Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
AESTSr64.exe Script: Quarantine, Delete, Delete via BC, Terminate	1296			??	is (user-mode Rootkit),error getting file info Command line:
c:\program files\alienware\command center\alienfusioncontroller.exe Script: Quarantine, Delete, Delete via BC, Terminate	3768	AlienFusionController	Copyright © 2009	??	16.31 kb, rsAh, created: 10.11.2009 16:07:26, modified: 10.11.2009 16:07:26 Command line: "C:\Program Files\Alienware\Command Center\AlienFusionController.exe"
AlienFusionService.exe Script: Quarantine, Delete, Delete via BC, Terminate	1464			??	is (user-mode Rootkit),error getting file info Command line:
c:\program files\alienware\command center\alienfxhook32mngr.exe Script: Quarantine, Delete, Delete via BC, Terminate	5776	AlienFXHook32 Manager	Copyright © Microsoft 2008	??	13.30 kb, rsAh, created: 10.11.2009 19:23:50, modified: 10.11.2009 19:23:50 Command line: "C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe" 66728
AlienFXHook64Mngr.exe Script: Quarantine, Delete, Delete via BC, Terminate	5808			??	is (user-mode Rootkit),error getting file info Command line:
c:\program files\alienware\command center\alienwarealienfxcontroller.exe Script: Quarantine, Delete, Delete via BC, Terminate	3880	Alienware AlienFX Controller	Copyright © 2009	??	57.32 kb, rsAh, created: 10.11.2009 19:23:20, modified: 10.11.2009 19:23:20 Command line: "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
c:\program files\widcomm\bluetooth software\bluetoothheadsetproxy.exe Script: Quarantine, Delete, Delete via BC, Terminate	1028	Bluetooth Headset Skype Proxy	Copyright 2000-2007, Broadcom Corporation.	??	13.28 kb, rsAh, created: 18.08.2009 00:39:54, modified: 18.08.2009 00:39:54 Command line: "c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
c:\program files (x86)\cyberlink\shared files\brs.exe Script: Quarantine, Delete, Delete via BC, Terminate	4132	brs	Copyright (C) 2007	??	73.29 kb, rsAh, created: 01.02.2010 02:42:06, modified: 29.04.2009 03:20:26 Command line: "C:\Program Files (x86)\CyberLink\Shared Files\brs.exe"
c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe Script: Quarantine, Delete, Delete via BC, Terminate	4956	Bluetooth Stack COM Server	Copyright 2000-2007, Broadcom Corporation.	??	is (user-mode Rootkit),2990.78 kb, rsAh, created: 18.08.2009 00:39:52, modified: 18.08.2009 00:39:52 Command line:
c:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Script: Quarantine, Delete, Delete via BC, Terminate	4428	Bluetooth Tray Application	Copyright 2000-2007, Broadcom Corporation.	??	is (user-mode Rootkit),1054.78 kb, rsAh, created: 18.08.2009 00:39:52, modified: 18.08.2009 00:39:52 Command line:
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe Script: Quarantine, Delete, Delete via BC, Terminate	2424	Bluetooth Support Server	Copyright 2000-2007, Broadcom Corporation.	??	is (user-mode Rootkit),847.78 kb, rsAh, created: 18.08.2009 00:39:52, modified: 18.08.2009 00:39:52 Command line:
cfp.exe Script: Quarantine, Delete, Delete via BC, Terminate	3592			??	is (user-mode Rootkit),error getting file info Command line:
cmdagent.exe Script: Quarantine, Delete, Delete via BC, Terminate	968			??	is (user-mode Rootkit),error getting file info Command line:
C:\Program Files\Intel\WiFi\bin\EvtEng.exe Script: Quarantine, Delete, Delete via BC, Terminate	2464	Intel(R) PROSet/Wireless Event Log Service	Copyright (c) Intel Corporation 1999-2009	??	is (user-mode Rootkit),1387.27 kb, rsAh, created: 21.09.2009 19:54:40, modified: 21.09.2009 19:54:40 Command line:
c:\program files\alienware\command center\aliensense\faservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	1236	FastAccess	Copyright © 2005-2009 Sensible Vision	??	2313.26 kb, rsAh, created: 24.06.2009 21:01:21, modified: 24.06.2009 21:01:21 Command line: "C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe"
c:\program files\alienware\command center\aliensense\fatrayalert.exe Script: Quarantine, Delete, Delete via BC, Terminate	4712	FATrayAlert Application	Copyright © 2005-2007 Sensible Vision	??	1897.26 kb, rsAh, created: 24.06.2009 21:01:42, modified: 24.06.2009 21:01:42 Command line: FATrayAlert.exe
c:\program files\alienware\command center\aliensense\fatraymon.exe Script: Quarantine, Delete, Delete via BC, Terminate	4532	FATrayMon	Copyright © 2005-2009 Sensible Vision	??	93.26 kb, rsAh, created: 24.06.2009 21:01:43, modified: 24.06.2009 21:01:43 Command line: "C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe"
c:\program files (x86)\stmicroelectronics\accelerometer\ff_protection.exe Script: Quarantine, Delete, Delete via BC, Terminate	3596	FF_Protection MFC Application	Copyright (C) 2008	??	2405.50 kb, rsAh, created: 01.02.2010 02:37:32, modified: 22.07.2009 11:22:34 Command line: "C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe"
c:\program files (x86)\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	6032	Firefox	©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.	??	888.96 kb, rsAh, created: 12.02.2010 17:19:24, modified: 17.09.2010 10:41:50 Command line: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe Script: Quarantine, Delete, Delete via BC, Terminate	3800	Event Monitor User Notification Tool	Copyright(C) Intel Corporation 2003-2009	??	182.52 kb, rsAh, created: 01.02.2010 02:36:00, modified: 13.10.2009 14:55:54 Command line: "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
c:\program files (x86)\intel\intel matrix storage manager\iaantmon.exe Script: Quarantine, Delete, Delete via BC, Terminate	1504	RAID Monitor	Copyright(C) Intel Corporation 2003-2009	??	346.52 kb, rsAh, created: 01.02.2010 02:36:00, modified: 13.10.2009 14:55:30 Command line: "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe Script: Quarantine, Delete, Delete via BC, Terminate	2132	Intel(R) PROSet/Wireless Framework	Copyright (c) Intel Corporation 1999-2009	??	is (user-mode Rootkit),1881.77 kb, rsAh, created: 21.09.2009 19:34:08, modified: 21.09.2009 19:34:08 Command line:
InstallFilterService.exe Script: Quarantine, Delete, Delete via BC, Terminate	2764			??	is (user-mode Rootkit),error getting file info Command line:
iPodService.exe Script: Quarantine, Delete, Delete via BC, Terminate	5332			??	is (user-mode Rootkit),error getting file info Command line:
jusched.exe Script: Quarantine, Delete, Delete via BC, Terminate	3892			??	is (user-mode Rootkit),error getting file info Command line:
MsMpEng.exe Script: Quarantine, Delete, Delete via BC, Terminate	508			??	is (user-mode Rootkit),error getting file info Command line:
c:\program files (x86)\windows live\messenger\msnmsgr.exe Script: Quarantine, Delete, Delete via BC, Terminate	3700	Windows Live Messenger	© Microsoft Corporation. All rights reserved.	??	3792.83 kb, rsAh, created: 26.07.2009 17:44:34, modified: 26.07.2009 17:44:34 Command line: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
msseces.exe Script: Quarantine, Delete, Delete via BC, Terminate	3580			??	is (user-mode Rootkit),error getting file info Command line:
c:\program files (x86)\osd\osd.exe Script: Quarantine, Delete, Delete via BC, Terminate	4672			??	27.00 kb, rsAh, created: 01.02.2010 02:34:14, modified: 01.02.2010 02:34:14 Command line: "C:\Program Files (x86)\OSD\OSD.exe"
c:\program files (x86)\osd\osd_service.exe Script: Quarantine, Delete, Delete via BC, Terminate	2568			??	12.50 kb, rsAh, created: 01.02.2010 02:34:14, modified: 01.02.2010 02:34:14 Command line: "C:\Program Files (x86)\OSD\OSD_Service.exe"
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	2660	Intel(R) PROSet/Wireless Registry Service	Copyright (c) Intel Corporation 1999-2009	??	is (user-mode Rootkit),812.27 kb, rsAh, created: 21.09.2009 19:30:44, modified: 21.09.2009 19:30:44 Command line:
c:\program files (x86)\dell datasafe local backup\sftservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	2688	SoftThinks Agent Service	©2007-2009 SoftThinks SAS	??	641.23 kb, rsah, created: 01.02.2010 02:40:19, modified: 17.09.2009 16:35:00 Command line: "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE"
stacsv64.exe Script: Quarantine, Delete, Delete via BC, Terminate	1320			??	is (user-mode Rootkit),error getting file info Command line:
sttray64.exe Script: Quarantine, Delete, Delete via BC, Terminate	3472			??	is (user-mode Rootkit),error getting file info Command line:
SynTPEnh.exe Script: Quarantine, Delete, Delete via BC, Terminate	2952			??	is (user-mode Rootkit),error getting file info Command line:
SynTPHelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	4184			??	is (user-mode Rootkit),error getting file info Command line:
c:\program files (x86)\dell datasafe local backup\toaster.exe Script: Quarantine, Delete, Delete via BC, Terminate	3960	Dell DataSafe Local Backup	© 2007-2009 SoftThinks SAS	??	327.73 kb, rsAh, created: 01.02.2010 02:40:20, modified: 18.09.2009 17:40:26 Command line: "C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe" C:\Users\Abbie"
TrustedInstaller.exe Script: Quarantine, Delete, Delete via BC, Terminate	3020			??	is (user-mode Rootkit),error getting file info Command line:
wmpnetwk.exe Script: Quarantine, Delete, Delete via BC, Terminate	6088			??	is (user-mode Rootkit),error getting file info Command line:
Detected:95, recognized as trusted 60

Module name	Handle	Description	Copyright	MD5	Used by processes
c:\Program Files (x86)\CyberLink\YouCam\MFC71U.DLL Script: Quarantine, Delete, Delete via BC	2082799616	MFCDLL Shared Library - Retail Version	© Microsoft Corporation. All rights reserved.	--	3700
c:\Program Files (x86)\CyberLink\YouCam\MSVCP71.dll Script: Quarantine, Delete, Delete via BC	2084175872	Microsoft® C++ Runtime Library	© Microsoft Corporation. All rights reserved.	--	3700
c:\Program Files (x86)\CyberLink\YouCam\MSVCR71.dll Script: Quarantine, Delete, Delete via BC	66584576	Microsoft® C Runtime Library	© Microsoft Corporation. All rights reserved.	--	3700
c:\Program Files (x86)\CyberLink\YouCam\YCRgl.ax Script: Quarantine, Delete, Delete via BC	54067200	Video Regulator	Copyright c 2007	--	3700
c:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax Script: Quarantine, Delete, Delete via BC	473956352	CLWebCameraSource	Copyright c 2007	--	3700
C:\Program Files (x86)\Dell DataSafe Local Backup\CSTError.dll Script: Quarantine, Delete, Delete via BC	196608	CSTError	Copyright © 2006	--	2688, 3960
C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll Script: Quarantine, Delete, Delete via BC	99090432	LibXML Parser	Copyright (C) 2007	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\MiddleLayerCLRLib.dll Script: Quarantine, Delete, Delete via BC	268435456	MiddleLayerCLRLib	Copyright (C) SoftThinks 2008-2009	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll Script: Quarantine, Delete, Delete via BC	2686976	PSTVdsDisk Dynamic Link Library	© 2008 SoftThinks	--	2688
C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll Script: Quarantine, Delete, Delete via BC	1822556160	SftBRCC	© 2009 SoftThinks	--	3960
C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll Script: Quarantine, Delete, Delete via BC	1781530624	SftBRCCPiped	Copyright © SoftThinks 2009	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll Script: Quarantine, Delete, Delete via BC	1772879872	STBRCCServCLR	Copyright © 2008	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServices.dll Script: Quarantine, Delete, Delete via BC	72876032	STBRCC Services	Copyright (C) 2008-2009 SoftThinks	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STDisks.dll Script: Quarantine, Delete, Delete via BC	268435456	STDisks Library	© 2009 SoftThinks	--	2688
C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll Script: Quarantine, Delete, Delete via BC	76939264	STFiles DLL	Copyright (C) 2006	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll Script: Quarantine, Delete, Delete via BC	3407872	STLog Dynamic Link Library	Copyright (C) 2006	--	2688, 3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll Script: Quarantine, Delete, Delete via BC	76414976	Bibliothиque de liaison dynamique STNLSDll	Copyright (C) 2006	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll Script: Quarantine, Delete, Delete via BC	81788928	STPEDll	Copyright (C) 2006	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll Script: Quarantine, Delete, Delete via BC	77463552	STRegistry DLL	Copyright (C) 2006	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STString.dll Script: Quarantine, Delete, Delete via BC	2293760	ST String Management Class	Copyright (C) 2006	--	2688, 3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STStringArray.dll Script: Quarantine, Delete, Delete via BC	74252288	Dynamic Link Library STArray	Copyright (C) 2006	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STSystems.dll Script: Quarantine, Delete, Delete via BC	2490368	STSystems Library	© 2008 SoftThinks	--	2688, 3960
C:\Program Files (x86)\Dell DataSafe Local Backup\STXml.dll Script: Quarantine, Delete, Delete via BC	74121216	Xml Library	(c) SoftThinks . Tous droits rйservйs.	--	3960
C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll Script: Quarantine, Delete, Delete via BC	76283904	zlib data compression library	(C) 1995-2004 Jean-loup Gailly & Mark Adler	--	3960
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll Script: Quarantine, Delete, Delete via BC	29556736	Event Monitor User Notification Tool	Copyright(C) Intel Corporation 2003-2009	--	3800
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll Script: Quarantine, Delete, Delete via BC	5111808	RAID Plug-in for Intel(R) Matrix Storage Console	Copyright(C) Intel Corporation 2003-2009	--	1504
C:\Program Files (x86)\OSD\Win7CCD.dll Script: Quarantine, Delete, Delete via BC	268435456			--	4672
C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll Script: Quarantine, Delete, Delete via BC	1911160832	Alien Fusion	Copyright © 2007	--	3768
C:\Program Files\Alienware\Command Center\AlienFXHook.dll Script: Quarantine, Delete, Delete via BC	268435456	AlienFXHook Dynamic Link Library for 32 bits	Copyright (C) 2008	--	5776
C:\Users\Abbie\AppData\Roaming\Mozilla\Firefox\Profiles\r3xpn5kd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll Script: Quarantine, Delete, Delete via BC	148504576	BitDefender QuickScan Client	Copyright (c) BitDefender	--	6032
C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.79.0__bebb3c8816410241\AlienFX.Communication.Core.dll Script: Quarantine, Delete, Delete via BC	1912930304	AlienFX.Communication.Core	Copyright © 2009	--	3880
C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.79.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll Script: Quarantine, Delete, Delete via BC	1769668608	ChassisCommunication	Copyright © 2008	--	3880
C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.79.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll Script: Quarantine, Delete, Delete via BC	1769734144	ChassisCommunication	Copyright © 2008	--	3880
C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.79.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll Script: Quarantine, Delete, Delete via BC	1769799680	AlienLabs.AlienFX.Communication.PID0x515	Copyright © 2009	--	3880
C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.79.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll Script: Quarantine, Delete, Delete via BC	1769865216	AlienLabs.AlienFX.Communication.PID0x516	Copyright © 2009	--	3880
C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.79.0__bebb3c8816410241\AlienFX.Communication.XPS.dll Script: Quarantine, Delete, Delete via BC	1769930752	AlienFX.Communication.XPS	Copyright © 2008	--	3880
C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.79.0__bebb3c8816410241\AlienFX.Communication.dll Script: Quarantine, Delete, Delete via BC	1773797376	AlienFX Communication Layer	Copyright © 2008	--	3880
C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.79.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll Script: Quarantine, Delete, Delete via BC	1914109952	AlienFX.DeviceDiscovery	Copyright © 2008	--	3880
C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.79.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll Script: Quarantine, Delete, Delete via BC	1897070592	CommandCenterTools	Copyright © 2007	--	3768, 3880
C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.79.0__bebb3c8816410241\AlienLabsTools.dll Script: Quarantine, Delete, Delete via BC	1910439936	AlienLabsTools	Copyright @ 2007	--	3768, 3880
C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.79.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll Script: Quarantine, Delete, Delete via BC	1740111872	AlienFX Model Resources	Copyright @ 2007	--	3880
C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.79.0__bebb3c8816410241\AlienwareAlienFXTools.dll Script: Quarantine, Delete, Delete via BC	1861943296	Alienware AlienFX Tools	Copyright @ 2007	--	3880
C:\Windows\system32\FACrashRpt.dll Script: Quarantine, Delete, Delete via BC	33554432	FACrashReport Dynamic Link Library	Copyright (C) 2005-2009	--	1236, 4712
C:\Windows\system32\FAib.dll Script: Quarantine, Delete, Delete via BC	268435456	zlib data compression library	(C) 1995-1998 Jean-loup Gailly & Mark Adler	--	1236, 4712
C:\Windows\system32\FAIEExtension.DLL Script: Quarantine, Delete, Delete via BC	131072	FAIEExtension Module		--	1236, 4712
C:\Windows\system32\FAIESSODlg.dll Script: Quarantine, Delete, Delete via BC	9306112	FAIESSO Application	Copyright © 2005-2009 Sensible Vision	--	4712
Modules found:326, recognized as trusted 280

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\System32\DRIVERS\cmdguard.sys Script: Quarantine, Delete, Delete via BC	13B5000	042000 (270336)	COMODO Internet Security Sandbox Driver	2005-2010 COMODO. All rights reserved.
C:\Windows\System32\DRIVERS\cmdhlp.sys Script: Quarantine, Delete, Delete via BC	1200000	00B000 (45056)	COMODO Internet Security Helper Driver	2005-2010 COMODO. All rights reserved.
C:\Windows\system32\drivers\cpuz133_x64.sys Script: Quarantine, Delete, Delete via BC	4413000	009000 (36864)	CPUID Driver	© Microsoft Corporation. All rights reserved.
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, Delete via BC	772F000	013000 (77824)
C:\Windows\System32\Drivers\dump_iaStor.sys Script: Quarantine, Delete, Delete via BC	7613000	11C000 (1163264)
Modules found - 208, recognized as trusted - 203

