Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files (x86)\internet explorer\iexplore.exe Script: Quarantine, Delete, Delete via BC, Terminate	3008	Internet Explorer	© Microsoft Corporation. All rights reserved.	E47457275305DCF57BD49018BEF00517	797.60 kb, rsAh,created: 15.09.2015 20:17:46,modified: 18.08.2015 11:14:51 Command line: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:1192997 /prefetch:2
c:\windows\syswow64\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	1408	Host Process for Windows Services	© Microsoft Corporation. All rights reserved.	54A47F6B5E09A77E61649109C6A08866	20.50 kb, rsAh,created: 14.07.2009 09:19:28,modified: 14.07.2009 11:14:41 Command line: C:\Windows\system32\svchost.exe
Detected:34, recognized as trusted 34

Module name	Handle	Description	Copyright	AVZ0311	Used by processes
C:\Users\martin\AppData\Local\Temp\T3492448012\Tor\LIBEAY32.dll Script: Quarantine, Delete, Delete via BC	1898643456	OpenSSL shared library	Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	MD5=14A257A827BF39458088EB84D71E622D 1932.50 kb, rsAh, created: 12.10.2015 19:18:03, modified: 01.01.2000 00:00:00	1408
C:\Users\martin\AppData\Local\Temp\T3492448012\Tor\SSLEAY32.dll Script: Quarantine, Delete, Delete via BC	1898184704	OpenSSL shared library	Copyright © 1998-2006 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	MD5=730BA27483295616232A9132C6614694 411.00 kb, rsAh, created: 12.10.2015 19:18:03, modified: 01.01.2000 00:00:00	1408
C:\Windows\SysWOW64\Macromed\Flash\Flash32_19_0_0_185.ocx Script: Quarantine, Delete, Delete via BC	1854210048	Adobe Flash Player 19.0 r0	Adobe® Flash® Player. Copyright © 1996-2015 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.	MD5=B036E4AD45684CD76E6CBF6E27FFBE62 17265.70 kb, RsAh, created: 26.09.2015 19:48:27, modified: 26.09.2015 19:48:27	3008
Modules found:133, recognized as trusted 130

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\System32\Drivers\dump_dumpfve.sys error getting file info Script: Quarantine, Delete, Delete via BC	327D000	013000 (77824)
C:\Windows\System32\Drivers\dump_iaStor.sys error getting file info Script: Quarantine, Delete, Delete via BC	2A1E000	3A2000 (3809280)
Modules found - 124, recognized as trusted - 122

Services

Service	Description	Status	File	Group	Dependencies
AdobeActiveFileMonitor12.0 Service: Stop, Delete, Disable, Delete via BC	Adobe Active File Monitor V12	Not started	C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe 176.91 kb, rsAh, created: 03.09.2013 06:27:02, modified: 03.09.2013 06:27:02 Script: Quarantine, Delete, Delete via BC
SkypeUpdate Service: Stop, Delete, Disable, Delete via BC	Skype Updater	Not started	C:\Program Files (x86)\Skype\Updater\Updater.exe 308.10 kb, RsAh, created: 11.12.2014 10:30:48, modified: 11.12.2014 10:30:48 Script: Quarantine, Delete, Delete via BC		RpcSs
WSWNA3100 Service: Stop, Delete, Disable, Delete via BC	WSWNA3100	Not started	C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 278.47 kb, rsAh, created: 13.03.2014 19:34:17, modified: 26.08.2010 17:48:00 Script: Quarantine, Delete, Delete via BC
Detected - 172, recognized as trusted - 169

Drivers

Service	Description	Status	File	Group	Dependencies
ewusbmbb Driver: Unload, Delete, Disable, Delete via BC	HUAWEI USB-WWAN miniport	Not started	C:\Windows\system32\DRIVERS\ewusbwwan.sys error getting file info Script: Quarantine, Delete, Delete via BC	NDIS
huawei_enumerator Driver: Unload, Delete, Disable, Delete via BC	huawei_enumerator	Not started	C:\Windows\system32\DRIVERS\ew_jubusenum.sys error getting file info Script: Quarantine, Delete, Delete via BC	Base
hwdatacard Driver: Unload, Delete, Disable, Delete via BC	Huawei DataCard USB Modem and USB Serial	Not started	C:\Windows\system32\DRIVERS\ewusbmdm.sys error getting file info Script: Quarantine, Delete, Delete via BC
Netaapl Driver: Unload, Delete, Disable, Delete via BC	Apple Mobile Device Ethernet Service	Not started	C:\Windows\system32\DRIVERS\netaapl64.sys 22.00 kb, rsAh, created: 10.09.2012 10:41:06, modified: 10.09.2012 10:41:06 Script: Quarantine, Delete, Delete via BC	NDIS
Detected - 255, recognized as trusted - 251

