Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\aam updates notifier.exe Script: Quarantine, Delete, Delete via BC, Terminate	4664	AAM Updates Notifier Application	© 2009-2013 Adobe Systems Incorporated and its licensors. All rights reserved.	C2AA1F64FE59B09FA73757CFF57C7F85	1014.16 kb, rsAh,created: 03.02.2015 11:02:34,modified: 03.02.2015 11:02:34 Command line: "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
c:\program files (x86)\acer\abdocs\abdocsdllloader.exe Script: Quarantine, Delete, Delete via BC, Terminate	4240			16BED6F60458FB1844A0C7788A20D0A7	88.25 kb, rsAh,created: 20.11.2014 15:06:04,modified: 20.11.2014 15:06:04 Command line: "C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe"
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe Script: Quarantine, Delete, Delete via BC, Terminate	4304	Adobe Reader and Acrobat Manager		48BE298F7FD1BEF4D8FBACB04D8D95C4	936.11 kb, rsAh,created: 05.09.2013 10:03:58,modified: 05.09.2013 10:03:58 Command line: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
c:\users\laura\desktop\autologger.exe Script: Quarantine, Delete, Delete via BC, Terminate	1448	Automatic log collector	All rights for Autologger reserved by regist & Drongo © Copyright 2013 - 2015	424B2FC01D39D402B9E5DDBAD2C93E16	11873.48 kb, rsAh,created: 19.07.2016 04:33:02,modified: 19.07.2016 15:49:16 Command line: "C:\Users\Laura\Desktop\AutoLogger.exe"
c:\program files (x86)\acer\aop framework\backgroundagent.exe Script: Quarantine, Delete, Delete via BC, Terminate	4704	Background Agent	Copyright (C) 2014	EBB85A418BBB9C528A722BA6DB181B99	60.75 kb, rsAh,created: 17.11.2014 12:56:58,modified: 17.11.2014 12:56:58 Command line: "C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe"
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Script: Quarantine, Delete, Delete via BC, Terminate	5064	Bluetooth Tray Application	Copyright 2000-2012, Broadcom Corporation.	2A1BD2D577B3C126ACD6E743B01F02F3	516.71 kb, rsAh,created: 14.04.2014 19:27:46,modified: 14.04.2014 19:27:46 Command line:
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe Script: Quarantine, Delete, Delete via BC, Terminate	1552	Bluetooth Support Server	Copyright 2000-2012, Broadcom Corporation.	D8378CA4939E1B7C851B71F350B996E7	953.71 kb, rsAh,created: 14.04.2014 19:27:48,modified: 14.04.2014 19:27:48 Command line:
c:\program files (x86)\canon\quick menu\cnqmmain.exe Script: Quarantine, Delete, Delete via BC, Terminate	5336	Canon Quick Menu	Copyright CANON INC. 2012-2015	CB8A6B1FC6F8D1BFBD61C543B4E9F105	1268.02 kb, rsAh,created: 24.03.2016 22:22:48,modified: 20.04.2015 18:45:08 Command line: "C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" /logon
c:\program files (x86)\canon\quick menu\cnqmupdt.exe Script: Quarantine, Delete, Delete via BC, Terminate	2836	Canon Quick Menu Updater	Copyright CANON INC. 2012-2015	2856445077AC4AF54983CE780E431DAE	1063.54 kb, rsAh,created: 21.03.2016 00:40:19,modified: 20.04.2015 18:46:12 Command line: "C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE"
c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe Script: Quarantine, Delete, Delete via BC, Terminate	4428	Dropbox	Dropbox, Inc.	57635D7D9F08DB05EB4FB9BC620A9EEA	23637.35 kb, rsAh,created: 11.07.2016 20:31:57,modified: 05.07.2016 14:00:44 Command line: "C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
c:\program files (x86)\wildtangent games\app\gamesappintegrationservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	6764	WildTangent Games App Integration Service	(c) WildTangent 2013. All rights reserved.	61F268EA52DAC60903C7124A1A27E831	222.56 kb, rsAh,created: 19.11.2014 19:50:36,modified: 19.11.2014 19:50:36 Command line: "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
c:\program files (x86)\acer\screen grasp\gesturedetection.exe Script: Quarantine, Delete, Delete via BC, Terminate	3960	Gesture Detection	(C)All rights reserved.	CB794B5BB7C655F3062C4DB7F29528D9	316.25 kb, rsAh,created: 19.12.2013 14:55:16,modified: 19.12.2013 14:55:16 Command line: "C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe"
c:\program files (x86)\acer\screen grasp\launch screen grasp.exe Script: Quarantine, Delete, Delete via BC, Terminate	7104	Launch Screen Grasp	(c)All rights reserved.	5E1A4E1AC8BDBA684DBC4086274F6A25	39.25 kb, rsAh,created: 19.12.2013 14:55:18,modified: 19.12.2013 14:55:18 Command line: "C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe"
c:\windows\syswow64\rundll32.exe Script: Quarantine, Delete, Delete via BC, Terminate	2472	Windows host process (Rundll32)	© Microsoft Corporation. All rights reserved.	8BFE805555CDAF6387912A34D7978DAA	50.00 kb, rsAh,created: 16.03.2015 14:33:43,modified: 28.10.2014 21:40:50 Command line: "C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
C:\Program Files\Soluto\Soluto.exe Script: Quarantine, Delete, Delete via BC, Terminate	4644	Soluto	Copyright ? Soluto 2012. All rights reserved.	687DF0F802A21FCEC2FDFAA0A11E2957	1223.53 kb, rsAh,created: 18.12.2013 19:14:52,modified: 18.12.2013 19:14:52 Command line:
C:\Program Files\Soluto\SolutoLauncherService.exe Script: Quarantine, Delete, Delete via BC, Terminate	1956	Soluto Launcher Service	Copyright (c) Soluto 2012. All rights reserved.	5F9EAED026D3CB5CA01BA81BB116456F	216.53 kb, rsAh,created: 18.12.2013 19:15:00,modified: 18.12.2013 19:15:00 Command line:
C:\Program Files\Soluto\SolutoService.exe Script: Quarantine, Delete, Delete via BC, Terminate	1984	Soluto	Copyright ? Soluto 2012. All rights reserved.	5D33E1C0A4736BDEB2E836CA2319DA35	663.53 kb, rsAh,created: 18.12.2013 19:14:54,modified: 18.12.2013 19:14:54 Command line:
c:\users\laura\appdata\roaming\spotify\spotify.exe Script: Quarantine, Delete, Delete via BC, Terminate	5028	Spotify	Copyright (c) 2016, Spotify Ltd	2A3AC718B1250E24BA148941838002E8	6751.61 kb, rsAh,created: 26.11.2014 23:33:50,modified: 12.07.2016 14:11:01 Command line: "C:\Users\Laura\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
c:\users\laura\appdata\roaming\spotify\spotify.exe Script: Quarantine, Delete, Delete via BC, Terminate	5848	Spotify	Copyright (c) 2016, Spotify Ltd	2A3AC718B1250E24BA148941838002E8	6751.61 kb, rsAh,created: 26.11.2014 23:33:50,modified: 12.07.2016 14:11:01 Command line: "C:\Users\Laura\AppData\Roaming\Spotify\Spotify.exe" --type=gpu-process --channel="5028.0.729152269\505372514" --no-sandbox --disable-d3d11 --enable-crash-reporter --lang=en-US --log-file="C:\Users\Laura\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.33.106 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,12,13,25,46,54 --gpu-vendor-id=0x8086 --gpu-device-id=0x0a16 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3496 --enable-crash-reporter --lang=en-US --log-file="C:\Users\Laura\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.33.106 --mojo-platform-channel-handle=1412 /prefetch:2
C:\Users\Laura\AppData\Roaming\Spotify\Spotify.exe Script: Quarantine, Delete, Delete via BC, Terminate	5408	Spotify	Copyright (c) 2016, Spotify Ltd	2A3AC718B1250E24BA148941838002E8	6751.61 kb, rsAh,created: 26.11.2014 23:33:50,modified: 12.07.2016 14:11:01 Command line:
c:\users\laura\appdata\roaming\spotify\spotify.exe Script: Quarantine, Delete, Delete via BC, Terminate	9752	Spotify	Copyright (c) 2016, Spotify Ltd	2A3AC718B1250E24BA148941838002E8	6751.61 kb, rsAh,created: 26.11.2014 23:33:50,modified: 12.07.2016 14:11:01 Command line: "C:\Users\Laura\AppData\Roaming\Spotify\Spotify.exe" --type=renderer --disable-pinch --no-sandbox --primordial-pipe-token=CC256AA85E2CC877C3E4FE92C081A74C --lang=en-US --enable-crash-reporter --lang=en-US --log-file="C:\Users\Laura\AppData\Roaming\Spotify\debug.log" --log-severity=disable --product-version=Spotify/1.0.33.106 --disable-extensions --disable-spell-checking --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="5028.2.380195899\1558706611" --mojo-platform-channel-handle=3116 /prefetch:1
c:\users\laura\appdata\roaming\spotify\spotifycrashservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	5248	SpotifyCrashService	Copyright (c) 2016, Spotify Ltd	11DC90ADA12968FA672287C57F498DFC	512.61 kb, rsAh,created: 15.03.2015 00:54:31,modified: 12.07.2016 14:11:01 Command line: "C:\Users\Laura\AppData\Roaming\Spotify\SpotifyCrashService.exe"
c:\users\laura\appdata\roaming\spotify\spotifywebhelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	4888	SpotifyWebHelper	Copyright (c) 2016, Spotify Ltd	5BD320A19EA11F9FDDA3AF9BA3CE1280	1517.61 kb, rsAh,created: 15.03.2015 00:54:31,modified: 12.07.2016 14:11:01 Command line: "C:\Users\Laura\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	1308	Touch Tools	© All rights reserved	F97DF9B53A44222EE2E33732E4E4A138	244.75 kb, rsAh,created: 08.01.2014 22:54:12,modified: 08.01.2014 22:54:12 Command line:
Detected:116, recognized as trusted 99

Module name	Handle	Description	Copyright	AVZ0311	Used by processes
C:\Program Files (x86)\Acer\Screen Grasp\MSVCP110.dll Script: Quarantine, Delete, Delete via BC	1440677888	Microsoft® C Runtime Library	© Microsoft Corporation. All rights reserved.	MD5=F0AD2C8DADA322DE2C9FC26EDC3F6084 513.54 kb, rsAh, created: 03.04.2013 19:16:42, modified: 03.04.2013 19:16:42	7104
C:\Program Files (x86)\Acer\Screen Grasp\MSVCR110.dll Script: Quarantine, Delete, Delete via BC	1496580096	Microsoft® C Runtime Library	© Microsoft Corporation. All rights reserved.	MD5=825542125E9DDE2FD6753950EF414FFC 834.04 kb, rsAh, created: 03.04.2013 19:16:44, modified: 03.04.2013 19:16:44	7104
C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll Script: Quarantine, Delete, Delete via BC	1826029568	CNQMMWRP	Copyright CANON INC. 2012-2015	MD5=85DA313D954357EA5DD86A8F6C57C435 575.00 kb, rsAh, created: 21.03.2016 00:40:19, modified: 20.04.2015 18:06:58	5336
C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll Script: Quarantine, Delete, Delete via BC	1454833664	Multimedia Keys Hook DLL	Copyright 2000-2012, Broadcom Corporation.	MD5=9E92DD1AEF97B06767094269BA3B5029 200.71 kb, rsAh, created: 14.04.2014 19:29:40, modified: 14.04.2014 19:29:40	4304, 5336, 2472, 5028
C:\Users\Laura\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd Script: Quarantine, Delete, Delete via BC	1868365824			MD5=40F8B73C0A1D179BE90DE0C9999EEDB8 120.95 kb, rsAh, created: 11.07.2016 20:32:18, modified: 06.06.2016 21:59:30	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd Script: Quarantine, Delete, Delete via BC	1684537344			MD5=B80A2B1275B25EE97C78165EDAED49B3 21.32 kb, rsAh, created: 11.07.2016 20:32:18, modified: 05.07.2016 14:00:26	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd Script: Quarantine, Delete, Delete via BC	1868234752			MD5=1DFAB50ECCB9A54662E3477F0003CC42 21.33 kb, rsAh, created: 11.07.2016 20:32:18, modified: 05.07.2016 14:00:26	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd Script: Quarantine, Delete, Delete via BC	1484718080			MD5=8038BFB473436F19AE2765400D1C3957 24.32 kb, rsAh, created: 11.07.2016 20:32:18, modified: 05.07.2016 14:00:26	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\_ctypes.pyd Script: Quarantine, Delete, Delete via BC	488243200			MD5=700FF5DA2ADE2EA68CF43BF42F93BC0E 91.45 kb, rsAh, created: 11.07.2016 20:32:18, modified: 06.06.2016 21:58:44	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\_elementtree.pyd Script: Quarantine, Delete, Delete via BC	59375616			MD5=C0545B2DCBAB09A53D9C5F7D3D38E7F5 131.45 kb, rsAh, created: 11.07.2016 20:32:18, modified: 06.06.2016 21:58:44	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd Script: Quarantine, Delete, Delete via BC	7536640			MD5=520E6C799A6C7434E5B2D8943FF137CF 33.95 kb, rsAh, created: 11.07.2016 20:32:19, modified: 06.06.2016 21:58:46	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd Script: Quarantine, Delete, Delete via BC	1675100160			MD5=9CC5FA68DC06E0598A38618E02E9AF08 240.81 kb, rsAh, created: 11.07.2016 20:31:55, modified: 05.07.2016 13:59:54	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd Script: Quarantine, Delete, Delete via BC	1674182656			MD5=99339DDF8BB76977CB6145FE9E4D9319 19.80 kb, rsAh, created: 11.07.2016 20:31:55, modified: 05.07.2016 13:59:54	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd Script: Quarantine, Delete, Delete via BC	1868496896			MD5=D4C03C484F325F1A6C62376E34586A18 20.33 kb, rsAh, created: 11.07.2016 20:31:55, modified: 05.07.2016 13:59:56	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd Script: Quarantine, Delete, Delete via BC	1802371072			MD5=6ECE81F10DD3BFC92CF29A6C912ECE81 1643.32 kb, rsAh, created: 11.07.2016 20:31:55, modified: 05.07.2016 13:59:56	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd Script: Quarantine, Delete, Delete via BC	1868300288			MD5=DD1629C98665A0A226109CEEA4EE1975 20.32 kb, rsAh, created: 11.07.2016 20:31:55, modified: 05.07.2016 13:59:56	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\d3dcompiler_47.dll Script: Quarantine, Delete, Delete via BC	1926103040	Direct3D HLSL Compiler for Redistribution	© Microsoft Corporation. All rights reserved.	MD5=360B2633B110D870C6EC831DE50D1EE6 3377.45 kb, rsAh, created: 11.07.2016 20:31:56, modified: 06.06.2016 22:02:50	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd Script: Quarantine, Delete, Delete via BC	1675558912			MD5=31BC73FD3C9258FF9E8531A3573FB3AD 25.84 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:04	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL Script: Quarantine, Delete, Delete via BC	1873215488			MD5=8E15A7E9DF1593B094473413A4392D4E 82.30 kb, rsAh, created: 11.07.2016 20:31:58, modified: 05.07.2016 14:00:06	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll Script: Quarantine, Delete, Delete via BC	1945698304	Dropbox Shell Extension	(c) Dropbox, Inc. All rights reserved	MD5=D4A8D211F6259005CC54EE5BB4F49E75 206.31 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 13:57:12	4664
C:\Users\Laura\AppData\Roaming\Dropbox\bin\fastpath.pyd Script: Quarantine, Delete, Delete via BC	1687879680			MD5=3E71756A65DE67959D98F31603A5AADB 37.79 kb, rsAh, created: 11.07.2016 20:31:59, modified: 05.07.2016 14:00:06	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\faulthandler.pyd Script: Quarantine, Delete, Delete via BC	1934622720			MD5=0DE80228486F4E98DFCB8E636E6CE873 18.95 kb, rsAh, created: 11.07.2016 20:31:59, modified: 06.06.2016 21:59:26	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\icudt55.dll Script: Quarantine, Delete, Delete via BC	1585315840	ICU Data DLL	Copyright (C) 2015, International Business Machines Corporation and others. All Rights Reserved.	MD5=4228A1F281B6B8B0EC048BA380F634AF 25310.95 kb, rsAh, created: 11.07.2016 20:31:59, modified: 06.06.2016 21:58:50	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\icuin55.dll Script: Quarantine, Delete, Delete via BC	1250951168	ICU I18N DLL	Copyright (C) 2015, International Business Machines Corporation and others. All Rights Reserved.	MD5=7F3E21EEB9282249C733BEA64770E9DB 1643.45 kb, rsAh, created: 11.07.2016 20:31:59, modified: 06.06.2016 21:58:52	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\icuuc55.dll Script: Quarantine, Delete, Delete via BC	110559232	ICU Common DLL	Copyright (C) 2015, International Business Machines Corporation and others. All Rights Reserved.	MD5=CF715BD2C64D276CBF03E35EE3C81596 1137.45 kb, rsAh, created: 11.07.2016 20:31:59, modified: 06.06.2016 21:58:52	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\jpegtran.pyd Script: Quarantine, Delete, Delete via BC	1674379264			MD5=F962BCE135AAD9F8792ED1EB5523E4D6 234.95 kb, rsAh, created: 11.07.2016 20:31:59, modified: 06.06.2016 21:59:28	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\libEGL.dll Script: Quarantine, Delete, Delete via BC	1960574976			MD5=162BD150A1361468E843FF9644C51A0A 17.45 kb, rsAh, created: 11.07.2016 20:31:59, modified: 06.06.2016 22:02:50	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\libGLESv2.dll Script: Quarantine, Delete, Delete via BC	1946681344			MD5=94BFD533EDBD4AD5892D08A46B0C4CA1 1592.95 kb, rsAh, created: 11.07.2016 20:32:00, modified: 06.06.2016 22:02:50	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\librsync.dll Script: Quarantine, Delete, Delete via BC	1922629632			MD5=A9A8A3AB904D767046621DEFB1B3B8A8 35.45 kb, rsAh, created: 11.07.2016 20:32:00, modified: 06.06.2016 22:01:16	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd Script: Quarantine, Delete, Delete via BC	1922695168			MD5=F418A0945933A71949B1D30336FBA86A 23.82 kb, rsAh, created: 11.07.2016 20:32:00, modified: 05.07.2016 14:00:08	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\mmapfile.pyd Script: Quarantine, Delete, Delete via BC	1931280384			MD5=8352464B084D3CE5D3BE6BCD88687893 20.45 kb, rsAh, created: 11.07.2016 20:32:00, modified: 06.06.2016 22:00:42	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\plugins\imageformats\qgif.dll Script: Quarantine, Delete, Delete via BC	1493499904	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=59082385EF6FA6E3DC3B2805271776C6 30.95 kb, rsAh, created: 11.07.2016 20:32:00, modified: 06.06.2016 22:04:32	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll Script: Quarantine, Delete, Delete via BC	1493237760	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=E57BFBA98C7921B41930F40E7FC47649 240.45 kb, rsAh, created: 11.07.2016 20:32:00, modified: 06.06.2016 22:04:34	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll Script: Quarantine, Delete, Delete via BC	1494679552	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=10A2A5001C31CB75C9AB49F36DF9E306 977.95 kb, rsAh, created: 11.07.2016 20:32:01, modified: 06.06.2016 22:04:34	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd Script: Quarantine, Delete, Delete via BC	1802305536			MD5=037D14AC54B84893B421FC02F1D91669 50.80 kb, rsAh, created: 11.07.2016 20:32:02, modified: 05.07.2016 14:00:08	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\pyexpat.pyd Script: Quarantine, Delete, Delete via BC	268435456			MD5=74B52E18FD66F76C46A6FC8C92483268 130.95 kb, rsAh, created: 11.07.2016 20:32:02, modified: 06.06.2016 21:58:42	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd Script: Quarantine, Delete, Delete via BC	1871314944			MD5=87CE336C358384639B0B333ABAB4B439 1783.30 kb, rsAh, created: 11.07.2016 20:32:02, modified: 05.07.2016 14:00:10	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd Script: Quarantine, Delete, Delete via BC	1525284864			MD5=D4DC6864545F493202A767E8FFBD2720 1925.30 kb, rsAh, created: 11.07.2016 20:32:03, modified: 05.07.2016 14:00:10	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd Script: Quarantine, Delete, Delete via BC	1522794496			MD5=326EABA852013B4B4FBEED4AACBAC206 518.80 kb, rsAh, created: 11.07.2016 20:32:04, modified: 05.07.2016 14:00:10	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd Script: Quarantine, Delete, Delete via BC	1497694208			MD5=DA2F83A8E8BED453415A0591B44F01B2 202.80 kb, rsAh, created: 11.07.2016 20:32:04, modified: 05.07.2016 14:00:12	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd Script: Quarantine, Delete, Delete via BC	1445003264			MD5=0D9FF7B2B2F4D6F51F7F4C3B45D5DD6E 349.30 kb, rsAh, created: 11.07.2016 20:32:04, modified: 05.07.2016 14:00:12	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd Script: Quarantine, Delete, Delete via BC	1450508288			MD5=2E7BB791CA1DF2DD264DA61CB7B7AB5A 533.30 kb, rsAh, created: 11.07.2016 20:32:04, modified: 05.07.2016 14:00:12	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd Script: Quarantine, Delete, Delete via BC	1520435200			MD5=4EE8BF1EA7A63919A4622800562F508B 129.80 kb, rsAh, created: 11.07.2016 20:32:05, modified: 05.07.2016 14:00:14	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd Script: Quarantine, Delete, Delete via BC	1498546176			MD5=5CAD8AF592DA64C87026D53E2D5FC48D 218.30 kb, rsAh, created: 11.07.2016 20:32:05, modified: 05.07.2016 14:00:14	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd Script: Quarantine, Delete, Delete via BC	1555759104			MD5=8109DCDD3E55DFA54CB1CD711FA491B5 3836.80 kb, rsAh, created: 11.07.2016 20:32:05, modified: 05.07.2016 14:00:14	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\PYTHON27.DLL Script: Quarantine, Delete, Delete via BC	503316480	Python Core	Copyright © 2001-2015 Python Software Foundation. Copyright © 2000 BeOpen.com. Copyright © 1995-2001 CNRI. Copyright © 1991-1995 SMC.	MD5=694FFBDF5EA75F5531A659A952B487B3 4140.79 kb, rsAh, created: 11.07.2016 20:32:05, modified: 05.07.2016 14:00:16	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\pythoncom27.dll Script: Quarantine, Delete, Delete via BC	1875443712			MD5=29F2941DA79FBEE383555545BFF1BCDF 382.95 kb, rsAh, created: 11.07.2016 20:32:06, modified: 06.06.2016 21:58:40	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\pywintypes27.dll Script: Quarantine, Delete, Delete via BC	1924268032			MD5=EB34EF3EE230DD1243D75EB316ED57EF 113.95 kb, rsAh, created: 11.07.2016 20:32:06, modified: 06.06.2016 21:58:42	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Qt5Core.dll Script: Quarantine, Delete, Delete via BC	1835270144	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=E3BA5F548B2747335012ABAD6A9458A6 4051.45 kb, rsAh, created: 11.07.2016 20:32:06, modified: 06.06.2016 22:02:52	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Qt5Gui.dll Script: Quarantine, Delete, Delete via BC	1546518528	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=57AEFE853E8EA852CFF97DC2719F8B3C 4601.95 kb, rsAh, created: 11.07.2016 20:32:06, modified: 06.06.2016 22:02:54	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Qt5Network.dll Script: Quarantine, Delete, Delete via BC	1520828416	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=1E96A7407543C31F14F081ED994E7768 1879.45 kb, rsAh, created: 11.07.2016 20:32:06, modified: 06.06.2016 22:02:54	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll Script: Quarantine, Delete, Delete via BC	1497956352	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=BD5467C7710B0C8A20E357D39B40E284 266.95 kb, rsAh, created: 11.07.2016 20:32:07, modified: 06.06.2016 22:02:56	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Qt5Qml.dll Script: Quarantine, Delete, Delete via BC	1445396480	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=2150BE83337371DD585CB56BFA7379EC 2524.45 kb, rsAh, created: 11.07.2016 20:32:07, modified: 06.06.2016 22:02:56	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Qt5Quick.dll Script: Quarantine, Delete, Delete via BC	1448017920	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=E3E59105F4607B871EB12E6278A6060A 2359.95 kb, rsAh, created: 11.07.2016 20:32:07, modified: 06.06.2016 22:02:56	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll Script: Quarantine, Delete, Delete via BC	1504313344	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=B132C8CBB2CBAA8F5393D4B8854E3122 14654.45 kb, rsAh, created: 11.07.2016 20:32:08, modified: 06.06.2016 22:03:08	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll Script: Quarantine, Delete, Delete via BC	1498284032	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=EFD6E56927B16E13B51AFFB136CEDF18 192.95 kb, rsAh, created: 11.07.2016 20:32:08, modified: 06.06.2016 22:03:08	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll Script: Quarantine, Delete, Delete via BC	1551302656	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=7E6501284533A6D3E2CD6BD18DAB2ACD 4342.95 kb, rsAh, created: 11.07.2016 20:32:08, modified: 06.06.2016 22:03:10	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll Script: Quarantine, Delete, Delete via BC	1951334400	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=4843B211B64C2B9C3AE09BD42E06FE63 20.45 kb, rsAh, created: 11.07.2016 20:32:16, modified: 06.06.2016 22:04:42	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll Script: Quarantine, Delete, Delete via BC	1945960448			MD5=1891591A83BA919095CE29A72C0D3FCD 680.96 kb, rsAh, created: 11.07.2016 20:32:13, modified: 06.06.2016 22:04:36	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll Script: Quarantine, Delete, Delete via BC	1951203328	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=E2A089B25746F2A7DD2B3F3A63A20EEF 64.96 kb, rsAh, created: 11.07.2016 20:32:15, modified: 06.06.2016 22:04:42	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll Script: Quarantine, Delete, Delete via BC	1951137792	C++ application development framework.	Copyright (C) 2015 The Qt Company Ltd.	MD5=50B903704AB57DF7533863741B428E68 19.95 kb, rsAh, created: 11.07.2016 20:32:15, modified: 06.06.2016 22:04:42	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\select.pyd Script: Quarantine, Delete, Delete via BC	487653376			MD5=61C132999D832BE3743FBD3B593C7098 17.95 kb, rsAh, created: 11.07.2016 20:32:16, modified: 06.06.2016 21:58:44	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\sip.pyd Script: Quarantine, Delete, Delete via BC	1868890112			MD5=C3A46CB0BFA41E23A617B42D0FDCA124 81.95 kb, rsAh, created: 11.07.2016 20:32:16, modified: 06.06.2016 21:59:28	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd Script: Quarantine, Delete, Delete via BC	1921974272			MD5=40B2208C4015CC58100D810644E4265E 19.30 kb, rsAh, created: 11.07.2016 20:32:16, modified: 05.07.2016 14:00:18	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\unicodedata.pyd Script: Quarantine, Delete, Delete via BC	58654720			MD5=100A47F140660C407BF75171700E2BB0 676.45 kb, rsAh, created: 11.07.2016 20:32:16, modified: 06.06.2016 21:58:44	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32api.pyd Script: Quarantine, Delete, Delete via BC	1875902464			MD5=D74DFAE8688B4F77DC9BEC09A27713CA 103.45 kb, rsAh, created: 11.07.2016 20:32:16, modified: 06.06.2016 22:00:42	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32clipboard.pyd Script: Quarantine, Delete, Delete via BC	1683947520			MD5=8CF58657E3B74B72642A2FB7747AC7CC 23.45 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:44	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd Script: Quarantine, Delete, Delete via BC	1875050496			MD5=95B6E0A6B2E7625D8848897387EED23D 372.80 kb, rsAh, created: 11.07.2016 20:32:17, modified: 05.07.2016 14:00:20	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32event.pyd Script: Quarantine, Delete, Delete via BC	1931214848			MD5=57ADCB79C03B966F63E952D2858BA21C 23.95 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:44	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32evtlog.pyd Script: Quarantine, Delete, Delete via BC	1675427840			MD5=322433C732898E995B0E05282C2CC960 56.45 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:44	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32file.pyd Script: Quarantine, Delete, Delete via BC	1684733952			MD5=5D0FD7E398053BE225AA7718053D608C 121.95 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:44	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32gui.pyd Script: Quarantine, Delete, Delete via BC	1683750912			MD5=CAF2C99E8AE1E0CEFA1B1F4979BF161F 171.45 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:44	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32pipe.pyd Script: Quarantine, Delete, Delete via BC	1683685376			MD5=0D99AE5350EACD24065DB944B4E9DB53 29.45 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:46	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32print.pyd Script: Quarantine, Delete, Delete via BC	1493565440			MD5=F733F4B1A44A22FD1AE97E723097CFCA 59.45 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:46	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32process.pyd Script: Quarantine, Delete, Delete via BC	1683619840			MD5=003160DD729DD42A2B2FE3EE7C6518C0 42.45 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:46	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32profile.pyd Script: Quarantine, Delete, Delete via BC	1675362304			MD5=7BAA7DDF4B8A382871D7050EA29E5C03 23.45 