Services

Service	Description	Status	File	Group	Dependencies
AlienFusionService Service: Stop, Delete, Disable, Delete via BC	Alienware Fusion Service	Running	C:\Program Files\Alienware\Command Center\AlienFusionService.exe Script: Quarantine, Delete, Delete via BC
AMD External Events Utility Service: Stop, Delete, Disable, Delete via BC	AMD External Events Utility	Running	C:\Windows\system32\atiesrxx.exe Script: Quarantine, Delete, Delete via BC	Event log
btwdins Service: Stop, Delete, Disable, Delete via BC	Bluetooth Service	Running	c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe Script: Quarantine, Delete, Delete via BC
cmdAgent Service: Stop, Delete, Disable, Delete via BC	COMODO Internet Security Helper Service	Running	C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe Script: Quarantine, Delete, Delete via BC	COM Infrastructure	RpcSs
EvtEng Service: Stop, Delete, Disable, Delete via BC	Intel(R) PROSet/Wireless Event Log	Running	C:\Program Files\Intel\WiFi\bin\EvtEng.exe Script: Quarantine, Delete, Delete via BC		RPCSS
FAService Service: Stop, Delete, Disable, Delete via BC	FAService	Running	C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe Script: Quarantine, Delete, Delete via BC	AudioGroup
HappyOSD Service: Stop, Delete, Disable, Delete via BC	HappyOSD	Running	C:\Program Files (x86)\OSD\OSD_Service.exe Script: Quarantine, Delete, Delete via BC
InstallFilterService Service: Stop, Delete, Disable, Delete via BC	FF Install Filter Service	Running	C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe Script: Quarantine, Delete, Delete via BC
KeyIso Service: Stop, Delete, Disable, Delete via BC	CNG Key Isolation	Running	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC		RpcSs
RegSrvc Service: Stop, Delete, Disable, Delete via BC	Intel(R) PROSet/Wireless Registry Service	Running	C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe Script: Quarantine, Delete, Delete via BC		RPCSS
SamSs Service: Stop, Delete, Disable, Delete via BC	Security Accounts Manager	Running	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC	MS_WindowsLocalValidation	RPCSS
SftService Service: Stop, Delete, Disable, Delete via BC	SoftThinks Agent Service	Running	C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE Script: Quarantine, Delete, Delete via BC		RPCSS
Spooler Service: Stop, Delete, Disable, Delete via BC	Print Spooler	Running	C:\Windows\System32\spoolsv.exe Script: Quarantine, Delete, Delete via BC	SpoolerGroup	RPCSS
sppsvc Service: Stop, Delete, Disable, Delete via BC	Software Protection	Running	C:\Windows\system32\sppsvc.exe Script: Quarantine, Delete, Delete via BC		RpcSs
ALG Service: Stop, Delete, Disable, Delete via BC	Application Layer Gateway Service	Not started	C:\Windows\System32\alg.exe Script: Quarantine, Delete, Delete via BC
EFS Service: Stop, Delete, Disable, Delete via BC	Encrypting File System (EFS)	Not started	C:\Windows\System32\lsass.exe Script: Quarantine, Delete, Delete via BC		RPCSS
Fax Service: Stop, Delete, Disable, Delete via BC	Fax	Not started	C:\Windows\system32\fxssvc.exe Script: Quarantine, Delete, Delete via BC		TapiSrv
GoToAssist Service: Stop, Delete, Disable, Delete via BC	GoToAssist	Not started	C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe Script: Quarantine, Delete, Delete via BC		RpcSs
MSDTC Service: Stop, Delete, Disable, Delete via BC	Distributed Transaction Coordinator	Not started	C:\Windows\System32\msdtc.exe Script: Quarantine, Delete, Delete via BC		RPCSS
MyWiFiDHCPDNS Service: Stop, Delete, Disable, Delete via BC	Wireless PAN DHCP Server	Not started	C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe Script: Quarantine, Delete, Delete via BC		RPCSS
Netlogon Service: Stop, Delete, Disable, Delete via BC	Netlogon	Not started	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC	MS_WindowsRemoteValidation	LanmanWorkstation
ProtectedStorage Service: Stop, Delete, Disable, Delete via BC	Protected Storage	Not started	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC		RpcSs
RpcLocator Service: Stop, Delete, Disable, Delete via BC	Remote Procedure Call (RPC) Locator	Not started	C:\Windows\system32\locator.exe Script: Quarantine, Delete, Delete via BC
SNMPTRAP Service: Stop, Delete, Disable, Delete via BC	SNMP Trap	Not started	C:\Windows\System32\snmptrap.exe Script: Quarantine, Delete, Delete via BC
UI0Detect Service: Stop, Delete, Disable, Delete via BC	Interactive Services Detection	Not started	C:\Windows\system32\UI0Detect.exe Script: Quarantine, Delete, Delete via BC
VaultSvc Service: Stop, Delete, Disable, Delete via BC	Credential Manager	Not started	C:\Windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC		rpcss
vds Service: Stop, Delete, Disable, Delete via BC	Virtual Disk	Not started	C:\Windows\System32\vds.exe Script: Quarantine, Delete, Delete via BC		RpcSs
VSS Service: Stop, Delete, Disable, Delete via BC	Volume Shadow Copy	Not started	C:\Windows\system32\vssvc.exe Script: Quarantine, Delete, Delete via BC		RPCSS
WatAdminSvc Service: Stop, Delete, Disable, Delete via BC	Windows Activation Technologies Service	Not started	C:\Windows\system32\Wat\WatAdminSvc.exe Script: Quarantine, Delete, Delete via BC
wbengine Service: Stop, Delete, Disable, Delete via BC	Block Level Backup Engine Service	Not started	C:\Windows\system32\wbengine.exe Script: Quarantine, Delete, Delete via BC
wmiApSrv Service: Stop, Delete, Disable, Delete via BC	WMI Performance Adapter	Not started	C:\Windows\system32\wbem\WmiApSrv.exe Script: Quarantine, Delete, Delete via BC
Detected - 162, recognized as trusted - 131

Drivers

Service	Description	Status	File	Group	Dependencies
1394ohci Driver: Unload, Delete, Disable, Delete via BC	1394 OHCI Compliant Host Controller	Running	C:\Windows\system32\DRIVERS\1394ohci.sys Script: Quarantine, Delete, Delete via BC
Acceler Driver: Unload, Delete, Disable, Delete via BC	Accelerometer Service	Running	C:\Windows\system32\DRIVERS\Acceler.sys Script: Quarantine, Delete, Delete via BC
ACPI Driver: Unload, Delete, Disable, Delete via BC	Microsoft ACPI Driver	Running	C:\Windows\system32\DRIVERS\ACPI.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
AFD Driver: Unload, Delete, Disable, Delete via BC	Ancillary Function Driver for Winsock	Running	C:\Windows\system32\drivers\afd.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
amdxata Driver: Unload, Delete, Disable, Delete via BC	amdxata	Running	C:\Windows\system32\DRIVERS\amdxata.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AtiHdmiService Driver: Unload, Delete, Disable, Delete via BC	ATI Function Driver for High Definition Audio Service	Running	C:\Windows\system32\drivers\AtiHdmi.sys Script: Quarantine, Delete, Delete via BC
atikmdag Driver: Unload, Delete, Disable, Delete via BC	atikmdag	Running	C:\Windows\system32\DRIVERS\atikmdag.sys Script: Quarantine, Delete, Delete via BC	Video
Beep Driver: Unload, Delete, Disable, Delete via BC	Beep	Running	Beep.sys Script: Quarantine, Delete, Delete via BC	Base
blbdrive Driver: Unload, Delete, Disable, Delete via BC	blbdrive	Running	C:\Windows\system32\DRIVERS\blbdrive.sys Script: Quarantine, Delete, Delete via BC
bowser Driver: Unload, Delete, Disable, Delete via BC	Browser Support Driver	Running	C:\Windows\system32\DRIVERS\bowser.sys Script: Quarantine, Delete, Delete via BC	Network
BthEnum Driver: Unload, Delete, Disable, Delete via BC	Bluetooth Enumerator Service	Running	C:\Windows\system32\DRIVERS\BthEnum.sys Script: Quarantine, Delete, Delete via BC
BthPan Driver: Unload, Delete, Disable, Delete via BC	Bluetooth Device (Personal Area Network)	Running	C:\Windows\system32\DRIVERS\bthpan.sys Script: Quarantine, Delete, Delete via BC	NDIS
BTHUSB Driver: Unload, Delete, Disable, Delete via BC	Bluetooth Radio USB Driver	Running	C:\Windows\system32\Drivers\BTHUSB.sys Script: Quarantine, Delete, Delete via BC	PNP Filter
btwaudio Driver: Unload, Delete, Disable, Delete via BC	Bluetooth Audio Device Service	Running	C:\Windows\system32\drivers\btwaudio.sys Script: Quarantine, Delete, Delete via BC
btwavdt Driver: Unload, Delete, Disable, Delete via BC	Bluetooth AVDT	Running	C:\Windows\system32\drivers\btwavdt.sys Script: Quarantine, Delete, Delete via BC
btwl2cap Driver: Unload, Delete, Disable, Delete via BC	Bluetooth L2CAP Service	Running	C:\Windows\system32\DRIVERS\btwl2cap.sys Script: Quarantine, Delete, Delete via BC	Extended Base
btwrchid Driver: Unload, Delete, Disable, Delete via BC	btwrchid	Running	C:\Windows\system32\DRIVERS\btwrchid.sys Script: Quarantine, Delete, Delete via BC
cdrom Driver: Unload, Delete, Disable, Delete via BC	CD-ROM Driver	Running	C:\Windows\system32\DRIVERS\cdrom.sys Script: Quarantine, Delete, Delete via BC	SCSI CDROM Class
circlass Driver: Unload, Delete, Disable, Delete via BC	Consumer IR Devices	Running	C:\Windows\system32\DRIVERS\circlass.sys Script: Quarantine, Delete, Delete via BC	Extended Base
CLFS Driver: Unload, Delete, Disable, Delete via BC	Common Log (CLFS)	Running	C:\Windows\System32\CLFS.sys Script: Quarantine, Delete, Delete via BC	Filter
CmBatt Driver: Unload, Delete, Disable, Delete via BC	Microsoft ACPI Control Method Battery Driver	Running	C:\Windows\system32\DRIVERS\CmBatt.sys Script: Quarantine, Delete, Delete via BC
cmdGuard Driver: Unload, Delete, Disable, Delete via BC	COMODO Internet Security Sandbox Driver	Running	C:\Windows\system32\DRIVERS\cmdguard.sys Script: Quarantine, Delete, Delete via BC	FSFilter Anti-Virus	FltMgr
cmdHlp Driver: Unload, Delete, Disable, Delete via BC	COMODO Internet Security Helper Driver	Running	C:\Windows\system32\DRIVERS\cmdhlp.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tcpip
CNG Driver: Unload, Delete, Disable, Delete via BC	CNG	Running	C:\Windows\System32\Drivers\cng.sys Script: Quarantine, Delete, Delete via BC	Base
Compbatt Driver: Unload, Delete, Disable, Delete via BC	Microsoft Composite Battery Driver	Running	C:\Windows\system32\DRIVERS\compbatt.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
CompositeBus Driver: Unload, Delete, Disable, Delete via BC	Composite Bus Enumerator Driver	Running	C:\Windows\system32\DRIVERS\CompositeBus.sys Script: Quarantine, Delete, Delete via BC	Extended Base
cpuz133 Driver: Unload, Delete, Disable, Delete via BC	cpuz133	Running	C:\Windows\system32\drivers\cpuz133_x64.sys Script: Quarantine, Delete, Delete via BC
DfsC Driver: Unload, Delete, Disable, Delete via BC	DFS Namespace Client Driver	Running	C:\Windows\system32\Drivers\dfsc.sys Script: Quarantine, Delete, Delete via BC	Network	Mup
discache Driver: Unload, Delete, Disable, Delete via BC	System Attribute Cache	Running	C:\Windows\system32\drivers\discache.sys Script: Quarantine, Delete, Delete via BC
Disk Driver: Unload, Delete, Disable, Delete via BC	Disk Driver	Running	C:\Windows\system32\DRIVERS\disk.sys Script: Quarantine, Delete, Delete via BC
DXGKrnl Driver: Unload, Delete, Disable, Delete via BC	LDDM Graphics Subsystem	Running	C:\Windows\System32\drivers\dxgkrnl.sys Script: Quarantine, Delete, Delete via BC	Video Init
e1kexpress Driver: Unload, Delete, Disable, Delete via BC	Intel(R) PRO/1000 PCI Express Network Connection Driver K	Running	C:\Windows\system32\DRIVERS\e1k62x64.sys Script: Quarantine, Delete, Delete via BC	NDIS
fastfat Driver: Unload, Delete, Disable, Delete via BC	FAT12/16/32 File System Driver	Running	fastfat.sys Script: Quarantine, Delete, Delete via BC	Boot File System
FileInfo Driver: Unload, Delete, Disable, Delete via BC	File Information FS MiniFilter	Running	C:\Windows\system32\drivers\fileinfo.sys Script: Quarantine, Delete, Delete via BC	FSFilter Bottom	fltmgr
FltMgr Driver: Unload, Delete, Disable, Delete via BC	FltMgr	Running	C:\Windows\system32\drivers\fltmgr.sys Script: Quarantine, Delete, Delete via BC	FSFilter Infrastructure
fvevol Driver: Unload, Delete, Disable, Delete via BC	Bitlocker Drive Encryption Filter Driver	Running	C:\Windows\System32\DRIVERS\fvevol.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
GEARAspiWDM Driver: Unload, Delete, Disable, Delete via BC	GEAR ASPI Filter Driver	Running	C:\Windows\system32\DRIVERS\GEARAspiWDM.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
HDAudBus Driver: Unload, Delete, Disable, Delete via BC	Microsoft UAA Bus Driver for High Definition Audio	Running	C:\Windows\system32\DRIVERS\HDAudBus.sys Script: Quarantine, Delete, Delete via BC	Extended Base
HidIr Driver: Unload, Delete, Disable, Delete via BC	Microsoft Infrared HID Driver	Running	C:\Windows\system32\DRIVERS\hidir.sys Script: Quarantine, Delete, Delete via BC	extended base
HidUsb Driver: Unload, Delete, Disable, Delete via BC	Microsoft HID Class Driver	Running	C:\Windows\system32\DRIVERS\hidusb.sys Script: Quarantine, Delete, Delete via BC	extended base
HTTP Driver: Unload, Delete, Disable, Delete via BC	HTTP	Running	C:\Windows\system32\drivers\HTTP.sys Script: Quarantine, Delete, Delete via BC
hwpolicy Driver: Unload, Delete, Disable, Delete via BC	Hardware Policy Driver	Running	C:\Windows\System32\drivers\hwpolicy.sys Script: Quarantine, Delete, Delete via BC
i8042prt Driver: Unload, Delete, Disable, Delete via BC	i8042 Keyboard and PS/2 Mouse Port Driver	Running	C:\Windows\system32\DRIVERS\i8042prt.sys Script: Quarantine, Delete, Delete via BC	Keyboard Port
iaStor Driver: Unload, Delete, Disable, Delete via BC	Intel AHCI Controller	Running	C:\Windows\system32\DRIVERS\iaStor.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
inspect Driver: Unload, Delete, Disable, Delete via BC	COMODO Internet Security Firewall Driver	Running	C:\Windows\system32\DRIVERS\inspect.sys Script: Quarantine, Delete, Delete via BC	NDIS
intelppm Driver: Unload, Delete, Disable, Delete via BC	Intel Processor Driver	Running	C:\Windows\system32\DRIVERS\intelppm.sys Script: Quarantine, Delete, Delete via BC	Extended Base
itecir Driver: Unload, Delete, Disable, Delete via BC	ITECIR Infrared Receiver	Running	C:\Windows\system32\DRIVERS\itecir.sys Script: Quarantine, Delete, Delete via BC	Extended Base
kbdclass Driver: Unload, Delete, Disable, Delete via BC	Keyboard Class Driver	Running	C:\Windows\system32\DRIVERS\kbdclass.sys Script: Quarantine, Delete, Delete via BC	Keyboard Class
kbdhid Driver: Unload, Delete, Disable, Delete via BC	Keyboard HID Driver	Running	C:\Windows\system32\DRIVERS\kbdhid.sys Script: Quarantine, Delete, Delete via BC	Keyboard Port
KSecDD Driver: Unload, Delete, Disable, Delete via BC	KSecDD	Running	C:\Windows\System32\Drivers\ksecdd.sys Script: Quarantine, Delete, Delete via BC	Base
KSecPkg Driver: Unload, Delete, Disable, Delete via BC	KSecPkg	Running	C:\Windows\System32\Drivers\ksecpkg.sys Script: Quarantine, Delete, Delete via BC	Cryptography
ksthunk Driver: Unload, Delete, Disable, Delete via BC	Kernel Streaming Thunks	Running	C:\Windows\system32\drivers\ksthunk.sys Script: Quarantine, Delete, Delete via BC	PNP Filter
lltdio Driver: Unload, Delete, Disable, Delete via BC	Link-Layer Topology Discovery Mapper I/O Driver	Running	C:\Windows\system32\DRIVERS\lltdio.sys Script: Quarantine, Delete, Delete via BC	NDIS
luafv Driver: Unload, Delete, Disable, Delete via BC	UAC File Virtualization	Running	C:\Windows\system32\drivers\luafv.sys Script: Quarantine, Delete, Delete via BC	FSFilter Virtualization	FltMgr
monitor Driver: Unload, Delete, Disable, Delete via BC	Microsoft Monitor Class Function Driver Service	Running	C:\Windows\system32\DRIVERS\monitor.sys Script: Quarantine, Delete, Delete via BC
mouclass Driver: Unload, Delete, Disable, Delete via BC	Mouse Class Driver	Running	C:\Windows\system32\DRIVERS\mouclass.sys Script: Quarantine, Delete, Delete via BC	Pointer Class
mouhid Driver: Unload, Delete, Disable, Delete via BC	Mouse HID Driver	Running	C:\Windows\system32\DRIVERS\mouhid.sys Script: Quarantine, Delete, Delete via BC	Pointer Port
mountmgr Driver: Unload, Delete, Disable, Delete via BC	Mount Point Manager	Running	C:\Windows\System32\drivers\mountmgr.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
MpFilter Driver: Unload, Delete, Disable, Delete via BC	Microsoft Malware Protection Driver	Running	C:\Windows\system32\DRIVERS\MpFilter.sys Script: Quarantine, Delete, Delete via BC	FSFilter Anti-Virus	FltMgr
MpNWMon Driver: Unload, Delete, Disable, Delete via BC	Microsoft Malware Protection Network Driver	Running	C:\Windows\system32\DRIVERS\MpNWMon.sys Script: Quarantine, Delete, Delete via BC		BFE
mpsdrv Driver: Unload, Delete, Disable, Delete via BC	Windows Firewall Authorization Driver	Running	C:\Windows\system32\drivers\mpsdrv.sys Script: Quarantine, Delete, Delete via BC	network
mrxsmb Driver: Unload, Delete, Disable, Delete via BC	SMB MiniRedirector Wrapper and Engine	Running	C:\Windows\system32\DRIVERS\mrxsmb.sys Script: Quarantine, Delete, Delete via BC	Network	rdbss
mrxsmb10 Driver: Unload, Delete, Disable, Delete via BC	SMB 1.x MiniRedirector	Running	C:\Windows\system32\DRIVERS\mrxsmb10.sys Script: Quarantine, Delete, Delete via BC	Network	mrxsmb
mrxsmb20 Driver: Unload, Delete, Disable, Delete via BC	SMB 2.0 MiniRedirector	Running	C:\Windows\system32\DRIVERS\mrxsmb20.sys Script: Quarantine, Delete, Delete via BC	Network	mrxsmb
Msfs Driver: Unload, Delete, Disable, Delete via BC	Msfs	Running	Msfs.sys Script: Quarantine, Delete, Delete via BC	File system
msisadrv Driver: Unload, Delete, Disable, Delete via BC	msisadrv	Running	C:\Windows\system32\DRIVERS\msisadrv.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
mssmbios Driver: Unload, Delete, Disable, Delete via BC	Microsoft System Management BIOS Driver	Running	C:\Windows\system32\DRIVERS\mssmbios.sys Script: Quarantine, Delete, Delete via BC
Mup Driver: Unload, Delete, Disable, Delete via BC	Mup	Running	C:\Windows\System32\Drivers\mup.sys Script: Quarantine, Delete, Delete via BC	Network
NativeWifiP Driver: Unload, Delete, Disable, Delete via BC	NativeWiFi Filter	Running	C:\Windows\system32\DRIVERS\nwifi.sys Script: Quarantine, Delete, Delete via BC	NDIS
NDIS Driver: Unload, Delete, Disable, Delete via BC	NDIS System Driver	Running	C:\Windows\system32\drivers\ndis.sys Script: Quarantine, Delete, Delete via BC	NDIS Wrapper
NdisTapi Driver: Unload, Delete, Disable, Delete via BC	Remote Access NDIS TAPI Driver	Running	C:\Windows\system32\DRIVERS\ndistapi.sys Script: Quarantine, Delete, Delete via BC
Ndisuio Driver: Unload, Delete, Disable, Delete via BC	NDIS Usermode I/O Protocol	Running	C:\Windows\system32\DRIVERS\ndisuio.sys Script: Quarantine, Delete, Delete via BC	NDIS
NdisWan Driver: Unload, Delete, Disable, Delete via BC	Remote Access NDIS WAN Driver	Running	C:\Windows\system32\DRIVERS\ndiswan.sys Script: Quarantine, Delete, Delete via BC
NDProxy Driver: Unload, Delete, Disable, Delete via BC	NDIS Proxy	Running	NDProxy.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
NetBIOS Driver: Unload, Delete, Disable, Delete via BC	NetBIOS Interface	Running	C:\Windows\system32\DRIVERS\netbios.sys Script: Quarantine, Delete, Delete via BC	NetBIOSGroup
NetBT Driver: Unload, Delete, Disable, Delete via BC	NetBT	Running	C:\Windows\system32\DRIVERS\netbt.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tdx
NETw5s64 Driver: Unload, Delete, Disable, Delete via BC	Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit	Running	C:\Windows\system32\DRIVERS\NETw5s64.sys Script: Quarantine, Delete, Delete via BC	NDIS
Npfs Driver: Unload, Delete, Disable, Delete via BC	Npfs	Running	Npfs.sys Script: Quarantine, Delete, Delete via BC	File system
nsiproxy Driver: Unload, Delete, Disable, Delete via BC	NSI proxy service driver.	Running	C:\Windows\system32\drivers\nsiproxy.sys Script: Quarantine, Delete, Delete via BC
Ntfs Driver: Unload, Delete, Disable, Delete via BC	Ntfs	Running	Ntfs.sys Script: Quarantine, Delete, Delete via BC	Boot File System
Null Driver: Unload, Delete, Disable, Delete via BC	Null	Running	Null.sys Script: Quarantine, Delete, Delete via BC	Base
partmgr Driver: Unload, Delete, Disable, Delete via BC	Partition Manager	Running	C:\Windows\System32\drivers\partmgr.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
pci Driver: Unload, Delete, Disable, Delete via BC	PCI Bus Driver	Running	C:\Windows\system32\DRIVERS\pci.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
pcw Driver: Unload, Delete, Disable, Delete via BC	Performance Counters for Windows Driver	Running	C:\Windows\System32\drivers\pcw.sys Script: Quarantine, Delete, Delete via BC	Base
PEAUTH Driver: Unload, Delete, Disable, Delete via BC	PEAUTH	Running	C:\Windows\system32\drivers\peauth.sys Script: Quarantine, Delete, Delete via BC
PptpMiniport Driver: Unload, Delete, Disable, Delete via BC	WAN Miniport (PPTP)	Running	C:\Windows\system32\DRIVERS\raspptp.sys Script: Quarantine, Delete, Delete via BC
Psched Driver: Unload, Delete, Disable, Delete via BC	QoS Packet Scheduler	Running	C:\Windows\system32\DRIVERS\pacer.sys Script: Quarantine, Delete, Delete via BC	NDIS
RasAgileVpn Driver: Unload, Delete, Disable, Delete via BC	WAN Miniport (IKEv2)	Running	C:\Windows\system32\DRIVERS\AgileVpn.sys Script: Quarantine, Delete, Delete via BC
Rasl2tp Driver: Unload, Delete, Disable, Delete via BC	WAN Miniport (L2TP)	Running	C:\Windows\system32\DRIVERS\rasl2tp.sys Script: Quarantine, Delete, Delete via BC
RasPppoe Driver: Unload, Delete, Disable, Delete via BC	Remote Access PPPOE Driver	Running	C:\Windows\system32\DRIVERS\raspppoe.sys Script: Quarantine, Delete, Delete via BC
RasSstp Driver: Unload, Delete, Disable, Delete via BC	WAN Miniport (SSTP)	Running	C:\Windows\system32\DRIVERS\rassstp.sys Script: Quarantine, Delete, Delete via BC
rdbss Driver: Unload, Delete, Disable, Delete via BC	Redirected Buffering Sub Sysytem	Running	C:\Windows\system32\DRIVERS\rdbss.sys Script: Quarantine, Delete, Delete via BC	Network	Mup
RDPCDD Driver: Unload, Delete, Disable, Delete via BC	RDPCDD	Running	C:\Windows\system32\DRIVERS\RDPCDD.sys Script: Quarantine, Delete, Delete via BC	Video Save
RDPENCDD Driver: Unload, Delete, Disable, Delete via BC	RDP Encoder Mirror Driver	Running	C:\Windows\system32\drivers\rdpencdd.sys Script: Quarantine, Delete, Delete via BC	Video Save
RDPREFMP Driver: Unload, Delete, Disable, Delete via BC	Reflector Display Driver used to gain access to graphics data	Running	C:\Windows\system32\drivers\rdprefmp.sys Script: Quarantine, Delete, Delete via BC	Video Save
rdyboost Driver: Unload, Delete, Disable, Delete via BC	ReadyBoost	Running	C:\Windows\System32\drivers\rdyboost.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
RFCOMM Driver: Unload, Delete, Disable, Delete via BC	Bluetooth Device (RFCOMM Protocol TDI)	Running	C:\Windows\system32\DRIVERS\rfcomm.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
rimspci Driver: Unload, Delete, Disable, Delete via BC	rimspci	Running	C:\Windows\system32\DRIVERS\rimspe64.sys Script: Quarantine, Delete, Delete via BC	MemoryStick
risdpcie Driver: Unload, Delete, Disable, Delete via BC	risdpcie	Running	C:\Windows\system32\DRIVERS\risdpe64.sys Script: Quarantine, Delete, Delete via BC	SD / MMC
rixdpcie Driver: Unload, Delete, Disable, Delete via BC	rixdpcie	Running	C:\Windows\system32\DRIVERS\rixdpe64.sys Script: Quarantine, Delete, Delete via BC	SmartMedia/XD
rspndr Driver: Unload, Delete, Disable, Delete via BC	Link-Layer Topology Discovery Responder	Running	C:\Windows\system32\DRIVERS\rspndr.sys Script: Quarantine, Delete, Delete via BC	NDIS
secdrv Driver: Unload, Delete, Disable, Delete via BC	Security Driver	Running	secdrv.sys Script: Quarantine, Delete, Delete via BC
spldr Driver: Unload, Delete, Disable, Delete via BC	Security Processor Loader Driver	Running	spldr.sys Script: Quarantine, Delete, Delete via BC
srv Driver: Unload, Delete, Disable, Delete via BC	Server SMB 1.xxx Driver	Running	C:\Windows\system32\DRIVERS\srv.sys Script: Quarantine, Delete, Delete via BC	Network	srv2
srv2 Driver: Unload, Delete, Disable, Delete via BC	Server SMB 2.xxx Driver	Running	C:\Windows\system32\DRIVERS\srv2.sys Script: Quarantine, Delete, Delete via BC	Network	srvnet
srvnet Driver: Unload, Delete, Disable, Delete via BC	srvnet	Running	C:\Windows\system32\DRIVERS\srvnet.sys Script: Quarantine, Delete, Delete via BC	Network
stdflt Driver: Unload, Delete, Disable, Delete via BC	Disk Filter Driver for Accelerometer	Running	C:\Windows\system32\DRIVERS\stdflt.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
STHDA Driver: Unload, Delete, Disable, Delete via BC	IDT High Definition Audio CODEC	Running	C:\Windows\system32\DRIVERS\stwrt64.sys Script: Quarantine, Delete, Delete via BC
swenum Driver: Unload, Delete, Disable, Delete via BC	Software Bus Driver	Running	C:\Windows\system32\DRIVERS\swenum.sys Script: Quarantine, Delete, Delete via BC
SynTP Driver: Unload, Delete, Disable, Delete via BC	Synaptics TouchPad Driver	Running	C:\Windows\system32\DRIVERS\SynTP.sys Script: Quarantine, Delete, Delete via BC	Pointer Port
Tcpip Driver: Unload, Delete, Disable, Delete via BC	TCP/IP Protocol Driver	Running	C:\Windows\system32\drivers\tcpip.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
tcpipreg Driver: Unload, Delete, Disable, Delete via BC	TCP/IP Registry Compatibility	Running	C:\Windows\system32\drivers\tcpipreg.sys Script: Quarantine, Delete, Delete via BC		tcpip
tdx Driver: Unload, Delete, Disable, Delete via BC	NetIO Legacy TDI Support Driver	Running	C:\Windows\system32\DRIVERS\tdx.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tcpip
TermDD Driver: Unload, Delete, Disable, Delete via BC	Terminal Device Driver	Running	C:\Windows\system32\DRIVERS\termdd.sys Script: Quarantine, Delete, Delete via BC
tunnel Driver: Unload, Delete, Disable, Delete via BC	Microsoft Tunnel Miniport Adapter Driver	Running	C:\Windows\system32\DRIVERS\tunnel.sys Script: Quarantine, Delete, Delete via BC	NDIS
umbus Driver: Unload, Delete, Disable, Delete via BC	UMBus Enumerator Driver	Running	C:\Windows\system32\DRIVERS\umbus.sys Script: Quarantine, Delete, Delete via BC	Extended Base
usbccgp Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB Generic Parent Driver	Running	C:\Windows\system32\DRIVERS\usbccgp.sys Script: Quarantine, Delete, Delete via BC	Base
usbehci Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB 2.0 Enhanced Host Controller Miniport Driver	Running	C:\Windows\system32\DRIVERS\usbehci.sys Script: Quarantine, Delete, Delete via BC	Base
usbhub Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB Standard Hub Driver	Running	C:\Windows\system32\DRIVERS\usbhub.sys Script: Quarantine, Delete, Delete via BC	Base
usbvideo Driver: Unload, Delete, Disable, Delete via BC	USB Video Device (WDM)	Running	C:\Windows\system32\Drivers\usbvideo.sys Script: Quarantine, Delete, Delete via BC
vdrvroot Driver: Unload, Delete, Disable, Delete via BC	Microsoft Virtual Drive Enumerator Driver	Running	C:\Windows\system32\DRIVERS\vdrvroot.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
VgaSave Driver: Unload, Delete, Disable, Delete via BC	VgaSave	Running	C:\Windows\System32\drivers\vga.sys Script: Quarantine, Delete, Delete via BC	Video Save
volmgr Driver: Unload, Delete, Disable, Delete via BC	Volume Manager Driver	Running	C:\Windows\system32\DRIVERS\volmgr.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
volmgrx Driver: Unload, Delete, Disable, Delete via BC	Dynamic Volume Manager	Running	C:\Windows\System32\drivers\volmgrx.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
volsnap Driver: Unload, Delete, Disable, Delete via BC	Storage volumes	Running	C:\Windows\system32\DRIVERS\volsnap.sys Script: Quarantine, Delete, Delete via BC
vwifibus Driver: Unload, Delete, Disable, Delete via BC	Virtual WiFi Bus Driver	Running	C:\Windows\system32\DRIVERS\vwifibus.sys Script: Quarantine, Delete, Delete via BC
vwififlt Driver: Unload, Delete, Disable, Delete via BC	Virtual WiFi Filter Driver	Running	C:\Windows\system32\DRIVERS\vwififlt.sys Script: Quarantine, Delete, Delete via BC	NDIS
vwifimp Driver: Unload, Delete, Disable, Delete via BC	Microsoft Virtual WiFi Miniport Service	Running	C:\Windows\system32\DRIVERS\vwifimp.sys Script: Quarantine, Delete, Delete via BC	NDIS
Wanarpv6 Driver: Unload, Delete, Disable, Delete via BC	Remote Access IPv6 ARP Driver	Running	C:\Windows\system32\DRIVERS\wanarp.sys Script: Quarantine, Delete, Delete via BC
Wdf01000 Driver: Unload, Delete, Disable, Delete via BC	Kernel Mode Driver Frameworks service	Running	C:\Windows\system32\drivers\Wdf01000.sys Script: Quarantine, Delete, Delete via BC	WdfLoadGroup
WfpLwf Driver: Unload, Delete, Disable, Delete via BC	WFP Lightweight Filter	Running	C:\Windows\system32\DRIVERS\wfplwf.sys Script: Quarantine, Delete, Delete via BC	NDIS
WmiAcpi Driver: Unload, Delete, Disable, Delete via BC	Microsoft Windows Management Interface for ACPI	Running	C:\Windows\system32\DRIVERS\wmiacpi.sys Script: Quarantine, Delete, Delete via BC	Extended Base
WudfPf Driver: Unload, Delete, Disable, Delete via BC	User Mode Driver Frameworks Platform Driver	Running	C:\Windows\system32\drivers\WudfPf.sys Script: Quarantine, Delete, Delete via BC	base
AcpiPmi Driver: Unload, Delete, Disable, Delete via BC	ACPI Power Meter Driver	Not started	C:\Windows\system32\DRIVERS\acpipmi.sys Script: Quarantine, Delete, Delete via BC
adp94xx Driver: Unload, Delete, Disable, Delete via BC	adp94xx	Not started	C:\Windows\system32\DRIVERS\adp94xx.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
adpahci Driver: Unload, Delete, Disable, Delete via BC	adpahci	Not started	C:\Windows\system32\DRIVERS\adpahci.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
adpu320 Driver: Unload, Delete, Disable, Delete via BC	adpu320	Not started	C:\Windows\system32\DRIVERS\adpu320.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
agp440 Driver: Unload, Delete, Disable, Delete via BC	Intel AGP Bus Filter	Not started	C:\Windows\system32\DRIVERS\agp440.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
aliide Driver: Unload, Delete, Disable, Delete via BC	aliide	Not started	C:\Windows\system32\DRIVERS\aliide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
amdide Driver: Unload, Delete, Disable, Delete via BC	amdide	Not started	C:\Windows\system32\DRIVERS\amdide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
AmdK8 Driver: Unload, Delete, Disable, Delete via BC	AMD K8 Processor Driver	Not started	C:\Windows\system32\DRIVERS\amdk8.sys Script: Quarantine, Delete, Delete via BC	Extended Base
AmdPPM Driver: Unload, Delete, Disable, Delete via BC	AMD Processor Driver	Not started	C:\Windows\system32\DRIVERS\amdppm.sys Script: Quarantine, Delete, Delete via BC	Extended Base
amdsata Driver: Unload, Delete, Disable, Delete via BC	amdsata	Not started	C:\Windows\system32\DRIVERS\amdsata.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
amdsbs Driver: Unload, Delete, Disable, Delete via BC	amdsbs	Not started	C:\Windows\system32\DRIVERS\amdsbs.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
AppID Driver: Unload, Delete, Disable, Delete via BC	AppID Driver	Not started	C:\Windows\system32\drivers\appid.sys Script: Quarantine, Delete, Delete via BC		FltMgr
arc Driver: Unload, Delete, Disable, Delete via BC	arc	Not started	C:\Windows\system32\DRIVERS\arc.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
arcsas Driver: Unload, Delete, Disable, Delete via BC	arcsas	Not started	C:\Windows\system32\DRIVERS\arcsas.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AsyncMac Driver: Unload, Delete, Disable, Delete via BC	RAS Asynchronous Media Driver	Not started	C:\Windows\system32\DRIVERS\asyncmac.sys Script: Quarantine, Delete, Delete via BC
atapi Driver: Unload, Delete, Disable, Delete via BC	atapi	Not started	C:\Windows\system32\DRIVERS\atapi.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
b06bdrv Driver: Unload, Delete, Disable, Delete via BC	Broadcom NetXtreme II VBD	Not started	C:\Windows\system32\DRIVERS\bxvbda.sys Script: Quarantine, Delete, Delete via BC	base
b57nd60a Driver: Unload, Delete, Disable, Delete via BC	Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0	Not started	C:\Windows\system32\DRIVERS\b57nd60a.sys Script: Quarantine, Delete, Delete via BC	NDIS
BrFiltLo Driver: Unload, Delete, Disable, Delete via BC	Brother USB Mass-Storage Lower Filter Driver	Not started	C:\Windows\system32\DRIVERS\BrFiltLo.sys Script: Quarantine, Delete, Delete via BC	extended base
BrFiltUp Driver: Unload, Delete, Disable, Delete via BC	Brother USB Mass-Storage Upper Filter Driver	Not started	C:\Windows\system32\DRIVERS\BrFiltUp.sys Script: Quarantine, Delete, Delete via BC	extended base
Brserid Driver: Unload, Delete, Disable, Delete via BC	Brother MFC Serial Port Interface Driver (WDM)	Not started	C:\Windows\System32\Drivers\Brserid.sys Script: Quarantine, Delete, Delete via BC
BrSerWdm Driver: Unload, Delete, Disable, Delete via BC	Brother WDM Serial driver	Not started	C:\Windows\System32\Drivers\BrSerWdm.sys Script: Quarantine, Delete, Delete via BC
BrUsbMdm Driver: Unload, Delete, Disable, Delete via BC	Brother MFC USB Fax Only Modem	Not started	C:\Windows\System32\Drivers\BrUsbMdm.sys Script: Quarantine, Delete, Delete via BC
BrUsbSer Driver: Unload, Delete, Disable, Delete via BC	Brother MFC USB Serial WDM Driver	Not started	C:\Windows\System32\Drivers\BrUsbSer.sys Script: Quarantine, Delete, Delete via BC
BTHMODEM Driver: Unload, Delete, Disable, Delete via BC	Bluetooth Serial Communications Driver	Not started	C:\Windows\system32\DRIVERS\bthmodem.sys Script: Quarantine, Delete, Delete via BC
BTHPORT Driver: Unload, Delete, Disable, Delete via BC	Bluetooth Port Driver	Not started	C:\Windows\system32\Drivers\BTHport.sys Script: Quarantine, Delete, Delete via BC	PNP Filter
cdfs Driver: Unload, Delete, Disable, Delete via BC	CD/DVD File System Reader	Not started	C:\Windows\system32\DRIVERS\cdfs.sys Script: Quarantine, Delete, Delete via BC	Boot File System	+SCSI CDROM Class
cmdide Driver: Unload, Delete, Disable, Delete via BC	cmdide	Not started	C:\Windows\system32\DRIVERS\cmdide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
cpuz130 Driver: Unload, Delete, Disable, Delete via BC	cpuz130	Not started	C:\Users\Abbie\AppData\Local\Temp\cpuz130\cpuz_x64.sys Script: Quarantine, Delete, Delete via BC
crcdisk Driver: Unload, Delete, Disable, Delete via BC	Crcdisk Filter Driver	Not started	C:\Windows\system32\DRIVERS\crcdisk.sys Script: Quarantine, Delete, Delete via BC	Pnp Filter
drmkaud Driver: Unload, Delete, Disable, Delete via BC	Microsoft Trusted Audio Drivers	Not started	C:\Windows\system32\drivers\drmkaud.sys Script: Quarantine, Delete, Delete via BC
ebdrv Driver: Unload, Delete, Disable, Delete via BC	Broadcom NetXtreme II 10 GigE VBD	Not started	C:\Windows\system32\DRIVERS\evbda.sys Script: Quarantine, Delete, Delete via BC	base
elxstor Driver: Unload, Delete, Disable, Delete via BC	elxstor	Not started	C:\Windows\system32\DRIVERS\elxstor.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
ErrDev Driver: Unload, Delete, Disable, Delete via BC	Microsoft Hardware Error Device Driver	Not started	C:\Windows\system32\DRIVERS\errdev.sys Script: Quarantine, Delete, Delete via BC	Extended Base
exfat Driver: Unload, Delete, Disable, Delete via BC	exFAT File System Driver	Not started	exfat.sys Script: Quarantine, Delete, Delete via BC	Boot File System
FACAP Driver: Unload, Delete, Disable, Delete via BC	facap, FastAccess Video Capture	Not started	C:\Windows\system32\DRIVERS\facap.sys Script: Quarantine, Delete, Delete via BC
fdc Driver: Unload, Delete, Disable, Delete via BC	Floppy Disk Controller Driver	Not started	C:\Windows\system32\DRIVERS\fdc.sys Script: Quarantine, Delete, Delete via BC
Filetrace Driver: Unload, Delete, Disable, Delete via BC	Filetrace	Not started	C:\Windows\system32\drivers\filetrace.sys Script: Quarantine, Delete, Delete via BC	FSFilter Activity Monitor	FltMgr
flpydisk Driver: Unload, Delete, Disable, Delete via BC	Floppy Disk Driver	Not started	C:\Windows\system32\DRIVERS\flpydisk.sys Script: Quarantine, Delete, Delete via BC
FsDepends Driver: Unload, Delete, Disable, Delete via BC	File System Dependency Minifilter	Not started	C:\Windows\system32\drivers\FsDepends.sys Script: Quarantine, Delete, Delete via BC	Filter	fltmgr
gagp30kx Driver: Unload, Delete, Disable, Delete via BC	Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms	Not started	C:\Windows\system32\DRIVERS\gagp30kx.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
hcw85cir Driver: Unload, Delete, Disable, Delete via BC	Hauppauge Consumer Infrared Receiver	Not started	C:\Windows\system32\drivers\hcw85cir.sys Script: Quarantine, Delete, Delete via BC	Extended Base
HdAudAddService Driver: Unload, Delete, Disable, Delete via BC	Microsoft 1.1 UAA Function Driver for High Definition Audio Service	Not started	C:\Windows\system32\drivers\HdAudio.sys Script: Quarantine, Delete, Delete via BC
HidBatt Driver: Unload, Delete, Disable, Delete via BC	HID UPS Battery Driver	Not started	C:\Windows\system32\DRIVERS\HidBatt.sys Script: Quarantine, Delete, Delete via BC
HidBth Driver: Unload, Delete, Disable, Delete via BC	Microsoft Bluetooth HID Miniport	Not started	C:\Windows\system32\DRIVERS\hidbth.sys Script: Quarantine, Delete, Delete via BC	extended base
HpSAMD Driver: Unload, Delete, Disable, Delete via BC	HpSAMD	Not started	C:\Windows\system32\DRIVERS\HpSAMD.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
IAMTVE Driver: Unload, Delete, Disable, Delete via BC	Driver for Intel(R) Active Management Technology - KCS	Not started	C:\Windows\system32\DRIVERS\IAMTVE.sys Script: Quarantine, Delete, Delete via BC	Extended Base
IAMTXPE Driver: Unload, Delete, Disable, Delete via BC	Driver for Intel(R) Active Management Technology - KCS	Not started	C:\Windows\system32\DRIVERS\IAMTXPE.sys Script: Quarantine, Delete, Delete via BC	Extended Base
iaStorV Driver: Unload, Delete, Disable, Delete via BC	iaStorV	Not started	C:\Windows\system32\DRIVERS\iaStorV.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
iirsp Driver: Unload, Delete, Disable, Delete via BC	iirsp	Not started	C:\Windows\system32\DRIVERS\iirsp.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
intelide Driver: Unload, Delete, Disable, Delete via BC	intelide	Not started	C:\Windows\system32\DRIVERS\intelide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
ioatdma Driver: Unload, Delete, Disable, Delete via BC	Intel(R) QuickData Technology device	Not started	C:\Windows\System32\Drivers\qd260x64.sys Script: Quarantine, Delete, Delete via BC	NDIS
ioatdma1 Driver: Unload, Delete, Disable, Delete via BC	ioatdma1	Not started	C:\Windows\System32\Drivers\qd162x64.sys Script: Quarantine, Delete, Delete via BC	NDIS
ioatdma2 Driver: Unload, Delete, Disable, Delete via BC	Intel(R) QuickData Technology device ver.2	Not started	C:\Windows\System32\Drivers\qd262x64.sys Script: Quarantine, Delete, Delete via BC	NDIS
IpFilterDriver Driver: Unload, Delete, Disable, Delete via BC	IP Traffic Filter Driver	Not started	C:\Windows\system32\DRIVERS\ipfltdrv.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tcpip
IPMIDRV Driver: Unload, Delete, Disable, Delete via BC	IPMIDRV	Not started	C:\Windows\system32\DRIVERS\IPMIDrv.sys Script: Quarantine, Delete, Delete via BC
IPNAT Driver: Unload, Delete, Disable, Delete via BC	IP Network Address Translator	Not started	C:\Windows\system32\drivers\ipnat.sys Script: Quarantine, Delete, Delete via BC		Tcpip
IRENUM Driver: Unload, Delete, Disable, Delete via BC	IR Bus Enumerator	Not started	C:\Windows\system32\drivers\irenum.sys Script: Quarantine, Delete, Delete via BC
isapnp Driver: Unload, Delete, Disable, Delete via BC	isapnp	Not started	C:\Windows\system32\DRIVERS\isapnp.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
iScsiPrt Driver: Unload, Delete, Disable, Delete via BC	iScsiPort Driver	Not started	C:\Windows\system32\DRIVERS\msiscsi.sys Script: Quarantine, Delete, Delete via BC
iSSetup Driver: Unload, Delete, Disable, Delete via BC	iSSetup	Not started	C:\Windows\system32\DRIVERS\iSSetup.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
LSI_FC Driver: Unload, Delete, Disable, Delete via BC	LSI_FC	Not started	C:\Windows\system32\DRIVERS\lsi_fc.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
LSI_SAS Driver: Unload, Delete, Disable, Delete via BC	LSI_SAS	Not started	C:\Windows\system32\DRIVERS\lsi_sas.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
LSI_SAS2 Driver: Unload, Delete, Disable, Delete via BC	LSI_SAS2	Not started	C:\Windows\system32\DRIVERS\lsi_sas2.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
LSI_SCSI Driver: Unload, Delete, Disable, Delete via BC	LSI_SCSI	Not started	C:\Windows\system32\DRIVERS\lsi_scsi.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
mbmiodrvr Driver: Unload, Delete, Disable, Delete via BC	mbmiodrvr	Not started	C:\Windows\syswow64\mbmiodrvr.sys Script: Quarantine, Delete, Delete via BC
megasas Driver: Unload, Delete, Disable, Delete via BC	megasas	Not started	C:\Windows\system32\DRIVERS\megasas.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
MegaSR Driver: Unload, Delete, Disable, Delete via BC	MegaSR	Not started	C:\Windows\system32\DRIVERS\MegaSR.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
Modem Driver: Unload, Delete, Disable, Delete via BC	Modem	Not started	C:\Windows\system32\drivers\modem.sys Script: Quarantine, Delete, Delete via BC	Extended base
mpio Driver: Unload, Delete, Disable, Delete via BC	mpio	Not started	C:\Windows\system32\DRIVERS\mpio.sys Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
MRxDAV Driver: Unload, Delete, Disable, Delete via BC	WebDav Client Redirector Driver	Not started	C:\Windows\system32\drivers\mrxdav.sys Script: Quarantine, Delete, Delete via BC		rdbss
msahci Driver: Unload, Delete, Disable, Delete via BC	msahci	Not started	C:\Windows\system32\DRIVERS\msahci.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
msdsm Driver: Unload, Delete, Disable, Delete via BC	msdsm	Not started	C:\Windows\system32\DRIVERS\msdsm.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
mshidkmdf Driver: Unload, Delete, Disable, Delete via BC	Pass-through HID to KMDF Filter Driver	Not started	C:\Windows\System32\drivers\mshidkmdf.sys Script: Quarantine, Delete, Delete via BC	Base
MSKSSRV Driver: Unload, Delete, Disable, Delete via BC	Microsoft Streaming Service Proxy	Not started	C:\Windows\system32\drivers\MSKSSRV.sys Script: Quarantine, Delete, Delete via BC	Extended Base
MSPCLOCK Driver: Unload, Delete, Disable, Delete via BC	Microsoft Streaming Clock Proxy	Not started	C:\Windows\system32\drivers\MSPCLOCK.sys Script: Quarantine, Delete, Delete via BC	Extended Base
MSPQM Driver: Unload, Delete, Disable, Delete via BC	Microsoft Streaming Quality Manager Proxy	Not started	C:\Windows\system32\drivers\MSPQM.sys Script: Quarantine, Delete, Delete via BC	Extended Base
MsRPC Driver: Unload, Delete, Disable, Delete via BC	MsRPC	Not started	MsRPC.sys Script: Quarantine, Delete, Delete via BC
MSTEE Driver: Unload, Delete, Disable, Delete via BC	Microsoft Streaming Tee/Sink-to-Sink Converter	Not started	C:\Windows\system32\drivers\MSTEE.sys Script: Quarantine, Delete, Delete via BC	Extended Base
MTConfig Driver: Unload, Delete, Disable, Delete via BC	Microsoft Input Configuration Driver	Not started	C:\Windows\system32\DRIVERS\MTConfig.sys Script: Quarantine, Delete, Delete via BC	Extended Base
NdisCap Driver: Unload, Delete, Disable, Delete via BC	NDIS Capture LightWeight Filter	Not started	C:\Windows\system32\DRIVERS\ndiscap.sys Script: Quarantine, Delete, Delete via BC	NDIS
nfrd960 Driver: Unload, Delete, Disable, Delete via BC	nfrd960	Not started	C:\Windows\system32\DRIVERS\nfrd960.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
nv_agp Driver: Unload, Delete, Disable, Delete via BC	NVIDIA nForce AGP Bus Filter	Not started	C:\Windows\system32\DRIVERS\nv_agp.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
nvraid Driver: Unload, Delete, Disable, Delete via BC	nvraid	Not started	C:\Windows\system32\DRIVERS\nvraid.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
nvstor Driver: Unload, Delete, Disable, Delete via BC	nvstor	Not started	C:\Windows\system32\DRIVERS\nvstor.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
ohci1394 Driver: Unload, Delete, Disable, Delete via BC	1394 OHCI Compliant Host Controller (Legacy)	Not started	C:\Windows\system32\DRIVERS\ohci1394.sys Script: Quarantine, Delete, Delete via BC
Parport Driver: Unload, Delete, Disable, Delete via BC	Parallel port driver	Not started	C:\Windows\system32\DRIVERS\parport.sys Script: Quarantine, Delete, Delete via BC	Parallel arbitrator
pciide Driver: Unload, Delete, Disable, Delete via BC	pciide	Not started	C:\Windows\system32\DRIVERS\pciide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
pcmcia Driver: Unload, Delete, Disable, Delete via BC	pcmcia	Not started	C:\Windows\system32\DRIVERS\pcmcia.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
Processor Driver: Unload, Delete, Disable, Delete via BC	Processor Driver	Not started	C:\Windows\system32\DRIVERS\processr.sys Script: Quarantine, Delete, Delete via BC	Extended Base
ql2300 Driver: Unload, Delete, Disable, Delete via BC	ql2300	Not started	C:\Windows\system32\DRIVERS\ql2300.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
ql40xx Driver: Unload, Delete, Disable, Delete via BC	ql40xx	Not started	C:\Windows\system32\DRIVERS\ql40xx.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
QWAVEdrv Driver: Unload, Delete, Disable, Delete via BC	QWAVE driver	Not started	C:\Windows\system32\drivers\qwavedrv.sys Script: Quarantine, Delete, Delete via BC
RasAcd Driver: Unload, Delete, Disable, Delete via BC	Remote Access Auto Connection Driver	Not started	C:\Windows\system32\DRIVERS\rasacd.sys Script: Quarantine, Delete, Delete via BC	Streams Drivers
rdpbus Driver: Unload, Delete, Disable, Delete via BC	Remote Desktop Device Redirector Bus Driver	Not started	C:\Windows\system32\DRIVERS\rdpbus.sys Script: Quarantine, Delete, Delete via BC
RDPWD Driver: Unload, Delete, Disable, Delete via BC	RDP Winstation Driver	Not started	RDPWD.sys Script: Quarantine, Delete, Delete via BC
rimmptsk Driver: Unload, Delete, Disable, Delete via BC	rimmptsk	Not started	C:\Windows\system32\DRIVERS\rimmpx64.sys Script: Quarantine, Delete, Delete via BC	MMC
rimsptsk Driver: Unload, Delete, Disable, Delete via BC	rimsptsk	Not started	C:\Windows\system32\DRIVERS\rimspx64.sys Script: Quarantine, Delete, Delete via BC	MemoryStick
rismxdp Driver: Unload, Delete, Disable, Delete via BC	rismxdp	Not started	C:\Windows\system32\DRIVERS\rixdpx64.sys Script: Quarantine, Delete, Delete via BC	SmartMedia/XD
sbp2port Driver: Unload, Delete, Disable, Delete via BC	sbp2port	Not started	C:\Windows\system32\DRIVERS\sbp2port.sys Script: Quarantine, Delete, Delete via BC
SBRE Driver: Unload, Delete, Disable, Delete via BC	SBRE	Not started	C:\Windows\system32\drivers\SBREdrv.sys Script: Quarantine, Delete, Delete via BC	Base
scfilter Driver: Unload, Delete, Disable, Delete via BC	Smart card PnP Class Filter Driver	Not started	C:\Windows\system32\DRIVERS\scfilter.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
Serenum Driver: Unload, Delete, Disable, Delete via BC	Serenum Filter Driver	Not started	C:\Windows\system32\DRIVERS\serenum.sys Script: Quarantine, Delete, Delete via BC	PNP Filter
Serial Driver: Unload, Delete, Disable, Delete via BC	Serial	Not started	C:\Windows\system32\DRIVERS\serial.sys Script: Quarantine, Delete, Delete via BC	Extended base
sermouse Driver: Unload, Delete, Disable, Delete via BC	Serial Mouse Driver	Not started	C:\Windows\system32\DRIVERS\sermouse.sys Script: Quarantine, Delete, Delete via BC	Pointer Port
sffdisk Driver: Unload, Delete, Disable, Delete via BC	SFF Storage Class Driver	Not started	C:\Windows\system32\DRIVERS\sffdisk.sys Script: Quarantine, Delete, Delete via BC
sffp_mmc Driver: Unload, Delete, Disable, Delete via BC	SFF Storage Protocol Driver for MMC	Not started	C:\Windows\system32\DRIVERS\sffp_mmc.sys Script: Quarantine, Delete, Delete via BC
sffp_sd Driver: Unload, Delete, Disable, Delete via BC	SFF Storage Protocol Driver for SDBus	Not started	C:\Windows\system32\DRIVERS\sffp_sd.sys Script: Quarantine, Delete, Delete via BC
sfloppy Driver: Unload, Delete, Disable, Delete via BC	High-Capacity Floppy Disk Drive	Not started	C:\Windows\system32\DRIVERS\sfloppy.sys Script: Quarantine, Delete, Delete via BC
SiSRaid2 Driver: Unload, Delete, Disable, Delete via BC	SiSRaid2	Not started	C:\Windows\system32\DRIVERS\SiSRaid2.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
SiSRaid4 Driver: Unload, Delete, Disable, Delete via BC	SiSRaid4	Not started	C:\Windows\system32\DRIVERS\sisraid4.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
Smb Driver: Unload, Delete, Disable, Delete via BC	Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)	Not started	C:\Windows\system32\DRIVERS\smb.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	Tcpip
stexstor Driver: Unload, Delete, Disable, Delete via BC	stexstor	Not started	C:\Windows\system32\DRIVERS\stexstor.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
TCPIP6 Driver: Unload, Delete, Disable, Delete via BC	Microsoft IPv6 Protocol Driver	Not started	C:\Windows\system32\DRIVERS\tcpip.sys Script: Quarantine, Delete, Delete via BC		Tcpip
TDPIPE Driver: Unload, Delete, Disable, Delete via BC	TDPIPE	Not started	C:\Windows\system32\drivers\tdpipe.sys Script: Quarantine, Delete, Delete via BC
TDTCP Driver: Unload, Delete, Disable, Delete via BC	TDTCP	Not started	C:\Windows\system32\drivers\tdtcp.sys Script: Quarantine, Delete, Delete via BC
tssecsrv Driver: Unload, Delete, Disable, Delete via BC	Remote Desktop Services Security Filter Driver	Not started	C:\Windows\system32\DRIVERS\tssecsrv.sys Script: Quarantine, Delete, Delete via BC
uagp35 Driver: Unload, Delete, Disable, Delete via BC	Microsoft AGPv3.5 Filter	Not started	C:\Windows\system32\DRIVERS\uagp35.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
udfs Driver: Unload, Delete, Disable, Delete via BC	udfs	Not started	C:\Windows\system32\DRIVERS\udfs.sys Script: Quarantine, Delete, Delete via BC	Boot File System
uliagpkx Driver: Unload, Delete, Disable, Delete via BC	Uli AGP Bus Filter	Not started	C:\Windows\system32\DRIVERS\uliagpkx.sys Script: Quarantine, Delete, Delete via BC	PnP Filter
UmPass Driver: Unload, Delete, Disable, Delete via BC	Microsoft UMPass Driver	Not started	C:\Windows\system32\DRIVERS\umpass.sys Script: Quarantine, Delete, Delete via BC	Extended Base
usbcir Driver: Unload, Delete, Disable, Delete via BC	eHome Infrared Receiver (USBCIR)	Not started	C:\Windows\system32\DRIVERS\usbcir.sys Script: Quarantine, Delete, Delete via BC	Extended Base
usbohci Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB Open Host Controller Miniport Driver	Not started	C:\Windows\system32\DRIVERS\usbohci.sys Script: Quarantine, Delete, Delete via BC	Base
usbprint Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB PRINTER Class	Not started	C:\Windows\system32\DRIVERS\usbprint.sys Script: Quarantine, Delete, Delete via BC	extended base
USBSTOR Driver: Unload, Delete, Disable, Delete via BC	USB Mass Storage Driver	Not started	C:\Windows\system32\DRIVERS\USBSTOR.SYS Script: Quarantine, Delete, Delete via BC
usbuhci Driver: Unload, Delete, Disable, Delete via BC	Microsoft USB Universal Host Controller Miniport Driver	Not started	C:\Windows\system32\DRIVERS\usbuhci.sys Script: Quarantine, Delete, Delete via BC	Base
vga Driver: Unload, Delete, Disable, Delete via BC	vga	Not started	C:\Windows\system32\DRIVERS\vgapnp.sys Script: Quarantine, Delete, Delete via BC	Video
vhdmp Driver: Unload, Delete, Disable, Delete via BC	vhdmp	Not started	C:\Windows\system32\DRIVERS\vhdmp.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
viaide Driver: Unload, Delete, Disable, Delete via BC	viaide	Not started	C:\Windows\system32\DRIVERS\viaide.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
vsmraid Driver: Unload, Delete, Disable, Delete via BC	vsmraid	Not started	C:\Windows\system32\DRIVERS\vsmraid.sys Script: Quarantine, Delete, Delete via BC	SCSI Miniport
WacomPen Driver: Unload, Delete, Disable, Delete via BC	Wacom Serial Pen HID Driver	Not started	C:\Windows\system32\DRIVERS\wacompen.sys Script: Quarantine, Delete, Delete via BC	Extended Base
WANARP Driver: Unload, Delete, Disable, Delete via BC	Remote Access IP ARP Driver	Not started	C:\Windows\system32\DRIVERS\wanarp.sys Script: Quarantine, Delete, Delete via BC
Wd Driver: Unload, Delete, Disable, Delete via BC	Wd	Not started	C:\Windows\system32\DRIVERS\wd.sys Script: Quarantine, Delete, Delete via BC
WimFltr Driver: Unload, Delete, Disable, Delete via BC	WimFltr	Not started	C:\Windows\system32\DRIVERS\wimfltr.sys Script: Quarantine, Delete, Delete via BC	FSFilter Compression	FltMgr
WinUsb Driver: Unload, Delete, Disable, Delete via BC	WinUsb	Not started	C:\Windows\system32\DRIVERS\WinUsb.sys Script: Quarantine, Delete, Delete via BC
ws2ifsl Driver: Unload, Delete, Disable, Delete via BC	Winsock IFS Driver	Not started	C:\Windows\system32\drivers\ws2ifsl.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
WUDFRd Driver: Unload, Delete, Disable, Delete via BC	WUDFRd	Not started	C:\Windows\system32\DRIVERS\WUDFRd.sys Script: Quarantine, Delete, Delete via BC
Detected - 271, recognized as trusted - 1

Autoruns

File name	Status	Startup method	Description
C:\Program Files (x86)\McAfee\VirusScan\NAIEvent.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\McLogEvent, EventMessageFile
C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RegistryBooster Delete
C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk,
C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, QuickFinder Scheduler Delete
C:\Program Files (x86)\\DVD Maker\DVDMaker.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile
C:\Program Files (x86)\\Windows Defender\MpEvMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
C:\Program Files (x86)\\Windows Defender\mpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinDefend\Parameters, ServiceDll Delete
C:\Program Files\Alienware\Command Center\AlienSense\FAEventMessage.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Fast Access, EventMessageFile
C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\FastAccess, DLLName Delete
C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, FATrayAlert Delete
C:\Users\Abbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk Script: Quarantine, Delete, Delete via BC	Active	File in Startup folder	C:\Users\Abbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Abbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk,
C:\Users\Abbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk Script: Quarantine, Delete, Delete via BC	Active	File in Startup folder	C:\Users\Abbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Abbie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk,
C:\Windows\System32\Audiosrv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll Delete
C:\Windows\System32\Audiosrv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters, ServiceDll Delete
C:\Windows\System32\AxInstSV.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll Delete
C:\Windows\System32\AxInstSv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
C:\Windows\System32\DFDTS.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
C:\Windows\System32\DispCI.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
C:\Windows\System32\Drivers\BthUsb.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\Windows\System32\Drivers\Bthport.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT, EventMessageFile
C:\Windows\System32\Drivers\Bthport.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\Windows\System32\Drivers\NETw5s64.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\NETw5s64, EventMessageFile
C:\Windows\System32\Drivers\Pcmcia.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\Windows\System32\Drivers\VolSnap.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\Windows\System32\Drivers\acpi.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\Windows\System32\Drivers\hidbth.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\Windows\System32\RpcEpMap.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll Delete
C:\Windows\System32\SCardSvr.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll Delete
C:\Windows\System32\TabSvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll Delete
C:\Windows\System32\UI0Detect.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
C:\Windows\System32\VSSVC.EXE Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
C:\Windows\System32\WUDFSvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll Delete
C:\Windows\System32\aelupsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll Delete
C:\Windows\System32\aelupsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile
C:\Windows\System32\appidsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll Delete
C:\Windows\System32\appinfo.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll Delete
C:\Windows\System32\bfe.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll Delete
C:\Windows\System32\browser.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll Delete
C:\Windows\System32\dnsrslvr.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll Delete
C:\Windows\System32\dot3svc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll Delete
C:\Windows\System32\drivers\IAMTVE.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IAMTVE, EventMessageFile
C:\Windows\System32\drivers\IAMTXPE.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IAMTXPE, EventMessageFile
C:\Windows\System32\drivers\MTConfig.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\Windows\System32\drivers\SynTP.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SynTP, EventMessageFile
C:\Windows\System32\drivers\amdk8.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\Windows\System32\drivers\amdppm.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\atikmdag, EventMessageFile
C:\Windows\System32\drivers\b57nd60a.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60a, EventMessageFile
C:\Windows\System32\drivers\bxvbda.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\Windows\System32\drivers\e1k62x64.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\e1kexpress, EventMessageFile
C:\Windows\System32\drivers\evbda.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\Windows\System32\drivers\fltmgr.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\Windows\System32\drivers\i8042prt.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\Windows\System32\drivers\iaStor.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStor, EventMessageFile
C:\Windows\System32\drivers\iaStorV.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\Windows\System32\drivers\intelppm.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\Windows\System32\drivers\ipmidrv.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
C:\Windows\System32\drivers\isapnp.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\Windows\System32\drivers\kbdclass.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\Windows\System32\drivers\kbdhid.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\Windows\System32\drivers\mouclass.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\Windows\System32\drivers\mouhid.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\Windows\System32\drivers\mpio.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio, EventMessageFile
C:\Windows\System32\drivers\nvstor.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\Windows\System32\drivers\parport.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\Windows\System32\drivers\processr.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\Windows\System32\drivers\sbp2port.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\Windows\System32\drivers\serial.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\Windows\System32\drivers\sermouse.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\Windows\System32\drivers\vgapnp.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vga, EventMessageFile
C:\Windows\System32\drivers\wacompen.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\Windows\System32\drivers\wd.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile
C:\Windows\System32\gpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll Delete
C:\Windows\System32\ikeext.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll Delete
C:\Windows\System32\iphlpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll Delete
C:\Windows\System32\ipnathlp.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll Delete
C:\Windows\System32\ipsecsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll Delete
C:\Windows\System32\iscsiexe.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
C:\Windows\System32\iscsilog.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
C:\Windows\System32\lltdsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll Delete
C:\Windows\System32\lmhsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll Delete
C:\Windows\System32\lsasrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
C:\Windows\System32\lsasrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
C:\Windows\System32\mctadmin.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin Delete
C:\Windows\System32\mctadmin.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin Delete
C:\Windows\System32\mdsched.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
C:\Windows\System32\netman.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll Delete
C:\Windows\System32\nlasvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll Delete
C:\Windows\System32\pcasvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll Delete
C:\Windows\System32\profsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
C:\Windows\System32\profsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
C:\Windows\System32\qmgr.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll Delete
C:\Windows\System32\rasauto.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll Delete
C:\Windows\System32\rasmans.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll Delete
C:\Windows\System32\relpost.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
C:\Windows\System32\samsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
C:\Windows\System32\samsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
C:\Windows\System32\snmptrap.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
C:\Windows\System32\ssdpsrv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll Delete
C:\Windows\System32\sstpsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile
C:\Windows\System32\swprv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll Delete
C:\Windows\System32\tcpmon.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
C:\Windows\System32\termsrv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll Delete
C:\Windows\System32\trkwks.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll Delete
C:\Windows\System32\umpnpmgr.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile
C:\Windows\System32\umpo.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
C:\Windows\System32\uxsms.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UxSms\Parameters, ServiceDll Delete
C:\Windows\System32\wbiosrvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll Delete
C:\Windows\System32\wercplsupport.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll Delete
C:\Windows\System32\wersvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
C:\Windows\System32\wevtsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\System32\wevtsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\System32\wiaservc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll Delete
C:\Windows\System32\wiaservc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
C:\Windows\System32\win32k.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\Windows\System32\winlogon.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
C:\Windows\System32\winlogon.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
C:\Windows\System32\wkssvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll Delete
C:\Windows\System32\wlansvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters, ServiceDll Delete
C:\Windows\System32\wscsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll Delete
C:\Windows\System32\wscsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
C:\Windows\System32\wwansvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll Delete
C:\Windows\system32\BlbEvents.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
C:\Windows\system32\FAPassSync.dll Script: Quarantine, Delete, Delete via BC	--	?	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Notification Packages
C:\Windows\system32\FntCache.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll Delete
C:\Windows\system32\ListSvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll Delete
C:\Windows\system32\Mcx2Svc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Mcx2Svc\Parameters, ServiceDll Delete
C:\Windows\system32\WINSAT.EXE Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
C:\Windows\system32\WUDFPlatform.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
C:\Windows\system32\Wat\WatUX.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies, EventMessageFile
C:\Windows\system32\bthserv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll Delete
C:\Windows\system32\certprop.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
C:\Windows\system32\cofiredm.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
C:\Windows\system32\cofiredm.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
C:\Windows\system32\csrsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
C:\Windows\system32\dfdts.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
C:\Windows\system32\drivers\HTTP.SYS Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
C:\Windows\system32\drivers\Wdf01000.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
C:\Windows\system32\drivers\fltmgr.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
C:\Windows\system32\drivers\fvevol.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
C:\Windows\system32\dwm.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
C:\Windows\system32\eapsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
C:\Windows\system32\fdPHost.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll Delete
C:\Windows\system32\fdphost.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
C:\Windows\system32\fdrespub.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll Delete
C:\Windows\system32\fdrespub.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
C:\Windows\system32\fveapi.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile
C:\Windows\system32\fxsevent.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\Windows\system32\gpsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
C:\Windows\system32\ipbusenum.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IPBusEnum\Parameters, ServiceDll Delete
C:\Windows\system32\ipbusenum.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum, EventMessageFile
C:\Windows\system32\iphlpsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
C:\Windows\system32\iscsiexe.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll Delete
C:\Windows\system32\lpksetup.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
C:\Windows\system32\lsm.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
C:\Windows\system32\microsoft-windows-hal-events.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-power-events.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
C:\Windows\system32\mmcss.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MMCSS\Parameters, ServiceDll Delete
C:\Windows\system32\mmcss.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\THREADORDER\Parameters, ServiceDll Delete
C:\Windows\system32\mpssvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll Delete
C:\Windows\system32\mpssvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
C:\Windows\system32\msdtckrm.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll Delete
C:\Windows\system32\nsisvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll Delete
C:\Windows\system32\oobe\winsetup.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
C:\Windows\system32\pnrpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll Delete
C:\Windows\system32\profsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll Delete
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\Windows\system32\qmgr.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
C:\Windows\system32\recovery.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery, EventMessageFile
C:\Windows\system32\regsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll Delete
C:\Windows\system32\schedsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll Delete
C:\Windows\system32\schedsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
C:\Windows\system32\sdclt.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath,
C:\Windows\system32\seclogon.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll Delete
C:\Windows\system32\sensrsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll Delete
C:\Windows\system32\services.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
C:\Windows\system32\sppsvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
C:\Windows\system32\sppsvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
C:\Windows\system32\sppuinotify.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\sppuinotify\Parameters, ServiceDll Delete
C:\Windows\system32\srvsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll Delete
C:\Windows\system32\sstpsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library Delete
C:\Windows\system32\tbssvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS, EventMessageFile
C:\Windows\system32\termsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
C:\Windows\system32\themeservice.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll Delete
C:\Windows\system32\umpnpmgr.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll Delete
C:\Windows\system32\umpnpmgr.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
C:\Windows\system32\umpo.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll Delete
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll Delete
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName Delete
C:\Windows\system32\w32time.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName Delete
C:\Windows\system32\wbem\WMIsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll Delete
C:\Windows\system32\wecsvc.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll Delete
C:\Windows\system32\wecsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\system32\wecsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
C:\Windows\system32\wecsvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\system32\winlogon.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
C:\Windows\system32\winsrv.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
C:\Windows\system32\wlansvc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
C:\Windows\system32\wpdbusenum.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll Delete
C:\Windows\system32\wuaueng.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll Delete
C:\Windows\system32\wuaueng.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\RunOnce, STToasterLauncher Delete
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, StartCCC Delete
c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, UCam_Menu Delete
c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, BDRegion Delete
c:\Program Files (x86)\OSD\Launch_OSD.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, OSD_LAUNCH Delete
rdpclip Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items found - 587, recognized as trusted - 369

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll Script: Quarantine, Delete, Delete via BC	BHO			{9030D464-4C02-4ABF-8ECC-5164760863C6} Delete
C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll Script: Quarantine, Delete, Delete via BC	BHO	FAIESSO Application	Copyright © 2005-2009 Sensible Vision	{A2F122DA-055F-4df7-8F24-7354DBDBA85B} Delete
c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Script: Quarantine, Delete, Delete via BC	Extension module			{CCA281CA-C863-46ef-9331-5C8D4460577F} Delete
Items found - 5, recognized as trusted - 2

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	Catalyst Context Menu extension			{5E2121EE-0300-11D4-8D3B-444553540000} Delete
	WinRAR shell extension			{B41DB860-64E4-11D2-9906-E49FADC173CA} Delete
Items found - 7, recognized as trusted - 5

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
localspl.dll Script: Quarantine, Delete, Delete via BC	Monitor	Local Port
FXSMON.DLL Script: Quarantine, Delete, Delete via BC	Monitor	Microsoft Shared Fax Monitor
hpz3lw71.dll Script: Quarantine, Delete, Delete via BC	Monitor	PCL hpz3lw71
tcpmon.dll Script: Quarantine, Delete, Delete via BC	Monitor	Standard TCP/IP Port
usbmon.dll Script: Quarantine, Delete, Delete via BC	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, Delete via BC	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, Delete via BC	Provider	HTTP Print Services
Items found - 8, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
Items found - 0, recognized as trusted - 0

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 7, recognized as trusted - 7

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
UDP ports

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 3, recognized as trusted - 3

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 20, recognized as trusted - 20

Active Setup

File name Description Manufacturer CLSID
Items found - 9, recognized as trusted - 9

HOSTS file

Hosts file record
яю1
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Items found - 18, recognized as trusted - 15

Suspicious objects

File Description Type
System
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
smss.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
csrss.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
wininit.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
services.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
lsass.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
lsm.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
svchost.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
cmdagent.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
winlogon.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
MsMpEng.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
atiesrxx.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
FAService.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
stacsv64.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
audiodg.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
atieclxx.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
wlanext.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
conhost.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
spoolsv.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
AESTSr64.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
AlienFusionService.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
AppleMobileDeviceService.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
mDNSResponder.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
btwdins.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
EvtEng.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
OSD_Service.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
InstallFilterService.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
NBService.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
taskhost.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
dwm.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
PSIService.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
explorer.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
taskeng.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
RegSrvc.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
SftService.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
IAANTmon.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
unsecapp.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
WmiPrvSE.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
AlienFusionController.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
Toaster.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
SynTPEnh.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
sttray64.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
jusched.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
AlienwareAlienFXController.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
iFrmewrk.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
IAAnotif.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
FF_Protection.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
msseces.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
cfp.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
msnmsgr.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
SynTPHelper.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
uTorrent.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
BTTray.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
FATrayMon.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
FATrayAlert.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
SearchIndexer.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
BTStackServer.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
PDVD8Serv.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
MOM.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
brs.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
iTunesHelper.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
issch.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
realsched.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
OSD.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
BluetoothHeadsetProxy.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
iPodService.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
CCC.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
AlienFXHook32Mngr.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
AlienFXHook64Mngr.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
firefox.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
wmpnetwk.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
sppsvc.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
avz.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
TrustedInstaller.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
SearchProtocolHost.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit
SearchFilterHost.exe
Script: Quarantine, Delete, Delete via BC Suspicion for Rootkit Suspicion for Rootkit

AVZ Antiviral Toolkit log; AVZ version is 4.35
Scanning started at 06.10.2010 23:34:10
Database loaded: signatures - 280937, NN profile(s) - 2, malware removal microprograms - 56, signature database released 04.10.2010 21:19
Heuristic microprograms loaded: 383
PVS microprograms loaded: 9
Digital signatures of system files loaded: 233837
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7600,  ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
 >> Danger ! Process masking detected
 >>>> Process masking detected 4 System.exe
 >>>> Process masking detected 396 smss.exe
 >>>> Process masking detected 528 csrss.exe
 >>>> Process masking detected 612 C:\Windows\system32\wininit.exe
 >>>> Process masking detected 632 csrss.exe
 >>>> Process masking detected 676 services.exe
 >>>> Process masking detected 692 lsass.exe
 >>>> Process masking detected 700 lsm.exe
 >>>> Process masking detected 820 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 900 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 968 cmdagent.exe
 >>>> Process masking detected 1000 winlogon.exe
 >>>> Process masking detected 440 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 508 MsMpEng.exe
 >>>> Process masking detected 816 atiesrxx.exe
 >>>> Process masking detected 1148 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 1188 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 1236 FAService.exe
 >>>> Process masking detected 1288 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 1320 stacsv64.exe
 >>>> Process masking detected 1380 audiodg.exe
 >>>> Process masking detected 1568 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 1724 atieclxx.exe
 >>>> Process masking detected 1820 C:\Windows\system32\wlanext.exe
 >>>> Process masking detected 1828 conhost.exe
 >>>> Process masking detected 1932 spoolsv.exe
 >>>> Process masking detected 1972 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 1296 AESTSr64.exe
 >>>> Process masking detected 1464 AlienFusionService.exe
 >>>> Process masking detected 2348 AppleMobileDeviceService.exe
 >>>> Process masking detected 2384 mDNSResponder.exe
 >>>> Process masking detected 2424 c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
 >>>> Process masking detected 2464 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
 >>>> Process masking detected 2536 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 2568 OSD_Service.exe
 >>>> Process masking detected 2764 InstallFilterService.exe
 >>>> Process masking detected 2784 NBService.exe
 >>>> Process masking detected 3064 taskhost.exe
 >>>> Process masking detected 2152 dwm.exe
 >>>> Process masking detected 1520 C:\Windows\system32\PSIService.exe
 >>>> Process masking detected 2244 C:\Windows\system32\explorer.exe
 >>>> Process masking detected 2252 C:\Windows\system32\taskeng.exe
 >>>> Process masking detected 2660 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
 >>>> Process masking detected 2688 SftService.exe
 >>>> Process masking detected 2856 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 1504 IAANTmon.exe
 >>>> Process masking detected 3336 unsecapp.exe
 >>>> Process masking detected 3436 C:\Windows\System32\Wbem\WmiPrvSE.exe
 >>>> Process masking detected 3480 C:\Windows\System32\Wbem\WmiPrvSE.exe
 >>>> Process masking detected 3768 AlienFusionController.exe
 >>>> Process masking detected 4052 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 3960 Toaster.exe
 >>>> Process masking detected 2952 SynTPEnh.exe
 >>>> Process masking detected 3472 sttray64.exe
 >>>> Process masking detected 3892 jusched.exe
 >>>> Process masking detected 3880 AlienwareAlienFXController.exe
 >>>> Process masking detected 2132 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
 >>>> Process masking detected 3800 IAAnotif.exe
 >>>> Process masking detected 3596 FF_Protection.exe
 >>>> Process masking detected 3580 msseces.exe
 >>>> Process masking detected 3592 cfp.exe
 >>>> Process masking detected 3700 msnmsgr.exe
 >>>> Process masking detected 4184 SynTPHelper.exe
 >>>> Process masking detected 4232 uTorrent.exe
 >>>> Process masking detected 4428 c:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
 >>>> Process masking detected 4532 FATrayMon.exe
 >>>> Process masking detected 4572 unsecapp.exe
 >>>> Process masking detected 4712 FATrayAlert.exe
 >>>> Process masking detected 4760 C:\Windows\system32\SearchIndexer.exe
 >>>> Process masking detected 4956 c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
 >>>> Process masking detected 5112 PDVD8Serv.exe
 >>>> Process masking detected 4136 c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
 >>>> Process masking detected 4132 brs.exe
 >>>> Process masking detected 4376 iTunesHelper.exe
 >>>> Process masking detected 4632 issch.exe
 >>>> Process masking detected 4652 realsched.exe
 >>>> Process masking detected 4672 OSD.exe
 >>>> Process masking detected 1028 c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
 >>>> Process masking detected 5332 iPodService.exe
 >>>> Process masking detected 5404 c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 >>>> Process masking detected 5776 AlienFXHook32Mngr.exe
 >>>> Process masking detected 5784 conhost.exe
 >>>> Process masking detected 5808 AlienFXHook64Mngr.exe
 >>>> Process masking detected 5816 conhost.exe
 >>>> Process masking detected 6032 firefox.exe
 >>>> Process masking detected 404 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 6088 wmpnetwk.exe
 >>>> Process masking detected 5948 C:\Windows\system32\svchost.exe
 >>>> Process masking detected 6560 sppsvc.exe
 >>>> Process masking detected 7052 taskhost.exe
 >>>> Process masking detected 5500 avz.exe
 >>>> Process masking detected 3020 TrustedInstaller.exe
 >>>> Process masking detected 1020 C:\Windows\system32\SearchProtocolHost.exe
 >>>> Process masking detected 4028 C:\Windows\system32\SearchFilterHost.exe
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
Function kernel32.dll:CopyFileA (114) intercepted, method - APICodeHijack.JmpTo[1002CC36]
Function kernel32.dll:CopyFileExA (115) intercepted, method - APICodeHijack.JmpTo[1002CBF6]
Function kernel32.dll:CopyFileExW (116) intercepted, method - APICodeHijack.JmpTo[1002CBD6]
Function kernel32.dll:CopyFileW (119) intercepted, method - APICodeHijack.JmpTo[1002CC16]
Function kernel32.dll:CreateFileA (138) intercepted, method - APICodeHijack.JmpTo[1002CC76]
Function kernel32.dll:CreateFileW (145) intercepted, method - APICodeHijack.JmpTo[1002CC56]
Function kernel32.dll:CreateProcessA (166) intercepted, method - APICodeHijack.JmpTo[10028316]
Function kernel32.dll:CreateProcessW (170) intercepted, method - APICodeHijack.JmpTo[10027786]
Function kernel32.dll:DeleteFileA (213) intercepted, method - APICodeHijack.JmpTo[1002CAF6]
Function kernel32.dll:DeleteFileW (216) intercepted, method - APICodeHijack.JmpTo[1002CAD6]
Function kernel32.dll:GetModuleHandleA (535) intercepted, method - APICodeHijack.JmpTo[1002CAB6]
Function kernel32.dll:GetModuleHandleW (538) intercepted, method - APICodeHijack.JmpTo[1002CA96]
Function kernel32.dll:GetProcAddress (583) intercepted, method - APICodeHijack.JmpTo[1002CD16]
Function kernel32.dll:LoadLibraryA (829) intercepted, method - APICodeHijack.JmpTo[1002CA76]
Function kernel32.dll:LoadLibraryExA (830) intercepted, method - APICodeHijack.JmpTo[1002CCD6]
Function kernel32.dll:LoadLibraryExW (831) intercepted, method - APICodeHijack.JmpTo[1002CCB6]
Function kernel32.dll:LoadLibraryW (832) intercepted, method - APICodeHijack.JmpTo[1002CA56]
Function kernel32.dll:LoadModule (833) intercepted, method - APICodeHijack.JmpTo[1002CCF6]
Function kernel32.dll:MoveFileA (863) intercepted, method - APICodeHijack.JmpTo[1002CBB6]
Function kernel32.dll:MoveFileExA (864) intercepted, method - APICodeHijack.JmpTo[1002CB76]
Function kernel32.dll:MoveFileExW (865) intercepted, method - APICodeHijack.JmpTo[1002CB56]
Function kernel32.dll:MoveFileW (868) intercepted, method - APICodeHijack.JmpTo[1002CB96]
Function kernel32.dll:MoveFileWithProgressA (869) intercepted, method - APICodeHijack.JmpTo[1002CB36]
Function kernel32.dll:MoveFileWithProgressW (870) intercepted, method - APICodeHijack.JmpTo[1002CB16]
Function kernel32.dll:OpenFile (887) intercepted, method - APICodeHijack.JmpTo[1002CC96]
Function kernel32.dll:WinExec (1299) intercepted, method - APICodeHijack.JmpTo[1002CA36]
 Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:LdrGetProcedureAddress (130) intercepted, method - APICodeHijack.JmpTo[1002CD36]
Function ntdll.dll:LdrLoadDll (137) intercepted, method - APICodeHijack.JmpTo[1002A626]
Function ntdll.dll:LdrUnloadDll (161) intercepted, method - APICodeHijack.JmpTo[1001CE36]
Function ntdll.dll:NtAdjustPrivilegesToken (190) intercepted, method - APICodeHijack.JmpTo[100206A6]
Function ntdll.dll:NtAllocateVirtualMemory (197) intercepted, method - APICodeHijack.JmpTo[1002CDF6]
Function ntdll.dll:NtAlpcConnectPort (200) intercepted, method - APICodeHijack.JmpTo[100210C6]
Function ntdll.dll:NtClose (228) intercepted, method - APICodeHijack.JmpTo[1001CD16]
Function ntdll.dll:NtConnectPort (237) intercepted, method - APICodeHijack.JmpTo[10023BF6]
Function ntdll.dll:NtCreateEvent (242) intercepted, method - APICodeHijack.JmpTo[10020256]
Function ntdll.dll:NtCreateFile (244) intercepted, method - APICodeHijack.JmpTo[1002CDB6]
Function ntdll.dll:NtCreateMutant (252) intercepted, method - APICodeHijack.JmpTo[100202A6]
Function ntdll.dll:NtCreateProcess (257) intercepted, method - APICodeHijack.JmpTo[1002CE76]
Function ntdll.dll:NtCreateProcessEx (258) intercepted, method - APICodeHijack.JmpTo[1002CE56]
Function ntdll.dll:NtCreateSection (262) intercepted, method - APICodeHijack.JmpTo[10022A76]
Function ntdll.dll:NtCreateSemaphore (263) intercepted, method - APICodeHijack.JmpTo[10020206]
Function ntdll.dll:NtCreateSymbolicLinkObject (264) intercepted, method - APICodeHijack.JmpTo[100202C6]
Function ntdll.dll:NtCreateThread (265) intercepted, method - APICodeHijack.JmpTo[100243C6]
Function ntdll.dll:NtCreateThreadEx (266) intercepted, method - APICodeHijack.JmpTo[10020D26]
Function ntdll.dll:NtDeleteFile (281) intercepted, method - APICodeHijack.JmpTo[1002CE16]
Function ntdll.dll:NtFreeVirtualMemory (310) intercepted, method - APICodeHijack.JmpTo[1002C486]
Function ntdll.dll:NtLoadDriver (335) intercepted, method - APICodeHijack.JmpTo[1002CDD6]
Function ntdll.dll:NtMakeTemporaryObject (344) intercepted, method - APICodeHijack.JmpTo[10023566]
Function ntdll.dll:NtOpenEvent (357) intercepted, method - APICodeHijack.JmpTo[10020236]
Function ntdll.dll:NtOpenFile (359) intercepted, method - APICodeHijack.JmpTo[1002CD96]
Function ntdll.dll:NtOpenMutant (367) intercepted, method - APICodeHijack.JmpTo[10020286]
Function ntdll.dll:NtOpenSection (374) intercepted, method - APICodeHijack.JmpTo[100230A6]
Function ntdll.dll:NtOpenSemaphore (375) intercepted, method - APICodeHijack.JmpTo[100201E6]
Function ntdll.dll:NtProtectVirtualMemory (395) intercepted, method - APICodeHijack.JmpTo[1002C436]
Function ntdll.dll:NtSetInformationProcess (513) intercepted, method - APICodeHijack.JmpTo[1002CD56]
Function ntdll.dll:NtSetSystemInformation (530) intercepted, method - APICodeHijack.JmpTo[100237A6]
Function ntdll.dll:NtShutdownSystem (540) intercepted, method - APICodeHijack.JmpTo[10020956]
Function ntdll.dll:NtSystemDebugControl (548) intercepted, method - APICodeHijack.JmpTo[10023366]
Function ntdll.dll:NtTerminateProcess (550) intercepted, method - APICodeHijack.JmpTo[10023F66]
Function ntdll.dll:NtTerminateThread (551) intercepted, method - APICodeHijack.JmpTo[10024186]
Function ntdll.dll:NtUnloadDriver (559) intercepted, method - APICodeHijack.JmpTo[1002CD76]
Function ntdll.dll:NtWriteVirtualMemory (598) intercepted, method - APICodeHijack.JmpTo[1002CE36]
Function ntdll.dll:RtlAllocateHeap (645) intercepted, method - APICodeHijack.JmpTo[1002C4D6]
Function ntdll.dll:ZwAdjustPrivilegesToken (1441) intercepted, method - APICodeHijack.JmpTo[100206A6]
Function ntdll.dll:ZwAllocateVirtualMemory (1448) intercepted, method - APICodeHijack.JmpTo[1002CDF6]
Function ntdll.dll:ZwAlpcConnectPort (1451) intercepted, method - APICodeHijack.JmpTo[100210C6]
Function ntdll.dll:ZwClose (1479) intercepted, method - APICodeHijack.JmpTo[1001CD16]
Function ntdll.dll:ZwConnectPort (1488) intercepted, method - APICodeHijack.JmpTo[10023BF6]
Function ntdll.dll:ZwCreateEvent (1493) intercepted, method - APICodeHijack.JmpTo[10020256]
Function ntdll.dll:ZwCreateFile (1495) intercepted, method - APICodeHijack.JmpTo[1002CDB6]
Function ntdll.dll:ZwCreateMutant (1503) intercepted, method - APICodeHijack.JmpTo[100202A6]
Function ntdll.dll:ZwCreateProcess (1508) intercepted, method - APICodeHijack.JmpTo[1002CE76]
Function ntdll.dll:ZwCreateProcessEx (1509) intercepted, method - APICodeHijack.JmpTo[1002CE56]
Function ntdll.dll:ZwCreateSection (1513) intercepted, method - APICodeHijack.JmpTo[10022A76]
Function ntdll.dll:ZwCreateSemaphore (1514) intercepted, method - APICodeHijack.JmpTo[10020206]
Function ntdll.dll:ZwCreateSymbolicLinkObject (1515) intercepted, method - APICodeHijack.JmpTo[100202C6]
Function ntdll.dll:ZwCreateThread (1516) intercepted, method - APICodeHijack.JmpTo[100243C6]
Function ntdll.dll:ZwCreateThreadEx (1517) intercepted, method - APICodeHijack.JmpTo[10020D26]
Function ntdll.dll:ZwDeleteFile (1531) intercepted, method - APICodeHijack.JmpTo[1002CE16]
Function ntdll.dll:ZwFreeVirtualMemory (1560) intercepted, method - APICodeHijack.JmpTo[1002C486]
Function ntdll.dll:ZwLoadDriver (1584) intercepted, method - APICodeHijack.JmpTo[1002CDD6]
Function ntdll.dll:ZwMakeTemporaryObject (1593) intercepted, method - APICodeHijack.JmpTo[10023566]
Function ntdll.dll:ZwOpenEvent (1606) intercepted, method - APICodeHijack.JmpTo[10020236]
Function ntdll.dll:ZwOpenFile (1608) intercepted, method - APICodeHijack.JmpTo[1002CD96]
Function ntdll.dll:ZwOpenMutant (1616) intercepted, method - APICodeHijack.JmpTo[10020286]
Function ntdll.dll:ZwOpenSection (1623) intercepted, method - APICodeHijack.JmpTo[100230A6]
Function ntdll.dll:ZwOpenSemaphore (1624) intercepted, method - APICodeHijack.JmpTo[100201E6]
Function ntdll.dll:ZwProtectVirtualMemory (1644) intercepted, method - APICodeHijack.JmpTo[1002C436]
Function ntdll.dll:ZwSetInformationProcess (1762) intercepted, method - APICodeHijack.JmpTo[1002CD56]
Function ntdll.dll:ZwSetSystemInformation (1779) intercepted, method - APICodeHijack.JmpTo[100237A6]
Function ntdll.dll:ZwShutdownSystem (1789) intercepted, method - APICodeHijack.JmpTo[10020956]
Function ntdll.dll:ZwSystemDebugControl (1797) intercepted, method - APICodeHijack.JmpTo[10023366]
Function ntdll.dll:ZwTerminateProcess (1799) intercepted, method - APICodeHijack.JmpTo[10023F66]
Function ntdll.dll:ZwTerminateThread (1800) intercepted, method - APICodeHijack.JmpTo[10024186]
Function ntdll.dll:ZwUnloadDriver (1808) intercepted, method - APICodeHijack.JmpTo[1002CD76]
Function ntdll.dll:ZwWriteVirtualMemory (1847) intercepted, method - APICodeHijack.JmpTo[1002CE36]
 Analysis: user32.dll, export table found in section .text
Function user32.dll:BlockInput (1517) intercepted, method - APICodeHijack.JmpTo[10018176]
Function user32.dll:DefDlgProcA (1657) intercepted, method - ProcAddressHijack.GetProcAddress ->75B45F5A->775F8944
Function user32.dll:DefDlgProcW (1658) intercepted, method - ProcAddressHijack.GetProcAddress ->75B45F75->775E3F54
Function user32.dll:DefWindowProcA (1664) intercepted, method - ProcAddressHijack.GetProcAddress ->75B45F90->775C2893
Function user32.dll:DefWindowProcW (1665) intercepted, method - ProcAddressHijack.GetProcAddress ->75B45FAB->775B247D
Function user32.dll:EnableWindow (1725) intercepted, method - APICodeHijack.JmpTo[10017A96]
Function user32.dll:EndTask (1730) intercepted, method - APICodeHijack.JmpTo[1002E3B6]
Function user32.dll:ExitWindowsEx (1754) intercepted, method - APICodeHijack.JmpTo[10017886]
Function user32.dll:GetAsyncKeyState (1772) intercepted, method - APICodeHijack.JmpTo[10018D16]
Function user32.dll:GetClipboardData (1787) intercepted, method - APICodeHijack.JmpTo[10017F66]
Function user32.dll:GetKeyState (1826) intercepted, method - APICodeHijack.JmpTo[10018FC6]
Function user32.dll:GetKeyboardState (1831) intercepted, method - APICodeHijack.JmpTo[10019276]
Function user32.dll:MoveWindow (2052) intercepted, method - APICodeHijack.JmpTo[10018816]
Function user32.dll:PostMessageA (2078) intercepted, method - APICodeHijack.JmpTo[1001BAB6]
Function user32.dll:PostMessageW (2079) intercepted, method - APICodeHijack.JmpTo[1001B816]
Function user32.dll:PostThreadMessageA (2081) intercepted, method - APICodeHijack.JmpTo[1001B576]
Function user32.dll:PostThreadMessageW (2082) intercepted, method - APICodeHijack.JmpTo[1001B2D6]
Function user32.dll:RegisterHotKey (2111) intercepted, method - APICodeHijack.JmpTo[10017D36]
Function user32.dll:RegisterRawInputDevices (2115) intercepted, method - APICodeHijack.JmpTo[10018AF6]
Function user32.dll:SendDlgItemMessageA (2139) intercepted, method - APICodeHijack.JmpTo[10019AA6]
Function user32.dll:SendDlgItemMessageW (2140) intercepted, method - APICodeHijack.JmpTo[100197F6]
Function user32.dll:SendInput (2143) intercepted, method - APICodeHijack.JmpTo[10019526]
Function user32.dll:SendMessageA (2144) intercepted, method - APICodeHijack.JmpTo[1001B036]
Function user32.dll:SendMessageCallbackA (2145) intercepted, method - APICodeHijack.JmpTo[1001A556]
Function user32.dll:SendMessageCallbackW (2146) intercepted, method - APICodeHijack.JmpTo[1001A296]
Function user32.dll:SendMessageTimeoutA (2147) intercepted, method - APICodeHijack.JmpTo[1001AAD6]
Function user32.dll:SendMessageTimeoutW (2148) intercepted, method - APICodeHijack.JmpTo[1001A816]
Function user32.dll:SendMessageW (2149) intercepted, method - APICodeHijack.JmpTo[1001AD96]
Function user32.dll:SendNotifyMessageA (2150) intercepted, method - APICodeHijack.JmpTo[10019FF6]
Function user32.dll:SendNotifyMessageW (2151) intercepted, method - APICodeHijack.JmpTo[10019D56]
Function user32.dll:SetClipboardViewer (2160) intercepted, method - APICodeHijack.JmpTo[10018376]
Function user32.dll:SetParent (2191) intercepted, method - APICodeHijack.JmpTo[10018576]
Function user32.dll:SetWinEventHook (2216) intercepted, method - APICodeHijack.JmpTo[1001BD56]
Function user32.dll:SetWindowsHookExA (2231) intercepted, method - APICodeHijack.JmpTo[1001C716]
Function user32.dll:SetWindowsHookExW (2232) intercepted, method - APICodeHijack.JmpTo[1001C4A6]
Function user32.dll:SystemParametersInfoA (2260) intercepted, method - APICodeHijack.JmpTo[1001C286]
Function user32.dll:SystemParametersInfoW (2261) intercepted, method - APICodeHijack.JmpTo[1001C066]
Function user32.dll:keybd_event (2329) intercepted, method - APICodeHijack.JmpTo[1002B966]
Function user32.dll:mouse_event (2330) intercepted, method - APICodeHijack.JmpTo[1002B756]
 Analysis: advapi32.dll, export table found in section .text
Function advapi32.dll:AddMandatoryAce (1029) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB24B5->76FCC334
Function advapi32.dll:CreateProcessAsUserA (1125) intercepted, method - APICodeHijack.JmpTo[10026BE6]
Function advapi32.dll:I_QueryTagInformation (1361) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2655->754072D8
Function advapi32.dll:I_ScIsSecurityProcess (1362) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB268C->7540733F
Function advapi32.dll:I_ScPnPGetServiceName (1363) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB26C3->75407C40
Function advapi32.dll:I_ScQueryServiceConfig (1364) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB26FA->75405F8A
Function advapi32.dll:I_ScSendPnPMessage (1365) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2732->75405E7D
Function advapi32.dll:I_ScSendTSMessage (1366) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2766->754071C5
Function advapi32.dll:I_ScValidatePnPService (1369) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2799->75406B9D
Function advapi32.dll:IsValidRelativeSecurityDescriptor (1389) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB27D1->76FCC5DF
Function advapi32.dll:PerfCreateInstance (1515) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2858->65552187
Function advapi32.dll:PerfDecrementULongCounterValue (1516) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2871->65552A1D
Function advapi32.dll:PerfDecrementULongLongCounterValue (1517) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2896->65552B3C
Function advapi32.dll:PerfDeleteInstance (1519) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB28BF->65552259
Function advapi32.dll:PerfIncrementULongCounterValue (1522) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB28D8->655527B9
Function advapi32.dll:PerfIncrementULongLongCounterValue (1523) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB28FD->655528D6
Function advapi32.dll:PerfQueryInstance (1528) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2926->65552373
Function advapi32.dll:PerfSetCounterRefValue (1529) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB293E->65552447
Function advapi32.dll:PerfSetCounterSetInfo (1530) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB295B->655520B0
Function advapi32.dll:PerfSetULongCounterValue (1531) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2977->65552565
Function advapi32.dll:PerfSetULongLongCounterValue (1532) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2996->65552680
Function advapi32.dll:PerfStartProvider (1533) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB29B9->65551FED
Function advapi32.dll:PerfStartProviderEx (1534) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB29D1->65551F34
Function advapi32.dll:PerfStopProvider (1535) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB29EB->65552026
Function advapi32.dll:SystemFunction035 (1753) intercepted, method - ProcAddressHijack.GetProcAddress ->75AB2A3C->74DB3EA8
 Analysis: ws2_32.dll, export table found in section .text
Function ws2_32.dll:WSASocketA (99) intercepted, method - APICodeHijack.JmpTo[1002C936]
 Analysis: wininet.dll, export table found in section .text
Function wininet.dll:InternetConnectA (231) intercepted, method - APICodeHijack.JmpTo[1002C976]
Function wininet.dll:InternetConnectW (232) intercepted, method - APICodeHijack.JmpTo[1002C956]
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
Function urlmon.dll:URLDownloadToCacheFileA (216) intercepted, method - APICodeHijack.JmpTo[1002C8B6]
Function urlmon.dll:URLDownloadToCacheFileW (217) intercepted, method - APICodeHijack.JmpTo[1002C896]
Function urlmon.dll:URLDownloadToFileA (218) intercepted, method - APICodeHijack.JmpTo[1002C8F6]
Function urlmon.dll:URLDownloadToFileW (219) intercepted, method - APICodeHijack.JmpTo[1002C8D6]
 Analysis: netapi32.dll, export table found in section .text
Function netapi32.dll:DavAddConnection (1) intercepted, method - ProcAddressHijack.GetProcAddress ->74533B10->652229DD
Function netapi32.dll:DavDeleteConnection (2) intercepted, method - ProcAddressHijack.GetProcAddress ->74533B29->6522181B
Function netapi32.dll:DavFlushFile (3) intercepted, method - ProcAddressHijack.GetProcAddress ->74533B45->65221713
Function netapi32.dll:DavGetExtendedError (4) intercepted, method - ProcAddressHijack.GetProcAddress ->74533B5A->65222347
Function netapi32.dll:DavGetHTTPFromUNCPath (5) intercepted, method - ProcAddressHijack.GetProcAddress ->74533B76->6522275B
Function netapi32.dll:DavGetUNCFromHTTPPath (6) intercepted, method - ProcAddressHijack.GetProcAddress ->74533B94->6522257D
Function netapi32.dll:DsAddressToSiteNamesA (7) intercepted, method - ProcAddressHijack.GetProcAddress ->74533BB2->744C4A4D
Function netapi32.dll:DsAddressToSiteNamesExA (8) intercepted, method - ProcAddressHijack.GetProcAddress ->74533BD1->744C4D79
Function netapi32.dll:DsAddressToSiteNamesExW (9) intercepted, method - ProcAddressHijack.GetProcAddress ->74533BF2->744C5049
Function netapi32.dll:DsAddressToSiteNamesW (10) intercepted, method - ProcAddressHijack.GetProcAddress ->74533C13->744C4C29
Function netapi32.dll:DsDeregisterDnsHostRecordsA (11) intercepted, method - ProcAddressHijack.GetProcAddress ->74533C32->744C6DD9
Function netapi32.dll:DsDeregisterDnsHostRecordsW (12) intercepted, method - ProcAddressHijack.GetProcAddress ->74533C57->744C6D59
Function netapi32.dll:DsEnumerateDomainTrustsA (13) intercepted, method - ProcAddressHijack.GetProcAddress ->74533C7C->744C6771
Function netapi32.dll:DsEnumerateDomainTrustsW (14) intercepted, method - ProcAddressHijack.GetProcAddress ->74533C9E->744B60BC
Function netapi32.dll:DsGetDcCloseW (15) intercepted, method - ProcAddressHijack.GetProcAddress ->74533CC0->744C495D
Function netapi32.dll:DsGetDcNameA (16) intercepted, method - ProcAddressHijack.GetProcAddress ->74533CD7->744C5BB2
Function netapi32.dll:DsGetDcNameW (17) intercepted, method - ProcAddressHijack.GetProcAddress ->74533CED->744B4CA8
Function netapi32.dll:DsGetDcNameWithAccountA (18) intercepted, method - ProcAddressHijack.GetProcAddress ->74533D03->744C55E9
Function netapi32.dll:DsGetDcNameWithAccountW (19) intercepted, method - ProcAddressHijack.GetProcAddress ->74533D24->744B4CD1
Function netapi32.dll:DsGetDcNextA (20) intercepted, method - ProcAddressHijack.GetProcAddress ->74533D45->744C4896
Function netapi32.dll:DsGetDcNextW (21) intercepted, method - ProcAddressHijack.GetProcAddress ->74533D5B->744C47ED
Function netapi32.dll:DsGetDcOpenA (22) intercepted, method - ProcAddressHijack.GetProcAddress ->74533D71->744C473D
Function netapi32.dll:DsGetDcOpenW (23) intercepted, method - ProcAddressHijack.GetProcAddress ->74533D87->744C46AB
Function netapi32.dll:DsGetDcSiteCoverageA (24) intercepted, method - ProcAddressHijack.GetProcAddress ->74533D9D->744C5239
Function netapi32.dll:DsGetDcSiteCoverageW (25) intercepted, method - ProcAddressHijack.GetProcAddress ->74533DBB->744C5409
Function netapi32.dll:DsGetForestTrustInformationW (26) intercepted, method - ProcAddressHijack.GetProcAddress ->74533DD9->744C6E6F
Function netapi32.dll:DsGetSiteNameA (27) intercepted, method - ProcAddressHijack.GetProcAddress ->74533DFF->744C5B39
Function netapi32.dll:DsGetSiteNameW (28) intercepted, method - ProcAddressHijack.GetProcAddress ->74533E17->744B5F24
Function netapi32.dll:DsMergeForestTrustInformationW (29) intercepted, method - ProcAddressHijack.GetProcAddress ->74533E2F->744C6F71
Function netapi32.dll:DsRoleAbortDownlevelServerUpgrade (30) intercepted, method - ProcAddressHijack.GetProcAddress ->74533E57->73B44339
Function netapi32.dll:DsRoleCancel (31) intercepted, method - ProcAddressHijack.GetProcAddress ->74533E80->73B434A9
Function netapi32.dll:DsRoleDcAsDc (32) intercepted, method - ProcAddressHijack.GetProcAddress ->74533E94->73B43EAD
Function netapi32.dll:DsRoleDcAsReplica (33) intercepted, method - ProcAddressHijack.GetProcAddress ->74533EA8->73B43F99
Function netapi32.dll:DsRoleDemoteDc (34) intercepted, method - ProcAddressHijack.GetProcAddress ->74533EC1->73B44189
Function netapi32.dll:DsRoleDnsNameToFlatName (35) intercepted, method - ProcAddressHijack.GetProcAddress ->74533ED7->73B432B5
Function netapi32.dll:DsRoleFreeMemory (36) intercepted, method - ProcAddressHijack.GetProcAddress ->74533EF6->73B419A9
Function netapi32.dll:DsRoleGetDatabaseFacts (37) intercepted, method - ProcAddressHijack.GetProcAddress ->74533F0E->73B43651
Function netapi32.dll:DsRoleGetDcOperationProgress (38) intercepted, method - ProcAddressHijack.GetProcAddress ->74533F2C->73B43351
Function netapi32.dll:DsRoleGetDcOperationResults (39) intercepted, method - ProcAddressHijack.GetProcAddress ->74533F50->73B43401
Function netapi32.dll:DsRoleGetPrimaryDomainInformation (40) intercepted, method - ProcAddressHijack.GetProcAddress ->74533F73->73B41F3D
Function netapi32.dll:DsRoleIfmHandleFree (41) intercepted, method - ProcAddressHijack.GetProcAddress ->74533F9C->73B43539
Function netapi32.dll:DsRoleServerSaveStateForUpgrade (42) intercepted, method - ProcAddressHijack.GetProcAddress ->74533FB7->73B435C9
Function netapi32.dll:DsRoleUpgradeDownlevelServer (43) intercepted, method - ProcAddressHijack.GetProcAddress ->74533FDE->73B44261
Function netapi32.dll:DsValidateSubnetNameA (44) intercepted, method - ProcAddressHijack.GetProcAddress ->74534002->744C5AF9
Function netapi32.dll:DsValidateSubnetNameW (45) intercepted, method - ProcAddressHijack.GetProcAddress ->74534021->744C49E1
Function netapi32.dll:I_BrowserDebugCall (46) intercepted, method - ProcAddressHijack.GetProcAddress ->74534040->71F624A9
Function netapi32.dll:I_BrowserDebugTrace (47) intercepted, method - ProcAddressHijack.GetProcAddress ->7453405B->71F62581
Function netapi32.dll:I_BrowserQueryEmulatedDomains (48) intercepted, method - ProcAddressHijack.GetProcAddress ->74534077->71F629F9
Function netapi32.dll:I_BrowserQueryOtherDomains (49) intercepted, method - ProcAddressHijack.GetProcAddress ->7453409D->71F622C1
Function netapi32.dll:I_BrowserQueryStatistics (50) intercepted, method - ProcAddressHijack.GetProcAddress ->745340C0->71F62651
Function netapi32.dll:I_BrowserResetNetlogonState (51) intercepted, method - ProcAddressHijack.GetProcAddress ->745340E1->71F623D1
Function netapi32.dll:I_BrowserResetStatistics (52) intercepted, method - ProcAddressHijack.GetProcAddress ->74534105->71F62729
Function netapi32.dll:I_BrowserServerEnum (53) intercepted, method - ProcAddressHijack.GetProcAddress ->74534126->71F620BF
Function netapi32.dll:I_BrowserSetNetlogonState (54) intercepted, method - ProcAddressHijack.GetProcAddress ->74534142->71F62919
Function netapi32.dll:I_DsUpdateReadOnlyServerDnsRecords (55) intercepted, method - ProcAddressHijack.GetProcAddress ->74534164->744C5569
Function netapi32.dll:I_NetAccountDeltas (56) intercepted, method - ProcAddressHijack.GetProcAddress ->74534190->744C63AB
Function netapi32.dll:I_NetAccountSync (57) intercepted, method - ProcAddressHijack.GetProcAddress ->745341AC->744C63AB
Function netapi32.dll:I_NetChainSetClientAttributes (59) intercepted, method - ProcAddressHijack.GetProcAddress ->745341C6->744C6FA6
Function netapi32.dll:I_NetChainSetClientAttributes2 (58) intercepted, method - ProcAddressHijack.GetProcAddress ->745341ED->744C7029
Function netapi32.dll:I_NetDatabaseDeltas (60) intercepted, method - ProcAddressHijack.GetProcAddress ->74534215->744C6391
Function netapi32.dll:I_NetDatabaseRedo (61) intercepted, method - ProcAddressHijack.GetProcAddress ->74534232->744C6521
Function netapi32.dll:I_NetDatabaseSync (63) intercepted, method - ProcAddressHijack.GetProcAddress ->7453424D->744C6391
Function netapi32.dll:I_NetDatabaseSync2 (62) intercepted, method - ProcAddressHijack.GetProcAddress ->74534268->744C639E
Function netapi32.dll:I_NetDfsGetVersion (64) intercepted, method - ProcAddressHijack.GetProcAddress ->74534284->74507CA1
Function netapi32.dll:I_NetDfsIsThisADomainName (65) intercepted, method - ProcAddressHijack.GetProcAddress ->7453429E->65214E39
Function netapi32.dll:I_NetGetDCList (66) intercepted, method - ProcAddressHijack.GetProcAddress ->745342BF->744C5D9C
Function netapi32.dll:I_NetGetForestTrustInformation (67) intercepted, method - ProcAddressHijack.GetProcAddress ->745342D7->744C6EF1
Function netapi32.dll:I_NetLogonControl (69) intercepted, method - ProcAddressHijack.GetProcAddress ->745342FF->744C63B8
Function netapi32.dll:I_NetLogonControl2 (68) intercepted, method - ProcAddressHijack.GetProcAddress ->7453431A->744C6439
Function netapi32.dll:I_NetLogonGetDomainInfo (70) intercepted, method - ProcAddressHijack.GetProcAddress ->74534336->744B64A4
Function netapi32.dll:I_NetLogonSamLogoff (71) intercepted, method - ProcAddressHijack.GetProcAddress ->74534357->744C6091
Function netapi32.dll:I_NetLogonSamLogon (72) intercepted, method - ProcAddressHijack.GetProcAddress ->74534374->744C5F39
Function netapi32.dll:I_NetLogonSamLogonEx (73) intercepted, method - ProcAddressHijack.GetProcAddress ->74534390->744C5FE1
Function netapi32.dll:I_NetLogonSamLogonWithFlags (74) intercepted, method - ProcAddressHijack.GetProcAddress ->745343AE->744BB22A
Function netapi32.dll:I_NetLogonSendToSam (75) intercepted, method - ProcAddressHijack.GetProcAddress ->745343D3->744C6111
Function netapi32.dll:I_NetLogonUasLogoff (76) intercepted, method - ProcAddressHijack.GetProcAddress ->745343F0->744C5EC9
Function netapi32.dll:I_NetLogonUasLogon (77) intercepted, method - ProcAddressHijack.GetProcAddress ->7453440D->744C5E53
Function netapi32.dll:I_NetServerAuthenticate (80) intercepted, method - ProcAddressHijack.GetProcAddress ->74534429->744C6191
Function netapi32.dll:I_NetServerAuthenticate2 (78) intercepted, method - ProcAddressHijack.GetProcAddress ->7453444A->744C6211
Function netapi32.dll:I_NetServerAuthenticate3 (79) intercepted, method - ProcAddressHijack.GetProcAddress ->7453446C->744B6393
Function netapi32.dll:I_NetServerGetTrustInfo (81) intercepted, method - ProcAddressHijack.GetProcAddress ->7453448E->744C6C61
Function netapi32.dll:I_NetServerPasswordGet (82) intercepted, method - ProcAddressHijack.GetProcAddress ->745344AF->744C6B61
Function netapi32.dll:I_NetServerPasswordSet (84) intercepted, method - ProcAddressHijack.GetProcAddress ->745344CF->744C6291
Function netapi32.dll:I_NetServerPasswordSet2 (83) intercepted, method - ProcAddressHijack.GetProcAddress ->745344EF->744C6311
Function netapi32.dll:I_NetServerReqChallenge (85) intercepted, method - ProcAddressHijack.GetProcAddress ->74534510->744B6424
Function netapi32.dll:I_NetServerSetServiceBits (86) intercepted, method - ProcAddressHijack.GetProcAddress ->74534531->7450426D
Function netapi32.dll:I_NetServerSetServiceBitsEx (87) intercepted, method - ProcAddressHijack.GetProcAddress ->74534552->74506D11
Function netapi32.dll:I_NetServerTrustPasswordsGet (88) intercepted, method - ProcAddressHijack.GetProcAddress ->74534575->744C6BE1
Function netapi32.dll:I_NetlogonComputeClientDigest (89) intercepted, method - ProcAddressHijack.GetProcAddress ->7453459B->744B5C20
Function netapi32.dll:I_NetlogonComputeServerDigest (90) intercepted, method - ProcAddressHijack.GetProcAddress ->745345C2->744C6AEC
Function netapi32.dll:NetAddAlternateComputerName (97) intercepted, method - ProcAddressHijack.GetProcAddress ->745345E9->744F5B21
Function netapi32.dll:NetAddServiceAccount (98) intercepted, method - ProcAddressHijack.GetProcAddress ->7453460C->744C70B1
Function netapi32.dll:NetApiBufferAllocate (101) intercepted, method - ProcAddressHijack.GetProcAddress ->7453462A->74521415
Function netapi32.dll:NetApiBufferFree (102) intercepted, method - ProcAddressHijack.GetProcAddress ->74534648->745213D2
Function netapi32.dll:NetApiBufferReallocate (103) intercepted, method - ProcAddressHijack.GetProcAddress ->74534662->74523729
Function netapi32.dll:NetApiBufferSize (104) intercepted, method - ProcAddressHijack.GetProcAddress ->74534682->74523771
Function netapi32.dll:NetBrowserStatisticsGet (108) intercepted, method - ProcAddressHijack.GetProcAddress ->7453469C->71F62801
Function netapi32.dll:NetConnectionEnum (112) intercepted, method - ProcAddressHijack.GetProcAddress ->745346BC->74505521
Function netapi32.dll:NetDfsAdd (113) intercepted, method - ProcAddressHijack.GetProcAddress ->745346D5->652178FD
Function netapi32.dll:NetDfsAddFtRoot (114) intercepted, method - ProcAddressHijack.GetProcAddress ->745346E6->65216859
Function netapi32.dll:NetDfsAddRootTarget (115) intercepted, method - ProcAddressHijack.GetProcAddress ->745346FD->65217401
Function netapi32.dll:NetDfsAddStdRoot (116) intercepted, method - ProcAddressHijack.GetProcAddress ->74534718->65212B1E
Function netapi32.dll:NetDfsAddStdRootForced (117) intercepted, method - ProcAddressHijack.GetProcAddress ->74534730->65212BB1
Function netapi32.dll:NetDfsEnum (118) intercepted, method - ProcAddressHijack.GetProcAddress ->7453474E->652170F9
Function netapi32.dll:NetDfsGetClientInfo (119) intercepted, method - ProcAddressHijack.GetProcAddress ->74534760->65213F25
Function netapi32.dll:NetDfsGetDcAddress (120) intercepted, method - ProcAddressHijack.GetProcAddress ->7453477B->65212C51
Function netapi32.dll:NetDfsGetFtContainerSecurity (121) intercepted, method - ProcAddressHijack.GetProcAddress ->74534795->65215363
Function netapi32.dll:NetDfsGetInfo (122) intercepted, method - ProcAddressHijack.GetProcAddress ->745347B9->65212D69
Function netapi32.dll:NetDfsGetSecurity (123) intercepted, method - ProcAddressHijack.GetProcAddress ->745347CE->65217741
Function netapi32.dll:NetDfsGetStdContainerSecurity (124) intercepted, method - ProcAddressHijack.GetProcAddress ->745347E7->65213AD5
Function netapi32.dll:NetDfsGetSupportedNamespaceVersion (125) intercepted, method - ProcAddressHijack.GetProcAddress ->7453480C->65215C19
Function netapi32.dll:NetDfsManagerGetConfigInfo (126) intercepted, method - ProcAddressHijack.GetProcAddress ->74534836->65212E9C
Function netapi32.dll:NetDfsManagerInitialize (127) intercepted, method - ProcAddressHijack.GetProcAddress ->74534858->65212F91
Function netapi32.dll:NetDfsManagerSendSiteInfo (128) intercepted, method - ProcAddressHijack.GetProcAddress ->74534877->652172C5
Function netapi32.dll:NetDfsMove (129) intercepted, method - ProcAddressHijack.GetProcAddress ->74534898->65215651
Function netapi32.dll:NetDfsRemove (130) intercepted, method - ProcAddressHijack.GetProcAddress ->745348AA->65217A19
Function netapi32.dll:NetDfsRemoveFtRoot (131) intercepted, method - ProcAddressHijack.GetProcAddress ->745348BE->65216A99
Function netapi32.dll:NetDfsRemoveFtRootForced (132) intercepted, method - ProcAddressHijack.GetProcAddress ->745348D8->65216BE5
Function netapi32.dll:NetDfsRemoveRootTarget (133) intercepted, method - ProcAddressHijack.GetProcAddress ->745348F8->65215879
Function netapi32.dll:NetDfsRemoveStdRoot (134) intercepted, method - ProcAddressHijack.GetProcAddress ->74534916->65212CE1
Function netapi32.dll:NetDfsRename (135) intercepted, method - ProcAddressHijack.GetProcAddress ->74534931->65212E91
Function netapi32.dll:NetDfsSetClientInfo (136) intercepted, method - ProcAddressHijack.GetProcAddress ->74534945->65214301
Function netapi32.dll:NetDfsSetFtContainerSecurity (137) intercepted, method - ProcAddressHijack.GetProcAddress ->74534960->652153AF
Function netapi32.dll:NetDfsSetInfo (138) intercepted, method - ProcAddressHijack.GetProcAddress ->74534984->65216D8B
Function netapi32.dll:NetDfsSetSecurity (139) intercepted, method - ProcAddressHijack.GetProcAddress ->74534999->65217822
Function netapi32.dll:NetDfsSetStdContainerSecurity (140) intercepted, method - ProcAddressHijack.GetProcAddress ->745349B2->65213B24
Function netapi32.dll:NetEnumerateComputerNames (141) intercepted, method - ProcAddressHijack.GetProcAddress ->745349D7->744F5E39
Function netapi32.dll:NetEnumerateServiceAccounts (142) intercepted, method - ProcAddressHijack.GetProcAddress ->745349F8->744C7199
Function netapi32.dll:NetEnumerateTrustedDomains (143) intercepted, method - ProcAddressHijack.GetProcAddress ->74534A1D->744C652E
Function netapi32.dll:NetFileClose (147) intercepted, method - ProcAddressHijack.GetProcAddress ->74534A41->74505659
Function netapi32.dll:NetFileEnum (148) intercepted, method - ProcAddressHijack.GetProcAddress ->74534A55->74505729
Function netapi32.dll:NetFileGetInfo (149) intercepted, method - ProcAddressHijack.GetProcAddress ->74534A68->74505859
Function netapi32.dll:NetGetAnyDCName (150) intercepted, method - ProcAddressHijack.GetProcAddress ->74534A7E->744C496D
Function netapi32.dll:NetGetDCName (151) intercepted, method - ProcAddressHijack.GetProcAddress ->74534A97->744C5913
Function netapi32.dll:NetGetDisplayInformationIndex (152) intercepted, method - ProcAddressHijack.GetProcAddress ->74534AAD->744E4117
Function netapi32.dll:NetGetJoinInformation (153) intercepted, method - ProcAddressHijack.GetProcAddress ->74534AD2->744F2DC7
Function netapi32.dll:NetGetJoinableOUs (154) intercepted, method - ProcAddressHijack.GetProcAddress ->74534AEF->744F59D1
Function netapi32.dll:NetGroupAdd (155) intercepted, method - ProcAddressHijack.GetProcAddress ->74534B08->744E71C3
Function netapi32.dll:NetGroupAddUser (156) intercepted, method - ProcAddressHijack.GetProcAddress ->74534B1B->744E73AD
Function netapi32.dll:NetGroupDel (157) intercepted, method - ProcAddressHijack.GetProcAddress ->74534B32->744E73CB
Function netapi32.dll:NetGroupDelUser (158) intercepted, method - ProcAddressHijack.GetProcAddress ->74534B45->744E73EB
Function netapi32.dll:NetGroupEnum (159) intercepted, method - ProcAddressHijack.GetProcAddress ->74534B5C->744E7409
Function netapi32.dll:NetGroupGetInfo (160) intercepted, method - ProcAddressHijack.GetProcAddress ->74534B70->744E78C8
Function netapi32.dll:NetGroupGetUsers (161) intercepted, method - ProcAddressHijack.GetProcAddress ->74534B87->744E7952
Function netapi32.dll:NetGroupSetInfo (162) intercepted, method - ProcAddressHijack.GetProcAddress ->74534B9F->744E7C02
Function netapi32.dll:NetGroupSetUsers (163) intercepted, method - ProcAddressHijack.GetProcAddress ->74534BB6->744E7DAE
Function netapi32.dll:NetIsServiceAccount (164) intercepted, method - ProcAddressHijack.GetProcAddress ->74534BCE->744C72D9
Function netapi32.dll:NetJoinDomain (165) intercepted, method - ProcAddressHijack.GetProcAddress ->74534BEB->744F54B9
Function netapi32.dll:NetLocalGroupAdd (166) intercepted, method - ProcAddressHijack.GetProcAddress ->74534C00->744E875A
Function netapi32.dll:NetLocalGroupAddMember (167) intercepted, method - ProcAddressHijack.GetProcAddress ->74534C18->744E8886
Function netapi32.dll:NetLocalGroupAddMembers (168) intercepted, method - ProcAddressHijack.GetProcAddress ->74534C36->744E8E99
Function netapi32.dll:NetLocalGroupDel (169) intercepted, method - ProcAddressHijack.GetProcAddress ->74534C55->744E88A4
Function netapi32.dll:NetLocalGroupDelMember (170) intercepted, method - ProcAddressHijack.GetProcAddress ->74534C6D->744E8928
Function netapi32.dll:NetLocalGroupDelMembers (171) intercepted, method - ProcAddressHijack.GetProcAddress ->74534C8B->744E8EBD
Function netapi32.dll:NetLocalGroupEnum (172) intercepted, method - ProcAddressHijack.GetProcAddress ->74534CAA->744E8946
Function netapi32.dll:NetLocalGroupGetInfo (173) intercepted, method - ProcAddressHijack.GetProcAddress ->74534CC3->744E8CE4
Function netapi32.dll:NetLocalGroupGetMembers (174) intercepted, method - ProcAddressHijack.GetProcAddress ->74534CDF->744E2265
Function netapi32.dll:NetLocalGroupSetInfo (175) intercepted, method - ProcAddressHijack.GetProcAddress ->74534CFE->744E8D57
Function netapi32.dll:NetLocalGroupSetMembers (176) intercepted, method - ProcAddressHijack.GetProcAddress ->74534D1A->744E8E75
Function netapi32.dll:NetLogonGetTimeServiceParentDomain (177) intercepted, method - ProcAddressHijack.GetProcAddress ->74534D39->744C6CE9
Function netapi32.dll:NetLogonSetServiceBits (178) intercepted, method - ProcAddressHijack.GetProcAddress ->74534D65->744B603C
Function netapi32.dll:NetProvisionComputerAccount (184) intercepted, method - ProcAddressHijack.GetProcAddress ->74534D85->651FF2D3
Function netapi32.dll:NetQueryDisplayInformation (185) intercepted, method - ProcAddressHijack.GetProcAddress ->74534DA9->744E3D87
Function netapi32.dll:NetQueryServiceAccount (186) intercepted, method - ProcAddressHijack.GetProcAddress ->74534DCB->744C7249
Function netapi32.dll:NetRemoteComputerSupports (188) intercepted, method - ProcAddressHijack.GetProcAddress ->74534DEB->74522160
Function netapi32.dll:NetRemoteTOD (189) intercepted, method - ProcAddressHijack.GetProcAddress ->74534E0E->74506C11
Function netapi32.dll:NetRemoveAlternateComputerName (190) intercepted, method - ProcAddressHijack.GetProcAddress ->74534E22->744F5C29
Function netapi32.dll:NetRemoveServiceAccount (191) intercepted, method - ProcAddressHijack.GetProcAddress ->74534E48->744C7129
Function netapi32.dll:NetRenameMachineInDomain (192) intercepted, method - ProcAddressHijack.GetProcAddress ->74534E69->744F5751
Function netapi32.dll:NetRequestOfflineDomainJoin (208) intercepted, method - ProcAddressHijack.GetProcAddress ->74534E89->651FB52F
Function netapi32.dll:NetScheduleJobAdd (209) intercepted, method - ProcAddressHijack.GetProcAddress ->74534EAD->651D19D1
Function netapi32.dll:NetScheduleJobDel (210) intercepted, method - ProcAddressHijack.GetProcAddress ->74534EC8->651D1AC9
Function netapi32.dll:NetScheduleJobEnum (211) intercepted, method - ProcAddressHijack.GetProcAddress ->74534EE3->651D1BC1
Function netapi32.dll:NetScheduleJobGetInfo (212) intercepted, method - ProcAddressHijack.GetProcAddress ->74534EFF->651D1CE1
Function netapi32.dll:NetServerAliasAdd (213) intercepted, method - ProcAddressHijack.GetProcAddress ->74534F1E->74507843
Function netapi32.dll:NetServerAliasDel (214) intercepted, method - ProcAddressHijack.GetProcAddress ->74534F37->74507A79
Function netapi32.dll:NetServerAliasEnum (215) intercepted, method - ProcAddressHijack.GetProcAddress ->74534F50->74507931
Function netapi32.dll:NetServerComputerNameAdd (216) intercepted, method - ProcAddressHijack.GetProcAddress ->74534F6A->74507411
Function netapi32.dll:NetServerComputerNameDel (217) intercepted, method - ProcAddressHijack.GetProcAddress ->74534F8A->745076FB
Function netapi32.dll:NetServerDiskEnum (218) intercepted, method - ProcAddressHijack.GetProcAddress ->74534FAA->74506559
Function netapi32.dll:NetServerEnum (219) intercepted, method - ProcAddressHijack.GetProcAddress ->74534FC3->71F62F61
Function netapi32.dll:NetServerEnumEx (220) intercepted, method - ProcAddressHijack.GetProcAddress ->74534FD9->71F62C5F
Function netapi32.dll:NetServerGetInfo (221) intercepted, method - ProcAddressHijack.GetProcAddress ->74534FF1->74503CFA
Function netapi32.dll:NetServerSetInfo (222) intercepted, method - ProcAddressHijack.GetProcAddress ->74535009->74506681
Function netapi32.dll:NetServerTransportAdd (223) intercepted, method - ProcAddressHijack.GetProcAddress ->74535021->74506851
Function netapi32.dll:NetServerTransportAddEx (224) intercepted, method - ProcAddressHijack.GetProcAddress ->7453503E->74507329
Function netapi32.dll:NetServerTransportDel (225) intercepted, method - ProcAddressHijack.GetProcAddress ->7453505D->74506A01
Function netapi32.dll:NetServerTransportEnum (226) intercepted, method - ProcAddressHijack.GetProcAddress ->7453507A->74506AD9
Function netapi32.dll:NetSessionDel (231) intercepted, method - ProcAddressHijack.GetProcAddress ->74535098->74505941
Function netapi32.dll:NetSessionEnum (232) intercepted, method - ProcAddressHijack.GetProcAddress ->745350AD->74505A11
Function netapi32.dll:NetSessionGetInfo (233) intercepted, method - ProcAddressHijack.GetProcAddress ->745350C3->74505B41
Function netapi32.dll:NetSetPrimaryComputerName (234) intercepted, method - ProcAddressHijack.GetProcAddress ->745350DC->744F5D31
Function netapi32.dll:NetShareAdd (235) intercepted, method - ProcAddressHijack.GetProcAddress ->745350FD->74505C81
Function netapi32.dll:NetShareCheck (236) intercepted, method - ProcAddressHijack.GetProcAddress ->74535110->74505E91
Function netapi32.dll:NetShareDel (237) intercepted, method - ProcAddressHijack.GetProcAddress ->74535125->74505F81
Function netapi32.dll:NetShareDelEx (238) intercepted, method - ProcAddressHijack.GetProcAddress ->74535138->74507B61
Function netapi32.dll:NetShareDelSticky (239) intercepted, method - ProcAddressHijack.GetProcAddress ->7453514D->745060D1
Function netapi32.dll:NetShareEnum (240) intercepted, method - ProcAddressHijack.GetProcAddress ->74535166->74503F91
Function netapi32.dll:NetShareEnumSticky (241) intercepted, method - ProcAddressHijack.GetProcAddress ->7453517A->745061C9
Function netapi32.dll:NetShareGetInfo (242) intercepted, method - ProcAddressHijack.GetProcAddress ->74535194->7450433F
Function netapi32.dll:NetShareSetInfo (243) intercepted, method - ProcAddressHijack.GetProcAddress ->745351AB->74506341
Function netapi32.dll:NetUnjoinDomain (245) intercepted, method - ProcAddressHijack.GetProcAddress ->745351C2->744F5641
Function netapi32.dll:NetUseAdd (247) intercepted, method - ProcAddressHijack.GetProcAddress ->745351D9->744F3693
Function netapi32.dll:NetUseDel (248) intercepted, method - ProcAddressHijack.GetProcAddress ->745351EA->744F5FA9
Function netapi32.dll:NetUseEnum (249) intercepted, method - ProcAddressHijack.GetProcAddress ->745351FB->744F3184
Function netapi32.dll:NetUseGetInfo (250) intercepted, method - ProcAddressHijack.GetProcAddress ->7453520D->744F6039
Function netapi32.dll:NetUserAdd (251) intercepted, method - ProcAddressHijack.GetProcAddress ->74535222->744E464F
Function netapi32.dll:NetUserChangePassword (252) intercepted, method - ProcAddressHijack.GetProcAddress ->74535234->744E5A06
Function netapi32.dll:NetUserDel (253) intercepted, method - ProcAddressHijack.GetProcAddress ->74535251->744E4826
Function netapi32.dll:NetUserEnum (254) intercepted, method - ProcAddressHijack.GetProcAddress ->74535263->744E49D6
Function netapi32.dll:NetUserGetGroups (255) intercepted, method - ProcAddressHijack.GetProcAddress ->74535276->744E4E01
Function netapi32.dll:NetUserGetInfo (256) intercepted, method - ProcAddressHijack.GetProcAddress ->7453528E->744E1C60
Function netapi32.dll:NetUserGetLocalGroups (257) intercepted, method - ProcAddressHijack.GetProcAddress ->745352A4->744E2875
Function netapi32.dll:NetUserModalsGet (258) intercepted, method - ProcAddressHijack.GetProcAddress ->745352C1->744E206B
Function netapi32.dll:NetUserModalsSet (259) intercepted, method - ProcAddressHijack.GetProcAddress ->745352D9->744E54AA
Function netapi32.dll:NetUserSetGroups (260) intercepted, method - ProcAddressHijack.GetProcAddress ->745352F1->744E5095
Function netapi32.dll:NetUserSetInfo (261) intercepted, method - ProcAddressHijack.GetProcAddress ->74535309->744E4D1D
Function netapi32.dll:NetValidateName (262) intercepted, method - ProcAddressHijack.GetProcAddress ->7453531F->744F5859
Function netapi32.dll:NetValidatePasswordPolicy (263) intercepted, method - ProcAddressHijack.GetProcAddress ->74535336->744E9967
Function netapi32.dll:NetValidatePasswordPolicyFree (264) intercepted, method - ProcAddressHijack.GetProcAddress ->74535357->744E9B6B
Function netapi32.dll:NetWkstaTransportAdd (267) intercepted, method - ProcAddressHijack.GetProcAddress ->7453537C->744F4E45
Function netapi32.dll:NetWkstaTransportDel (268) intercepted, method - ProcAddressHijack.GetProcAddress ->74535398->744F4F21
Function netapi32.dll:NetWkstaTransportEnum (269) intercepted, method - ProcAddressHijack.GetProcAddress ->745353B4->744F4CF9
Function netapi32.dll:NetWkstaUserEnum (270) intercepted, method - ProcAddressHijack.GetProcAddress ->745353D1->744F4AD1
Function netapi32.dll:NetWkstaUserGetInfo (271) intercepted, method - ProcAddressHijack.GetProcAddress ->745353E9->744F3280
Function netapi32.dll:NetWkstaUserSetInfo (272) intercepted, method - ProcAddressHijack.GetProcAddress ->74535404->744F4C15
Function netapi32.dll:NetapipBufferAllocate (273) intercepted, method - ProcAddressHijack.GetProcAddress ->7453541F->745237AA
Function netapi32.dll:NetpIsRemote (289) intercepted, method - ProcAddressHijack.GetProcAddress ->7453543E->7452382D
Function netapi32.dll:NetpwNameCanonicalize (296) intercepted, method - ProcAddressHijack.GetProcAddress ->74535454->74521C30
Function netapi32.dll:NetpwNameCompare (297) intercepted, method - ProcAddressHijack.GetProcAddress ->74535473->74521F2E
Function netapi32.dll:NetpwNameValidate (298) intercepted, method - ProcAddressHijack.GetProcAddress ->7453548D->74521990
Function netapi32.dll:NetpwPathCanonicalize (299) intercepted, method - ProcAddressHijack.GetProcAddress ->745354A8->7452275D
Function netapi32.dll:NetpwPathCompare (300) intercepted, method - ProcAddressHijack.GetProcAddress ->745354C7->74524086
Function netapi32.dll:NetpwPathType (301) intercepted, method - ProcAddressHijack.GetProcAddress ->745354E1->74522533
Function netapi32.dll:NlBindingAddServerToCache (302) intercepted, method - ProcAddressHijack.GetProcAddress ->745354F8->744B61F8
Function netapi32.dll:NlBindingRemoveServerFromCache (303) intercepted, method - ProcAddressHijack.GetProcAddress ->7453551B->744B5D67
Function netapi32.dll:NlBindingSetAuthInfo (304) intercepted, method - ProcAddressHijack.GetProcAddress ->74535543->744B6198
1.2 Searching for kernel-mode API hooks
 Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
 Number of processes found: 27
Extended process analysis: 2568 C:\Program Files (x86)\OSD\OSD_Service.exe
[ES]:Application has no visible windows
Extended process analysis: 2688 C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 3768 C:\Program Files\Alienware\Command Center\AlienFusionController.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 3960 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 3880 C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 4532 C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 4132 C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 4672 C:\Program Files (x86)\OSD\OSD.exe
[ES]:Program code includes networking-related functionality
Extended process analysis: 1028 c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
[ES]:Application has no visible windows
Extended process analysis: 5776 C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
[ES]:Application has no visible windows
 Number of modules loaded: 326
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 353, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 06.10.2010 23:34:45
Time of scanning: 00:00:37
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Remote Desktop Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery)
Performance tweaking: disable service Schedule (Task Scheduler)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
UDP ports