Autoruns

File name	Status	Startup method	Description
C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe 1367.41 kb, rsAh, created: 03.09.2013 06:27:12, modified: 03.09.2013 06:27:12 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, CAHeadless Delete
C:\Windows\System32\win32k.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\Windows\system32\psxss.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\Windows\system32\sdclt.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath,
C:\Windows\System32\aelupsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll Delete
C:\Windows\System32\appidsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll Delete
C:\Windows\System32\appinfo.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll Delete
C:\Windows\System32\Audiosrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll Delete
C:\Windows\System32\Audiosrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters, ServiceDll Delete
C:\Windows\System32\AxInstSV.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll Delete
C:\Windows\System32\bdesvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BDESVC\Parameters, ServiceDll Delete
C:\Windows\System32\bfe.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll Delete
C:\Windows\System32\qmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll Delete
C:\Windows\System32\browser.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll Delete
C:\Windows\system32\bthserv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll Delete
C:\Windows\System32\defragsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\defragsvc\Parameters, ServiceDll Delete
C:\Windows\system32\diagtrack.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DiagTrack\Parameters, ServiceDll Delete
C:\Windows\System32\dnsrslvr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll Delete
C:\Windows\System32\dot3svc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll Delete
C:\Windows\system32\dps.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DPS\Parameters, ServiceDll Delete
C:\Windows\System32\eapsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EapHost\Parameters, ServiceDll Delete
C:\Windows\system32\fdPHost.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll Delete
C:\Windows\system32\fdrespub.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll Delete
C:\Windows\system32\FntCache.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll Delete
C:\Windows\System32\gpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll Delete
C:\Windows\system32\kmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\hkmsvc\Parameters, ServiceDll Delete
C:\Windows\system32\ListSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll Delete
C:\Windows\System32\ikeext.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll Delete
C:\Windows\system32\ipbusenum.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IPBusEnum\Parameters, ServiceDll Delete
C:\Windows\System32\iphlpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll Delete
C:\Windows\system32\msdtckrm.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll Delete
C:\Windows\system32\srvsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll Delete
C:\Windows\System32\wkssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll Delete
C:\Windows\System32\lltdsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll Delete
C:\Windows\System32\lmhsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll Delete
C:\Windows\system32\Mcx2Svc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Mcx2Svc\Parameters, ServiceDll Delete
C:\Windows\system32\mmcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MMCSS\Parameters, ServiceDll Delete
C:\Windows\system32\mpssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll Delete
C:\Windows\system32\iscsiexe.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll Delete
C:\Windows\system32\qagentRT.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\napagent\Parameters, ServiceDll Delete
C:\Windows\System32\netman.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll Delete
C:\Windows\System32\nlasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll Delete
C:\Windows\system32\nsisvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters, ServiceDll Delete
C:\Windows\system32\p2psvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2psvc\Parameters, ServiceDll Delete
C:\Windows\System32\pcasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll Delete
C:\Windows\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpauto.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll Delete
C:\Windows\System32\ipsecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll Delete
C:\Windows\system32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll Delete
C:\Windows\system32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll Delete
C:\Windows\System32\rasauto.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll Delete
C:\Windows\System32\rasmans.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll Delete
C:\Windows\system32\regsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll Delete
C:\Windows\System32\RpcEpMap.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll Delete
C:\Windows\System32\SCardSvr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll Delete
C:\Windows\system32\schedsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll Delete
C:\Windows\System32\SDRSVC.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters, ServiceDll Delete
C:\Windows\system32\seclogon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll Delete
C:\Windows\system32\sensrsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll Delete
C:\Windows\System32\ipnathlp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll Delete
C:\Windows\system32\sppuinotify.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\sppuinotify\Parameters, ServiceDll Delete
C:\Windows\System32\ssdpsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll Delete
C:\Windows\system32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll Delete
C:\Windows\System32\wiaservc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll Delete
C:\Windows\System32\swprv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll Delete
C:\Windows\System32\TabSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll Delete
C:\Windows\System32\tbssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TBS\Parameters, ServiceDll Delete
C:\Windows\System32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll Delete
C:\Windows\system32\themeservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll Delete
C:\Windows\system32\mmcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\THREADORDER\Parameters, ServiceDll Delete
C:\Windows\System32\trkwks.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll Delete
