddressHijack.GetProcAddress ->737049F8->724A7199
Function netapi32.dll:NetEnumerateTrustedDomains (143) intercepted, method - ProcAddressHijack.GetProcAddress ->73704A1D->724A652E
Function netapi32.dll:NetFileClose (147) intercepted, method - ProcAddressHijack.GetProcAddress ->73704A41->736D5659
Function netapi32.dll:NetFileEnum (148) intercepted, method - ProcAddressHijack.GetProcAddress ->73704A55->736D5729
Function netapi32.dll:NetFileGetInfo (149) intercepted, method - ProcAddressHijack.GetProcAddress ->73704A68->736D5859
Function netapi32.dll:NetGetAnyDCName (150) intercepted, method - ProcAddressHijack.GetProcAddress ->73704A7E->724A496D
Function netapi32.dll:NetGetDCName (151) intercepted, method - ProcAddressHijack.GetProcAddress ->73704A97->724A5913
Function netapi32.dll:NetGetDisplayInformationIndex (152) intercepted, method - ProcAddressHijack.GetProcAddress ->73704AAD->72E04117
Function netapi32.dll:NetGetJoinInformation (153) intercepted, method - ProcAddressHijack.GetProcAddress ->73704AD2->736C2DC7
Function netapi32.dll:NetGetJoinableOUs (154) intercepted, method - ProcAddressHijack.GetProcAddress ->73704AEF->736C59D1
Function netapi32.dll:NetGroupAdd (155) intercepted, method - ProcAddressHijack.GetProcAddress ->73704B08->72E071C3
Function netapi32.dll:NetGroupAddUser (156) intercepted, method - ProcAddressHijack.GetProcAddress ->73704B1B->72E073AD
Function netapi32.dll:NetGroupDel (157) intercepted, method - ProcAddressHijack.GetProcAddress ->73704B32->72E073CB
Function netapi32.dll:NetGroupDelUser (158) intercepted, method - ProcAddressHijack.GetProcAddress ->73704B45->72E073EB
Function netapi32.dll:NetGroupEnum (159) intercepted, method - ProcAddressHijack.GetProcAddress ->73704B5C->72E07409
Function netapi32.dll:NetGroupGetInfo (160) intercepted, method - ProcAddressHijack.GetProcAddress ->73704B70->72E078C8
Function netapi32.dll:NetGroupGetUsers (161) intercepted, method - ProcAddressHijack.GetProcAddress ->73704B87->72E07952
Function netapi32.dll:NetGroupSetInfo (162) intercepted, method - ProcAddressHijack.GetProcAddress ->73704B9F->72E07C02
Function netapi32.dll:NetGroupSetUsers (163) intercepted, method - ProcAddressHijack.GetProcAddress ->73704BB6->72E07DAE
Function netapi32.dll:NetIsServiceAccount (164) intercepted, method - ProcAddressHijack.GetProcAddress ->73704BCE->724A72D9
Function netapi32.dll:NetJoinDomain (165) intercepted, method - ProcAddressHijack.GetProcAddress ->73704BEB->736C54B9
Function netapi32.dll:NetLocalGroupAdd (166) intercepted, method - ProcAddressHijack.GetProcAddress ->73704C00->72E0875A
Function netapi32.dll:NetLocalGroupAddMember (167) intercepted, method - ProcAddressHijack.GetProcAddress ->73704C18->72E08886
Function netapi32.dll:NetLocalGroupAddMembers (168) intercepted, method - ProcAddressHijack.GetProcAddress ->73704C36->72E08E99
Function netapi32.dll:NetLocalGroupDel (169) intercepted, method - ProcAddressHijack.GetProcAddress ->73704C55->72E088A4
Function netapi32.dll:NetLocalGroupDelMember (170) intercepted, method - ProcAddressHijack.GetProcAddress ->73704C6D->72E08928
Function netapi32.dll:NetLocalGroupDelMembers (171) intercepted, method - ProcAddressHijack.GetProcAddress ->73704C8B->72E08EBD
Function netapi32.dll:NetLocalGroupEnum (172) intercepted, method - ProcAddressHijack.GetProcAddress ->73704CAA->72E08946
Function netapi32.dll:NetLocalGroupGetInfo (173) intercepted, method - ProcAddressHijack.GetProcAddress ->73704CC3->72E08CE4
Function netapi32.dll:NetLocalGroupGetMembers (174) intercepted, method - ProcAddressHijack.GetProcAddress ->73704CDF->72E02265
Function netapi32.dll:NetLocalGroupSetInfo (175) intercepted, method - ProcAddressHijack.GetProcAddress ->73704CFE->72E08D57
Function netapi32.dll:NetLocalGroupSetMembers (176) intercepted, method - ProcAddressHijack.GetProcAddress ->73704D1A->72E08E75
Function netapi32.dll:NetLogonGetTimeServiceParentDomain (177) intercepted, method - ProcAddressHijack.GetProcAddress ->73704D39->724A6CE9
Function netapi32.dll:NetLogonSetServiceBits (178) intercepted, method - ProcAddressHijack.GetProcAddress ->73704D65->7249603C
Function netapi32.dll:NetProvisionComputerAccount (184) intercepted, method - ProcAddressHijack.GetProcAddress ->73704D85->6C04F2D3
Function netapi32.dll:NetQueryDisplayInformation (185) intercepted, method - ProcAddressHijack.GetProcAddress ->73704DA9->72E03D87
Function netapi32.dll:NetQueryServiceAccount (186) intercepted, method - ProcAddressHijack.GetProcAddress ->73704DCB->724A7249
Function netapi32.dll:NetRemoteComputerSupports (188) intercepted, method - ProcAddressHijack.GetProcAddress ->73704DEB->736F2160
Function netapi32.dll:NetRemoteTOD (189) intercepted, method - ProcAddressHijack.GetProcAddress ->73704E0E->736D6C11
Function netapi32.dll:NetRemoveAlternateComputerName (190) intercepted, method - ProcAddressHijack.GetProcAddress ->73704E22->736C5C29
Function netapi32.dll:NetRemoveServiceAccount (191) intercepted, method - ProcAddressHijack.GetProcAddress ->73704E48->724A7129
Function netapi32.dll:NetRenameMachineInDomain (192) intercepted, method - ProcAddressHijack.GetProcAddress ->73704E69->736C5751
Function netapi32.dll:NetRequestOfflineDomainJoin (208) intercepted, method - ProcAddressHijack.GetProcAddress ->73704E89->6C04B52F
Function netapi32.dll:NetScheduleJobAdd (209) intercepted, method - ProcAddressHijack.GetProcAddress ->73704EAD->6C5F19D1
Function netapi32.dll:NetScheduleJobDel (210) intercepted, method - ProcAddressHijack.GetProcAddress ->73704EC8->6C5F1AC9
Function netapi32.dll:NetScheduleJobEnum (211) intercepted, method - ProcAddressHijack.GetProcAddress ->73704EE3->6C5F1BC1
Function netapi32.dll:NetScheduleJobGetInfo (212) intercepted, method - ProcAddressHijack.GetProcAddress ->73704EFF->6C5F1CE1
Function netapi32.dll:NetServerAliasAdd (213) intercepted, method - ProcAddressHijack.GetProcAddress ->73704F1E->736D7843
Function netapi32.dll:NetServerAliasDel (214) intercepted, method - ProcAddressHijack.GetProcAddress ->73704F37->736D7A79
Function netapi32.dll:NetServerAliasEnum (215) intercepted, method - ProcAddressHijack.GetProcAddress ->73704F50->736D7931
Function netapi32.dll:NetServerComputerNameAdd (216) intercepted, method - ProcAddressHijack.GetProcAddress ->73704F6A->736D7411
Function netapi32.dll:NetServerComputerNameDel (217) intercepted, method - ProcAddressHijack.GetProcAddress ->73704F8A->736D76FB
Function netapi32.dll:NetServerDiskEnum (218) intercepted, method - ProcAddressHijack.GetProcAddress ->73704FAA->736D6559
Function netapi32.dll:NetServerEnum (219) intercepted, method - ProcAddressHijack.GetProcAddress ->73704FC3->72DF2F61
Function netapi32.dll:NetServerEnumEx (220) intercepted, method - ProcAddressHijack.GetProcAddress ->73704FD9->72DF2C5F
Function netapi32.dll:NetServerGetInfo (221) intercepted, method - ProcAddressHijack.GetProcAddress ->73704FF1->736D3CFA
Function netapi32.dll:NetServerSetInfo (222) intercepted, method - ProcAddressHijack.GetProcAddress ->73705009->736D6681
Function netapi32.dll:NetServerTransportAdd (223) intercepted, method - ProcAddressHijack.GetProcAddress ->73705021->736D6851
Function netapi32.dll:NetServerTransportAddEx (224) intercepted, method - ProcAddressHijack.GetProcAddress ->7370503E->736D7329
Function netapi32.dll:NetServerTransportDel (225) intercepted, method - ProcAddressHijack.GetProcAddress ->7370505D->736D6A01
Function netapi32.dll:NetServerTransportEnum (226) intercepted, method - ProcAddressHijack.GetProcAddress ->7370507A->736D6AD9
Function netapi32.dll:NetSessionDel (231) intercepted, method - ProcAddressHijack.GetProcAddress ->73705098->736D5941
Function netapi32.dll:NetSessionEnum (232) intercepted, method - ProcAddressHijack.GetProcAddress ->737050AD->736D5A11
Function netapi32.dll:NetSessionGetInfo (233) intercepted, method - ProcAddressHijack.GetProcAddress ->737050C3->736D5B41
Function netapi32.dll:NetSetPrimaryComputerName (234) intercepted, method - ProcAddressHijack.GetProcAddress ->737050DC->736C5D31
Function netapi32.dll:NetShareAdd (235) intercepted, method - ProcAddressHijack.GetProcAddress ->737050FD->736D5C81
Function netapi32.dll:NetShareCheck (236) intercepted, method - ProcAddressHijack.GetProcAddress ->73705110->736D5E91
Function netapi32.dll:NetShareDel (237) intercepted, method - ProcAddressHijack.GetProcAddress ->73705125->736D5F81
Function netapi32.dll:NetShareDelEx (238) intercepted, method - ProcAddressHijack.GetProcAddress ->73705138->736D7B61
Function netapi32.dll:NetShareDelSticky (239) intercepted, method - ProcAddressHijack.GetProcAddress ->7370514D->736D60D1
Function netapi32.dll:NetShareEnum (240) intercepted, method - ProcAddressHijack.GetProcAddress ->73705166->736D3F91
Function netapi32.dll:NetShareEnumSticky (241) intercepted, method - ProcAddressHijack.GetProcAddress ->7370517A->736D61C9
Function netapi32.dll:NetShareGetInfo (242) intercepted, method - ProcAddressHijack.GetProcAddress ->73705194->736D433F
Function netapi32.dll:NetShareSetInfo (243) intercepted, method - ProcAddressHijack.GetProcAddress ->737051AB->736D6341
Function netapi32.dll:NetUnjoinDomain (245) intercepted, method - ProcAddressHijack.GetProcAddress ->737051C2->736C5641
Function netapi32.dll:NetUseAdd (247) intercepted, method - ProcAddressHijack.GetProcAddress ->737051D9->736C3693
Function netapi32.dll:NetUseDel (248) intercepted, method - ProcAddressHijack.GetProcAddress ->737051EA->736C5FA9
Function netapi32.dll:NetUseEnum (249) intercepted, method - ProcAddressHijack.GetProcAddress ->737051FB->736C3184
Function netapi32.dll:NetUseGetInfo (250) intercepted, method - ProcAddressHijack.GetProcAddress ->7370520D->736C6039
Function netapi32.dll:NetUserAdd (251) intercepted, method - ProcAddressHijack.GetProcAddress ->73705222->72E0464F
Function netapi32.dll:NetUserChangePassword (252) intercepted, method - ProcAddressHijack.GetProcAddress ->73705234->72E05A06
Function netapi32.dll:NetUserDel (253) intercepted, method - ProcAddressHijack.GetProcAddress ->73705251->72E04826
Function netapi32.dll:NetUserEnum (254) intercepted, method - ProcAddressHijack.GetProcAddress ->73705263->72E049D6
Function netapi32.dll:NetUserGetGroups (255) intercepted, method - ProcAddressHijack.GetProcAddress ->73705276->72E04E01
Function netapi32.dll:NetUserGetInfo (256) intercepted, method - ProcAddressHijack.GetProcAddress ->7370528E->72E01C60
Function netapi32.dll:NetUserGetLocalGroups (257) intercepted, method - ProcAddressHijack.GetProcAddress ->737052A4->72E02875
Function netapi32.dll:NetUserModalsGet (258) intercepted, method - ProcAddressHijack.GetProcAddress ->737052C1->72E0206B
Function netapi32.dll:NetUserModalsSet (259) intercepted, method - ProcAddressHijack.GetProcAddress ->737052D9->72E054AA
Function netapi32.dll:NetUserSetGroups (260) intercepted, method - ProcAddressHijack.GetProcAddress ->737052F1->72E05095
Function netapi32.dll:NetUserSetInfo (261) intercepted, method - ProcAddressHijack.GetProcAddress ->73705309->72E04D1D
Function netapi32.dll:NetValidateName (262) intercepted, method - ProcAddressHijack.GetProcAddress ->7370531F->736C5859
Function netapi32.dll:NetValidatePasswordPolicy (263) intercepted, method - ProcAddressHijack.GetProcAddress ->73705336->72E09967
Function netapi32.dll:NetValidatePasswordPolicyFree (264) intercepted, method - ProcAddressHijack.GetProcAddress ->73705357->72E09B6B
Function netapi32.dll:NetWkstaTransportAdd (267) intercepted, method - ProcAddressHijack.GetProcAddress ->7370537C->736C4E45
Function netapi32.dll:NetWkstaTransportDel (268) intercepted, method - ProcAddressHijack.GetProcAddress ->73705398->736C4F21
Function netapi32.dll:NetWkstaTransportEnum (269) intercepted, method - ProcAddressHijack.GetProcAddress ->737053B4->736C4CF9
Function netapi32.dll:NetWkstaUserEnum (270) intercepted, method - ProcAddressHijack.GetProcAddress ->737053D1->736C4AD1
Function netapi32.dll:NetWkstaUserGetInfo (271) intercepted, method - ProcAddressHijack.GetProcAddress ->737053E9->736C3280
Function netapi32.dll:NetWkstaUserSetInfo (272) intercepted, method - ProcAddressHijack.GetProcAddress ->73705404->736C4C15
Function netapi32.dll:NetapipBufferAllocate (273) intercepted, method - ProcAddressHijack.GetProcAddress ->7370541F->736F37AA
Function netapi32.dll:NetpIsRemote (289) intercepted, method - ProcAddressHijack.GetProcAddress ->7370543E->736F382D
Function netapi32.dll:NetpwNameCanonicalize (296) intercepted, method - ProcAddressHijack.GetProcAddress ->73705454->736F1C30
Function netapi32.dll:NetpwNameCompare (297) intercepted, method - ProcAddressHijack.GetProcAddress ->73705473->736F1F2E
Function netapi32.dll:NetpwNameValidate (298) intercepted, method - ProcAddressHijack.GetProcAddress ->7370548D->736F1990
Function netapi32.dll:NetpwPathCanonicalize (299) intercepted, method - ProcAddressHijack.GetProcAddress ->737054A8->736F275D
Function netapi32.dll:NetpwPathCompare (300) intercepted, method - ProcAddressHijack.GetProcAddress ->737054C7->736F4086
Function netapi32.dll:NetpwPathType (301) intercepted, method - ProcAddressHijack.GetProcAddress ->737054E1->736F2533
Function netapi32.dll:NlBindingAddServerToCache (302) intercepted, method - ProcAddressHijack.GetProcAddress ->737054F8->724961F8
Function netapi32.dll:NlBindingRemoveServerFromCache (303) intercepted, method - ProcAddressHijack.GetProcAddress ->7370551B->72495D67
Function netapi32.dll:NlBindingSetAuthInfo (304) intercepted, method - ProcAddressHijack.GetProcAddress ->73705543->72496198
1.2 Searching for kernel-mode API hooks
 Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
 Number of processes found: 24
Extended process analysis: 1964 C:\Windows\SysWOW64\WinService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Located in system folder
 Number of modules loaded: 283
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Latent DLL loading through AppInit_DLLs suspected: "acaptuser32.dll"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  Start menu items are blocked
Checking - complete
Files scanned: 307, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 11.09.2010 17:41:17
Time of scanning: 00:00:20
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Remote Desktop Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery)
Performance tweaking: disable service Schedule (Task Scheduler)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
21	LISTENING	0.0.0.0	0	[1736] c:\program files (x86)\filezilla server\filezilla server.exe Script: Quarantine, Delete, Delete via BC, Terminate
135	LISTENING	0.0.0.0	0	[800] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
139	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
912	LISTENING	0.0.0.0	0	[2584] c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe Script: Quarantine, Delete, Delete via BC, Terminate
2869	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
5354	LISTENING	0.0.0.0	0	[1636] c:\program files (x86)\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
5938	LISTENING	0.0.0.0	0	[1892] c:\program files (x86)\teamviewer\version5\teamviewer.exe Script: Quarantine, Delete, Delete via BC, Terminate
9089	LISTENING	0.0.0.0	0	[2120] c:\program files (x86)\vmware\vmware vcenter converter standalone\vmware-converter-a.exe Script: Quarantine, Delete, Delete via BC, Terminate
9997	LISTENING	0.0.0.0	0	[1892] c:\program files (x86)\teamviewer\version5\teamviewer.exe Script: Quarantine, Delete, Delete via BC, Terminate
10000	LISTENING	0.0.0.0	0	[3744] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, Delete via BC, Terminate
14147	LISTENING	0.0.0.0	0	[1736] c:\program files (x86)\filezilla server\filezilla server.exe Script: Quarantine, Delete, Delete via BC, Terminate
27015	LISTENING	0.0.0.0	0	[1572] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate
33124	LISTENING	0.0.0.0	0	[3744] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, Delete via BC, Terminate
49152	LISTENING	0.0.0.0	0	[472] wininit.exe Script: Quarantine, Delete, Delete via BC, Terminate
49153	LISTENING	0.0.0.0	0	[936] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
49154	LISTENING	0.0.0.0	0	[1008] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
49155	LISTENING	0.0.0.0	0	[552] lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate
49166	LISTENING	0.0.0.0	0	[528] services.exe Script: Quarantine, Delete, Delete via BC, Terminate
49167	LISTENING	0.0.0.0	0	[2072] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
500	LISTENING	--	--	[1008] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[4068] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[3744] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[4068] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
4500	LISTENING	--	--	[1008] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	[1636] c:\program files (x86)\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
5355	LISTENING	--	--	[1208] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
6771	LISTENING	--	--	[3744] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, Delete via BC, Terminate
33124	LISTENING	--	--	[3744] c:\program files (x86)\utorrent\utorrent.exe Script: Quarantine, Delete, Delete via BC, Terminate
44301	LISTENING	--	--	[1940] c:\windows\syswow64\pnkbstra.exe Script: Quarantine, Delete, Delete via BC, Terminate
52272	LISTENING	--	--	[1636] c:\program files (x86)\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
55587	LISTENING	--	--	[4068] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
55588	LISTENING	--	--	[4068] svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
62003	LISTENING	--	--	[3676] sidebar.exe Script: Quarantine, Delete, Delete via BC, Terminate
65240	LISTENING	--	--	[3796] c:\program files (x86)\windows media player\wmplayer.exe Script: Quarantine, Delete, Delete via BC, Terminate