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:46	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32security.pyd Script: Quarantine, Delete, Delete via BC	1931083776			MD5=D129C348528F77E00720DB1C276772DE 111.95 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:46	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32service.pyd Script: Quarantine, Delete, Delete via BC	1683554304			MD5=A2AF1188EC36C71F7900EBE08BA1620E 47.45 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:48	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\win32ts.pyd Script: Quarantine, Delete, Delete via BC	1675034624			MD5=202F6FE54C3D43342D223417BE6C3877 27.95 kb, rsAh, created: 11.07.2016 20:32:17, modified: 06.06.2016 22:00:48	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd Script: Quarantine, Delete, Delete via BC	1674969088			MD5=A16D876AD6D4A48FC9BEBFDF72CC4920 20.31 kb, rsAh, created: 11.07.2016 20:32:18, modified: 05.07.2016 14:00:22	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd Script: Quarantine, Delete, Delete via BC	1683488768			MD5=8D1CB326870AAB9F4023EEE6B5F7635A 23.31 kb, rsAh, created: 11.07.2016 20:32:18, modified: 05.07.2016 14:00:22	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd Script: Quarantine, Delete, Delete via BC	1674903552			MD5=91E2921183E5C909B3FD49E187D2B2EC 19.31 kb, rsAh, created: 11.07.2016 20:32:18, modified: 05.07.2016 14:00:22	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd Script: Quarantine, Delete, Delete via BC	1674838016			MD5=85F162CBC60A700433BF1D4365B15F31 20.31 kb, rsAh, created: 11.07.2016 20:32:18, modified: 05.07.2016 14:00:22	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd Script: Quarantine, Delete, Delete via BC	1674117120			MD5=321B19CD60CB94680355E3FD580D6EEF 22.83 kb, rsAh, created: 11.07.2016 20:32:18, modified: 05.07.2016 14:00:24	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd Script: Quarantine, Delete, Delete via BC	1930625024			MD5=1A8E71ADD5DCF1E0E7250BFF792E2B22 21.83 kb, rsAh, created: 11.07.2016 20:32:18, modified: 05.07.2016 14:00:24	4428
C:\Users\Laura\AppData\Roaming\Dropbox\bin\winxpgui.pyd Script: Quarantine, Delete, Delete via BC	1643839488			MD5=A6D98A686E3C052D916852BB50265C37 341.95 kb, rsAh, created: 11.07.2016 20:32:18, modified: 06.06.2016 22:00:48	4428
C:\Users\Laura\AppData\Roaming\Spotify\D3DCompiler_47.dll Script: Quarantine, Delete, Delete via BC	1527316480	Direct3D HLSL Compiler for Redistribution	© Microsoft Corporation. All rights reserved.	MD5=B21BA095ABE7F87D60759581EBE59AA4 3614.11 kb, rsAh, created: 15.03.2015 00:54:31, modified: 12.07.2016 14:11:01	5848
C:\Users\Laura\AppData\Roaming\Spotify\libcef.dll Script: Quarantine, Delete, Delete via BC	1736966144	Chromium Embedded Framework (CEF) Dynamic Link Library	Copyright (C) 2016 The Chromium Embedded Framework Authors	MD5=16457722C676469D1E8066E31536F09E 50822.61 kb, rsAh, created: 15.03.2015 00:54:31, modified: 12.07.2016 14:11:08	5028, 5848, 9752
C:\Users\Laura\AppData\Roaming\Spotify\libegl.dll Script: Quarantine, Delete, Delete via BC	1523384320	ANGLE libEGL Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=B26FBE5F36CBFE71422B87848BC7FE64 85.61 kb, rsAh, created: 15.03.2015 00:54:31, modified: 12.07.2016 14:11:01	5848
C:\Users\Laura\AppData\Roaming\Spotify\libglesv2.dll Script: Quarantine, Delete, Delete via BC	1523515392	ANGLE libGLESv2 Dynamic Link Library	Copyright (C) 2015 Google Inc.	MD5=87963DA84CE9067292444EA22BE5BE7F 1701.11 kb, rsAh, created: 15.03.2015 00:54:31, modified: 12.07.2016 14:11:01	5848
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\dec6b18b4628b3976c17a50272e06e21\System.Configuration.ni.dll Script: Quarantine, Delete, Delete via BC	1519386624	System.Configuration.dll	© Microsoft Corporation. All rights reserved.	MD5=81EFDAD2D05DFB854FAD5EF9BB99F604 955.50 kb, rsAh, created: 17.05.2016 13:53:04, modified: 17.05.2016 13:53:04	4240
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\30869a7c1acf3a4617b86adcf66550ca\System.Drawing.ni.dll Script: Quarantine, Delete, Delete via BC	1934819328	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=9671054E8AFFDD32C8B97095D137C411 1556.00 kb, rsAh, created: 16.05.2016 13:44:40, modified: 16.05.2016 13:44:40	4240, 4704
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0a4fc830ecbdea31bd6cbaf0e931de8f\System.Windows.Forms.ni.dll Script: Quarantine, Delete, Delete via BC	1878982656	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=CEA8E3788F481B257CA1FA9B469C811F 12147.00 kb, rsAh, created: 16.05.2016 13:44:57, modified: 16.05.2016 13:44:57	4240, 4704
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7cc1b35a02cafe07523e0eabd670fac3\System.Xml.ni.dll Script: Quarantine, Delete, Delete via BC	1498808320	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=D69C46C4E0443CDD0C32A0AEF451E71A 5339.00 kb, rsAh, created: 16.05.2016 13:45:06, modified: 16.05.2016 13:45:06	4240
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8c33f01cccbd17232e84bdd620da61d\System.ni.dll Script: Quarantine, Delete, Delete via BC	1891434496	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=92FE230B33C82F3179A87A833C85EB55 7809.00 kb, rsAh, created: 16.05.2016 13:43:20, modified: 16.05.2016 13:43:21	4240, 4704
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2468f7d0d867c165d39f0f071a37974b\PresentationFramework.ni.dll Script: Quarantine, Delete, Delete via BC	1689845760	PresentationFramework.dll	© Microsoft Corporation. All rights reserved.	MD5=D48557B4D2D564868A9056382F58008F 18313.50 kb, rsAh, created: 18.07.2016 23:35:20, modified: 18.07.2016 23:35:21	5336, 2836
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\b36619506a7dd1242973b906f7590bbd\PresentationFramework.Aero2.ni.dll Script: Quarantine, Delete, Delete via BC	1827209216	PresentationFramework.Aero2.dll	© Microsoft Corporation. All rights reserved.	MD5=BEEA1CC8C531532D389218F75169BE41 452.50 kb, rsAh, created: 18.07.2016 23:35:26, modified: 18.07.2016 23:35:26	5336
C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ea3cd7063e71fd050fa6e6124f01da47\PresentationCore.ni.dll Script: Quarantine, Delete, Delete via BC	1708654592	PresentationCore.dll	© Microsoft Corporation. All rights reserved.	MD5=F3C73913DB49AFD2624766EAC5F7B9D9 10756.00 kb, rsAh, created: 18.07.2016 23:34:43, modified: 18.07.2016 23:34:44	5336, 2836
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\63a5347b50dfb4d5be43725141f23119\System.Configuration.ni.dll Script: Quarantine, Delete, Delete via BC	1457717248	System.Configuration.dll	© Microsoft Corporation. All rights reserved.	MD5=9EC85C8DE6497A0118BED026893C2616 945.00 kb, rsAh, created: 18.07.2016 23:35:31, modified: 18.07.2016 23:35:31	5336
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\81ebb7ea56fe0d6fe781148dd818ff4c\System.Core.ni.dll Script: Quarantine, Delete, Delete via BC	1675624448	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=CA0A2899B3B82ECDA7C45727F9AD5C6E 6819.00 kb, rsAh, created: 18.07.2016 19:27:09, modified: 18.07.2016 19:27:09	5336, 2836
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\f2a9644247c1d0eddc967521093b3e87\System.Drawing.ni.dll Script: Quarantine, Delete, Delete via BC	1873346560	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=272FB6474278892548EC1762F829416D 1601.50 kb, rsAh, created: 18.07.2016 23:35:58, modified: 18.07.2016 23:35:58	5336, 2836
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\e3ff5e68cb565d796fb6315f3d442719\System.Runtime.Remoting.ni.dll Script: Quarantine, Delete, Delete via BC	1682636800	Microsoft .NET Runtime Object Remoting	© Microsoft Corporation. All rights reserved.	MD5=CD76996F4650EC169932A911029897CB 778.50 kb, rsAh, created: 18.07.2016 23:37:32, modified: 18.07.2016 23:37:32	5336
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\98247d38980830c0d4aac7ae15c177af\System.Windows.Forms.ni.dll Script: Quarantine, Delete, Delete via BC	1839464448	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=A363D4B5C77F6A4844F431CE063537F9 12595.00 kb, rsAh, created: 18.07.2016 23:38:58, modified: 18.07.2016 23:38:59	5336, 2836
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\68c6ed1e2164f2a475a8b14afbe335d4\System.Xaml.ni.dll Script: Quarantine, Delete, Delete via BC	1687945216	System.Xaml.dll	© Microsoft Corporation. All rights reserved.	MD5=7DBDA106EFE271726E318ACC9A504294 1829.50 kb, rsAh, created: 18.07.2016 23:39:04, modified: 18.07.2016 23:39:04	5336
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\c523432581e28983f20ffe899c1c537d\System.Xml.ni.dll Script: Quarantine, Delete, Delete via BC	1485438976	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=A7CDD102D4335A602544D448FC00E9FA 7604.50 kb, rsAh, created: 18.07.2016 23:39:17, modified: 18.07.2016 23:39:17	5336, 2836
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8e0ad4a4567edbf6d93b095b5d4c27d6\System.ni.dll Script: Quarantine, Delete, Delete via BC	1808007168	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=75CEDC9801230A4B88EB93EDFB2CA85F 9857.00 kb, rsAh, created: 18.07.2016 19:26:54, modified: 18.07.2016 19:26:55	5336, 2836
C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1fbd0444bbbbb4fc405e4695d8416acb\WindowsBase.ni.dll Script: Quarantine, Delete, Delete via BC	1804075008	WindowsBase.dll	© Microsoft Corporation. All rights reserved.	MD5=5ACA7B08AAB7DB6FD352E28B7F96320A 3815.50 kb, rsAh, created: 18.07.2016 23:34:21, modified: 18.07.2016 23:34:21	5336, 2836
Modules found:335, recognized as trusted 228

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\TEMP\cpuz136\cpuz136_x64.sys error getting file info Script: Quarantine, Delete, Delete via BC	397D3000	009000 (36864)
C:\Windows\System32\Drivers\dump_diskdump.sys error getting file info Script: Quarantine, Delete, Delete via BC	392A3000	00C000 (49152)
C:\Windows\System32\Drivers\dump_dumpfve.sys error getting file info Script: Quarantine, Delete, Delete via BC	392AF000	016000 (90112)
C:\Windows\System32\Drivers\dump_iaStorA.sys error getting file info Script: Quarantine, Delete, Delete via BC	376A5000	2B6000 (2842624)
C:\Windows\system32\Drivers\Soluto.sys error getting file info Script: Quarantine, Delete, Delete via BC	37095000	013000 (77824)	Soluto PCGenome Core Driver	Copyright © 2009 Soluto LTD.
Modules found - 158, recognized as trusted - 153

Services

Service	Description	Status	File	Group	Dependencies
btwdins Service: Stop, Delete, Disable, Delete via BC	Bluetooth Service	Running	C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 953.71 kb, rsAh, created: 14.04.2014 19:27:48, modified: 14.04.2014 19:27:48 Script: Quarantine, Delete, Delete via BC
GamesAppIntegrationService Service: Stop, Delete, Disable, Delete via BC	GamesAppIntegrationService	Running	C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe 222.56 kb, rsAh, created: 19.11.2014 19:50:36, modified: 19.11.2014 19:50:36 Script: Quarantine, Delete, Delete via BC		RPCSS
SolutoLauncherService Service: Stop, Delete, Disable, Delete via BC	Soluto Launcher Service	Running	C:\Program Files\Soluto\SolutoLauncherService.exe 216.53 kb, rsAh, created: 18.12.2013 19:15:00, modified: 18.12.2013 19:15:00 Script: Quarantine, Delete, Delete via BC
SolutoService Service: Stop, Delete, Disable, Delete via BC	Soluto PCGenome Core Service	Running	C:\Program Files\Soluto\SolutoService.exe 663.53 kb, rsAh, created: 18.12.2013 19:14:54, modified: 18.12.2013 19:14:54 Script: Quarantine, Delete, Delete via BC
TouchToolsLaunchService Service: Stop, Delete, Disable, Delete via BC	Touch Tools Launch Service	Running	C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe 244.75 kb, rsAh, created: 08.01.2014 22:54:12, modified: 08.01.2014 22:54:12 Script: Quarantine, Delete, Delete via BC
CTService Service: Stop, Delete, Disable, Delete via BC	CTService	Not started	C:\Program Files (x86)\Cold Turkey\CTService.exe 315.50 kb, rsAh, created: 04.03.2015 23:26:24, modified: 18.01.2015 03:20:12 Script: Quarantine, Delete, Delete via BC
GamesAppService Service: Stop, Delete, Disable, Delete via BC	GamesAppService	Not started	C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 253.58 kb, rsAh, created: 14.11.2014 19:45:24, modified: 14.11.2014 19:45:24 Script: Quarantine, Delete, Delete via BC		RPCSS
Detected - 197, recognized as trusted - 190

Drivers

Service	Description	Status	File	Group	Dependencies
cpuz136 Driver: Unload, Delete, Disable, Delete via BC	cpuz136	Running	C:\Windows\TEMP\cpuz136\cpuz136_x64.sys error getting file info Script: Quarantine, Delete, Delete via BC
Soluto Driver: Unload, Delete, Disable, Delete via BC	Soluto	Running	C:\Windows\system32\Drivers\Soluto.sys 53.45 kb, rsAh, created: 26.11.2014 23:14:51, modified: 18.12.2013 19:01:34 Script: Quarantine, Delete, Delete via BC	Activity Monitor	FltMgr
Detected - 287, recognized as trusted - 285

Autoruns

File name	Status	Startup method	Description
C:\Users\Laura\AppData\Roaming\Spotify\SpotifyWebHelper.exe 1517.61 kb, rsAh, created: 15.03.2015 00:54:31, modified: 12.07.2016 14:11:01 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Spotify Web Helper Delete
C:\Windows\System32\StikyNot.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, RESTART_STICKY_NOTES Delete
C:\Users\Laura\AppData\Roaming\Spotify\Spotify.exe 6751.61 kb, rsAh, created: 26.11.2014 23:33:50, modified: 12.07.2016 14:11:01 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Spotify Delete
C:\Windows\System32\win32k.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\Windows\System32\aelupsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll Delete
C:\Windows\System32\appidsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll Delete
C:\Windows\System32\appinfo.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll Delete
C:\Windows\system32\AppReadiness.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppReadiness\Parameters, ServiceDll Delete
C:\Windows\system32\appxdeploymentserver.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppXSvc\Parameters, ServiceDll Delete
C:\Windows\System32\AudioEndpointBuilder.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll Delete
C:\Windows\System32\Audiosrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Audiosrv\Parameters, ServiceDll Delete
C:\Windows\System32\AxInstSV.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll Delete
C:\Windows\System32\bdesvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BDESVC\Parameters, ServiceDll Delete
C:\Windows\System32\bfe.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll Delete
C:\Windows\System32\qmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll Delete
C:\Windows\System32\bisrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\Parameters, ServiceDll Delete
C:\Windows\System32\browser.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll Delete
C:\Windows\System32\BthHFSrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BthHFSrv\Parameters, ServiceDll Delete
C:\Windows\system32\bthserv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll Delete
C:\Windows\system32\cryptsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll Delete
C:\Windows\System32\defragsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\defragsvc\Parameters, ServiceDll Delete
C:\Windows\system32\das.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceAssociationService\Parameters, ServiceDll Delete
C:\Windows\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceInstall\Parameters, ServiceDll Delete
C:\Windows\system32\diagtrack.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DiagTrack\Parameters, ServiceDll Delete
C:\Windows\System32\dnsrslvr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll Delete
C:\Windows\System32\dot3svc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll Delete
C:\Windows\system32\dps.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DPS\Parameters, ServiceDll Delete
C:\Windows\System32\DeviceSetupManager.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DsmSvc\Parameters, ServiceDll Delete
C:\Windows\System32\eapsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eaphost\Parameters, ServiceDll Delete
C:\Windows\system32\efssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EFS\Parameters, ServiceDll Delete
C:\Windows\system32\fdPHost.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll Delete
C:\Windows\system32\fdrespub.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll Delete
C:\Windows\system32\fhsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fhsvc\Parameters, ServiceDll Delete
C:\Windows\system32\FntCache.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll Delete
C:\Windows\System32\gpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll Delete
C:\Windows\system32\kmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\hkmsvc\Parameters, ServiceDll Delete
C:\Windows\system32\ListSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll Delete
C:\Windows\System32\ikeext.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll Delete
C:\Windows\System32\iphlpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll Delete
C:\Windows\system32\msdtckrm.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll Delete
C:\Windows\system32\srvsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll Delete
C:\Windows\System32\wkssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll Delete
C:\Windows\System32\lltdsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll Delete
C:\Windows\System32\lmhsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll Delete
C:\Windows\System32\lsm.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LSM\Parameters, ServiceDll Delete
C:\Windows\system32\mmcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MMCSS\Parameters, ServiceDll Delete
C:\Windows\system32\mpssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll Delete
C:\Windows\system32\iscsiexe.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll Delete
C:\Windows\system32\qagentRT.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\napagent\Parameters, ServiceDll Delete
C:\Windows\System32\ncasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcaSvc\Parameters, ServiceDll Delete
C:\Windows\System32\ncbservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcbService\Parameters, ServiceDll Delete
C:\Windows\System32\NcdAutoSetup.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcdAutoSetup\Parameters, ServiceDll Delete
C:\Windows\System32\netman.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll Delete
C:\Windows\System32\netprofmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\netprofm\Parameters, ServiceDll Delete
C:\Windows\System32\nlasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll Delete
C:\Windows\system32\nsisvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters, ServiceDll Delete
C:\Windows\system32\p2psvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2psvc\Parameters, ServiceDll Delete
C:\Windows\System32\pcasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll Delete
C:\Windows\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpauto.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll Delete
C:\Windows\System32\ipsecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll Delete
C:\Windows\system32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll Delete
C:\Windows\system32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll Delete
C:\Windows\System32\rasauto.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll Delete
C:\Windows\System32\rasmans.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll Delete
C:\Windows\system32\regsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll Delete
C:\Windows\System32\RpcEpMap.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll Delete
C:\Windows\System32\SCardSvr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll Delete
C:\Windows\System32\ScDeviceEnum.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ScDeviceEnum\Parameters, ServiceDll Delete
C:\Windows\system32\schedsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll Delete
C:\Windows\system32\seclogon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll Delete
C:\Windows\System32\sens.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SENS\Parameters, ServiceDll Delete
C:\Windows\system32\sensrsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll Delete
C:\Windows\System32\ipnathlp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll Delete
C:\Windows\System32\ssdpsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll Delete
C:\Windows\system32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll Delete
C:\Windows\System32\wiaservc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll Delete
C:\Windows\system32\svsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\svsvc\Parameters, ServiceDll Delete
C:\Windows\System32\swprv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll Delete
C:\Windows\System32\SystemEventsBrokerServer.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SystemEventsBroker\Parameters, ServiceDll Delete
C:\Windows\System32\TabSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll Delete
C:\Windows\System32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll Delete
C:\Windows\system32\themeservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll Delete
C:\Windows\system32\mmcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\THREADORDER\Parameters, ServiceDll Delete
C:\Windows\System32\TimeBrokerServer.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TimeBroker\Parameters, ServiceDll Delete
C:\Windows\System32\trkwks.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll Delete
C:\Windows\System32\umrdp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UmRdpService\Parameters, ServiceDll Delete
C:\Windows\System32\vaultsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\VaultSvc\Parameters, ServiceDll Delete
C:\Windows\System32\ICSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicguestinterface\Parameters, ServiceDll Delete
C:\Windows\System32\ICSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicheartbeat\Parameters, ServiceDll Delete
C:\Windows\System32\ICSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmickvpexchange\Parameters, ServiceDll Delete
C:\Windows\System32\ICSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicrdv\Parameters, ServiceDll Delete
C:\Windows\System32\ICSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicshutdown\Parameters, ServiceDll Delete
C:\Windows\System32\ICSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmictimesync\Parameters, ServiceDll Delete
C:\Windows\System32\ICSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicvss\Parameters, ServiceDll Delete
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll Delete
C:\Windows\System32\wbiosrvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll Delete
C:\Windows\System32\wcmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wcmsvc\Parameters, ServiceDll Delete
C:\Windows\System32\wcncsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wcncsvc\Parameters, ServiceDll Delete
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll Delete
C:\Windows\system32\wephostsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\Parameters, ServiceDll Delete
C:\Windows\System32\wercplsupport.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll Delete
C:\Windows\System32\WerSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WerSvc\Parameters, ServiceDll Delete
C:\Windows\System32\wiarpc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WiaRpc\Parameters, ServiceDll Delete
C:\Windows\system32\wbem\WMIsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll Delete
C:\Windows\System32\wlansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters, ServiceDll Delete
C:\Windows\system32\wlidsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wlidsvc\Parameters, ServiceDll Delete
C:\Windows\system32\workfolderssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\workfolderssvc\Parameters, ServiceDll Delete
C:\Windows\system32\wpdbusenum.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll Delete
C:\Windows\System32\wscsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll Delete
C:\Windows\System32\WSService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WSService\Parameters, ServiceDll Delete
C:\Windows\system32\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll Delete
C:\Windows\System32\WUDFSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll Delete
C:\Windows\System32\wwansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library Delete
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\EventMessages.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Adobe Setup, EventMessageFile
C:\Windows\System32\wersvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Windows\system32\dwm.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\Windows\System32\UI0Detect.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
C:\Windows\System32\fxsevent.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-Runtime, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-State, EventMessageFile
C:\Windows\System32\AxInstSv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
C:\Windows\system32\BlbEvents.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
C:\Windows\system32\defragsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag, EventMessageFile
C:\Windows\system32\eapsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies, EventMessageFile
C:\Windows\system32\SrEvents.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-System-Restore, EventMessageFile
C:\Windows\System32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User-Loader, EventMessageFile
C:\Windows\system32\WINSAT.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
C:\Windows\system32\winsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
C:\Windows\system32\wbem\WinMgmtR.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WMI, EventMessageFile
C:\Windows\System32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
C:\Windows\System32\wscsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
C:\Windows\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
C:\Windows\system32\srcore.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore, EventMessageFile
C:\Windows\system32\vmicres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\vmicguestinterface, EventMessageFile
C:\Windows\system32\vmicres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\vmicheartbeat, EventMessageFile
C:\Windows\system32\vmicres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\vmickvpexchange, EventMessageFile
C:\Windows\system32\vmicres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\vmicrdv, EventMessageFile
C:\Windows\system32\vmicres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\vmicshutdown, EventMessageFile
C:\Windows\system32\vmicres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\vmictimesync, EventMessageFile
C:\Windows\system32\vmicres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\vmicvss, EventMessageFile
C:\Windows\System32\VSSVC.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS, EventMessageFile
c:\b2adcfef791ed089352c5d\DW\DW20.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\Windows\System32\wersvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc, EventMessageFile
C:\Windows\system32\wsepno.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification, EventMessageFile
C:\Windows\System32\wininit.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wininit, EventMessageFile
C:\Windows\System32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
C:\Windows\System32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
C:\Windows\system32\KMSVC.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service, DisplayNameFile
C:\Windows\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
C:\Windows\System32\wevtsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\System32\VSSVC.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
C:\Windows\System32\Drivers\acpi.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\Windows\System32\aelupsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile
C:\Windows\System32\drivers\amdk8.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\Windows\System32\drivers\amdppm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\Windows\system32\winsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup, EventMessageFile
C:\Windows\system32\AppReadiness.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AppReadiness, EventMessageFile
C:\Windows\System32\drivers\bxvbda.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\Windows\System32\drivers\bcbtums.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\bcbtums, EventMessageFile
C:\Windows\System32\Drivers\BthEnum.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BthEnum, EventMessageFile
C:\Windows\System32\Drivers\BthLEEnum.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BthLEEnum, EventMessageFile
C:\Windows\System32\Drivers\Bthport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT, EventMessageFile
C:\Windows\System32\Drivers\Bthport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\Windows\System32\Drivers\BthUsb.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\Windows\System32\dxgwdi.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
C:\Windows\System32\dmvscres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\dmvsc, EventMessageFile
C:\Windows\System32\drivers\evbda.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\Windows\System32\drivers\fltmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\Windows\System32\drivers\fxppm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FxPPM, EventMessageFile
C:\Windows\System32\Drivers\hidbth.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\Windows\System32\Drivers\hidi2c.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\hidi2c, EventMessageFile
C:\Windows\System32\drivers\i8042prt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\Windows\System32\drivers\iaStorA.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorA, EventMessageFile
C:\Windows\System32\drivers\iaStorAV.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorAV, EventMessageFile
C:\Windows\System32\drivers\iaStorV.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\Windows\System32\drivers\intelppm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\Windows\System32\drivers\ipmidrv.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
C:\Windows\System32\drivers\isapnp.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\Windows\System32\iscsilog.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
C:\Windows\System32\drivers\kbdclass.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\Windows\System32\drivers\kbdhid.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\Windows\System32\lsasrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
C:\Windows\system32\lsm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM, EventMessageFile
C:\Windows\system32\drivers\mbamchameleon.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mbamchameleon, EventMessageFile
C:\Windows\System32\drivers\TeeDriverx64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MEIx64, EventMessageFile
C:\Windows\system32\fveapi.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile
C:\Windows\system32\drivers\fvevol.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
C:\Windows\system32\qmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
C:\Windows\system32\cofiredm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
C:\Windows\system32\cofiredm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
C:\Windows\System32\samsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
C:\Windows\system32\dfdts.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
C:\Windows\system32\WUDFPlatform.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
C:\Windows\System32\Drivers\EhStorTcgDrv.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv, EventMessageFile
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\System32\wevtsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\system32\drivers\exfat.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-exFAT-SQM, EventMessageFile
C:\Windows\system32\drivers\fastfat.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fat-SQM, EventMessageFile
C:\Windows\system32\fthsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap, EventMessageFile
C:\Windows\system32\drivers\fltmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
C:\Windows\system32\mpssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
C:\Windows\system32\fdphost.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
C:\Windows\system32\drivers\msgpioclx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GPIO-ClassExtension, EventMessageFile
C:\Windows\system32\gpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
C:\Windows\system32\microsoft-windows-hal-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
C:\Windows\system32\drivers\HTTP.SYS error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
C:\Windows\system32\oobe\InstallEventRes.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-InstallUX, EventMessageFile
C:\Windows\system32\iphlpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Boot, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-General, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Interrupt-Steering, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-pnp-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-PnP, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
C:\Windows\System32\Drivers\VerifierExt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-XDV, EventMessageFile
C:\Windows\system32\lpksetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
C:\Windows\system32\MemoryDiagnostic.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Memory-Diagnostic-Task-Handler, EventMessageFile
C:\Windows\System32\relpost.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
C:\Windows\System32\mdsched.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
C:\Windows\system32\drivers\mountmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MountMgr, EventMessageFile
C:\Windows\system32\drivers\ndis.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NDIS, EventMessageFile
C:\Windows\system32\drivers\NdisImPlatform.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NdisImPlatformSysEvtProvider, EventMessageFile
C:\Windows\system32\drivers\bridge.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NetworkBridge, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs-SQM, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs-UBPM, EventMessageFile
C:\Windows\system32\drivers\wof.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-OverlayFilter, EventMessageFile
C:\Windows\System32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile
C:\Windows\system32\reseteng.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResetEng, EventMessageFile
C:\Windows\system32\fdrespub.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
C:\Windows\system32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
C:\Windows\system32\drivers\SerCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension, EventMessageFile
C:\Windows\system32\drivers\SerCx2.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension-V2, EventMessageFile
C:\Windows\system32\oobe\winsetup.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
C:\Windows\system32\setupetw.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SetupPlatform, EventMessageFile
C:\Windows\system32\drivers\SpbCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-ClassExtension, EventMessageFile
C:\Windows\system32\drivers\hidi2c.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-HIDI2C, EventMessageFile
C:\Windows\system32\csrsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
C:\Windows\system32\schedsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
C:\Windows\system32\lsm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
C:\Windows\system32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
C:\Windows\system32\drivers\usbxhci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-USBXHCI, EventMessageFile
C:\Windows\system32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserModePowerService, EventMessageFile
C:\Windows\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
C:\Windows\system32\whealogr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WHEA-Logger, EventMessageFile
C:\Windows\System32\pwlauncher.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsToGo-StartupOptions, EventMessageFile
C:\Windows\system32\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
C:\Windows\system32\wininit.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Wininit, EventMessageFile
C:\Windows\system32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
C:\Windows\system32\wlansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
C:\Windows\System32\drivers\mouclass.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\Windows\System32\drivers\mouhid.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\Windows\System32\Drivers\umdf\HidBthLE.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mshidumdf, EventMessageFile
C:\Windows\System32\iscsiexe.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
C:\Windows\System32\drivers\MTConfig.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\Windows\System32\netvscres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\netvsc, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
C:\Windows\System32\drivers\nvstor.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\Windows\System32\drivers\parport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\Windows\System32\Drivers\Pcmcia.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\Windows\System32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
C:\Windows\System32\drivers\processr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\Windows\system32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp, EventMessageFile
C:\Windows\system32\drivers\refs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ReFS, EventMessageFile
C:\Windows\System32\drivers\Rt630x64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RTL8168, EventMessageFile
C:\Windows\System32\samsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
C:\Windows\System32\drivers\sbp2port.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\Windows\System32\lsasrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
C:\Windows\system32\drivers\SerCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx, EventMessageFile
C:\Windows\system32\drivers\SerCx2.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx2, EventMessageFile
C:\Windows\System32\drivers\serial.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\Windows\System32\drivers\sermouse.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\Windows\system32\services.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
C:\Windows\System32\snmptrap.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
C:\Windows\system32\drivers\SpbCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\spbcx, EventMessageFile
C:\Windows\System32\wiaservc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
C:\Windows\System32\vmstorfltres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\storflt, EventMessageFile
C:\Windows\System32\tcpmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
C:\Windows\system32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService, EventMessageFile
C:\Windows\System32\drivers\tpm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TPM, EventMessageFile
C:\Windows\System32\drivers\tsusbflt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt, EventMessageFile
C:\Windows\System32\Drivers\uefi.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UEFI, EventMessageFile
C:\Windows\System32\umrdp.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UmRdpService, EventMessageFile
C:\Windows\System32\Drivers\usbehci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\usbehci, EventMessageFile
C:\Windows\System32\vdsbas.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Basic Provider, EventMessageFile
C:\Windows\System32\vdsdyn.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Dynamic Provider, EventMessageFile
C:\Windows\System32\vdsvd.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Virtual Disk Provider, EventMessageFile
C:\Windows\System32\vds.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service, EventMessageFile
C:\Windows\System32\vmbusres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vmbus, EventMessageFile
C:\Windows\System32\Drivers\VolSnap.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\Windows\System32\drivers\vpci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vpci, EventMessageFile
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
C:\Windows\System32\drivers\wacompen.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\Windows\System32\drivers\Wdf01000.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
C:\Windows\System32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc, EventMessageFile
C:\Windows\System32\win32k.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k, EventMessageFile
C:\Program Files (x86)\Windows Defender\MpEvMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
C:\Windows\System32\DFDTS.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName Delete
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName Delete
C:\Windows\System32\vmictimeprovider.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider, DllName Delete
.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	?	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
c:\program files\soluto\soluto.exe 1223.53 kb, rsAh, created: 18.12.2013 19:14:52, modified: 18.12.2013 19:14:52 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Soluto Delete
auditcse.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{16be69fa-4209-4250-88cb-716cf41954e0}, DLLName Delete
C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}, DLLName Delete
WorkFoldersGPExt.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4d968b55-cac2-4ff5-983f-0a54603781a3}, DLLName Delete
pwlauncher.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}, DLLName Delete
pwlauncher.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C34B2751-1CF4-44F5-9262-C3FC39666591}, DLLName Delete
auditcse.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
C:\Windows\System32\WUDFHost.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath Delete
C:\Program Files (x86)\WIDCOMM\Bluetooth error getting file info Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk,
Software\BTTray.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk,
C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk,
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE error getting file info Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk,
Autoruns items found - 767, recognized as trusted - 437

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
error getting file info	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
error getting file info	Extension module			{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} Delete
Items found - 12, recognized as trusted - 10

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
error getting file info	Contacts folder			{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} Delete
error getting file info	WebCheck			{E6FB5E20-DE35-11CF-9C87-00AA005127ED} Delete
Items found - 26, recognized as trusted - 24

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
CNMLMBX.DLL error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Canon BJ Language Monitor MG2500 series
CNMLMCB.DLL error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Canon BJ Language Monitor MG2900 series
CNMLMB8.DLL error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Canon BJ Language Monitor MG3200 series
localspl.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Local Port
FXSMON.DLL error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Standard TCP/IP Port
usbmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	USB Monitor
WSDMon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	WSD Port
inetpp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Provider	HTTP Print Services
win32spl.dll error getting file info Script: Quarantine, Delete, Delete via BC	Provider	LanMan Print Services
Items found - 10, recognized as trusted - 0

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer	Path	Command line	Type
C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe 39.25 kb, rsAh, created: 19.12.2013 14:55:18, modified: 19.12.2013 14:55:18 Script: Quarantine, Delete, Delete via BC	Launch Screen Grasp_First Script: Delete		Launch Screen Grasp	(c)All rights reserved.	C:\Windows\system32\Tasks\	"C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe"	64
aitagent /increment error getting file info Script: Quarantine, Delete, Delete via BC	AitAgent Script: Delete				C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\	aitagent /increment	64
C:\Windows\system32\MRT.exe error getting file info Script: Quarantine, Delete, Delete via BC	MRT_HB Script: Delete		Microsoft Windows Malicious Software Removal Tool	© Microsoft Corporation. All rights reserved.	C:\Windows\system32\Tasks\Microsoft\Windows\RemovalTools\	C:\Windows\system32\MRT.exe /EHB /Q	64
C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe 24.75 kb, rsAh, created: 19.12.2013 14:55:18, modified: 19.12.2013 14:55:18 Script: Quarantine, Delete, Delete via BC	Prelauncher Script: Delete		InputTask	(c)All rights reserved.	C:\Windows\system32\Tasks\	"C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe"	64
C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe 24.75 kb, rsAh, created: 19.12.2013 14:55:18, modified: 19.12.2013 14:55:18 Script: Quarantine, Delete, Delete via BC	prelauncher_First Script: Delete		InputTask	(c)All rights reserved.	C:\Windows\system32\Tasks\	"C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe"	64
C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe 316.25 kb, rsAh, created: 19.12.2013 14:55:16, modified: 19.12.2013 14:55:16 Script: Quarantine, Delete, Delete via BC	Screen Grasp GestureDetection Script: Delete		Gesture Detection	(C)All rights reserved.	C:\Windows\system32\Tasks\	"C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe"	64
Items found - 92, recognized as trusted - 86

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 8, recognized as trusted - 8

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
139 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
554 LISTENING 0.0.0.0 0 wmpnetwk.exe [6900]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
843 LISTENING 0.0.0.0 0 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
2869 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
4370 LISTENING 0.0.0.0 0 c:\users\laura\appdata\roaming\spotify\spotifywebhelper.exe [4888]
1517.61 kb, rsAh, created: 15.03.2015 00:54:31, modified: 12.07.2016 14:11:01
Script: Quarantine, Delete, Delete via BC, Terminate
4371 LISTENING 0.0.0.0 0 c:\users\laura\appdata\roaming\spotify\spotify.exe [5028]
6751.61 kb, rsAh, created: 26.11.2014 23:33:50, modified: 12.07.2016 14:11:01
Script: Quarantine, Delete, Delete via BC, Terminate
4380 LISTENING 0.0.0.0 0 c:\users\laura\appdata\roaming\spotify\spotifywebhelper.exe [4888]
1517.61 kb, rsAh, created: 15.03.2015 00:54:31, modified: 12.07.2016 14:11:01
Script: Quarantine, Delete, Delete via BC, Terminate
4381 LISTENING 0.0.0.0 0 c:\users\laura\appdata\roaming\spotify\spotify.exe [5028]
6751.61 kb, rsAh, created: 26.11.2014 23:33:50, modified: 12.07.2016 14:11:01
Script: Quarantine, Delete, Delete via BC, Terminate
5354 ESTABLISHED 127.0.0.1 49157 mDNSResponder.exe [1532]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5354 ESTABLISHED 127.0.0.1 49158 mDNSResponder.exe [1532]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5354 LISTENING 0.0.0.0 0 mDNSResponder.exe [1532]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5357 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
10243 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
17600 LISTENING 0.0.0.0 0 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
27015 ESTABLISHED 127.0.0.1 49161 AppleMobileDeviceService.exe [1460]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
27015 LISTENING 0.0.0.0 0 AppleMobileDeviceService.exe [1460]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49152 LISTENING 0.0.0.0 0 wininit.exe [524]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49155 LISTENING 0.0.0.0 0 spoolsv.exe [1264]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49156 LISTENING 0.0.0.0 0 lsass.exe [640]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49157 ESTABLISHED 127.0.0.1 5354 AppleMobileDeviceService.exe [1460]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49158 ESTABLISHED 127.0.0.1 5354 AppleMobileDeviceService.exe [1460]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49159 LISTENING 0.0.0.0 0 services.exe [632]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49161 ESTABLISHED 127.0.0.1 27015 iTunesHelper.exe [4628]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49166 CLOSE_WAIT 108.160.172.236 443 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
49231 ESTABLISHED 127.0.0.1 49232 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
49232 ESTABLISHED 127.0.0.1 49231 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
49238 CLOSE_WAIT 108.160.172.237 443 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
50931 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50938 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50939 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50948 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50953 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50958 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50959 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50961 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50964 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50965 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50968 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50971 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50976 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50979 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50981 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50982 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50984 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50985 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50988 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50993 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52082 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52127 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52128 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52131 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52138 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52141 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52154 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52160 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52161 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52801 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52802 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52803 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52804 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52805 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52820 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52823 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52824 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52825 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52826 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52831 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52849 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52854 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
52855 ESTABLISHED 70.37.56.25 443 SolutoService.exe [1984]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
55639 CLOSE_WAIT 52.72.198.82 443 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
55792 CLOSE_WAIT 52.85.112.25 443 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
55813 ESTABLISHED 162.125.17.131 443 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
55883 CLOSE_WAIT 108.160.172.225 443 c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428]
23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44
Script: Quarantine, Delete, Delete via BC, Terminate
56229 ESTABLISHED 134.170.104.218 80 SkyDrive.exe [4064]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3702 LISTENING -- -- dasHost.exe [1908]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3702 LISTENING -- -- dasHost.exe [1908]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5004 LISTENING -- -- wmpnetwk.exe [6900]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5005 LISTENING -- -- wmpnetwk.exe [6900]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- mDNSResponder.exe [1532]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49152 LISTENING -- -- AppleMobileDeviceService.exe [1460]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49153 LISTENING -- -- AppleMobileDeviceService.exe [1460]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49154 LISTENING -- -- mDNSResponder.exe [1532]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49160 LISTENING -- -- iTunesHelper.exe [4628]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49161 LISTENING -- -- iTunesHelper.exe [4628]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
59036 LISTENING -- -- dasHost.exe [1908]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
C:\Windows\system32\FlashPlayerCPLApp.cpl
172.49 kb, rsAh, created: 01.12.2014 16:34:11, modified: 02.07.2016 00:29:27
Script: Quarantine, Delete, Delete via BC Adobe Flash Player Control Panel Applet Copyright © 1996-2016 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Items found - 17, recognized as trusted - 16

Active Setup

File name Description Manufacturer CLSID
Items found - 5, recognized as trusted - 5

HOSTS file

Hosts file record

Protocols and handlers

File name Type Description Manufacturer CLSID
Items found - 15, recognized as trusted - 15

Shared resources

Network name Path Notes
ADMIN$ C:\Windows Remote Admin
C$ C:\ Default share
IPC$ Remote IPC
print$ C:\Windows\system32\spool\drivers Printer Drivers
Users C:\Users

Suspicious objects

File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.46
Scanning started at 19.07.2016 15:50:50
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 19.07.2016 04:00
Heuristic microprograms loaded: 408
PVS microprograms loaded: 10
Digital signatures of system files loaded: 809131
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.3.9600,  "Windows 8.1", install date 26.11.2014 21:59:00 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
Function kernel32.dll:ReadConsoleInputExA (1095) intercepted, method - ProcAddressHijack.GetProcAddress ->75664F8E->776E1AD0
Function kernel32.dll:ReadConsoleInputExW (1096) intercepted, method - ProcAddressHijack.GetProcAddress ->75664FC1->776E1B00
 Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:NtCreateFile (268) intercepted, method - ProcAddressHijack.GetProcAddress ->77BFC780->5875B720
Function ntdll.dll:NtSetInformationFile (549) intercepted, method - ProcAddressHijack.GetProcAddress ->77BFC4A0->5875B540
Function ntdll.dll:NtSetValueKey (580) intercepted, method - ProcAddressHijack.GetProcAddress ->77BFC830->5875C900
Function ntdll.dll:ZwCreateFile (1650) intercepted, method - ProcAddressHijack.GetProcAddress ->77BFC780->5875B720
Function ntdll.dll:ZwSetInformationFile (1929) intercepted, method - ProcAddressHijack.GetProcAddress ->77BFC4A0->5875B540
Function ntdll.dll:ZwSetValueKey (1960) intercepted, method - ProcAddressHijack.GetProcAddress ->77BFC830->5875C900
 Analysis: user32.dll, export table found in section .text
Function user32.dll:CallNextHookEx (1531) intercepted, method - ProcAddressHijack.GetProcAddress ->75C58DC0->5875B490
Function user32.dll:SetWindowsHookExW (2303) intercepted, method - ProcAddressHijack.GetProcAddress ->75C68E70->587B0DB0
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 32
 Number of modules loaded: 334
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>>> Security: Internet Explorer allows ActiveX, not marked as safe
>>> Security: block ActiveX, not marked as safe, in Internet Explorer
>>> Security: Internet Explorer allows unsigned ActiveX elements
>>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements
>>> Security: Internet Explorer allows running files and applications in IFRAME window without asking user
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  Internet Explorer - ActiveX, not marked as safe, are allowed
 >>  Internet Explorer - signed ActiveX elements are allowed without asking user
 >>  Internet Explorer - unsigned ActiveX elements are allowed
 >>  Internet Explorer - automatic queries of ActiveX operating elements are allowed
 >>  Internet Explorer - running programs and files in IFRAME window is allowed
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 367, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 19.07.2016 15:52:51
Time of scanning: 00:02:06
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="5.255.255.80,77.88.55.70,5.255.255.60,77.88.55.80", Ping=OK (0,160,5.255.255.80)
  Host="google.ru", IP="216.58.217.227", Ping=OK (0,47,216.58.217.227)
  Host="google.com", IP="64.233.177.102,64.233.177.113,64.233.177.101,64.233.177.139,64.233.177.100,64.233.177.138", Ping=OK (0,45,64.233.177.102)
  Host="www.kaspersky.com", IP="4.59.181.209", Ping=OK (0,47,4.59.181.209)
  Host="www.kaspersky.ru", IP="4.59.181.212", Ping=OK (0,48,4.59.181.212)
  Host="dnl-03.geo.kaspersky.com", IP="4.28.136.36", Ping=OK (0,48,4.28.136.36)
  Host="dnl-11.geo.kaspersky.com", IP="38.124.168.119", Ping=OK (0,75,38.124.168.119)
  Host="activation-v2.kaspersky.com", IP="4.59.181.141", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="5.61.23.5,217.20.155.58,217.20.156.159", Ping=OK (0,270,5.61.23.5)
  Host="vk.com", IP="87.240.131.120,95.213.11.129,95.213.11.130", Ping=OK (0,157,87.240.131.120)
  Host="vkontakte.ru", IP="95.213.4.247,95.213.4.248,95.213.4.246", Ping=OK (0,155,95.213.4.247)
  Host="twitter.com", IP="199.59.150.39,199.59.149.230,199.59.148.10,199.59.149.198", Ping=OK (0,73,199.59.150.39)
  Host="facebook.com", IP="69.171.230.68", Ping=OK (0,77,69.171.230.68)
  Host="ru-ru.facebook.com", IP="31.13.74.1", Ping=OK (0,23,31.13.74.1)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Remote Desktop Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery)
Performance tweaking: disable service Schedule (Task Scheduler)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: block ActiveX, not marked as safe, in Internet Explorer
Security: Internet Explorer allows ActiveX, not marked as safe, without asking user
Security: block unsigned ActiveX elements in Internet Explorer
Security: block automatic queries of ActiveX administrative elements in Internet Explorer
Security: block running files and applications in IFRAME window without asking user in Internet Explorer
Security: disable sending Remote Assistant queries
Windows Explorer - show extensions of known file types

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
139	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
554	LISTENING	0.0.0.0	0	wmpnetwk.exe [6900] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
843	LISTENING	0.0.0.0	0	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
2869	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
4370	LISTENING	0.0.0.0	0	c:\users\laura\appdata\roaming\spotify\spotifywebhelper.exe [4888] 1517.61 kb, rsAh, created: 15.03.2015 00:54:31, modified: 12.07.2016 14:11:01 Script: Quarantine, Delete, Delete via BC, Terminate
4371	LISTENING	0.0.0.0	0	c:\users\laura\appdata\roaming\spotify\spotify.exe [5028] 6751.61 kb, rsAh, created: 26.11.2014 23:33:50, modified: 12.07.2016 14:11:01 Script: Quarantine, Delete, Delete via BC, Terminate
4380	LISTENING	0.0.0.0	0	c:\users\laura\appdata\roaming\spotify\spotifywebhelper.exe [4888] 1517.61 kb, rsAh, created: 15.03.2015 00:54:31, modified: 12.07.2016 14:11:01 Script: Quarantine, Delete, Delete via BC, Terminate
4381	LISTENING	0.0.0.0	0	c:\users\laura\appdata\roaming\spotify\spotify.exe [5028] 6751.61 kb, rsAh, created: 26.11.2014 23:33:50, modified: 12.07.2016 14:11:01 Script: Quarantine, Delete, Delete via BC, Terminate
5354	ESTABLISHED	127.0.0.1	49157	mDNSResponder.exe [1532] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5354	ESTABLISHED	127.0.0.1	49158	mDNSResponder.exe [1532] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5354	LISTENING	0.0.0.0	0	mDNSResponder.exe [1532] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5357	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
10243	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
17600	LISTENING	0.0.0.0	0	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
27015	ESTABLISHED	127.0.0.1	49161	AppleMobileDeviceService.exe [1460] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
27015	LISTENING	0.0.0.0	0	AppleMobileDeviceService.exe [1460] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49152	LISTENING	0.0.0.0	0	wininit.exe [524] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49155	LISTENING	0.0.0.0	0	spoolsv.exe [1264] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49156	LISTENING	0.0.0.0	0	lsass.exe [640] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49157	ESTABLISHED	127.0.0.1	5354	AppleMobileDeviceService.exe [1460] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49158	ESTABLISHED	127.0.0.1	5354	AppleMobileDeviceService.exe [1460] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49159	LISTENING	0.0.0.0	0	services.exe [632] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49161	ESTABLISHED	127.0.0.1	27015	iTunesHelper.exe [4628] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49166	CLOSE_WAIT	108.160.172.236	443	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
49231	ESTABLISHED	127.0.0.1	49232	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
49232	ESTABLISHED	127.0.0.1	49231	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
49238	CLOSE_WAIT	108.160.172.237	443	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
50931	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50938	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50939	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50948	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50953	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50958	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50959	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50961	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50964	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50965	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50968	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50971	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50976	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50979	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50981	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50982	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50984	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50985	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50988	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50993	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52082	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52127	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52128	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52131	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52138	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52141	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52154	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52160	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52161	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52801	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52802	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52803	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52804	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52805	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52820	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52823	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52824	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52825	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52826	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52831	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52849	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52854	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
52855	ESTABLISHED	70.37.56.25	443	SolutoService.exe [1984] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
55639	CLOSE_WAIT	52.72.198.82	443	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
55792	CLOSE_WAIT	52.85.112.25	443	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
55813	ESTABLISHED	162.125.17.131	443	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
55883	CLOSE_WAIT	108.160.172.225	443	c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe [4428] 23637.35 kb, rsAh, created: 11.07.2016 20:31:57, modified: 05.07.2016 14:00:44 Script: Quarantine, Delete, Delete via BC, Terminate
56229	ESTABLISHED	134.170.104.218	80	SkyDrive.exe [4064] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3702	LISTENING	--	--	dasHost.exe [1908] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3702	LISTENING	--	--	dasHost.exe [1908] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5004	LISTENING	--	--	wmpnetwk.exe [6900] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5005	LISTENING	--	--	wmpnetwk.exe [6900] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	mDNSResponder.exe [1532] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49152	LISTENING	--	--	AppleMobileDeviceService.exe [1460] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49153	LISTENING	--	--	AppleMobileDeviceService.exe [1460] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49154	LISTENING	--	--	mDNSResponder.exe [1532] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49160	LISTENING	--	--	iTunesHelper.exe [4628] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49161	LISTENING	--	--	iTunesHelper.exe [4628] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
59036	LISTENING	--	--	dasHost.exe [1908] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate

Network name	Path	Notes
ADMIN$	C:\Windows	Remote Admin
C$	C:\	Default share
IPC$		Remote IPC
print$	C:\Windows\system32\spool\drivers	Printer Drivers
Users	C:\Users