C:\Windows\System32\uxsms.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UxSms\Parameters, ServiceDll Delete
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll Delete
C:\Windows\System32\wbiosrvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll Delete
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll Delete
C:\Windows\System32\wercplsupport.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll Delete
C:\Windows\System32\WerSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WerSvc\Parameters, ServiceDll Delete
C:\Windows\system32\wbem\WMIsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll Delete
C:\Windows\System32\wlansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters, ServiceDll Delete
C:\Windows\system32\wpdbusenum.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll Delete
C:\Windows\System32\wscsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll Delete
C:\Windows\system32\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll Delete
C:\Windows\System32\WUDFSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll Delete
C:\Windows\System32\wwansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library Delete
C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe 176.91 kb, rsAh, created: 03.09.2013 06:27:02, modified: 03.09.2013 06:27:02 Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Adobe Active File Monitor 12.0, EventMessageFile
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\EventMessages.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Adobe Setup, EventMessageFile
C:\Program Files (x86)\Adobe\Elements 12 Organizer\platform.dll 151.91 kb, rsAh, created: 03.09.2013 06:27:04, modified: 03.09.2013 06:27:04 Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\AdobePlatform, EventMessageFile
C:\Windows\System32\wersvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
C:\Windows\system32\dwm.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
C:\Program Files (x86)\DVD error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile
Maker\DVDMaker.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile
C:\Windows\System32\UI0Detect.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
C:\Windows\system32\fxsevent.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\Windows\System32\AxInstSv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
C:\Windows\system32\BlbEvents.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
C:\Windows\system32\defragsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag, EventMessageFile
C:\Windows\system32\eapsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\System32\MsSpellCheckingFacility.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spell-Checking, EventMessageFile
C:\Windows\System32\MsSpellCheckingFacility.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SpellChecker, EventMessageFile
C:\Windows\System32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
C:\Windows\system32\WINSAT.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
C:\Windows\system32\winsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
C:\Windows\System32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
C:\Windows\System32\wscsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
C:\Program Files (x86)\Skype\Updater\Updater.exe 308.10 kb, RsAh, created: 11.12.2014 10:30:48, modified: 11.12.2014 10:30:48 Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SkypeUpdate, EventMessageFile
C:\Windows\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
C:\Windows\system32\srcore.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore, EventMessageFile
C:\Windows\System32\VSSVC.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS, EventMessageFile
C:\Windows\System32\wersvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc, EventMessageFile
C:\Windows\system32\Wat\WatUX.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies, EventMessageFile
C:\Windows\system32\sdengin2.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup, EventMessageFile
C:\Windows\system32\wsepno.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification, EventMessageFile
C:\Windows\System32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
C:\Windows\System32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
C:\Windows\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
C:\Windows\System32\wevtsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\System32\VSSVC.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
C:\Windows\System32\Drivers\acpi.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\Windows\System32\aelupsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile
C:\Windows\System32\drivers\amdk8.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\Windows\System32\drivers\amdppm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\Windows\System32\drivers\bxvbda.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\Windows\System32\drivers\b57nd60a.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60a, EventMessageFile
C:\Windows\System32\DispCI.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
C:\Windows\System32\drivers\evbda.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\Windows\System32\drivers\fltmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\Windows\System32\Drivers\hidbth.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\Windows\System32\drivers\i8042prt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\Windows\System32\drivers\iaStor.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStor, EventMessageFile
C:\Windows\System32\drivers\iaStorV.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\Windows\System32\drivers\intelppm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\Windows\System32\drivers\ipmidrv.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
C:\Windows\System32\drivers\isapnp.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\Windows\System32\iscsilog.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
C:\Windows\System32\drivers\kbdclass.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\Windows\System32\drivers\kbdhid.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\Windows\System32\lsasrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
C:\Windows\system32\lsm.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM, EventMessageFile
C:\Windows\System32\drivers\HECIx64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MEIx64, EventMessageFile
C:\Windows\system32\fveapi.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile
C:\Windows\system32\drivers\fvevol.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
C:\Windows\system32\qmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
C:\Windows\system32\cofiredm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
C:\Windows\system32\cofiredm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
C:\Windows\System32\samsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
C:\Windows\system32\dfdts.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
C:\Windows\system32\WUDFPlatform.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\System32\wevtsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\system32\drivers\fltmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
C:\Windows\system32\mpssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
C:\Windows\system32\fdphost.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
C:\Windows\system32\gpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
C:\Windows\system32\microsoft-windows-hal-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
C:\Windows\system32\drivers\HTTP.SYS error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
C:\Windows\system32\ipbusenum.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum, EventMessageFile
C:\Windows\system32\iphlpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
C:\Windows\system32\lpksetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
C:\Windows\System32\relpost.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
C:\Windows\System32\mdsched.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
C:\Windows\system32\drivers\mountmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MountMgr, EventMessageFile
C:\Windows\System32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile
C:\Windows\system32\recovery.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery, EventMessageFile
C:\Windows\system32\fdrespub.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
C:\Windows\system32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
C:\Windows\system32\oobe\winsetup.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
C:\Windows\System32\MsSpellCheckingFacility.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Spell-Checking, EventMessageFile
C:\Windows\System32\MsSpellCheckingFacility.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SpellChecker, EventMessageFile
C:\Windows\system32\csrsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
C:\Windows\system32\schedsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
C:\Windows\system32\tbssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS, EventMessageFile
C:\Windows\system32\lsm.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
C:\Windows\system32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
C:\Windows\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
C:\Windows\system32\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
C:\Windows\system32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
C:\Windows\system32\wlansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
C:\Windows\System32\drivers\mouclass.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\Windows\System32\drivers\mouhid.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\Windows\System32\drivers\mpio.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio, EventMessageFile
C:\Windows\System32\iscsiexe.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
C:\Windows\System32\drivers\MTConfig.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
C:\Windows\System32\drivers\nvstor.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\Windows\System32\drivers\parport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\Windows\System32\Drivers\Pcmcia.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\Windows\System32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile
C:\Windows\System32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
C:\Windows\System32\drivers\processr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\Windows\system32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp, EventMessageFile
C:\Windows\System32\drivers\Rt64win7.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RTL8167, EventMessageFile
C:\Windows\System32\samsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
C:\Windows\System32\drivers\sbp2port.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\Windows\System32\lsasrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
C:\Windows\System32\drivers\serial.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\Windows\System32\drivers\sermouse.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\Windows\system32\services.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
C:\Windows\System32\snmptrap.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
C:\Windows\System32\wiaservc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
C:\Windows\System32\drivers\SynTP.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SynTP, EventMessageFile
C:\Windows\System32\tcpmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
C:\Windows\system32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService, EventMessageFile
C:\Windows\System32\drivers\tsusbflt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt, EventMessageFile
C:\Windows\System32\drivers\vgapnp.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vga, EventMessageFile
C:\Windows\System32\vds.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service, EventMessageFile
C:\Windows\System32\Drivers\VolSnap.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
C:\Windows\System32\drivers\wacompen.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\Windows\System32\drivers\wd.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile
C:\Windows\System32\drivers\Wdf01000.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
C:\Windows\System32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc, EventMessageFile
C:\Windows\System32\win32k.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k, EventMessageFile
C:\Program Files (x86)\Windows Defender\MpEvMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
C:\Windows\System32\DFDTS.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName Delete
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName Delete
C:\Windows\System32\mctadmin.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin Delete
C:\Windows\System32\mctadmin.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin Delete
C:\Windows\system32\igfxtray.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, IgfxTray Delete
C:\Windows\system32\hkcmd.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, HotKeysCmds Delete
C:\Windows\system32\igfxpers.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Persistence Delete
igfxdev.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName Delete
C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}, DLLName Delete
auditcse.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
C:\Windows\System32\WUDFHost.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath Delete
Autoruns items found - 689, recognized as trusted - 451

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
error getting file info	Extension module			{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} Delete
error getting file info	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
error getting file info	Extension module			{92780B25-18CC-41C8-B9BE-3C9C571A8263} Delete
Items found - 7, recognized as trusted - 4

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
error getting file info	WebCheck			{E6FB5E20-DE35-11CF-9C87-00AA005127ED} Delete
error getting file info	WLMD Message Handler			{0563DB41-F538-4B37-A92D-4659049B7766} Delete
Items found - 22, recognized as trusted - 20

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
CNBLM4.DLL error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	BJ Language Monitor4
localspl.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Local Port
FXSMON.DLL error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Standard TCP/IP Port
usbmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	USB Monitor
WSDMon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	WSD Port
inetpp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Provider	HTTP Print Services
Items found - 8, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer	Path	Command line	Type
aitagent error getting file info Script: Quarantine, Delete, Delete via BC	AitAgent Script: Delete				C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\	aitagent	64
C:\Windows\ehome\mcupdate error getting file info Script: Quarantine, Delete, Delete via BC	mcupdate Script: Delete				C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\	%SystemRoot%\ehome\mcupdate $(Arg0)	64
C:\Windows\ehome\ehrec error getting file info Script: Quarantine, Delete, Delete via BC	RecordingRestart Script: Delete				C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\	%SystemRoot%\ehome\ehrec /RestartRecording	64
C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe 37.55 kb, rsAh, created: 29.09.2011 09:00:26, modified: 29.09.2011 09:00:26 Script: Quarantine, Delete, Delete via BC	Registration Script: Delete		ESAdvRemIntegrator	Copyright © 2006	C:\Windows\system32\Tasks\	"C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe" Registration ShowMessageTask2D	64
C:\Program Files\Common Files\Outlook error getting file info Script: Quarantine, Delete, Delete via BC	{197A55DE-901A-4F37-9CB2-B677D6668348} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
Express\OUTLOOK.EXE error getting file info Script: Quarantine, Delete, Delete via BC	{197A55DE-901A-4F37-9CB2-B677D6668348} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
C:\Program Files\Common Files\Outlook error getting file info Script: Quarantine, Delete, Delete via BC	{43CB09F9-25ED-4FE8-B033-C84DF455A628} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
Express\OUTLOOK.EXE error getting file info Script: Quarantine, Delete, Delete via BC	{43CB09F9-25ED-4FE8-B033-C84DF455A628} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
C:\Program Files\Common Files\Outlook error getting file info Script: Quarantine, Delete, Delete via BC	{481F428C-14BF-4FA9-9AE3-105676222DF3} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\msimn.exe	64
Express\msimn.exe error getting file info Script: Quarantine, Delete, Delete via BC	{481F428C-14BF-4FA9-9AE3-105676222DF3} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\msimn.exe	64
C:\Program Files\Common Files\Outlook error getting file info Script: Quarantine, Delete, Delete via BC	{57615CFB-BD64-4BF7-B4C9-FFBADDCC4A75} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
Express\OUTLOOK.EXE error getting file info Script: Quarantine, Delete, Delete via BC	{57615CFB-BD64-4BF7-B4C9-FFBADDCC4A75} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
C:\Program Files\Common Files\Outlook error getting file info Script: Quarantine, Delete, Delete via BC	{970169AD-F760-4513-A0EF-9CB6482D4A34} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\msimn.exe	64
Express\msimn.exe error getting file info Script: Quarantine, Delete, Delete via BC	{970169AD-F760-4513-A0EF-9CB6482D4A34} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\msimn.exe	64
C:\Program Files\Common Files\Outlook error getting file info Script: Quarantine, Delete, Delete via BC	{AA7E9A17-4897-41FB-809F-26BBD94FD22A} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
Express\OUTLOOK.EXE error getting file info Script: Quarantine, Delete, Delete via BC	{AA7E9A17-4897-41FB-809F-26BBD94FD22A} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
C:\Program Files\Common Files\Outlook error getting file info Script: Quarantine, Delete, Delete via BC	{D834B2BC-6DEF-49F0-B8C0-6D5E75B16C32} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
Express\OUTLOOK.EXE error getting file info Script: Quarantine, Delete, Delete via BC	{D834B2BC-6DEF-49F0-B8C0-6D5E75B16C32} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\OUTLOOK.EXE	64
C:\Program Files\Common Files\Outlook error getting file info Script: Quarantine, Delete, Delete via BC	{EFF89B66-3779-4876-ACDB-FC5984ACAEA3} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\msimn.exe	64
Express\msimn.exe error getting file info Script: Quarantine, Delete, Delete via BC	{EFF89B66-3779-4876-ACDB-FC5984ACAEA3} Script: Delete				C:\Windows\system32\Tasks\	C:\Program Files\Common Files\Outlook Express\msimn.exe	64
Items found - 98, recognized as trusted - 78

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 9, recognized as trusted - 9

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 10, recognized as trusted - 10
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
139 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49154 LISTENING 0.0.0.0 0 lsass.exe [516]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49155 LISTENING 0.0.0.0 0 services.exe [508]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
C:\Windows\system32\FlashPlayerCPLApp.cpl
139.20 kb, rsAh, created: 15.10.2011 10:58:40, modified: 26.09.2015 19:48:27
Script: Quarantine, Delete, Delete via BC Adobe Flash Player Control Panel Applet Copyright © 1996-2015 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Items found - 19, recognized as trusted - 18

Active Setup

File name Description Manufacturer CLSID
Items found - 8, recognized as trusted - 8

HOSTS file

Hosts file record

Protocols and handlers

File name Type Description Manufacturer CLSID
Items found - 19, recognized as trusted - 19

Shared resources

Network name Path Notes

Suspicious objects

File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.45
Scanning started at 12.10.2015 19:32:27
Database loaded: signatures - 297570, NN profile(s) - 2, malware removal microprograms - 56, signature database released 12.10.2015 04:00
Heuristic microprograms loaded: 411
PVS microprograms loaded: 9
Digital signatures of system files loaded: 759075
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Home Premium", install date 27.08.2013 15:26:56 ; AVZ is run with administrator rights (+)
System Restore: enabled
System booted in Safe Mode with Networking
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error loading driver - operation interrupted [C000035F]
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C000035F]
2. Scanning RAM
 Number of processes found: 5
 Number of modules loaded: 131
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Users\martin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
Direct reading: C:\Users\martin\AppData\Local\Temp\~DF03814029CB4429F4.TMP
Direct reading: C:\Users\martin\AppData\Local\Temp\~DF4F06D44A9ACE471F.TMP
Direct reading: C:\Users\martin\AppData\Local\Temp\~DF69957DBF8C935BBE.TMP
Direct reading: C:\Users\martin\AppData\Local\Temp\~DF701AC153C6DF2603.TMP
Direct reading: C:\Users\martin\AppData\Local\Temp\~DFE05904DF4EE0250B.TMP
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 76806, extracted from archives: 36059, malicious software found 0, suspicions - 0
Scanning finished at 12.10.2015 19:44:19
Time of scanning: 00:11:54
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.66,77.88.55.55,5.255.255.55,5.255.255.5", Ping=OK (0,421,77.88.55.66)
  Host="google.ru", IP="216.58.220.131", Ping=OK (0,51,216.58.220.131)
  Host="google.com", IP="216.58.220.110", Ping=OK (0,40,216.58.220.110)
  Host="www.kaspersky.com", IP="77.74.178.16", Ping=Error (11010,0,0.0.0.0)
  Host="www.kaspersky.ru", IP="93.159.228.17", Ping=Error (11010,0,0.0.0.0)
  Host="dnl-03.geo.kaspersky.com", IP="43.249.37.43", Ping=OK (0,268,43.249.37.43)
  Host="dnl-11.geo.kaspersky.com", IP="43.249.37.43", Ping=OK (0,267,43.249.37.43)
  Host="activation-v2.kaspersky.com", IP="218.213.94.62", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="217.20.156.159,217.20.155.58,217.20.147.94", Ping=OK (0,418,217.20.156.159)
  Host="vk.com", IP="87.240.143.241,87.240.131.117,87.240.131.118", Ping=Error (11010,0,0.0.0.0)
  Host="vkontakte.ru", IP="95.213.4.241,95.213.4.242,95.213.4.243", Ping=OK (0,403,95.213.4.241)
  Host="twitter.com", IP="104.244.42.1,104.244.42.193", Ping=Error (11010,0,0.0.0.0)
  Host="facebook.com", IP="31.13.76.102", Ping=OK (0,242,31.13.76.102)
  Host="ru-ru.facebook.com", IP="", Ping=Error (11010,0,0.0.0.0)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Remote Desktop Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery)
Performance tweaking: disable service Schedule (Task Scheduler)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
139	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49154	LISTENING	0.0.0.0	0	lsass.exe [516] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49155	LISTENING	0.0.0.0	0	services.exe [508] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate