Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Drive Redirect Virus [Solved]

google docs google redirect redirect virus ads google drive

  • This topic is locked This topic is locked

#1
Shruikan66

Shruikan66

    Member

  • Member
  • PipPip
  • 42 posts

Hello! Could someone here please help me? I've done all I can. I noticed about a week ago that when I go into my Google Drive and try to open any of the files there, instead of opening them for editing the new tab will redirect to some shady sites. It's a different one each time but they are all typical malicious sites. It only occurs on this computer and it happens no matter which account I sign into so it must be something with the computer. It isn't redirecting any links I click on like many other topics labeled "Google redirect virus" claim, it's exclusive to Google Drive.

 

-I've cleared my hosts file.

-I've checked for any extensions, add-ons, or programs that may have sneaked onto my computer.

-I've run scans and deleted various threats with Ad-Aware Antivirus free version, Malwarebytes free version, and HitmanPro 3.7. 

-I've run tdsskiller from Kaspersky Labs which found nothing on my computer.

-I've completed an "IE optimization".

-I got my computer to create a boot file when it restarts and using this file I've checked for any corrupted driver files.

 

There's been no change to the situation and I'm out of ideas. Help would be very much appreciated!

 

 

Here are the logs:

 

FRST.txt-

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by testy (administrator) on MISA on 26-03-2015 17:34:05
Running from C:\Users\testy\Desktop
Loaded Profiles: testy (Available profiles: testy)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2308872 2014-04-14] (FSPro Labs)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-307354124-2270314485-3886894763-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-307354124-2270314485-3886894763-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-307354124-2270314485-3886894763-1000\...\Run: [GoogleChromeAutoLaunch_A73C9AEE7221095378158091CCE61823] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
HKU\S-1-5-21-307354124-2270314485-3886894763-1000\...\MountPoints2: {c769d213-ea54-11e3-bfe6-f0def14a573c} - E:\Autorun.exe
HKU\S-1-5-21-307354124-2270314485-3886894763-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-307354124-2270314485-3886894763-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-307354124-2270314485-3886894763-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...age={startPage}
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Filter: application/octet-stream - No CLSID Value
Filter: application/x-complus - No CLSID Value
Filter: application/x-msdownload - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 24.226.1.93
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-11-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-10] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-307354124-2270314485-3886894763-1000: @nsroblox.roblox.com/launcher -> C:\Users\testy\AppData\Local\Roblox\Versions\version-3a1b3a29e18e4ba7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-307354124-2270314485-3886894763-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\testy\AppData\Local\Roblox\Versions\version-3a1b3a29e18e4ba7\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-307354124-2270314485-3886894763-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "https://www.google.ca/"
CHR Profile: C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Color Dripping) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdjgcfonmljobnnhbhiacipngbhblgi [2015-02-17]
CHR Extension: (Google Docs) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-15]
CHR Extension: (Google Drive) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-15]
CHR Extension: (YouTube) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-15]
CHR Extension: (Google Search) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-15]
CHR Extension: (AdBlock) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-15]
CHR Extension: (Bookmark Manager) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-02-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-15]
CHR Extension: (Gmail) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-15] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-06-07] (DT Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 17:34 - 2015-03-26 17:34 - 00014587 _____ () C:\Users\testy\Desktop\FRST.txt
2015-03-26 17:32 - 2015-03-26 17:34 - 00000000 ____D () C:\FRST
2015-03-26 17:31 - 2015-03-26 17:31 - 02095616 _____ (Farbar) C:\Users\testy\Desktop\FRST64.exe
2015-03-26 15:07 - 2015-03-26 15:07 - 00000000 ____D () C:\Windows\pss
2015-03-26 14:50 - 2015-03-26 14:50 - 00000000 ____D () C:\Users\testy\Tracing
2015-03-26 10:00 - 2015-03-26 10:00 - 00002386 _____ () C:\Windows\system32\.crusader
2015-03-26 09:47 - 2015-03-26 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-03-26 09:47 - 2015-03-26 09:47 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-26 09:45 - 2015-03-26 10:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-26 08:58 - 2015-03-26 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-03-26 08:58 - 2015-03-26 08:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-03-26 08:58 - 2015-03-26 08:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-03-26 08:53 - 2015-03-26 08:53 - 00000000 ____D () C:\Users\testy\Documents\Fax
2015-03-26 08:40 - 2015-03-26 08:40 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 08:39 - 2015-03-26 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-26 08:39 - 2015-03-26 08:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-26 08:39 - 2015-03-26 08:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-26 08:39 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-26 08:39 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-26 08:39 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-26 01:06 - 2015-03-26 01:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-03-26 01:06 - 2015-03-26 01:06 - 00000000 ____D () C:\Program Files\Lavasoft
2015-03-26 01:05 - 2015-03-26 01:05 - 00000000 ____D () C:\Users\testy\AppData\Roaming\LavasoftStatistics
2015-03-26 01:01 - 2015-03-26 01:01 - 00000000 ____D () C:\Users\testy\AppData\Roaming\Lavasoft
2015-03-26 01:01 - 2015-03-26 01:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-03-26 01:01 - 2015-03-26 01:01 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-25 21:02 - 2015-03-25 21:02 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-25 21:02 - 2015-03-25 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-25 21:02 - 2015-03-25 21:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-25 20:58 - 2015-03-25 20:58 - 00000000 _____ () C:\autoexec.bat
2015-03-25 20:38 - 2015-03-25 20:38 - 00000000 __SHD () C:\Users\testy\AppData\Local\EmieBrowserModeList
2015-03-25 16:49 - 2015-03-25 16:49 - 00000000 ____D () C:\Users\testy\AppData\Roaming\Adobe
2015-03-24 22:12 - 2015-03-24 22:14 - 00000000 ____D () C:\Users\testy\Desktop\wUA
2015-03-22 01:13 - 2015-03-22 01:13 - 00262144 _____ () C:\Windows\Minidump\032215-21247-01.dmp
2015-03-21 01:36 - 2015-03-21 01:36 - 00262144 _____ () C:\Windows\Minidump\032115-21403-01.dmp
2015-03-20 23:21 - 2015-03-20 23:27 - 00000000 ____D () C:\Users\testy\Desktop\Stuck on Nothing
2015-03-20 23:14 - 2015-03-20 23:14 - 00000847 _____ () C:\Users\testy\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-20 23:12 - 2015-03-20 23:18 - 00000000 ____D () C:\Users\testy\AppData\Roaming\BitTorrent
2015-03-20 13:50 - 2015-03-20 13:50 - 00001201 _____ () C:\Users\testy\Desktop\FrostWire 6.lnk
2015-03-20 13:50 - 2015-03-20 13:50 - 00000000 ____D () C:\Users\testy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 6
2015-03-20 13:49 - 2015-03-26 09:07 - 00000000 ____D () C:\Program Files (x86)\FrostWire
2015-03-20 03:13 - 2015-03-20 03:13 - 00262144 _____ () C:\Windows\Minidump\032015-20358-01.dmp
2015-03-15 15:59 - 2015-03-15 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 Create A Sim Demo
2015-03-15 15:37 - 2015-03-15 15:59 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-15 15:36 - 2015-03-17 14:03 - 00000000 ____D () C:\Users\testy\AppData\Roaming\Origin
2015-03-15 15:36 - 2015-03-15 22:03 - 00000000 ____D () C:\Users\testy\AppData\Local\Origin
2015-03-15 15:34 - 2015-03-17 16:18 - 00000000 ____D () C:\ProgramData\Origin
2015-03-15 15:34 - 2015-03-15 16:01 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-03-15 15:34 - 2015-03-15 15:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-15 15:34 - 2015-03-15 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-03-11 11:42 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 11:42 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 11:42 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 11:42 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 11:42 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 11:42 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 11:42 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 11:42 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 11:42 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 11:42 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 11:42 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 11:42 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 11:42 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 11:42 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 11:42 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 11:42 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 11:42 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 11:42 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 11:42 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 11:42 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 11:42 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 11:42 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 11:42 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 11:42 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 11:42 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 11:42 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 11:42 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 11:42 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 11:42 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 11:42 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 11:42 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 11:42 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 11:42 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 11:42 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 11:42 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 11:42 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 11:42 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 11:42 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 11:42 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 11:42 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 11:42 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 11:42 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 11:42 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 11:39 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 11:39 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 11:39 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 11:38 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 11:38 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 11:38 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 11:38 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 11:38 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 11:38 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 11:38 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 11:38 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 11:38 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 11:38 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 11:38 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 11:38 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 11:38 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 11:38 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 11:38 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 11:38 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 11:38 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 11:38 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 11:38 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 11:38 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 11:38 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 11:38 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 11:38 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 11:38 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 11:38 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 11:38 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 11:38 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 11:38 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 11:38 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 11:38 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 11:38 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 11:38 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 11:37 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 11:37 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 11:37 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 11:37 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 11:37 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 11:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 11:37 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 11:37 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 11:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 11:37 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 11:37 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 11:37 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 11:37 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 11:37 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 11:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 11:37 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 11:37 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 11:37 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 11:37 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 11:37 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 11:37 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 11:37 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 11:37 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 11:37 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 11:37 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 11:37 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 11:37 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 11:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 11:37 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 11:37 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 11:37 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 11:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 11:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 11:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 11:37 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 11:37 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 11:37 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 11:37 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 11:37 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 11:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 11:37 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 11:37 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 11:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 11:37 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 11:37 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 11:37 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 11:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 11:37 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 11:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 11:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 11:37 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 11:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 11:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 11:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 11:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 11:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 11:34 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 11:34 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-09 21:50 - 2015-03-09 21:50 - 00262144 _____ () C:\Windows\Minidump\030915-26379-01.dmp
2015-03-08 22:42 - 2015-03-08 22:42 - 00042731 _____ () C:\Users\testy\Desktop\shime11.psd
2015-03-08 14:47 - 2015-03-07 12:10 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-03-08 14:47 - 2015-03-07 12:10 - 00191400 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-03-08 14:47 - 2015-03-07 12:10 - 00190888 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-03-08 14:33 - 2015-03-08 14:45 - 00094031 _____ () C:\Users\testy\Desktop\candice2.psd
2015-03-07 12:41 - 2015-03-08 21:54 - 00000000 ____D () C:\Users\testy\Desktop\Shimejis
2015-02-25 19:17 - 2015-02-25 19:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 17:22 - 2014-05-15 21:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-26 17:10 - 2014-05-15 21:46 - 00000000 ____D () C:\Users\testy\AppData\Roaming\Skype
2015-03-26 17:09 - 2009-07-14 00:45 - 00031888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 17:09 - 2009-07-14 00:45 - 00031888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 16:13 - 2014-05-13 22:25 - 01675186 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 15:15 - 2009-07-14 01:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 15:09 - 2014-05-15 21:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 15:09 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 15:09 - 2009-07-14 00:51 - 00038955 _____ () C:\Windows\setupact.log
2015-03-26 14:50 - 2014-05-13 22:25 - 00000000 ____D () C:\Users\testy
2015-03-26 14:49 - 2014-09-15 20:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-26 14:49 - 2014-05-15 21:46 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 09:33 - 2010-11-20 23:47 - 00044888 _____ () C:\Windows\PFRO.log
2015-03-26 09:32 - 2014-05-15 11:27 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-26 09:21 - 2015-01-25 18:12 - 00000000 ____D () C:\ProgramData\{f7fe7332-a972-ecdc-f7fe-e7332a97ccca}
2015-03-26 09:07 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2015-03-25 21:45 - 2015-02-17 09:33 - 00000020 _____ () C:\Users\testy\AppData\Roaming\appdataFr3.bin
2015-03-25 17:11 - 2014-05-15 22:10 - 00000000 ____D () C:\Users\testy\AppData\Roaming\Audacity
2015-03-25 13:31 - 2014-06-19 11:41 - 00000132 _____ () C:\Users\testy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-03-24 22:15 - 2014-06-12 17:35 - 00000000 ____D () C:\Users\testy\Documents\RPGVXAce
2015-03-24 09:21 - 2014-05-15 22:18 - 00000000 ____D () C:\Users\testy\Desktop\School
2015-03-23 23:35 - 2014-05-15 22:15 - 00000000 ____D () C:\Program Files (x86)\PaintTool SAI English Pack
2015-03-23 14:40 - 2014-05-15 23:13 - 00000000 ____D () C:\Users\testy\AppData\Roaming\.minecraft
2015-03-22 01:13 - 2014-05-18 20:47 - 00000000 ____D () C:\Windows\Minidump
2015-03-22 01:13 - 2014-05-18 20:46 - 392703441 _____ () C:\Windows\MEMORY.DMP
2015-03-21 19:25 - 2014-06-10 21:42 - 00000000 ____D () C:\Users\testy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-03-20 23:18 - 2014-05-16 19:23 - 00000000 ____D () C:\Users\testy\.frostwire5
2015-03-20 14:07 - 2015-02-03 00:17 - 00000000 ____D () C:\Program Files (x86)\Tor Browser
2015-03-20 13:50 - 2014-05-15 22:12 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5
2015-03-20 13:25 - 2014-05-22 21:39 - 00000000 ____D () C:\Users\testy\Desktop\Games
2015-03-20 02:25 - 2014-05-15 21:34 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-15 22:21 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-15 16:01 - 2014-06-07 13:24 - 00000000 ____D () C:\Users\testy\Documents\Electronic Arts
2015-03-15 15:59 - 2014-10-05 13:11 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-13 09:47 - 2009-07-14 00:45 - 00360904 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 09:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 09:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 08:46 - 2014-05-13 23:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 08:37 - 2014-05-13 23:13 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-08 14:47 - 2015-02-16 23:02 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-07 16:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-07 12:10 - 2015-02-16 23:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-25 19:17 - 2014-06-27 09:55 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2015-02-25 19:17 - 2014-06-27 09:54 - 00000000 ____D () C:\Program Files\Tablet
 
==================== Files in the root of some directories =======
 
2014-06-19 11:41 - 2015-03-25 13:31 - 0000132 _____ () C:\Users\testy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-17 09:33 - 2015-03-25 21:45 - 0000020 _____ () C:\Users\testy\AppData\Roaming\appdataFr3.bin
2015-02-11 22:59 - 2015-02-11 22:59 - 0003584 _____ () C:\Users\testy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-14 16:23 - 2014-08-14 16:23 - 0012247 _____ () C:\Users\testy\AppData\Local\recently-used.xbel
 
Files to move or delete:
====================
C:\Users\testy\jagex_cl_runescape_LIVE.dat
C:\Users\testy\jagex_cl_runescape_LIVE1.dat
C:\Users\testy\newjavascript.js
C:\Users\testy\random.dat
 
 
Some content of TEMP:
====================
C:\Users\testy\AppData\Local\Temp\BlueStacks-SplitInstaller_native_b.exe
C:\Users\testy\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\testy\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\testy\AppData\Local\Temp\InstallAX.exe
C:\Users\testy\AppData\Local\Temp\InstallPlugin.exe
C:\Users\testy\AppData\Local\Temp\mirc736.exe
C:\Users\testy\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\testy\AppData\Local\Temp\ochelper.exe
C:\Users\testy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\testy\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\testy\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-23 19:30
 
==================== End Of Log ============================
 
 
 
 
Addition.txt-
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by testy at 2015-03-26 17:34:57
Running from C:\Users\testy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-
 
9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-
 
A0F22C2DF32B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-
 
DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to 
 
unhide them. The adware programs should be uninstalled manually.)
 
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: b216 - 
 
Acoustica)
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}
 
_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems 
 
Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B001064C-D061-4BAE-9031-
 
416A838D5536}) (Version: 10.2.153.1 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{9C542173-96F0-435D-A95C-
 
468CAAC75EA0}) (Version: 10.2.153.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © 
 
The Computer Guy Tony)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-
 
AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 
 
12.1.5.155 - Adobe Systems, Inc.)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-
 
ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) 
 
(Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) 
 
(Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
BitTorrent (HKU\S-1-5-21-307354124-2270314485-3886894763-1000\...\BitTorrent) 
 
(Version: 7.9.2.38914 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 
 
0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-
 
8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - 
 
Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-
 
0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT 
 
Soft Ltd)
EasyVideoMaker (HKLM-x32\...\{03EC818F-96E5-497F-AF28-EC6BC4CF32D3}) (Version: 
 
3.15 - Easy Video Maker)
EnergyCut (HKLM-x32\...\{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}) (Version: 1.00 
 
- Lenovo)
FirstClass Client (HKLM-x32\...\{6EBED885-73D9-4750-B96E-FD654500E59F}) 
 
(Version: 11.063 - OpenText)
FrostWire 6.0.6 (HKLM-x32\...\FrostWire 6) (Version: 6.0.6.1 - FrostWire LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google 
 
Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - 
 
Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) 
 
(Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) 
 
(Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-
 
A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) 
 
(Version: 6.0.200 - Sun Microsystems, Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - 
 
Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-
 
Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-
 
Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-
 
CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-
 
0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-
 
8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-
 
8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-
 
8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99
 
-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-
 
4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...
 
\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...
 
\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...
 
\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...
 
\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...
 
\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...
 
\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...
 
\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft 
 
Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-
 
16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
My Lockbox 3.2 (HKLM\...\My Lockbox_is1) (Version: 3.2 - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Portal 1 version 1.0 (HKLM-x32\...\{BDF90AE9-C455-49B8-AEC6-D2B9737A4E54}_is1) 
 
(Version: 1.0 - Valve)
Portal 2 version 2.0 (HKLM-x32\...\{0F2C90ED-7FF4-4CC4-A876-24F6BB55FA34}_is1) 
 
(Version: 2.0 - Valve)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 
 
7.76.80.95 - Apple Inc.)
ROBLOX Player for testy (HKU\S-1-5-21-307354124-2270314485-3886894763-
 
1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX 
 
Corporation)
ROBLOX Studio for testy (HKU\S-1-5-21-307354124-2270314485-3886894763-
 
1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX 
 
Corporation)
RPG Maker VX Ace (HKLM-x32\...\{835D562C-B72C-461D-A9C3-B8206B66E85A}) 
 
(Version: 1.01 - RPG MAKER)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - 
 
Enterbrain)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 
 
7.2.103 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 
 
1.0.632 - Electronic Arts)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-
 
3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet 
 
Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet 
 
Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-
 
486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.10 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.4 - 
 
win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any 
 
eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-307354124-2270314485-3886894763-1000_Classes\CLSID
 
\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\testy
 
\AppData\Local\Roblox\Versions\version-3a1b3a29e18e4ba7\RobloxProxy64.dll 
 
(ROBLOX Corporation)
 
==================== Restore Points  =========================
 
15-03-2015 15:58:49 Microsoft Visual C++ 2013 Redistributable (x86) - 
 
12.0.21005
17-03-2015 14:15:13 Windows Update
21-03-2015 01:50:59 Windows Update
25-03-2015 08:48:35 Windows Update
26-03-2015 01:01:13 AA11
26-03-2015 01:05:04 AA11
26-03-2015 09:24:05 AA11
26-03-2015 09:55:53 Checkpoint by HitmanPro
26-03-2015 09:59:41 Checkpoint by HitmanPro
26-03-2015 14:58:34 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-11-23 20:18 - 2015-03-25 20:51 - 00000048 ____N C:\Windows
 
\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any 
 
associated file could be listed separately to be moved.)
 
Task: {0FA6BAE3-637F-44AF-8B77-459AED2195FA} - System32\Tasks\Microsoft
 
\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files
 
\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft 
 
Corporation)
Task: {184D2C4D-81F9-4602-8005-3A881D0DB65F} - System32\Tasks\PCI Monitor => 
 
C:\Users\testy\AppData\Roaming\winlogon.exe
Task: {2DFE106D-098D-4641-A23E-4471DE88168F} - System32\Tasks
 
\AdobeAAMUpdater-1.0-MISA-testy => C:\Program Files (x86)\Common Files\Adobe
 
\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {300B4A04-1938-48D3-97E3-C77442BFD529} - System32\Tasks\CCleanerSkipUAC 
 
=> C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {7FCFBE07-8E5E-4F4F-ADB2-D3864627CBCF} - System32\Tasks\{692944FA-6411-
 
4ACA-9363-44DB6FED9803} => pcalua.exe -a "C:\Users\testy\FrostWire\Torrent 
 
Data\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch
 
\Sims3_1.0.632.00002_from_1.0.631.00002.exe" -d "C:\Users\testy\FrostWire
 
\Torrent Data\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch"
Task: {A5945E03-B746-4B05-916E-37606BDCBA60} - System32\Tasks\Adobe Acrobat 
 
Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft
 
\Windows\Application Experience\AitAgent => aitagent.exe
Task: {B020E752-0116-41B8-B499-05157991EE38} - System32\Tasks
 
\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update
 
\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {D67537DC-30F5-4A3B-AAB3-02228AF59FB7} - System32\Tasks
 
\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update
 
\GoogleUpdate.exe [2014-05-15] (Google Inc.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft
 
\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {ED267D66-8DAC-47F5-A721-C34FB6456BBF} - System32\Tasks\PCI Monitor Task 
 
=> C:\Program Files (x86)\PCI Monitor\pcimon.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files 
 
(x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files 
 
(x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-03-10 18:47 - 2015-03-10 18:47 - 00720760 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareService.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00107024 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_thread-
 
vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_system-
 
vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00033296 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_chrono-
 
vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00055320 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\boost_date_time-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 12745216 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareServiceKernel.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00785936 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_regex-
 
vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00744960 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareActivation.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00480272 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareApplicationUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00812032 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareGamingMode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00099312 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareReset.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00119792 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTime.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963088 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareDefinitionsUpdater.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00868896 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareDefinitionsUpdaterScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01108992 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareIgnoreList.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00247808 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareQuarantine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01013256 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareAntiMalwareEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00211464 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareAntiRootkitEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01177608 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareScannerHistory.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01302008 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareScanner.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00034832 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_timer-
 
vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00977416 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareScannerScheduler.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01143824 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareRealTimeProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00237568 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareIncompatibles.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00893432 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareAntiSpam.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00847872 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareAntiPhishing.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03104776 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareParentalControl.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02958848 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareWebProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01288712 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareEmailProtection.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00053272 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\boost_iostreams-vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01293832 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareNetworkProtection.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969200 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwarePromo.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00366584 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareFeedback.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02787344 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareThreatWorkAlliance.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01232888 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwarePinCode.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00969208 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareNotice.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00963576 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareAvcEngine.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 01184792 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareRealTimeProtectionHistory.dll
2014-06-27 09:54 - 2014-08-19 15:12 - 01356568 _____ () C:\Program Files
 
\Tablet\Pen\libxml2.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02756616 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareShellExtension.dll
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows
 
\System32\IccLibDll_x64.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 09566192 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe
2015-03-10 18:51 - 2015-03-10 18:51 - 00499728 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\boost_locale-
 
vc100-mt-1_57.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02144248 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\HtmlFramework.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 00869896 _____ () C:\Program Files
 
\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus
 
\11.6.306.7947\AdAwareTrayDefaultSkin.dll
2012-10-16 05:39 - 2012-10-16 05:39 - 00646744 _____ () C:\Program Files 
 
(x86)\Bamboo Dock\BambooCore.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files 
 
(x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files 
 
(x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-12 17:30 - 2007-04-13 20:18 - 00057344 _____ () C:\Program Files 
 
(x86)\Lenovo\EnergyCut\kbdhook.dll
2015-03-20 02:25 - 2015-03-14 06:12 - 01174856 _____ () C:\Program Files 
 
(x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 02:25 - 2015-03-14 06:12 - 00080200 _____ () C:\Program Files 
 
(x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 02:25 - 2015-03-14 06:12 - 09278792 _____ () C:\Program Files 
 
(x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-20 02:25 - 2015-03-14 06:12 - 14974280 _____ () C:\Program Files 
 
(x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will 
 
be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. 
 
The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None 
 
default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-307354124-2270314485-3886894763-1000\Control Panel\Desktop\
 
\Wallpaper -> 
DNS Servers: 192.168.1.1 - 24.226.1.93
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks
 
\HD-Agent.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-307354124-2270314485-3886894763-500 - Administrator - 
 
Disabled)
Guest (S-1-5-21-307354124-2270314485-3886894763-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-307354124-2270314485-3886894763-1002 - Limited - 
 
Enabled)
testy (S-1-5-21-307354124-2270314485-3886894763-1000 - Administrator - 
 
Enabled) => C:\Users\testy
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", 
 
which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/26/2015 03:53:27 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1964863
 
Error: (03/26/2015 03:53:27 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1964863
 
Error: (03/26/2015 03:53:27 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/26/2015 03:20:46 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4087
 
Error: (03/26/2015 03:20:46 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4087
 
Error: (03/26/2015 03:20:46 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/26/2015 03:20:45 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3057
 
Error: (03/26/2015 03:20:45 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3057
 
Error: (03/26/2015 03:20:45 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/26/2015 03:20:44 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059
 
 
System errors:
=============
Error: (03/26/2015 03:09:58 PM) (Source: Service Control Manager) (EventID: 
 
7023) (User: )
Description: The BlueStacks Android Service service terminated with the 
 
following error: 
%%1064
 
Error: (03/26/2015 02:23:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}
 
Error: (03/26/2015 02:20:59 PM) (Source: Service Control Manager) (EventID: 
 
7023) (User: )
Description: The BlueStacks Android Service service terminated with the 
 
following error: 
%%1064
 
Error: (03/26/2015 10:04:11 AM) (Source: Service Control Manager) (EventID: 
 
7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a 
 
transaction response from the Schedule service.
 
Error: (03/26/2015 10:03:41 AM) (Source: Service Control Manager) (EventID: 
 
7000) (User: )
Description: The Application Information service failed to start due to the 
 
following error: 
%%1053
 
Error: (03/26/2015 10:03:41 AM) (Source: Service Control Manager) (EventID: 
 
7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a 
 
transaction response from the Appinfo service.
 
Error: (03/26/2015 10:03:10 AM) (Source: Service Control Manager) (EventID: 
 
7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a 
 
transaction response from the iphlpsvc service.
 
Error: (03/26/2015 10:03:08 AM) (Source: Service Control Manager) (EventID: 
 
7023) (User: )
Description: The BlueStacks Android Service service terminated with the 
 
following error: 
%%1064
 
Error: (03/26/2015 10:02:34 AM) (Source: Service Control Manager) (EventID: 
 
7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with 
 
service-specific error %%0.
 
Error: (03/26/2015 09:50:39 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too 
 
many times on transport \Device\NetBT_Tcpip_{802FC181-7A86-4503-AE7C-
 
82B67922BBDF}.
The backup browser is stopping.
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2015 03:53:27 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1964863
 
Error: (03/26/2015 03:53:27 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1964863
 
Error: (03/26/2015 03:53:27 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/26/2015 03:20:46 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4087
 
Error: (03/26/2015 03:20:46 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4087
 
Error: (03/26/2015 03:20:46 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/26/2015 03:20:45 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3057
 
Error: (03/26/2015 03:20:45 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3057
 
Error: (03/26/2015 03:20:45 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/26/2015 03:20:44 PM) (Source: Bonjour Service) (EventID: 100) 
 
(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU P6200 @ 2.13GHz
Percentage of memory in use: 44%
Total physical RAM: 5876.51 MB
Available physical RAM: 3240.45 MB
Total Pagefile: 11751.21 MB
Available Pagefile: 8813.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:313.1 GB) NTFS
Drive e: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B3ACA194)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 

 


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Hello Shruikan66 and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.

  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.


    P2P Warning: !

    IMPORTANT I have noticed that there are signs of BitTorrent & FrostWire P2P (Peer to Peer) File Sharing Programs on your computer.

    As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

    Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.

    Risks of Peer to Peer systems
    P2P programs: Popular and perilous

    If you continue to use P2P programs it is likely that you will get infected again.

    I would recommend that you uninstall BitTorrent & Frostwire, however that choice is up to you. If you choose to do this, you can do so by:
    • Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features for Windows 7 and Vista.
    • In the list of installed programs locate and click on the program to uninstall e.g. BitTorrent
    • Click uninstall.
    If you decide to keep the programs in spite of the risks involved, do not use them until I have finished cleaning your computer and have given you the all clear.


    Step1 - FRST fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Download the attached fixlist.txt to your desktop. Attached File  fixlist.txt   835bytes   177 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Junkware Removal Tool

    Download Junkware Removal Tool by thisisu and save it to your desktop.

    1.Ensure all programs and windows are closed before proceeding.
    2.Simply double-click the program icon to run it. It will ask for administrator privileges.
    3.A black window will appear. Press any key to continue.
    4.Wait for it to finish. It won't take long.
    5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.


    Step3- AdwCleaner

    Download AdwCleaner from here to the Desktop
    • Close all open windows and browsers
    • Double click the Adwcleaner icon to execute the program
    • When the Tool opens for the first time accept the Terms of use
      AdwCleaner.png
    • Click the Scan button and wait for the program to finish.
    • Click the Report button, Notepad will open please copy/paste the generated log to your next reply.
    Things for your next post:
  • Fixlog.txt
  • JRT.txt
  • AdwCleaner[R*].txt

  • 0

#3
Shruikan66

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Hi Bruce1270! Thanks so much for replying and helping me. I'm in the middle of running through your steps. FRST fix worked fine and I have the log below. But the Junkware Removal tool doesn't seem to want to run. That, or it was lightning quick and the log file is hidden somewhere. I've tried clicking run as administrator but after the black screen pops up and I click any key to continue it disappears and appears to do nothing. No log file pop up nor does it show on my desktop. Should I just keep going?

 

FRST fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by testy at 2015-03-29 11:30:27 Run:1
Running from C:\Users\testy\Desktop
Loaded Profiles: testy (Available profiles: testy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
HKLM\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-307354124-2270314485-3886894763-1000\...\MountPoints2: {c769d213-ea54-11e3-bfe6-f0def14a573c} - E:\Autorun.exe
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
2015-03-25 20:38 - 2015-03-25 20:38 - 00000000 __SHD () C:\Users\testy\AppData\Local\EmieBrowserModeList
2015-03-25 20:58 - 2015-03-25 20:58 - 00000000 _____ () C:\autoexec.bat
cmd: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
*****************
 
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-307354124-2270314485-3886894763-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c769d213-ea54-11e3-bfe6-f0def14a573c}" => Key deleted successfully.
HKCR\CLSID\{c769d213-ea54-11e3-bfe6-f0def14a573c} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg => Moved successfully.
C:\Users\testy\AppData\Local\EmieBrowserModeList => Moved successfully.
C:\autoexec.bat => Moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
'netsh' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
'netsh' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 6.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:32:11 ====

  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Shruikan66

Sorry, my mistake, I should have asked you to disable your anti virus prior to running Junkware Removal Tool.

Here are my revised instructions for that part.

Important: Please disable your anti virus prior to running this program.

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.

Once you have completed this part please continue with the instructions for adwCleaner in post #2

Thanks
  • 0

#5
Shruikan66

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Nope, sorry it still doesn't seem to be running. I turned off my Ad-aware Antivirus and Malwarebytes Anti-Exploit the best I could.


  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Ok. Move on to running adwCleaner and post the log.

Thanks.
  • 0

#7
Shruikan66

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Alright here's the AdwCleaner log:

 

# AdwCleaner v4.200 - Logfile created 30/03/2015 at 08:35:28
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : testy - MISA
# Running from : C:\Users\testy\Desktop\adwcleaner_4.200.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\ProgramData\52783d44000025cf
Folder Found : C:\Users\testy\AppData\Local\FileViewPro
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKLM\SOFTWARE\f520a32d-29e6-fdf6-47aa-1afaf7a2a789
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Google Chrome v41.0.2272.101
 
[C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\testy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [1219 bytes] - [30/03/2015 08:35:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1278 bytes] ##########

Edited by Shruikan66, 30 March 2015 - 06:40 AM.

  • 0

#8
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Hi Shruikan66

Can you switch off your anti virus and try to run Junkware Removal Tool again please?

This time right click on the icon and select Run as Administrator.

Please post the log if it successfully runs.

 

Thanks


  • 0

#9
Shruikan66

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Still not working :( The program almost seems to be crashing... i click any key to continue and for a fraction of a second it says "checking startup" at the bottom, then the window closes.


  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Shruikan66

I want to take a deeper look at your system to see if there is any reason why JRT is not running.

Step1 - AVZ scan


Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon avz.JPG
When the tool opens select "File" > "Standards scripts"
avz1.jpg

Place a tick in :


5. Update signature database

Then press "Execute selected scripts"
avz2.JPG

Once that has execute then
select "File" > "Standards scripts"
Place a tick in :

3. Advanced System Analysis with malware removal mode enabled


When finished look in the folder AVZ4 on your desktop
Open the LOG folder
Attach virusinfo_syscure to your next post
vz3.JPG
  • 0

Advertisements


#11
Shruikan66

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Here's the zip. Or did you want all three files labelled virusinfo_syscure? 

 

Attached Files


  • 0

#12
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
hi .

yes. Attach all the files.

thanks
  • 0

#13
Shruikan66

Shruikan66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

I'm not permitted to upload htm files apparently? Here it is copy and pasted: and the other three are attached.

 

 

<!-- saved from url=(0014)about:internet -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
 <META http-equiv=Content-Type content="text/html; charset=windows-1251">
 <META http-equiv="nocache">
</HEAD>
</HEAD>
<script language="JavaScript">
function add_scr_line (s, InsMode) {
 var szStr, szOldStr;
 var InsPoz;
 szStr    = document.forms.ScriptForm.CureScript.value;
 szOldStr = szStr;
 if (!(szStr.length > 5))
  szStr = "begin\nend.";
 if (szStr.substr(0, 5).toLowerCase() != "begin")
  szStr = "begin\n" + szStr;
 InsPoz = szStr.lastIndexOf("end.");
 if (InsPoz < 5) {
  szStr = szStr + "\nend.";
  InsPoz = szStr.length-4;
 }
 if (InsMode == 1)
  InsPoz = 5;
 if (!(szStr.indexOf(s) >= 5)) {
   var szStr1, szStr2;
   szStr1 = szStr.substr(0, InsPoz);
   szStr2 = szStr.substr(InsPoz);
   if  (InsMode == 0)
    szStr2 =  "\n" + szStr2;
   else
    szStr1 =  szStr1 + "\n";
   szStr  = szStr1 + s +  szStr2;
 }
 if (szStr != szOldStr)
  document.forms.ScriptForm.CureScript.value = szStr;
}
function add_f_line (s) {
 var szStr;
 szStr = document.forms.FilesForm.FileList.value;
 if (szStr.length > 0)
  szStr = szStr  + "\n";
 if (szStr.indexOf(s) == -1)
  document.forms.FilesForm.FileList.value =  szStr + s;
}
function add_scr_d (s, s1) {
 if (s1 == void 0)
  add_scr_line(" DeleteFile('"+s+"');", 0);
 else
  add_scr_line(" DeleteFile('"+s+"','"+s1+"');", 0);
}
function add_scr_drk (s1, s2, s3) {
 add_scr_line(" RegKeyParamDel('"+s1+"','"+s2+"','"+s3+"');", 0);
}
function add_scr_bho (s) {
 add_scr_line(" DelBHO('"+s+"');", 1);
}
function add_scr_clsid (s) {
 add_scr_line(" DelCLSID('"+s+"');", 1);
}
function add_scr_dpf (s) {
 add_scr_line(" RegKeyDel('HKLM','SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\"+s+"');", 1);
}
function add_scr_s1 (s) {
 add_scr_line(" StopService('"+s+"');", 1);
}
function add_scr_s2 (s) {
 add_scr_line(" DeleteService('"+s+"');", 1);
}
function add_scr_s3 (s) {
 add_scr_line(" SetServiceStart('"+s+"', 4);", 1);
}
function add_scr_s4 (s) {
 add_scr_line(" BC_DeleteSvc('"+s+"');", 0);
}
function add_scr_db (s) {
 add_scr_line(" BC_DeleteFile('"+s+"');", 0);
}
function add_scr_k (s) {
 add_scr_line(" QuarantineFile('"+s+"','');",1);
 add_f_line(s);
}
function add_scr_t (s) {
 add_scr_line(" TerminateProcessByName('"+s+"');",1);
 add_f_line(s);
}
function add_scr_line_q (s, InsMode) {
 add_scr_line(unescape(s),InsMode);
}
</script>
<BODY bgColor="#ffdfb7">
<H1 align=center>Results of system analysis</H1>
<H2 align=center>Process List</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>PID<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Copyright<TD align=center><b><font color=White>MD5<TD align=center><b><font color=White>Information
<TR bgColor="#ffc06d"><TD><a name="proc_1808"></a>C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareService.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareService.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareService.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareService.exe")'>Terminate</a><TD>1808<TD>&nbsp;<TD>&nbsp;<TD>8E1F77A904BD51D74FDBC0F7EB8D86A9<TD>703.87 kb, rsAh,<br>created: 10.03.2015 18:47:16,<br>modified: 10.03.2015 18:47:16<br>Command line: 
<TR bgColor="#ffc06d"><TD><a name="proc_3160"></a>C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareTray.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareTray.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareTray.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareTray.exe")'>Terminate</a><TD>3160<TD>&nbsp;<TD>&nbsp;<TD>86C85BF57962EBA9F4B88FD954B2EB79<TD>9341.98 kb, rsAh,<br>created: 10.03.2015 18:50:46,<br>modified: 10.03.2015 18:50:46<br>Command line: 
<TR bgColor="#00CC66"><TD><a name="proc_3960"></a>c:\program files (x86)\google\chrome\application\chrome.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("c:\\program files (x86)\\google\\chrome\\application\\chrome.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("c:\\program files (x86)\\google\\chrome\\application\\chrome.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("c:\\program files (x86)\\google\\chrome\\application\\chrome.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("c:\\program files (x86)\\google\\chrome\\application\\chrome.exe")'>Terminate</a><TD>3960<TD>Google Chrome<TD>Copyright 2012 Google Inc. All rights reserved.<TD>F217EF2EA31D8F73504B1CD2F9787D9D<TD>790.32 kb, rsAh,<br>created: 15.05.2014 21:34:46,<br>modified: 14.03.2015 06:12:39<br>Command line: <BR>"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
<TR bgColor="#00CC66"><TD><a name="proc_4064"></a>c:\program files (x86)\bluestacks\hd-agent.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("c:\\program files (x86)\\bluestacks\\hd-agent.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("c:\\program files (x86)\\bluestacks\\hd-agent.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("c:\\program files (x86)\\bluestacks\\hd-agent.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("c:\\program files (x86)\\bluestacks\\hd-agent.exe")'>Terminate</a><TD>4064<TD>BlueStacks Agent<TD>Copyright 2011 BlueStack Systems, Inc.  All Rights Reserved.<TD>548EE4F7C7F39111048B7A708C2DC245<TD>823.71 kb, rsAh,<br>created: 07.10.2014 15:35:06,<br>modified: 07.10.2014 15:35:06<br>Command line: <BR>"C:\Program Files (x86)\BlueStacks\HD-Agent.exe" 
<TR bgColor="#ffc06d"><TD><a name="proc_3084"></a>c:\program files\my lockbox\mylbx.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("c:\\program files\\my lockbox\\mylbx.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("c:\\program files\\my lockbox\\mylbx.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("c:\\program files\\my lockbox\\mylbx.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("c:\\program files\\my lockbox\\mylbx.exe")'>Terminate</a><TD>3084<TD>My Lockbox<TD>Copyright © 2006-2014  FSPro Labs<TD>606F08CEF10DBBF70057C8EEB28486F7<TD>2254.76 kb, rsAh,<br>created: 15.05.2014 21:52:26,<br>modified: 14.04.2014 20:39:56<br>Command line: <BR>"C:\Program Files\My Lockbox\mylbx.exe" /a
<TR bgColor="#00CC66"><TD colspan=6>Detected:75, recognized as trusted 72
</TABLE>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>Module name<TD align=center><b><font color=White>Handle<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Copyright<TD align=center><b><font color=White>MD5<TD align=center><b><font color=White>Used by processes
<TR bgColor="#ffc06d"><TD><a href="" title="670.50 kb, rsAh, created: 17.02.2015 09:33:10, modified: 17.02.2015 09:33:10">C:\Program Files (x86)\Google\Chrome\Application\GoogleUpdate.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\Google\\Chrome\\Application\\GoogleUpdate.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\Google\\Chrome\\Application\\GoogleUpdate.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\Google\\Chrome\\Application\\GoogleUpdate.dll")'>Delete via BC</a><TD>1857683456<TD>Google Chrome Update<TD>Copyright 2012 Google Inc. All rights reserved.<TD>633A98427371836A0D9699E70E51E513<TD><a href="#proc_3960">3960</a>
<TR bgColor="#ffc06d"><TD><a href="" title="1413.00 kb, rsAh, created: 27.10.2014 23:03:09, modified: 27.10.2014 23:03:10">C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\d93099e1faaa28fc715b4fc64e010238\HD-Agent.ni.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\HD-Agent\\d93099e1faaa28fc715b4fc64e010238\\HD-Agent.ni.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\HD-Agent\\d93099e1faaa28fc715b4fc64e010238\\HD-Agent.ni.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\HD-Agent\\d93099e1faaa28fc715b4fc64e010238\\HD-Agent.ni.exe")'>Delete via BC</a><TD>1949171712<TD>BlueStacks Agent<TD>Copyright 2011 BlueStack Systems, Inc.  All Rights Reserved.<TD>6B1FF08CE4FE6B1C511404B544E82C9C<TD><a href="#proc_4064">4064</a>
<TR bgColor="#ffc06d"><TD><a href="" title="151.50 kb, rsAh, created: 27.10.2014 23:03:22, modified: 27.10.2014 23:03:22">C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\ed9302abc94cce786710d77fd1410886\JSON.ni.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\JSON\\ed9302abc94cce786710d77fd1410886\\JSON.ni.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\JSON\\ed9302abc94cce786710d77fd1410886\\JSON.ni.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\JSON\\ed9302abc94cce786710d77fd1410886\\JSON.ni.dll")'>Delete via BC</a><TD>1947533312<TD>&nbsp;<TD>Copyright © 2010 Pawe³ Hofman, CodeTitans<TD>D78AADCB4FD2E668CDD203DA8DB3BAF7<TD><a href="#proc_4064">4064</a>
<TR bgColor="#00CC66"><TD colspan=6>Modules found:285, recognized as trusted 282
</TABLE>
<H2 align=center>Kernel Space Modules Viewer</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>Module<TD align=center><b><font color=White>Base address<TD align=center><b><font color=White>Size in memory<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Manufacturer
<TR bgColor="#ffc06d"><TD><a title="error getting file info" href="">C:\Windows\System32\Drivers\dump_dumpata.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Drivers\\dump_dumpata.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Drivers\\dump_dumpata.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Drivers\\dump_dumpata.sys")'>Delete via BC</a><TD>DF4000<TD>00C000 (49152)<TD><TD>
<TR bgColor="#ffc06d"><TD><a title="error getting file info" href="">C:\Windows\System32\Drivers\dump_dumpfve.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Drivers\\dump_dumpfve.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Drivers\\dump_dumpfve.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Drivers\\dump_dumpfve.sys")'>Delete via BC</a><TD>84BE000<TD>013000 (77824)<TD><TD>
<TR bgColor="#ffc06d"><TD><a title="error getting file info" href="">C:\Windows\System32\Drivers\dump_msahci.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Drivers\\dump_msahci.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Drivers\\dump_msahci.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Drivers\\dump_msahci.sys")'>Delete via BC</a><TD>C5C000<TD>00B000 (45056)<TD><TD>
<TR bgColor="#00CC66"><TD colspan=5>Modules found - 158, recognized as trusted - 155
</TABLE>
<H2 align=center>Services</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>Service<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Status<TD align=center><b><font color=White>File<TD align=center><b><font color=White>Group<TD align=center><b><font color=White>Dependencies
<TR bgColor="#ffc06d"><TD>LavasoftAdAwareService11<br><font size=-2>Service: <a href='Javascript:add_scr_s1("LavasoftAdAwareService11")'>Stop</a>,  <a href='Javascript:add_scr_s2("LavasoftAdAwareService11")'>Delete</a>,  <a href='Javascript:add_scr_s3("LavasoftAdAwareService11")'>Disable</a>,  <a href='Javascript:add_scr_s4("LavasoftAdAwareService11")'>Delete via BC</a><TD>Ad-Aware Service 11<TD>Running<TD><a title="703.87 kb, rsAh, created: 10.03.2015 18:47:16, modified: 10.03.2015 18:47:16" href="">C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareService.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareService.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareService.exe")'>Delete via BC</a><TD>&nbsp;<TD>&nbsp;
<TR bgColor="#ffc06d"><TD>Origin Client Service<br><font size=-2>Service: <a href='Javascript:add_scr_s1("Origin Client Service")'>Stop</a>,  <a href='Javascript:add_scr_s2("Origin Client Service")'>Delete</a>,  <a href='Javascript:add_scr_s3("Origin Client Service")'>Disable</a>,  <a href='Javascript:add_scr_s4("Origin Client Service")'>Delete via BC</a><TD>Origin Client Service<TD>Not started<TD><a title="1865.86 kb, rsAh, created: 15.03.2015 15:36:32, modified: 15.03.2015 15:36:32" href="">C:\Program Files (x86)\Origin\OriginClientService.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\Origin\\OriginClientService.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\Origin\\OriginClientService.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\Origin\\OriginClientService.exe")'>Delete via BC</a><TD>&nbsp;<TD>&nbsp;
<TR bgColor="#ffc06d"><TD>SwitchBoard<br><font size=-2>Service: <a href='Javascript:add_scr_s1("SwitchBoard")'>Stop</a>,  <a href='Javascript:add_scr_s2("SwitchBoard")'>Delete</a>,  <a href='Javascript:add_scr_s3("SwitchBoard")'>Disable</a>,  <a href='Javascript:add_scr_s4("SwitchBoard")'>Delete via BC</a><TD>Adobe SwitchBoard<TD>Not started<TD><a title="error getting file info" href="">C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe")'>Delete via BC</a><TD>&nbsp;<TD>&nbsp;
<TR bgColor="#00CC66"><TD colspan=7>Detected - 170, recognized as trusted - 167
</TABLE>
<H2 align=center>Drivers</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>Service<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Status<TD align=center><b><font color=White>File<TD align=center><b><font color=White>Group<TD align=center><b><font color=White>Dependencies
<TR bgColor="#ffc06d"><TD>EagleX64<br><font size=-2>Driver: <a href='Javascript:add_scr_s1("EagleX64")'>Unload</a>,  <a href='Javascript:add_scr_s2("EagleX64")'>Delete</a>,  <a href='Javascript:add_scr_s3("EagleX64")'>Disable</a>,  <a href='Javascript:add_scr_s4("EagleX64")'>Delete via BC</a><TD>EagleX64<TD>Not started<TD><a title="error getting file info" href="">C:\Windows\system32\drivers\EagleX64.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\drivers\\EagleX64.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\drivers\\EagleX64.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\drivers\\EagleX64.sys")'>Delete via BC</a><TD>&nbsp;<TD>&nbsp;
<TR bgColor="#00CC66"><TD colspan=7>Detected - 260, recognized as trusted - 259
</TABLE>
<H2 align=center>Autoruns</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>Status<TD align=center><b><font color=White>Startup method<TD align=center><b><font color=White>Description
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\EventMessages.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\DWA\\resources\\libraries\\EventMessages.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\DWA\\resources\\libraries\\EventMessages.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\DWA\\resources\\libraries\\EventMessages.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Adobe Setup, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\IPSEventLogMsg.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\IPSEventLogMsg.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\IPSEventLogMsg.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Program Files (x86)\DVD</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\DVD")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\DVD","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\DVD")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="468.49 kb, rsAh, created: 30.10.2014 17:33:16, modified: 30.10.2014 17:33:16">C:\Program Files (x86)\FrostWire\FrostWire.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\FrostWire\\FrostWire.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\FrostWire\\FrostWire.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\FrostWire\\FrostWire.exe")'>Delete via BC</a><TD>Active<TD>Shortcut in Startup folder<TD>C:\Users\testy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\testy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FrostWire 6.lnk, 
<TR bgColor="#ffc06d"><TD><a href="" title="261.09 kb, rsAh, created: 16.05.2014 18:54:45, modified: 17.05.2014 00:56:50">C:\Program Files (x86)\WinRAR\rarext.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\WinRAR\\rarext.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\WinRAR\\rarext.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\WinRAR\\rarext.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B41DB860-8EE4-11D2-9906-E49FADC173CA}<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved","{B41DB860-8EE4-11D2-9906-E49FADC173CA}")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Program Files (x86)\Windows Defender\MpEvMsg.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\Windows Defender\\MpEvMsg.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\Windows Defender\\MpEvMsg.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\Windows Defender\\MpEvMsg.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="9341.98 kb, rsAh, created: 10.03.2015 18:50:46, modified: 10.03.2015 18:50:46">C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareTray.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareTray.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files\\Lavasoft\\Ad-Aware Antivirus\\Ad-Aware Antivirus\\11.6.306.7947\\AdAwareTray.exe")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AdAwareTray<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows\\CurrentVersion\\Run","AdAwareTray")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="2254.76 kb, rsAh, created: 15.05.2014 21:52:26, modified: 14.04.2014 20:39:56">C:\Program Files\My Lockbox\mylbx.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files\\My Lockbox\\mylbx.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files\\My Lockbox\\mylbx.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files\\My Lockbox\\mylbx.exe")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, mylbx<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows\\CurrentVersion\\Run","mylbx")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\Audiosrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Audiosrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Audiosrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Audiosrv.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\AudioEndpointBuilder\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\Audiosrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Audiosrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Audiosrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Audiosrv.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\AudioSrv\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\AxInstSV.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\AxInstSV.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\AxInstSV.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\AxInstSV.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\AxInstSV\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\AxInstSv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\AxInstSv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\AxInstSv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\AxInstSv.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\DFDTS.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\DFDTS.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\DFDTS.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\DFDTS.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\DispCI.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\DispCI.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\DispCI.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\DispCI.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\Drivers\L1C62x64.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Drivers\\L1C62x64.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Drivers\\L1C62x64.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Drivers\\L1C62x64.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\L1C, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\Drivers\Pcmcia.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Drivers\\Pcmcia.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Drivers\\Pcmcia.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Drivers\\Pcmcia.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\Drivers\VolSnap.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Drivers\\VolSnap.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Drivers\\VolSnap.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Drivers\\VolSnap.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\Drivers\acpi.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Drivers\\acpi.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Drivers\\acpi.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Drivers\\acpi.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\Drivers\hidbth.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\Drivers\\hidbth.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\Drivers\\hidbth.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\Drivers\\hidbth.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\MsSpellCheckingFacility.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\MsSpellCheckingFacility.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\MsSpellCheckingFacility.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\MsSpellCheckingFacility.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spell-Checking, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\MsSpellCheckingFacility.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\MsSpellCheckingFacility.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\MsSpellCheckingFacility.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\MsSpellCheckingFacility.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SpellChecker, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\MsSpellCheckingFacility.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\MsSpellCheckingFacility.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\MsSpellCheckingFacility.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\MsSpellCheckingFacility.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Spell-Checking, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\MsSpellCheckingFacility.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\MsSpellCheckingFacility.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\MsSpellCheckingFacility.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\MsSpellCheckingFacility.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SpellChecker, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\RdpGroupPolicyExtension.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\RdpGroupPolicyExtension.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\RdpGroupPolicyExtension.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\RdpGroupPolicyExtension.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}, DLLName<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}","DLLName")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\RpcEpMap.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\RpcEpMap.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\RpcEpMap.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\RpcEpMap.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\RpcEptMapper\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\SCardSvr.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\SCardSvr.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\SCardSvr.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\SCardSvr.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\SCardSvr\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\SDRSVC.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\SDRSVC.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\SDRSVC.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\SDRSVC.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\SDRSVC\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\TabSvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\TabSvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\TabSvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\TabSvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\TabletInputService\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\TsUsbRedirectionGroupPolicyExtension.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\TsUsbRedirectionGroupPolicyExtension.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\TsUsbRedirectionGroupPolicyExtension.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}, DLLName<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{4bcd6cde-777b-48b6-9804-43568e23545d}","DLLName")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\UI0Detect.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\UI0Detect.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\UI0Detect.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\UI0Detect.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\VSSVC.EXE</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\VSSVC.EXE")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\VSSVC.EXE","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\VSSVC.EXE")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\VSSVC.EXE</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\VSSVC.EXE")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\VSSVC.EXE","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\VSSVC.EXE")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\WUDFHost.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\WUDFHost.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\WUDFHost.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\WUDFHost.exe")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\{193a1820-d9ac-4997-8c55-be817523f6aa}","HostProcessImagePath")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\WUDFSvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\WUDFSvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\WUDFSvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\WUDFSvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\wudfsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\WerSvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\WerSvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\WerSvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\WerSvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WerSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\WerSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\aelupsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\aelupsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\aelupsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\aelupsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\AeLookupSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\aelupsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\aelupsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\aelupsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\aelupsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\appidsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\appidsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\appidsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\appidsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\AppIDSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\appinfo.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\appinfo.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\appinfo.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\appinfo.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Appinfo\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\bdesvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\bdesvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\bdesvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\bdesvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BDESVC\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\BDESVC\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\bfe.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\bfe.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\bfe.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\bfe.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\BFE\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\browser.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\browser.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\browser.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\browser.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Browser\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\certprop.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\certprop.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\certprop.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\certprop.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\CertPropSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\certprop.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\certprop.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\certprop.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\certprop.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\SCPolicySvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\cscsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\cscsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\cscsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\cscsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CscService\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\CscService\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\defragsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\defragsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\defragsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\defragsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\defragsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\defragsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\dmvscres.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\dmvscres.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\dmvscres.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\dmvscres.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\dmvsc, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\dnsrslvr.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\dnsrslvr.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\dnsrslvr.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\dnsrslvr.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Dnscache\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\dot3svc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\dot3svc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\dot3svc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\dot3svc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\dot3svc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\HECIx64.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\HECIx64.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\HECIx64.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\HECIx64.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HECIx64, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\MTConfig.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\MTConfig.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\MTConfig.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\MTConfig.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\Wdf01000.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\Wdf01000.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\Wdf01000.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\Wdf01000.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\amdk8.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\amdk8.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\amdk8.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\amdk8.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\amdppm.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\amdppm.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\amdppm.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\amdppm.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\b57nd60a.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\b57nd60a.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\b57nd60a.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\b57nd60a.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60a, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\bxvbda.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\bxvbda.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\bxvbda.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\bxvbda.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\evbda.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\evbda.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\evbda.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\evbda.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\fltmgr.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\fltmgr.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\fltmgr.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\fltmgr.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\i8042prt.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\i8042prt.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\i8042prt.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\i8042prt.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\iaStorV.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\iaStorV.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\iaStorV.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\iaStorV.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\intelppm.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\intelppm.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\intelppm.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\intelppm.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\ipmidrv.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\ipmidrv.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\ipmidrv.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\ipmidrv.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\isapnp.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\isapnp.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\isapnp.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\isapnp.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\kbdclass.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\kbdclass.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\kbdclass.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\kbdclass.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\kbdhid.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\kbdhid.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\kbdhid.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\kbdhid.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\mouclass.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\mouclass.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\mouclass.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\mouclass.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\mouhid.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\mouhid.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\mouhid.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\mouhid.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\mpio.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\mpio.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\mpio.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\mpio.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\nvstor.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\nvstor.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\nvstor.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\nvstor.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\parport.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\parport.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\parport.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\parport.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\processr.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\processr.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\processr.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\processr.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\sbp2port.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\sbp2port.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\sbp2port.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\sbp2port.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\serial.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\serial.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\serial.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\serial.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\sermouse.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\sermouse.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\sermouse.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\sermouse.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\tsusbflt.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\tsusbflt.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\tsusbflt.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\tsusbflt.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\vgapnp.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\vgapnp.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\vgapnp.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\vgapnp.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vga, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\wachidrouter.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\wachidrouter.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\wachidrouter.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\wachidrouter.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacHidRouter, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\wacompen.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\wacompen.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\wacompen.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\wacompen.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\drivers\wd.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\drivers\\wd.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\drivers\\wd.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\drivers\\wd.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\eapsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\eapsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\eapsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\eapsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EapHost\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\EapHost\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\gpsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\gpsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\gpsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\gpsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\gpsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\ikeext.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\ikeext.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\ikeext.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\ikeext.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\IKEEXT\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\iphlpsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\iphlpsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\iphlpsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\iphlpsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\iphlpsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\ipnathlp.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\ipnathlp.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\ipnathlp.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\ipnathlp.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\ipsecsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\ipsecsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\ipsecsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\ipsecsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\PolicyAgent\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\iscsiexe.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\iscsiexe.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\iscsiexe.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\iscsiexe.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\iscsilog.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\iscsilog.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\iscsilog.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\iscsilog.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\lltdsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\lltdsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\lltdsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\lltdsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\lltdsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\lmhsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\lmhsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\lmhsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\lmhsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\lmhosts\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\lsasrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\lsasrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\lsasrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\lsasrv.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\lsasrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\lsasrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\lsasrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\lsasrv.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\mctadmin.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\mctadmin.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\mctadmin.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\mctadmin.exe")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_USERS","S-1-5-19\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce","mctadmin")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\mctadmin.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\mctadmin.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\mctadmin.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\mctadmin.exe")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_USERS","S-1-5-20\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce","mctadmin")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\mdsched.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\mdsched.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\mdsched.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\mdsched.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\netman.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\netman.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\netman.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\netman.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Netman\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\nlasvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\nlasvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\nlasvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\nlasvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\NlaSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\pcasvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\pcasvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\pcasvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\pcasvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\PcaSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\profsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\profsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\profsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\profsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\profsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\profsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\profsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\profsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\qmgr.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\qmgr.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\qmgr.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\qmgr.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\BITS\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\rasauto.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\rasauto.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\rasauto.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\rasauto.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\RasAuto\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\rasmans.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\rasmans.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\rasmans.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\rasmans.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\RasMan\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\relpost.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\relpost.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\relpost.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\relpost.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\samsrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\samsrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\samsrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\samsrv.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\samsrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\samsrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\samsrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\samsrv.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\snmptrap.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\snmptrap.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\snmptrap.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\snmptrap.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\ssdpsrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\ssdpsrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\ssdpsrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\ssdpsrv.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\SSDPSRV\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\sstpsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\sstpsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\sstpsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\sstpsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\swprv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\swprv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\swprv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\swprv.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\swprv\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\tbssvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\tbssvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\tbssvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\tbssvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TBS\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\TBS\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\tcpmon.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\tcpmon.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\tcpmon.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\tcpmon.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\termsrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\termsrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\termsrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\termsrv.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\TermService\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\trkwks.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\trkwks.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\trkwks.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\trkwks.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\TrkWks\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\umpnpmgr.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\umpnpmgr.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\umpnpmgr.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\umpnpmgr.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\umpo.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\umpo.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\umpo.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\umpo.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\umrdp.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\umrdp.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\umrdp.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\umrdp.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UmRdpService\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\UmRdpService\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\umrdp.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\umrdp.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\umrdp.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\umrdp.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UmRdpService, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\uxsms.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\uxsms.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\uxsms.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\uxsms.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UxSms\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\UxSms\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\vds.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\vds.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\vds.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\vds.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\vmbusres.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\vmbusres.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\vmbusres.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\vmbusres.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vmbus, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\vmictimeprovider.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\vmictimeprovider.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\vmictimeprovider.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\vmictimeprovider.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider, DllName<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\W32Time\\TimeProviders\\VMICTimeProvider","DllName")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\vmstorfltres.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\vmstorfltres.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\vmstorfltres.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\vmstorfltres.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\storflt, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wbiosrvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wbiosrvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wbiosrvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wbiosrvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\WbioSrvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wecsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wecsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wecsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wecsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wercplsupport.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wercplsupport.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wercplsupport.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wercplsupport.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\wercplsupport\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wersvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wersvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wersvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wersvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wersvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wersvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wersvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wersvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wevtsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wevtsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wevtsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wevtsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wevtsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wevtsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wevtsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wevtsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wiaservc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wiaservc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wiaservc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wiaservc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\stisvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wiaservc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wiaservc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wiaservc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wiaservc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\win32k.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\win32k.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\win32k.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\win32k.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\win32k.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\win32k.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\win32k.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\win32k.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\winlogon.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\winlogon.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\winlogon.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\winlogon.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\winlogon.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\winlogon.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\winlogon.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\winlogon.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wkssvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wkssvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wkssvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wkssvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wlansvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wlansvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wlansvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wlansvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Wlansvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wscsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wscsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wscsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wscsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\wscsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wscsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wscsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wscsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wscsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\System32\wwansvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\System32\\wwansvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\System32\\wwansvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\System32\\wwansvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\WwanSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\BlbEvents.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\BlbEvents.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\BlbEvents.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\BlbEvents.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\FntCache.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\FntCache.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\FntCache.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\FntCache.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\FontCache\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\ListSvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\ListSvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\ListSvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\ListSvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\HomeGroupListener\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\Mcx2Svc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\Mcx2Svc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Mcx2Svc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\Mcx2Svc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Mcx2Svc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Mcx2Svc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\WINSAT.EXE</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\WINSAT.EXE")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\WINSAT.EXE","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\WINSAT.EXE")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\WUDFPlatform.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\WUDFPlatform.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\WUDFPlatform.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\WUDFPlatform.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\Wat\WatUX.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\Wat\\WatUX.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Wat\\WatUX.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\Wat\\WatUX.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\bthserv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\bthserv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\bthserv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\bthserv.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\bthserv\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\certprop.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\certprop.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\certprop.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\certprop.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\cofiredm.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\cofiredm.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\cofiredm.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\cofiredm.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\cofiredm.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\cofiredm.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\cofiredm.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\cofiredm.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\cscsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\cscsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\cscsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\cscsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-OfflineFiles, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\csrsrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\csrsrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\csrsrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\csrsrv.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\defragsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\defragsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\defragsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\defragsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\dfdts.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\dfdts.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\dfdts.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\dfdts.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\dps.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\dps.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\dps.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\dps.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DPS\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\DPS\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\drivers\HTTP.SYS</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\drivers\\HTTP.SYS")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\drivers\\HTTP.SYS","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\drivers\\HTTP.SYS")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\drivers\fltmgr.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\drivers\\fltmgr.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\drivers\\fltmgr.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\drivers\\fltmgr.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\drivers\fvevol.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\drivers\\fvevol.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\drivers\\fvevol.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\drivers\\fvevol.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\drivers\ntfs.sys</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\drivers\\ntfs.sys")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\drivers\\ntfs.sys","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\drivers\\ntfs.sys")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\dwm.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\dwm.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\dwm.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\dwm.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\eapsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\eapsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\eapsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\eapsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\fdPHost.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\fdPHost.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\fdPHost.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\fdPHost.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\fdPHost\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\fdphost.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\fdphost.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\fdphost.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\fdphost.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\fdrespub.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\fdrespub.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\fdrespub.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\fdrespub.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\FDResPub\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\fdrespub.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\fdrespub.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\fdrespub.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\fdrespub.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\fveapi.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\fveapi.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\fveapi.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\fveapi.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\fxsevent.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\fxsevent.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\fxsevent.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\fxsevent.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\gpsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\gpsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\gpsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\gpsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\hkcmd.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\hkcmd.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\hkcmd.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\hkcmd.exe")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, HotKeysCmds<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows\\CurrentVersion\\Run","HotKeysCmds")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\igfxpers.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\igfxpers.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\igfxpers.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\igfxpers.exe")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Persistence<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows\\CurrentVersion\\Run","Persistence")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\igfxtray.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\igfxtray.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\igfxtray.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\igfxtray.exe")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, IgfxTray<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows\\CurrentVersion\\Run","IgfxTray")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\ipbusenum.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\ipbusenum.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\ipbusenum.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\ipbusenum.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IPBusEnum\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\IPBusEnum\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\ipbusenum.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\ipbusenum.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\ipbusenum.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\ipbusenum.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\iphlpsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\iphlpsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\iphlpsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\iphlpsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\iscsiexe.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\iscsiexe.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\iscsiexe.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\iscsiexe.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\MSiSCSI\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\kmsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\kmsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\kmsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\kmsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\hkmsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\hkmsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\lpksetup.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\lpksetup.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\lpksetup.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\lpksetup.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\lsm.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\lsm.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\lsm.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\lsm.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\lsm.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\lsm.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\lsm.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\lsm.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\microsoft-windows-hal-events.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\microsoft-windows-hal-events.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\microsoft-windows-hal-events.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\microsoft-windows-hal-events.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\microsoft-windows-kernel-power-events.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\microsoft-windows-kernel-power-events.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\microsoft-windows-kernel-power-events.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\microsoft-windows-kernel-power-events.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\microsoft-windows-kernel-processor-power-events.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\microsoft-windows-kernel-processor-power-events.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\microsoft-windows-kernel-processor-power-events.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\mmcss.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\mmcss.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\mmcss.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\mmcss.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MMCSS\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\MMCSS\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\mmcss.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\mmcss.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\mmcss.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\mmcss.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\THREADORDER\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\THREADORDER\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\mpssvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\mpssvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\mpssvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\mpssvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\MpsSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\mpssvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\mpssvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\mpssvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\mpssvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\msdtckrm.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\msdtckrm.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\msdtckrm.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\msdtckrm.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\KtmRm\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\nsisvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\nsisvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\nsisvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\nsisvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\nsi\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\oobe\winsetup.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\oobe\\winsetup.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\oobe\\winsetup.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\oobe\\winsetup.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\p2psvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\p2psvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\p2psvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\p2psvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2psvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\p2psvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\peerdistsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\peerdistsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\peerdistsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\peerdistsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PeerDistSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\PeerDistSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\pnrpauto.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\pnrpauto.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\pnrpauto.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\pnrpauto.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\PNRPAutoReg\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\pnrpsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\pnrpsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\pnrpsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\pnrpsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\p2pimsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\pnrpsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\pnrpsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\pnrpsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\pnrpsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\PNRPsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\profsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\profsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\profsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\profsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\ProfSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\psxss.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\psxss.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\psxss.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\psxss.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\qagentRT.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\qagentRT.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\qagentRT.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\qagentRT.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\napagent\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\napagent\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\qmgr.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\qmgr.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\qmgr.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\qmgr.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\recovery.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\recovery.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\recovery.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\recovery.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\regsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\regsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\regsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\regsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\RemoteRegistry\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\rpcss.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\rpcss.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\rpcss.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\rpcss.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\DcomLaunch\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\rpcss.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\rpcss.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\rpcss.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\rpcss.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\RpcSs\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\schedsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\schedsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\schedsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\schedsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Schedule\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\schedsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\schedsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\schedsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\schedsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sdclt.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sdclt.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sdclt.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sdclt.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath, 
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sdengin2.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sdengin2.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sdengin2.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sdengin2.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\seclogon.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\seclogon.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\seclogon.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\seclogon.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\seclogon\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sensrsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sensrsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sensrsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sensrsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\SensrSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\services.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\services.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\services.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\services.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sppsvc.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sppsvc.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sppsvc.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sppsvc.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sppsvc.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sppsvc.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sppsvc.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sppsvc.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sppuinotify.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sppuinotify.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sppuinotify.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sppuinotify.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\sppuinotify\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\sppuinotify\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\srcore.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\srcore.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\srcore.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\srcore.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\srvsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\srvsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\srvsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\srvsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sstpsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sstpsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sstpsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sstpsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\SstpSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sstpsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sstpsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sstpsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sstpsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\storsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\storsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\storsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\storsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\StorSvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\StorSvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sysmain.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sysmain.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sysmain.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sysmain.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\SysMain\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\sysmain.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\sysmain.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\sysmain.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\sysmain.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\rdyboost\\Performance","Library")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\tbssvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\tbssvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\tbssvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\tbssvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\termsrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\termsrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\termsrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\termsrv.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\termsrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\termsrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\termsrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\termsrv.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\themeservice.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\themeservice.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\themeservice.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\themeservice.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Themes\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\umpnpmgr.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\umpnpmgr.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\umpnpmgr.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\umpnpmgr.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\PlugPlay\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\umpnpmgr.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\umpnpmgr.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\umpnpmgr.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\umpnpmgr.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\umpo.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\umpo.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\umpo.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\umpo.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Power\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\w32time.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\w32time.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\w32time.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\w32time.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\w32time.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\w32time.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\w32time.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\w32time.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\w32time.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\w32time.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\w32time.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\w32time.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\w32time.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\w32time.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\w32time.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\w32time.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\W32Time\\TimeProviders\\NtpClient","DllName")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\w32time.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\w32time.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\w32time.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\w32time.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\W32Time\\TimeProviders\\NtpServer","DllName")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wbem\WMIsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wbem\\WMIsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wbem\\WMIsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wbem\\WMIsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Winmgmt\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wecsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wecsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wecsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wecsvc.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\Wecsvc\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wecsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wecsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wecsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wecsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wecsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wecsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wecsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wecsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wecsvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wecsvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wecsvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wecsvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\winlogon.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\winlogon.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\winlogon.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\winlogon.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\winsrv.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\winsrv.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\winsrv.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\winsrv.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wlansvc.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wlansvc.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wlansvc.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wlansvc.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wpdbusenum.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wpdbusenum.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wpdbusenum.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wpdbusenum.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\WPDBusEnum\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wsepno.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wsepno.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wsepno.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wsepno.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wuaueng.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wuaueng.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wuaueng.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wuaueng.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","SYSTEM\\CurrentControlSet\\Services\\wuauserv\\Parameters","ServiceDll")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\Windows\system32\wuaueng.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\system32\\wuaueng.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\system32\\wuaueng.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\system32\\wuaueng.dll")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">C:\fc1624e7b5884873e3792696b7\DW\DW20.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\fc1624e7b5884873e3792696b7\\DW\\DW20.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\fc1624e7b5884873e3792696b7\\DW\\DW20.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\fc1624e7b5884873e3792696b7\\DW\\DW20.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">Maker\DVDMaker.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("Maker\\DVDMaker.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("Maker\\DVDMaker.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("Maker\\DVDMaker.exe")'>Delete via BC</a><TD>--<TD>Registry key<TD>HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">auditcse.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("auditcse.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("auditcse.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("auditcse.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{f3ccc681-b74c-4060-9f26-cd84525dca2a}","DLLName")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">igfxdev.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("igfxdev.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("igfxdev.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("igfxdev.dll")'>Delete via BC</a><TD>Active<TD>Registry key<TD>HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName<br><font size=-2> <a href='Javascript:add_scr_drk("HKEY_LOCAL_MACHINE","Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify\\igfxcui","DLLName")'>Delete</a>
<TR bgColor="#00CC66"><TD colspan=7> Autoruns items found - 742, recognized as trusted - 494
</TABLE>
<H2 align=center>Internet Explorer extension modules (BHOs, Toolbars ...)</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>Type<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Manufacturer<TD align=center><b><font color=White>CLSID
<TR bgColor="#00CC66"><TD colspan=7> Items found - 3, recognized as trusted - 3
</TABLE>
<H2 align=center>Windows Explorer extension modules</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>Destination<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Manufacturer<TD align=center><b><font color=White>CLSID
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info"></a><TD>WebCheck<TD><TD><TD>{E6FB5E20-DE35-11CF-9C87-00AA005127ED}<br><font size=-2> <a href='Javascript:add_scr_clsid("{E6FB5E20-DE35-11CF-9C87-00AA005127ED}")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="261.09 kb, rsAh, created: 16.05.2014 18:54:45, modified: 17.05.2014 00:56:50">C:\Program Files (x86)\WinRAR\rarext.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\WinRAR\\rarext.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\WinRAR\\rarext.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\WinRAR\\rarext.dll")'>Delete via BC</a><TD>WinRAR shell extension<TD>WinRAR shell extension<TD>Copyright © Alexander Roshal 1993-2014<TD>{B41DB860-8EE4-11D2-9906-E49FADC173CA}<br><font size=-2> <a href='Javascript:add_scr_clsid("{B41DB860-8EE4-11D2-9906-E49FADC173CA}")'>Delete</a>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info"></a><TD>WinRAR shell extension<TD><TD><TD>{B41DB860-64E4-11D2-9906-E49FADC173CA}<br><font size=-2> <a href='Javascript:add_scr_clsid("{B41DB860-64E4-11D2-9906-E49FADC173CA}")'>Delete</a>
<TR bgColor="#00CC66"><TD colspan=7> Items found - 17, recognized as trusted - 14
</TABLE>
<H2 align=center>Printing system extensions (print monitors, providers)</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>Type<TD align=center><b><font color=White>Name<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Manufacturer
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">EP0SLM01.DLL</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("EP0SLM01.DLL")'>Quarantine</a>,  <a href='Javascript:add_scr_d("EP0SLM01.DLL","32")'>Delete</a>,  <a href='Javascript:add_scr_db("EP0SLM01.DLL")'>Delete via BC</a><TD>Monitor<TD>Epson Inbox Language Monitor01<TD><TD>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">localspl.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("localspl.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("localspl.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("localspl.dll")'>Delete via BC</a><TD>Monitor<TD>Local Port<TD><TD>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">FXSMON.DLL</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("FXSMON.DLL")'>Quarantine</a>,  <a href='Javascript:add_scr_d("FXSMON.DLL","32")'>Delete</a>,  <a href='Javascript:add_scr_db("FXSMON.DLL")'>Delete via BC</a><TD>Monitor<TD>Microsoft Shared Fax Monitor<TD><TD>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">tcpmon.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("tcpmon.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("tcpmon.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("tcpmon.dll")'>Delete via BC</a><TD>Monitor<TD>Standard TCP/IP Port<TD><TD>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">usbmon.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("usbmon.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("usbmon.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("usbmon.dll")'>Delete via BC</a><TD>Monitor<TD>USB Monitor<TD><TD>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">WSDMon.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("WSDMon.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("WSDMon.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("WSDMon.dll")'>Delete via BC</a><TD>Monitor<TD>WSD Port<TD><TD>
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info">inetpp.dll</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("inetpp.dll")'>Quarantine</a>,  <a href='Javascript:add_scr_d("inetpp.dll","32")'>Delete</a>,  <a href='Javascript:add_scr_db("inetpp.dll")'>Delete via BC</a><TD>Provider<TD>HTTP Print Services<TD><TD>
<TR bgColor="#00CC66"><TD colspan=7> Items found - 8, recognized as trusted - 1
</TABLE>
<H2 align=center>Task Scheduler jobs</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>Job name<TD align=center><b><font color=White>Job state<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Manufacturer<TD align=center><b><font color=White>Path<TD align=center><b><font color=White>Command line
<TR bgColor="#ffc06d"><TD>C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe")'>Delete via BC</a><TD>Adobe Acrobat Update Task<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\Adobe Acrobat Update Task","64")'>Delete</a><TD><TD><TD><TD>C:\Windows\system32\Tasks\<TD> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
<TR bgColor="#ffc06d"><TD>C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe")'>Delete via BC</a><TD>AdobeAAMUpdater-1.0-MISA-testy<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\AdobeAAMUpdater-1.0-MISA-testy","64")'>Delete</a><TD><TD><TD><TD>C:\Windows\system32\Tasks\<TD> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe  -mode=scheduled
<TR bgColor="#ffc06d"><TD>C:\Program Files\CCleaner\CCleaner.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files\\CCleaner\\CCleaner.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files\\CCleaner\\CCleaner.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files\\CCleaner\\CCleaner.exe")'>Delete via BC</a><TD>CCleanerSkipUAC<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\CCleanerSkipUAC","64")'>Delete</a><TD><TD>CCleaner<TD>Copyright © 2005-2015 Piriform Ltd<TD>C:\Windows\system32\Tasks\<TD> "C:\Program Files\CCleaner\CCleaner.exe"  $(Arg0)
<TR bgColor="#ffc06d"><TD> aitagent <br><font size=-2>Script: <a href='Javascript:add_scr_k("aitagent")'>Quarantine</a>,  <a href='Javascript:add_scr_d("aitagent","32")'>Delete</a>,  <a href='Javascript:add_scr_db("aitagent")'>Delete via BC</a><TD>AitAgent<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\Microsoft\\Windows\\Application Experience\\AitAgent","64")'>Delete</a><TD><TD><TD><TD>C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\<TD> aitagent 
<TR bgColor="#ffc06d"><TD>C:\Windows\ehome\mcupdate<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\ehome\\mcupdate")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\ehome\\mcupdate","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\ehome\\mcupdate")'>Delete via BC</a><TD>mcupdate<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\Microsoft\\Windows\\Media Center\\mcupdate","64")'>Delete</a><TD><TD><TD><TD>C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\<TD> %SystemRoot%\ehome\mcupdate  $(Arg0)
<TR bgColor="#ffc06d"><TD>C:\Windows\ehome\ehrec<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Windows\\ehome\\ehrec")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Windows\\ehome\\ehrec","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Windows\\ehome\\ehrec")'>Delete via BC</a><TD>RecordingRestart<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\Microsoft\\Windows\\Media Center\\RecordingRestart","64")'>Delete</a><TD><TD><TD><TD>C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\<TD> %SystemRoot%\ehome\ehrec  /RestartRecording
<TR bgColor="#ffc06d"><TD>C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InputPersonalization.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\InputPersonalization.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\InputPersonalization.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\InputPersonalization.exe")'>Delete via BC</a><TD>InputPersonalization<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\Microsoft\\Windows\\TabletPC\\InputPersonalization","64")'>Delete</a><TD><TD><TD><TD>C:\Windows\system32\Tasks\Microsoft\Windows\TabletPC\<TD> %CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe 
<TR bgColor="#ffc06d"><TD>C:\Program Files (x86)\NCH Software\ClickCharts\ClickCharts.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\NCH Software\\ClickCharts\\ClickCharts.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\NCH Software\\ClickCharts\\ClickCharts.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\NCH Software\\ClickCharts\\ClickCharts.exe")'>Delete via BC</a><TD>ClickChartsSevenDays<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\NCH Software\\ClickChartsSevenDays","64")'>Delete</a><TD><TD>ClickCharts Diagram Flowchart Software<TD>NCH Software<TD>C:\Windows\system32\Tasks\NCH Software\<TD> C:\Program Files (x86)\NCH Software\ClickCharts\ClickCharts.exe  -sevendays
<TR bgColor="#ffc06d"><TD>C:\Users\testy\AppData\Roaming\winlogon.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Users\\testy\\AppData\\Roaming\\winlogon.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Users\\testy\\AppData\\Roaming\\winlogon.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Users\\testy\\AppData\\Roaming\\winlogon.exe")'>Delete via BC</a><TD>PCI Monitor<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\PCI Monitor","64")'>Delete</a><TD><TD><TD><TD>C:\Windows\system32\Tasks\<TD> "C:\Users\testy\AppData\Roaming\winlogon.exe"  $(Arg0)
<TR bgColor="#ffc06d"><TD>C:\Program Files (x86)\PCI Monitor\pcimon.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Program Files (x86)\\PCI Monitor\\pcimon.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Program Files (x86)\\PCI Monitor\\pcimon.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Program Files (x86)\\PCI Monitor\\pcimon.exe")'>Delete via BC</a><TD>PCI Monitor Task<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\PCI Monitor Task","64")'>Delete</a><TD><TD><TD><TD>C:\Windows\system32\Tasks\<TD> "C:\Program Files (x86)\PCI Monitor\pcimon.exe"  $(Arg0)
<TR bgColor="#ffc06d"><TD>C:\Users\testy\FrostWire\Torrent Data\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch\Sims3_1.0.632.00002_from_1.0.631.00002.exe<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Users\\testy\\FrostWire\\Torrent Data\\The Sims 3 - Razor1911 Final MAXSPEED\\Final Version Patch\\Sims3_1.0.632.00002_from_1.0.631.00002.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Users\\testy\\FrostWire\\Torrent Data\\The Sims 3 - Razor1911 Final MAXSPEED\\Final Version Patch\\Sims3_1.0.632.00002_from_1.0.631.00002.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Users\\testy\\FrostWire\\Torrent Data\\The Sims 3 - Razor1911 Final MAXSPEED\\Final Version Patch\\Sims3_1.0.632.00002_from_1.0.631.00002.exe")'>Delete via BC</a><TD>{692944FA-6411-4ACA-9363-44DB6FED9803}<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\{692944FA-6411-4ACA-9363-44DB6FED9803}","64")'>Delete</a><TD><TD>Setup.exe<TD>Copyright © 2008 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.<TD>C:\Windows\system32\Tasks\<TD> C:\Windows\system32\pcalua.exe  -a "C:\Users\testy\FrostWire\Torrent Data\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch\Sims3_1.0.632.00002_from_1.0.631.00002.exe" -d "C:\Users\testy\FrostWire\Torrent Data\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch"
<TR bgColor="#ffc06d"><TD>C:\Users\testy\FrostWire\Torrent Data\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch<br><font size=-2>Script: <a href='Javascript:add_scr_k("C:\\Users\\testy\\FrostWire\\Torrent Data\\The Sims 3 - Razor1911 Final MAXSPEED\\Final Version Patch")'>Quarantine</a>,  <a href='Javascript:add_scr_d("C:\\Users\\testy\\FrostWire\\Torrent Data\\The Sims 3 - Razor1911 Final MAXSPEED\\Final Version Patch","32")'>Delete</a>,  <a href='Javascript:add_scr_db("C:\\Users\\testy\\FrostWire\\Torrent Data\\The Sims 3 - Razor1911 Final MAXSPEED\\Final Version Patch")'>Delete via BC</a><TD>{692944FA-6411-4ACA-9363-44DB6FED9803}<br><font size=-2>Script: <a href='Javascript:add_scr_d("C:\\Windows\\system32\\Tasks\\{692944FA-6411-4ACA-9363-44DB6FED9803}","64")'>Delete</a><TD><TD><TD><TD>C:\Windows\system32\Tasks\<TD> C:\Windows\system32\pcalua.exe  -a "C:\Users\testy\FrostWire\Torrent Data\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch\Sims3_1.0.632.00002_from_1.0.631.00002.exe" -d "C:\Users\testy\FrostWire\Torrent Data\The Sims 3 - Razor1911 Final MAXSPEED\Final Version Patch"
<TR bgColor="#00CC66"><TD colspan=7> Items found - 72, recognized as trusted - 60
</TABLE>
<H2 align=center>SPI/LSP settings</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<B>Namespace providers (NSP)
<TR BgColor="#0000FF"><TD align=center><b><font color=White>Manufacturer<TD align=center><b><font color=White>Status<TD align=center><b><font color=White>EXE file<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>GUID
<TR bgColor="#00CC66"><TD colspan=7>Detected - 7, recognized as trusted - 7
</TABLE>
<B>Transport protocol providers (TSP, LSP)</B>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>Manufacturer<TD align=center><b><font color=White>EXE file<TD align=center><b><font color=White>Description
<TR bgColor="#00CC66"><TD colspan=7>Detected - 10, recognized as trusted - 10
</TABLE>
<B>Results of automatic SPI settings check</B>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0><pre>
LSP settings checked. No errors detected
</pre></TABLE>
<H2 align=center>TCP/UDP ports</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>Port<TD align=center><b><font color=White>Status<TD align=center><b><font color=White>Remote Host<TD align=center><b><font color=White>Remote Port<TD align=center><b><font color=White>Application<TD align=center><b><font color=White>Notes
<TR bgColor="#ffc06d"><TD colspan=7><b>TCP ports
<TR bgColor="#ffc06d"><TD>139<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[4] System.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("System.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("System.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("System.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("System.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>445<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[4] System.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("System.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("System.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("System.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("System.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>554<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[3896] wmpnetwk.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("wmpnetwk.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("wmpnetwk.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("wmpnetwk.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("wmpnetwk.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>2861<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[4] System.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("System.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("System.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("System.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("System.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>2869<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[4] System.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("System.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("System.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("System.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("System.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>2869<TD>TIME_WAIT<TD>192.168.1.10<TD>59448<TD><a href="" title="error getting file info">[0] &nbsp;</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>2869<TD>ESTABLISHED<TD>192.168.1.10<TD>59449<TD><a href="" title="error getting file info">[4] System.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("System.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("System.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("System.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("System.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>5354<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[1564] mDNSResponder.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("mDNSResponder.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("mDNSResponder.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("mDNSResponder.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("mDNSResponder.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>5354<TD>ESTABLISHED<TD>127.0.0.1<TD>49156<TD><a href="" title="error getting file info">[1564] mDNSResponder.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("mDNSResponder.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("mDNSResponder.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("mDNSResponder.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("mDNSResponder.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>5354<TD>ESTABLISHED<TD>127.0.0.1<TD>49157<TD><a href="" title="error getting file info">[1564] mDNSResponder.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("mDNSResponder.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("mDNSResponder.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("mDNSResponder.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("mDNSResponder.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>5357<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[4] System.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("System.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("System.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("System.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("System.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>10243<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[4] System.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("System.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("System.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("System.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("System.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>49154<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[520] lsass.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("lsass.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("lsass.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("lsass.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("lsass.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>49159<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[1328] spoolsv.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("spoolsv.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("spoolsv.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("spoolsv.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("spoolsv.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>49161<TD>LISTENING<TD>0.0.0.0<TD>0<TD><a href="" title="error getting file info">[480] services.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("services.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("services.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("services.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("services.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>63280<TD>TIME_WAIT<TD>74.125.1.21<TD>443<TD><a href="" title="error getting file info">[0] &nbsp;</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD colspan=7><b>UDP ports
<TR bgColor="#ffc06d"><TD>137<TD>LISTENING<TD>--<TD>--<TD><a href="" title="error getting file info">[4] System.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("System.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("System.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("System.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("System.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>138<TD>LISTENING<TD>--<TD>--<TD><a href="" title="error getting file info">[4] System.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("System.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("System.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("System.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("System.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>5004<TD>LISTENING<TD>--<TD>--<TD><a href="" title="error getting file info">[3896] wmpnetwk.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("wmpnetwk.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("wmpnetwk.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("wmpnetwk.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("wmpnetwk.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>5005<TD>LISTENING<TD>--<TD>--<TD><a href="" title="error getting file info">[3896] wmpnetwk.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("wmpnetwk.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("wmpnetwk.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("wmpnetwk.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("wmpnetwk.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>5353<TD>LISTENING<TD>--<TD>--<TD><a href="" title="error getting file info">[1564] mDNSResponder.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("mDNSResponder.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("mDNSResponder.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("mDNSResponder.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("mDNSResponder.exe")'>Terminate</a><TD>&nbsp;
<TR bgColor="#ffc06d"><TD>49154<TD>LISTENING<TD>--<TD>--<TD><a href="" title="error getting file info">[1564] mDNSResponder.exe</a><br><font size=-2>Script: <a href='Javascript:add_scr_k("mDNSResponder.exe")'>Quarantine</a>,  <a href='Javascript:add_scr_d("mDNSResponder.exe","32")'>Delete</a>,  <a href='Javascript:add_scr_db("mDNSResponder.exe")'>Delete via BC</a>,  <a href='Javascript:add_scr_t("mDNSResponder.exe")'>Terminate</a><TD>&nbsp;
</TABLE>
<H2 align=center>Downloaded Program Files (DPF)</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Manufacturer<TD align=center><b><font color=White>CLSID<TD align=center><b><font color=White>Source URL
<TR bgColor="#ffc06d"><TD><a href="" title="error getting file info"></a><TD><TD><TD>{7530BFB8-7293-4D34-9923-61A11451AFC5}<br><font size=-2> <a href='Javascript:add_scr_dpf("{7530BFB8-7293-4D34-9923-61A11451AFC5}")'>Delete</a><TD>http://download.eset...lineScanner.cab
<TR bgColor="#00CC66"><TD colspan=7> Items found - 4, recognized as trusted - 3
</TABLE>
<H2 align=center>Control Panel Applets (CPL)</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Manufacturer
<TR bgColor="#00CC66"><TD colspan=7> Items found - 18, recognized as trusted - 18
</TABLE>
<H2 align=center>Active Setup</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Manufacturer<TD align=center><b><font color=White>CLSID
<TR bgColor="#00CC66"><TD colspan=7> Items found - 8, recognized as trusted - 8
</TABLE>
<H2 align=center>HOSTS file</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>Hosts file record
</TABLE>
<H2 align=center>Protocols and handlers</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File name<TD align=center><b><font color=White>Type<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Manufacturer<TD align=center><b><font color=White>CLSID
<TR bgColor="#00CC66"><TD colspan=7> Items found - 10, recognized as trusted - 10
</TABLE>
<H2 align=center>Shared resources</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>Network name<TD align=center><b><font color=White>Path<TD align=center><b><font color=White>Notes
<TR bgColor="#ffc06d">
 <TD>ADMIN$<TD>C:\Windows<TD>Remote Admin
<TR bgColor="#ffc06d">
 <TD>C$<TD>C:\<TD>Default share
<TR bgColor="#ffc06d">
 <TD>Epson ESC/P-R<TD>Epson ESC/P-R,LocalsplOnly<TD>Epson ESC/P-R
<TR bgColor="#ffc06d">
 <TD>IPC$<TD><TD>Remote IPC
<TR bgColor="#ffc06d">
 <TD>My Apps<TD>C:\ProgramData\BlueStacks\UserData\Library\My Apps<TD>
<TR bgColor="#ffc06d">
 <TD>print$<TD>C:\Windows\system32\spool\drivers<TD>Printer Drivers
<TR bgColor="#ffc06d">
 <TD>Users<TD>C:\Users<TD>
</TABLE>
<H2 align=center>Suspicious objects</H2>
<TABLE cellSpacing=1 cellPadding=2 width="100%" bgColor=#ffffff border=0>
<TR BgColor="#0000FF"><TD align=center><b><font color=White>File<TD align=center><b><font color=White>Description<TD align=center><b><font color=White>Type
</TABLE>
<BR><HR></B></I>
<PRE>
AVZ Antiviral Toolkit log; AVZ version is 4.43
Scanning started at 31.03.2015 20:21:37
Database loaded: signatures - 297605, NN profile(s) - 2, malware removal microprograms - 56, signature database released 31.03.2015 16:00
Heuristic microprograms loaded: 410
PVS microprograms loaded: 9
Digital signatures of system files loaded: 729510
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Professional" ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
 Number of processes found: 21
 Number of modules loaded: 282
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Users\testy\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 105270, extracted from archives: 55584, malicious software found 0, suspicions - 0
Scanning finished at 31.03.2015 20:46:21
Time of scanning: 00:24:45
If you have a suspicion on presence of viruses or questions on the suspected objects,
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="93.158.134.8,87.250.250.8,77.88.21.11,87.250.251.11", Ping=OK (0,159,93.158.134.8)
  Host="google.ru", IP="24.226.15.84,24.226.15.114,24.226.15.99,24.226.15.89,24.226.15.104,24.226.15.108,24.226.15.109,24.226.15.93,24.226.15.118,24.226.15.103,24.226.15.98,24.226.15.113,24.226.15.94,24.226.15.88,24.226.15.123,24.226.15.119", Ping=OK (0,14,24.226.15.84)
  Host="google.com", IP="24.226.16.158,24.226.16.152,24.226.16.153,24.226.16.187,24.226.16.183,24.226.16.173,24.226.16.177,24.226.16.167,24.226.16.163,24.226.16.178,24.226.16.172,24.226.16.168,24.226.16.157,24.226.16.148,24.226.16.162,24.226.16.182", Ping=OK (0,20,24.226.16.158)
  Host="www.kaspersky.com", IP="4.59.181.209", Ping=OK (0,20,4.59.181.209)
  Host="www.kaspersky.ru", IP="4.59.181.212", Ping=OK (0,22,4.59.181.212)
  Host="dnl-03.geo.kaspersky.com", IP="4.28.136.39", Ping=OK (0,21,4.28.136.39)
  Host="dnl-11.geo.kaspersky.com", IP="38.117.98.199", Ping=OK (0,13,38.117.98.199)
  Host="activation-v2.kaspersky.com", IP="4.59.181.141", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="217.20.147.94", Ping=OK (0,146,217.20.147.94)
  Host="vk.com", IP="87.240.131.117,87.240.131.118,87.240.143.241", Ping=OK (0,141,87.240.131.117)
  Host="vkontakte.ru", IP="95.213.4.242,95.213.4.243,95.213.4.241", Ping=OK (0,149,95.213.4.242)
  Host="twitter.com", IP="199.16.156.70,199.16.156.102,199.16.156.230,199.16.156.198", Ping=OK (0,52,199.16.156.70)
  Host="facebook.com", IP="173.252.120.6", Ping=OK (0,49,173.252.120.6)
  Host="ru-ru.facebook.com", IP="31.13.71.1", Ping=OK (0,29,31.13.71.1)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=*.local
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes
<br> System Analysis - complete
<br>
<b>Script commands</b><form name="ScriptForm"> <textarea rows=10 cols=80 name="CureScript"></textarea></form>
Add commands to script:<br><ul><li><a href='Javascript:add_scr_line("SearchRootkit(true, true);", 1)'>Blocking hooks using Anti-Rootkit</a><br><li><a href='Javascript:add_scr_line("SetAVZGuardStatus(True);", 1)'>Enable AVZGuard</a><br><li><a href='Javascript:add_scr_line("SetAVZPMStatus(True);", 1)'>Operations with AVZPM (true=enable,false=disable)</a><br><li><a href='Javascript:add_scr_line("BC_ImportDeletedList;", 0)'>BootCleaner - import list of deleted files</a><br><li><a href='Javascript:add_scr_line("BC_ImportAll;", 0)'>BootCleaner - import all</a><br><li><a href='Javascript:add_scr_line("ExecuteSysClean;", 0)'>Remove traces of deleted files</a><br><li><a href='Javascript:add_scr_line_q("%45%78%65%63%75%74%65%57%69%7A%61%72%64%28%27%54%53%57%27%2C%32%2C%33%2C%74%72%75%65%29%3B", 0)'>ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard</a><br><li><a href='Javascript:add_scr_line("BC_Activate;", 0)'>BootCleaner - activate</a><br><li><a href='Javascript:add_scr_line("RebootWindows(true);", 0)'>Reboot</a><br><li><a href='Javascript:add_scr_line_q("%51%75%61%72%61%6E%74%69%6E%65%46%69%6C%65%28%27%27%2C%27%27%29%3B", 1)'>Insert template for QuarantineFile() - quarantining a file</a><br><li><a href='Javascript:add_scr_line_q("%42%43%5F%51%72%46%69%6C%65%28%27%27%29%3B", 1)'>Insert template for BC_QrFile() - quarantining file via BootCleaner</a><br><li><a href='Javascript:add_scr_line_q("%44%65%6C%65%74%65%46%69%6C%65%28%27%27%29%3B", 1)'>Insert template for DeleteFile() - deleting a file</a><br><li><a href='Javascript:add_scr_line_q("%44%65%6C%43%4C%53%49%44%28%27%27%29%3B", 1)'>Insert template for DelCLSID() - removing a CLSID item from registry</a><br></ul>Additional operations:<ul><li><a href='Javascript:add_scr_line_q("%53%65%74%53%65%72%76%69%63%65%53%74%61%72%74%28%27%54%65%72%6D%53%65%72%76%69%63%65%27%2C%20%34%29%3B", 1)'>Performance tweaking: disable service TermService (Remote Desktop Services)</a><br><li><a href='Javascript:add_scr_line_q("%53%65%74%53%65%72%76%69%63%65%53%74%61%72%74%28%27%53%53%44%50%53%52%56%27%2C%20%34%29%3B", 1)'>Performance tweaking: disable service SSDPSRV (SSDP Discovery)</a><br><li><a href='Javascript:add_scr_line_q("%53%65%74%53%65%72%76%69%63%65%53%74%61%72%74%28%27%53%63%68%65%64%75%6C%65%27%2C%20%34%29%3B", 1)'>Performance tweaking: disable service Schedule (Task Scheduler)</a><br><li><a href='Javascript:add_scr_line_q("%52%65%67%4B%65%79%49%6E%74%50%61%72%61%6D%57%72%69%74%65%28%27%48%4B%45%59%5F%4C%4F%43%41%4C%5F%4D%41%43%48%49%4E%45%27%2C%20%27%53%79%73%74%65%6D%5C%5C%43%75%72%72%65%6E%74%43%6F%6E%74%72%6F%6C%53%65%74%5C%5C%53%65%72%76%69%63%65%73%5C%5C%43%44%52%4F%4D%27%2C%27%41%75%74%6F%52%75%6E%27%2C%20%30%29%3B", 1)'>Security tweaking: disable CD autorun</a><br><li><a href='Javascript:add_scr_line_q("%52%65%67%4B%65%79%49%6E%74%50%61%72%61%6D%57%72%69%74%65%28%27%48%4B%45%59%5F%4C%4F%43%41%4C%5F%4D%41%43%48%49%4E%45%27%2C%20%27%53%79%73%74%65%6D%5C%5C%43%75%72%72%65%6E%74%43%6F%6E%74%72%6F%6C%53%65%74%5C%5C%53%65%72%76%69%63%65%73%5C%5C%4C%61%6E%6D%61%6E%53%65%72%76%65%72%5C%5C%50%61%72%61%6D%65%74%65%72%73%27%2C%27%41%75%74%6F%53%68%61%72%65%57%6B%73%27%2C%20%30%29%3B", 1)'>Security tweaking: disable administrative shares</a><br><li><a href='Javascript:add_scr_line_q("%52%65%67%4B%65%79%49%6E%74%50%61%72%61%6D%57%72%69%74%65%28%27%48%4B%45%59%5F%4C%4F%43%41%4C%5F%4D%41%43%48%49%4E%45%27%2C%20%27%53%59%53%54%45%4D%5C%5C%43%75%72%72%65%6E%74%43%6F%6E%74%72%6F%6C%53%65%74%5C%5C%43%6F%6E%74%72%6F%6C%5C%5C%4C%53%41%27%2C%27%52%65%73%74%72%69%63%74%41%6E%6F%6E%79%6D%6F%75%73%27%2C%20%32%29%3B", 1)'>Security tweaking: disable anonymous user access</a><br><li><a href='Javascript:add_scr_line_q("%52%65%67%4B%65%79%49%6E%74%50%61%72%61%6D%57%72%69%74%65%28%27%48%4B%45%59%5F%4C%4F%43%41%4C%5F%4D%41%43%48%49%4E%45%27%2C%20%27%53%59%53%54%45%4D%5C%5C%43%6F%6E%74%72%6F%6C%53%65%74%30%30%31%5C%5C%43%6F%6E%74%72%6F%6C%5C%5C%52%65%6D%6F%74%65%20%41%73%73%69%73%74%61%6E%63%65%27%2C%27%66%41%6C%6C%6F%77%54%6F%47%65%74%48%65%6C%70%27%2C%20%30%29%3B", 1)'>Security: disable sending Remote Assistant queries</a><br></ul><hr>
<b>File list</b><form name="FilesForm"> <textarea rows=10 cols=80 name="FileList"></textarea></form>
</BODY></HTML>
 

Attached Files


Edited by Shruikan66, 01 April 2015 - 06:35 AM.

  • 0

#14
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
hi.

i have a fix with my instructor so hope to have something for you soon .

Thanks
  • 0

#15
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Shruikan66

Please run the following fix.

Step1-AVZ FIX
  • Double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program (start with begin and end with end )

    begin
    SearchRootkit(true, true);
    BC_DeleteFile('C:\Users\testy\AppData\Roaming\winlogon.exe');
    DeleteFile('C:\Windows\system32\Tasks\PCI Monitor','64');
    BC_DeleteFile('C:\Program Files (x86)\PCI Monitor\pcimon.exe');
    DeleteFile('C:\Windows\system32\Tasks\PCI Monitor Task','64');
    BC_ImportDeletedList;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.

  • Note: When you run the script, your PC will be restarted
  • Click Run

  • 0






Similar Topics


Also tagged with one or more of these keywords: google docs, google, redirect, redirect virus, ads, google drive

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP