Results of system analysis

AVZ 4.45 http://z-oleg.com/secur/avz/

Process List

File namePIDDescriptionCopyrightMD5Information
e:\downloads\autologger.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5412Automatic log collectorAll rights for Autologger reserved by regist & Drongo © Copyright 2013 - 201573317DC81DADE7741CD6A8B20223E3C510969.71 kb, rsAh,created: 05.09.2015 07:59:36,modified: 05.09.2015 07:59:54
Command line:
"E:\Downloads\AutoLogger.exe"
c:\program files (x86)\skillbrains\lightshot\5.2.1.1\lightshot.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5496LightshotCopyright (C) 2009-2015E57E2B81EF0463738007CF89664F78CD466.00 kb, rsAh,created: 18.08.2015 23:04:06,modified: 15.04.2015 22:20:12
Command line:
"C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe"
Detected:70, recognized as trusted 68
Module nameHandleDescriptionCopyrightAVZ0311Used by processes
C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.dll
Script: Quarantine, Delete, Delete via BC		1782185984LightshotDllCopyright (C) 2009-2015MD5=D8752458FAAE10FD9E1438621F3CC621
482.50 kb, rsAh, created: 18.08.2015 23:04:06, modified: 15.04.2015 22:20:12		5496
C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\uploader.dll
Script: Quarantine, Delete, Delete via BC		1780809728UploaderCopyright (C) 2009-2015MD5=F6AEDE4DA7488633C4A254CDFBB1248B
261.00 kb, rsAh, created: 18.08.2015 23:04:06, modified: 15.04.2015 22:20:14		5496
Modules found:232, recognized as trusted 230

Kernel Space Modules Viewer

ModuleBase addressSize in memoryDescriptionManufacturer
C:\Windows\System32\Drivers\dump_diskdump.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		99F5000000F000 (61440)
C:\Windows\System32\Drivers\dump_dumpfve.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		99FE000001A000 (106496)
C:\Windows\System32\Drivers\dump_storahci.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		99F90000025000 (151552)
Modules found - 177, recognized as trusted - 174

Services

ServiceDescriptionStatusFileGroupDependencies
BEService
Service: Stop, Delete, Disable, Delete via BC		BattlEye ServiceNot startedC:\Program Files (x86)\Common Files\BattlEye\BEService.exe
1099.50 kb, rsAh, created: 01.09.2015 19:14:44, modified: 22.07.2015 17:16:45
Script: Quarantine, Delete, Delete via BC		  
TunngleService
Service: Stop, Delete, Disable, Delete via BC		TunngleServiceNot startedE:\Software\Tunngle\TnglCtrl.exe
781.45 kb, rsAh, created: 30.08.2015 15:55:30, modified: 27.08.2015 17:50:38
Script: Quarantine, Delete, Delete via BC		 Dhcp
Detected - 207, recognized as trusted - 205

Drivers

ServiceDescriptionStatusFileGroupDependencies
wfpcapture
Driver: Unload, Delete, Disable, Delete via BC		Microsoft WFP Message CaptureNot startedC:\Windows\System32\drivers\wfpcapture.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		NDIS 
Detected - 317, recognized as trusted - 316

Autoruns

File nameStatusStartup methodDescription
C:\Windows\System32\win32k.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\Windows\System32\AJRouter.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AJRouter\Parameters, ServiceDll
Delete
C:\Windows\System32\appidsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\appinfo.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll
Delete
C:\Windows\system32\AppReadiness.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppReadiness\Parameters, ServiceDll
Delete
C:\Windows\system32\appxdeploymentserver.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppXSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\AudioEndpointBuilder.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll
Delete
C:\Windows\System32\Audiosrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Audiosrv\Parameters, ServiceDll
Delete
C:\Windows\System32\AxInstSV.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll
Delete
C:\Windows\System32\bdesvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BDESVC\Parameters, ServiceDll
Delete
C:\Windows\System32\bfe.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll
Delete
C:\Windows\System32\qmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll
Delete
C:\Windows\System32\bisrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\Parameters, ServiceDll
Delete
C:\Windows\System32\browser.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll
Delete
C:\Windows\System32\BthHFSrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BthHFSrv\Parameters, ServiceDll
Delete
C:\Windows\system32\bthserv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll
Delete
C:\Windows\System32\CDPSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CDPSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\certprop.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\ClipSVC.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ClipSVC\Parameters, ServiceDll
Delete
C:\Windows\system32\cryptsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\cscsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CscService\Parameters, ServiceDll
Delete
C:\Windows\system32\rpcss.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll
Delete
C:\Windows\system32\dcpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcpSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\defragsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\defragsvc\Parameters, ServiceDll
Delete
C:\Windows\system32\das.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceAssociationService\Parameters, ServiceDll
Delete
C:\Windows\system32\umpnpmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceInstall\Parameters, ServiceDll
Delete
C:\Windows\system32\DevQueryBroker.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DevQueryBroker\Parameters, ServiceDll
Delete
C:\Windows\system32\diagtrack.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DiagTrack\Parameters, ServiceDll
Delete
C:\Windows\system32\dmwappushsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dmwappushservice\Parameters, ServiceDll
Delete
C:\Windows\System32\dnsrslvr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll
Delete
C:\Windows\System32\dot3svc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll
Delete
C:\Windows\system32\dps.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DPS\Parameters, ServiceDll
Delete
C:\Windows\System32\DeviceSetupManager.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DsmSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\DsSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DsSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\eapsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eaphost\Parameters, ServiceDll
Delete
C:\Windows\system32\efssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EFS\Parameters, ServiceDll
Delete
C:\Windows\System32\embeddedmodesvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\embeddedmode\Parameters, ServiceDll
Delete
C:\Windows\system32\EnterpriseAppMgmtSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EntAppSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\fdPHost.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll
Delete
C:\Windows\system32\fdrespub.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll
Delete
C:\Windows\system32\fhsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fhsvc\Parameters, ServiceDll
Delete
C:\Windows\system32\FntCache.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll
Delete
C:\Windows\System32\gpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll
Delete
C:\Windows\system32\ListSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll
Delete
C:\Windows\System32\tetheringservice.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\icssvc\Parameters, ServiceDll
Delete
C:\Windows\System32\ikeext.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll
Delete
C:\Windows\System32\iphlpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll
Delete
C:\Windows\system32\msdtckrm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll
Delete
C:\Windows\system32\srvsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll
Delete
C:\Windows\System32\wkssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll
Delete
C:\Windows\system32\LicenseManagerSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LicenseManager\Parameters, ServiceDll
Delete
C:\Windows\System32\lltdsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll
Delete
C:\Windows\System32\lmhsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll
Delete
C:\Windows\System32\lsm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LSM\Parameters, ServiceDll
Delete
C:\Windows\System32\moshost.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MapsBroker\Parameters, ServiceDll
Delete
C:\Windows\system32\mpssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\iscsiexe.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll
Delete
C:\Windows\System32\ncasvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcaSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\ncbservice.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcbService\Parameters, ServiceDll
Delete
C:\Windows\System32\NcdAutoSetup.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcdAutoSetup\Parameters, ServiceDll
Delete
C:\Windows\System32\netman.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll
Delete
C:\Windows\System32\netprofmsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\netprofm\Parameters, ServiceDll
Delete
C:\Windows\System32\NetSetupSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NetSetupSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\NgcCtnrSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\ngcsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NgcSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\nlasvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\nsisvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll
Delete
C:\Windows\System32\APHostService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\OneSyncSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\pnrpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters, ServiceDll
Delete
C:\Windows\system32\p2psvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2psvc\Parameters, ServiceDll
Delete
C:\Windows\System32\pcasvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\peerdistsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PeerDistSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\PimIndexMaintenance.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\umpnpmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll
Delete
C:\Windows\system32\pnrpauto.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters, ServiceDll
Delete
C:\Windows\system32\pnrpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll
Delete
C:\Windows\System32\ipsecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll
Delete
C:\Windows\system32\umpo.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll
Delete
C:\Windows\system32\profsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\rasauto.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll
Delete
C:\Windows\System32\rasmans.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll
Delete
C:\Windows\system32\regsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll
Delete
C:\Windows\system32\RDXService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RetailDemo\Parameters, ServiceDll
Delete
C:\Windows\System32\RpcEpMap.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll
Delete
C:\Windows\system32\rpcss.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll
Delete
C:\Windows\System32\SCardSvr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll
Delete
C:\Windows\System32\ScDeviceEnum.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ScDeviceEnum\Parameters, ServiceDll
Delete
C:\Windows\system32\schedsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll
Delete
C:\Windows\System32\certprop.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll
Delete
C:\Windows\System32\SDRSVC.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters, ServiceDll
Delete
C:\Windows\system32\seclogon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll
Delete
C:\Windows\System32\sens.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SENS\Parameters, ServiceDll
Delete
C:\Windows\system32\SensorService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensorService\Parameters, ServiceDll
Delete
C:\Windows\system32\sensrsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\ipnathlp.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll
Delete
C:\Windows\system32\SmsRouterSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SmsRouter\Parameters, ServiceDll
Delete
C:\Windows\System32\ssdpsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll
Delete
C:\Windows\system32\sstpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\wiaservc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll
Delete
C:\Windows\system32\storsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\StorSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\svsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\svsvc\Parameters, ServiceDll
Delete
C:\Windows\System32\swprv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll
Delete
C:\Windows\system32\sysmain.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll
Delete
C:\Windows\System32\SystemEventsBrokerServer.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SystemEventsBroker\Parameters, ServiceDll
Delete
C:\Windows\System32\TabSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll
Delete
C:\Windows\System32\termsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll
Delete
C:\Windows\system32\themeservice.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll
Delete
C:\Windows\system32\tileobjserver.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\tiledatamodelsvc\Parameters, ServiceDll
Delete
C:\Windows\System32\TimeBrokerServer.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TimeBroker\Parameters, ServiceDll
Delete
C:\Windows\System32\trkwks.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll
Delete
C:\Windows\System32\umrdp.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UmRdpService\Parameters, ServiceDll
Delete
C:\Windows\System32\userdataservice.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UserDataSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\usermgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UserManager\Parameters, ServiceDll
Delete
C:\Windows\system32\usocore.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UsoSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\vaultsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\VaultSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicguestinterface\Parameters, ServiceDll
Delete
C:\Windows\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicheartbeat\Parameters, ServiceDll
Delete
C:\Windows\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmickvpexchange\Parameters, ServiceDll
Delete
C:\Windows\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicrdv\Parameters, ServiceDll
Delete
C:\Windows\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicshutdown\Parameters, ServiceDll
Delete
C:\Windows\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmictimesync\Parameters, ServiceDll
Delete
C:\Windows\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicvmsession\Parameters, ServiceDll
Delete
C:\Windows\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicvss\Parameters, ServiceDll
Delete
C:\Windows\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll
Delete
C:\Windows\system32\WalletService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WalletService\Parameters, ServiceDll
Delete
C:\Windows\System32\wbiosrvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll
Delete
C:\Windows\System32\wcmsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wcmsvc\Parameters, ServiceDll
Delete
C:\Windows\System32\wcncsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wcncsvc\Parameters, ServiceDll
Delete
C:\Windows\system32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll
Delete
C:\Windows\system32\wephostsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\Parameters, ServiceDll
Delete
C:\Windows\System32\wercplsupport.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll
Delete
C:\Windows\System32\WerSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WerSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\wiarpc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WiaRpc\Parameters, ServiceDll
Delete
C:\Windows\system32\wbem\WMIsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll
Delete
C:\Windows\System32\wlansvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\wlidsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wlidsvc\Parameters, ServiceDll
Delete
C:\Windows\system32\workfolderssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\workfolderssvc\Parameters, ServiceDll
Delete
C:\Windows\system32\wpdbusenum.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll
Delete
C:\Windows\system32\WpnService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WpnService\Parameters, ServiceDll
Delete
C:\Windows\System32\wscsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll
Delete
C:\Windows\System32\WSService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WSService\Parameters, ServiceDll
Delete
C:\Windows\system32\wuaueng.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll
Delete
C:\Windows\System32\WUDFSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll
Delete
C:\Windows\System32\wwansvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\XblAuthManager.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XblAuthManager\Parameters, ServiceDll
Delete
C:\Windows\System32\XblGameSave.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XblGameSave\Parameters, ServiceDll
Delete
C:\Windows\system32\XboxNetApiSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\Parameters, ServiceDll
Delete
C:\Windows\system32\sysmain.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library
Delete
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\EventMessages.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Adobe Setup, EventMessageFile
C:\Windows\System32\wersvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, EventMessageFile
C:\Windows\System32\icardres.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Windows\system32\dwm.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\Windows\System32\UI0Detect.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
C:\Windows\System32\fxsevent.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-Runtime, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-State, EventMessageFile
C:\Windows\System32\AxInstSv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
C:\Windows\system32\BlbEvents.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
C:\Windows\System32\ddputils.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Deduplication, EventMessageFile
C:\Windows\system32\defragsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag, EventMessageFile
C:\Windows\system32\eapsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
C:\Windows\system32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies, EventMessageFile
C:\Windows\System32\MsSpellCheckingHost.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spellchecking-Host, EventMessageFile
C:\Windows\system32\SrEvents.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-System-Restore, EventMessageFile
C:\Windows\System32\profsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User-Loader, EventMessageFile
C:\Windows\system32\WINSAT.EXE
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
C:\Windows\system32\winsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
C:\Windows\system32\wbem\WinMgmtR.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WMI, EventMessageFile
C:\Windows\System32\profsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
C:\Windows\System32\wscsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
C:\Windows\system32\sppsvc.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
C:\Windows\system32\srcore.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore, EventMessageFile
C:\Windows\System32\VSSVC.EXE
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS, EventMessageFile
c:\c037f7540ba827ab62\DW\DW20.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\Windows\System32\wersvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc, EventMessageFile
C:\Windows\system32\sdengin2.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup, EventMessageFile
C:\Windows\system32\wsepno.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification, EventMessageFile
C:\Windows\System32\wininit.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wininit, EventMessageFile
C:\Windows\System32\winlogon.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
C:\Windows\System32\winlogon.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
C:\Windows\system32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
C:\Windows\system32\sppsvc.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service, DisplayNameFile
C:\Windows\system32\sppsvc.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
C:\Windows\System32\wevtsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\System32\VSSVC.EXE
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
C:\Windows\System32\Drivers\acpi.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\Windows\System32\drivers\agp440.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\agp440, EventMessageFile
C:\Windows\System32\drivers\amdk8.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdap, EventMessageFile
C:\Windows\System32\drivers\amdppm.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\Windows\system32\winsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup, EventMessageFile
C:\Windows\system32\AppReadiness.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AppReadiness, EventMessageFile
C:\Windows\System32\drivers\bxvbda.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\Windows\System32\dxgwdi.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
C:\Windows\System32\drivers\evbda.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\Windows\System32\drivers\fltmgr.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\Windows\System32\drivers\gagp30kx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\gagp30kx, EventMessageFile
C:\Windows\System32\Drivers\hidbth.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\Windows\System32\Drivers\hidi2c.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\hidi2c, EventMessageFile
C:\Windows\System32\drivers\i8042prt.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\Windows\System32\drivers\iaStorAV.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorAV, EventMessageFile
C:\Windows\System32\drivers\iaStorV.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\Windows\System32\drivers\ibbus.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ibbus, EventMessageFile
C:\Windows\system32\drivers\iaLPSSi_GPIO.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS-GPIO, EventMessageFile
C:\Windows\system32\drivers\iaLPSSi_I2C.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS-I2C, EventMessageFile
C:\Windows\System32\drivers\intelppm.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\Windows\System32\drivers\ipmidrv.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
C:\Windows\System32\drivers\isapnp.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\Windows\System32\iscsilog.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
C:\Windows\System32\drivers\kbdclass.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\Windows\System32\drivers\kbdhid.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\Windows\System32\lsasrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
C:\Windows\system32\lsm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM, EventMessageFile
C:\Windows\system32\fveapi.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile
C:\Windows\system32\drivers\fvevol.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
C:\Windows\system32\qmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
C:\Windows\system32\cofiredm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
C:\Windows\system32\cofiredm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
C:\Windows\System32\samsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
C:\Windows\system32\dfdts.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
C:\Windows\system32\WUDFPlatform.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
C:\Windows\System32\Drivers\EhStorTcgDrv.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv, EventMessageFile
C:\Windows\system32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\System32\wevtsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\system32\drivers\exfat.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-exFAT-SQM, EventMessageFile
C:\Windows\system32\drivers\fastfat.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fat-SQM, EventMessageFile
C:\Windows\system32\fthsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap, EventMessageFile
C:\Windows\system32\drivers\fltmgr.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
C:\Windows\system32\mpssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
C:\Windows\system32\fdphost.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
C:\Windows\system32\drivers\msgpioclx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GPIO-ClassExtension, EventMessageFile
C:\Windows\system32\gpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
C:\Windows\system32\microsoft-windows-hal-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
C:\Windows\system32\drivers\HTTP.SYS
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
C:\Windows\system32\oobe\InstallEventRes.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-InstallUX, EventMessageFile
C:\Windows\system32\iphlpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
C:\Windows\system32\iumbase.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IsolatedUserMode, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Boot, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-General, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Interrupt-Steering, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-pnp-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-PnP, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-power-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
C:\Windows\System32\Drivers\VerifierExt.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-XDV, EventMessageFile
C:\Windows\system32\lpksetup.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
C:\Windows\system32\MemoryDiagnostic.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Memory-Diagnostic-Task-Handler, EventMessageFile
C:\Windows\System32\relpost.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
C:\Windows\System32\mdsched.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
C:\Windows\system32\drivers\mountmgr.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MountMgr, EventMessageFile
C:\Windows\system32\drivers\ndis.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NDIS, EventMessageFile
C:\Windows\system32\drivers\NdisImPlatform.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NdisImPlatformSysEvtProvider, EventMessageFile
C:\Windows\system32\drivers\bridge.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NetworkBridge, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs-SQM, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs-UBPM, EventMessageFile
C:\Windows\system32\cscsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-OfflineFiles, EventMessageFile
C:\Windows\system32\drivers\wof.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-OverlayFilter, EventMessageFile
C:\Windows\system32\drivers\refsv1.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ReFS-v1, EventMessageFile
C:\Windows\system32\reseteng.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResetEng, EventMessageFile
C:\Windows\system32\fdrespub.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
C:\Windows\system32\certprop.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
C:\Windows\system32\drivers\SerCx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension, EventMessageFile
C:\Windows\system32\drivers\SerCx2.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension-V2, EventMessageFile
C:\Windows\system32\oobe\winsetup.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
C:\Windows\system32\setupetw.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SetupPlatform, EventMessageFile
C:\Windows\system32\drivers\SpbCx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-ClassExtension, EventMessageFile
C:\Windows\system32\drivers\hidi2c.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-HIDI2C, EventMessageFile
C:\Windows\system32\csrsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
C:\Windows\system32\schedsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
C:\Windows\system32\lsm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
C:\Windows\system32\termsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
C:\Windows\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
C:\Windows\system32\drivers\usbxhci.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-USBXHCI, EventMessageFile
C:\Windows\system32\umpo.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserModePowerService, EventMessageFile
C:\Windows\system32\umpnpmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
C:\Windows\system32\whealogr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WHEA-Logger, EventMessageFile
C:\Windows\System32\pwlauncher.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsToGo-StartupOptions, EventMessageFile
C:\Windows\system32\wuaueng.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
C:\Windows\system32\wininit.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Wininit, EventMessageFile
C:\Windows\system32\winlogon.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
C:\Windows\system32\wlansvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
C:\Windows\System32\drivers\mlx4_bus.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mlx4_bus, EventMessageFile
C:\Windows\System32\drivers\mouclass.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\Windows\System32\drivers\mouhid.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\Windows\System32\Drivers\umdf\HidBthLE.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mshidumdf, EventMessageFile
C:\Windows\System32\iscsiexe.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
C:\Windows\System32\drivers\MTConfig.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
C:\Windows\System32\drivers\nvstor.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\Windows\System32\drivers\nv_agp.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nv_agp, EventMessageFile
C:\Windows\System32\drivers\parport.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\Windows\System32\Drivers\Pcmcia.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\Windows\System32\umpo.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
C:\Windows\System32\drivers\processr.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\Windows\system32\sstpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp, EventMessageFile
C:\Windows\system32\RDXService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RetailDemo, EventMessageFile
C:\Windows\System32\drivers\rt640x64.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\rt640x64, EventMessageFile
C:\Windows\System32\samsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
C:\Windows\System32\drivers\sbp2port.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\Windows\System32\lsasrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
C:\Windows\system32\drivers\SerCx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx, EventMessageFile
C:\Windows\system32\drivers\SerCx2.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx2, EventMessageFile
C:\Windows\System32\drivers\serial.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\Windows\System32\drivers\sermouse.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\Windows\system32\services.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
C:\Windows\System32\snmptrap.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
C:\Windows\system32\drivers\SpbCx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\spbcx, EventMessageFile
C:\Windows\System32\wiaservc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
C:\Windows\System32\tcpmon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
C:\Windows\system32\termsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService, EventMessageFile
C:\Windows\System32\drivers\tpm.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TPM, EventMessageFile
C:\Windows\System32\drivers\tsusbflt.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt, EventMessageFile
C:\Windows\System32\drivers\uagp35.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\uagp35, EventMessageFile
C:\Windows\System32\Drivers\uefi.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UEFI, EventMessageFile
C:\Windows\System32\drivers\uliagpkx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\uliagpkx, EventMessageFile
C:\Windows\System32\umrdp.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UmRdpService, EventMessageFile
C:\Windows\System32\Drivers\usbehci.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\usbehci, EventMessageFile
C:\Windows\System32\Drivers\usbser.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\usbser, EventMessageFile
C:\Windows\System32\vdsbas.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Basic Provider, EventMessageFile
C:\Windows\System32\vdsdyn.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Dynamic Provider, EventMessageFile
C:\Windows\System32\vdsvd.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Virtual Disk Provider, EventMessageFile
C:\Windows\System32\vds.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service, EventMessageFile
C:\Windows\system32\drivers\volsnap.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\Windows\System32\drivers\vpci.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vpci, EventMessageFile
C:\Windows\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
C:\Windows\System32\drivers\wacompen.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\Windows\system32\WalletService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WalletService, EventMessageFile
C:\Windows\System32\drivers\Wdf01000.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
C:\Windows\System32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc, EventMessageFile
C:\Windows\System32\win32k.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k, EventMessageFile
C:\Program Files (x86)\Windows Defender\MpEvMsg.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
C:\Windows\System32\DFDTS.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
C:\Windows\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName
Delete
C:\Windows\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName
Delete
C:\Windows\System32\vmictimeprovider.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider, DllName
Delete
.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--?HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
C:\Windows\System32\LogiLDA.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Logitech Download Assistant
Delete
auditcse.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{16be69fa-4209-4250-88cb-716cf41954e0}, DLLName
Delete
C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}, DLLName
Delete
WorkFoldersGPExt.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4d968b55-cac2-4ff5-983f-0a54603781a3}, DLLName
Delete
pwlauncher.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}, DLLName
Delete
pwlauncher.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C34B2751-1CF4-44F5-9262-C3FC39666591}, DLLName
Delete
auditcse.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName
Delete
C:\Windows\System32\WUDFHost.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath
Delete
E:\Software\Capture One 8\CaptureOne.exe
16801.14 kb, rsAh, created: 22.08.2015 23:02:12, modified: 20.07.2015 12:50:02
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Denis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Denis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Capture One 8.lnk,
C:\Users\Denis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveFile in Startup folderC:\Users\Denis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Denis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk,
E:\Software\Tunngle\Tunngle.exe
3747.95 kb, rsAh, created: 30.08.2015 15:55:28, modified: 27.08.2015 17:50:40
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Denis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Denis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tunngle.lnk,
Autoruns items found - 851, recognized as trusted - 499

Internet Explorer extension modules (BHOs, Toolbars ...)

File nameTypeDescriptionManufacturerCLSID
Items found - 8, recognized as trusted - 8

Windows Explorer extension modules

File nameDestinationDescriptionManufacturerCLSID

error getting file info		Contacts folder{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
Delete

error getting file info		WebCheck{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Delete
Items found - 25, recognized as trusted - 23

Printing system extensions (print monitors, providers)

File nameTypeNameDescriptionManufacturer
localspl.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorLocal Port
FXSMON.DLL
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorMicrosoft Shared Fax Monitor
tcpmon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorStandard TCP/IP Port
usbmon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorUSB Monitor
WSDMon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorWSD Port
inetpp.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ProviderHTTP Print Services
win32spl.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ProviderLanMan Print Services
Items found - 7, recognized as trusted - 0

Task Scheduler jobs

File nameJob nameJob stateDescriptionManufacturerPathCommand lineType
C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		Office 15 Subscription Heartbeat
Script: Delete		C:\Windows\system32\Tasks\Microsoft\Office\ %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe 64
C:\Users\Denis\AppData\Local\Host
error getting file info
Script: Quarantine, Delete, Delete via BC		Soft installer
Script: Delete		C:\Windows\system32\Tasks\ C:\Users\Denis\AppData\Local\Host installer\3358831964_installcube.exe subid=1908;src=installcube;scheduler=164
installer\3358831964_installcube.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		Soft installer
Script: Delete		C:\Windows\system32\Tasks\ C:\Users\Denis\AppData\Local\Host installer\3358831964_installcube.exe subid=1908;src=installcube;scheduler=164
D:\DTLiteInstaller.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		{53D8EFD3-E600-4B81-92F9-80895AA3E777}
Script: Delete		C:\Windows\system32\Tasks\ C:\Windows\system32\pcalua.exe -a D:\DTLiteInstaller.exe -d D:\64
Items found - 79, recognized as trusted - 75

SPI/LSP settings

Namespace providers (NSP)
ManufacturerStatusEXE fileDescriptionGUID
Detected - 6, recognized as trusted - 6
Transport protocol providers (TSP, LSP)
ManufacturerEXE fileDescription
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check 
LSP settings checked. No errors detected

TCP/UDP ports

PortStatusRemote HostRemote PortApplicationNotes
TCP ports
139LISTENING0.0.0.00System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
445LISTENING0.0.0.00System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
2869LISTENING0.0.0.00System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49408LISTENING0.0.0.00wininit.exe [744]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49411LISTENING0.0.0.00spoolsv.exe [1764]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49419LISTENING0.0.0.00services.exe [880]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49420LISTENING0.0.0.00lsass.exe [888]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
64354TIME_WAIT87.245.196.166443  [0]
error getting file info		 
64525TIME_WAIT191.232.139.254443  [0]
error getting file info		 
UDP ports
137LISTENING----System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
138LISTENING----System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 

Downloaded Program Files (DPF)

File nameDescriptionManufacturerCLSIDSource URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File nameDescriptionManufacturer
Items found - 17, recognized as trusted - 17

Active Setup

File nameDescriptionManufacturerCLSID
Items found - 5, recognized as trusted - 5

HOSTS file

Hosts file record 
127.0.0.1 na1r.services.adobe.com 

127.0.0.1 hlrcv.stage.adobe.com 

127.0.0.1 lmlicenses.wip4.adobe.com 

127.0.0.1 lm.licenses.adobe.com 

127.0.0.1 activate.adobe.com 

127.0.0.1 practivate.adobe.com 

127.0.0.1 clients2.google.com
Clear Hosts file

Protocols and handlers

File nameTypeDescriptionManufacturerCLSID
Items found - 16, recognized as trusted - 16

Shared resources

Network namePathNotes
????E:\????
ADMIN$C:\WindowsRemote Admin
C$C:\Default share
E$E:\Default share
IPC$Remote IPC
MusicE:\Music
UsersC:\Users

Suspicious objects

FileDescriptionType
c:\program files (x86)\google\chrome\application\chrome.exe
796.82 kb, rsAh, created: 04.09.2015 20:58:39, modified: 28.08.2015 03:17:48
Script: Quarantine, Delete, Delete via BC		Suspicion for RootkitSuspicion for Rootkit
c:\program files (x86)\punto switcher\punto.exe
1592.30 kb, RsAh, created: 16.07.2015 15:13:10, modified: 16.07.2015 15:13:10
Script: Quarantine, Delete, Delete via BC		Suspicion for RootkitSuspicion for Rootkit
c:\program files (x86)\skillbrains\lightshot\5.2.1.1\lightshot.exe
466.00 kb, rsAh, created: 18.08.2015 23:04:06, modified: 15.04.2015 22:20:12
Script: Quarantine, Delete, Delete via BC		Suspicion for RootkitSuspicion for Rootkit
e:\downloads\autologger.exe
10969.71 kb, rsAh, created: 05.09.2015 07:59:36, modified: 05.09.2015 07:59:54
Script: Quarantine, Delete, Delete via BC		Suspicion for RootkitSuspicion for Rootkit
e:\downloads\autologger\avz\avz.exe
775.50 kb, rsAh, created: 05.09.2015 08:00:14, modified: 05.09.2015 04:30:03
Script: Quarantine, Delete, Delete via BC		Suspicion for RootkitSuspicion for Rootkit
c:\program files (x86)\google\update\googleupdate.exe
140.82 kb, rsAh, created: 04.09.2015 20:57:19, modified: 04.09.2015 20:57:18
Script: Quarantine, Delete, Delete via BC		Suspicion for RootkitSuspicion for Rootkit
c:\program files (x86)\internet explorer\iexplore.exe
799.69 kb, rsAh, created: 19.08.2015 12:55:26, modified: 30.07.2015 07:08:09
Script: Quarantine, Delete, Delete via BC		Suspicion for RootkitSuspicion for Rootkit 

AVZ Antiviral Toolkit log; AVZ version is 4.45
Scanning started at 05.09.2015 08:02:34
Database loaded: signatures - 297570, NN profile(s) - 2, malware removal microprograms - 56, signature database released 05.09.2015 04:00
Heuristic microprograms loaded: 394
PVS microprograms loaded: 9
Digital signatures of system files loaded: 759075
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.10240,  "Windows 10 Pro", install date 18.08.2015 10:01:07 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
 >> Danger ! Process masking detected
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
Function kernel32.dll:ReadConsoleInputExA (1103) intercepted, method - ProcAddressHijack.GetProcAddress ->7779A136->76D52210
Function kernel32.dll:ReadConsoleInputExW (1104) intercepted, method - ProcAddressHijack.GetProcAddress ->7779A169->76D52240
 Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:NtCreateFile (272) intercepted, method - ProcAddressHijack.GetProcAddress ->77BA9130->6E833340
Function ntdll.dll:NtSetInformationFile (558) intercepted, method - ProcAddressHijack.GetProcAddress ->77BA8E50->6E833230
Function ntdll.dll:NtSetValueKey (590) intercepted, method - ProcAddressHijack.GetProcAddress ->77BA91E0->6E8671D0
Function ntdll.dll:ZwCreateFile (1686) intercepted, method - ProcAddressHijack.GetProcAddress ->77BA9130->6E833340
Function ntdll.dll:ZwSetInformationFile (1970) intercepted, method - ProcAddressHijack.GetProcAddress ->77BA8E50->6E833230
Function ntdll.dll:ZwSetValueKey (2002) intercepted, method - ProcAddressHijack.GetProcAddress ->77BA91E0->6E8671D0
 Analysis: user32.dll, export table found in section .text
Function user32.dll:CallNextHookEx (1531) intercepted, method - ProcAddressHijack.GetProcAddress ->76EC1600->6E8321D0
Function user32.dll:EnumWindows (1765) intercepted, method - ProcAddressHijack.GetProcAddress ->76EDA0B0->6E8678A0
Function user32.dll:GetWindowThreadProcessId (1980) intercepted, method - ProcAddressHijack.GetProcAddress ->76ECBA70->6E8678F0
Function user32.dll:IsWindowVisible (2060) intercepted, method - ProcAddressHijack.GetProcAddress ->76ED6E80->6E867940
Function user32.dll:MessageBoxA (2108) intercepted, method - ProcAddressHijack.GetProcAddress ->76F2CF50->6E868650
Function user32.dll:MessageBoxExA (2109) intercepted, method - ProcAddressHijack.GetProcAddress ->76F2CF80->6E8686C0
Function user32.dll:MessageBoxExW (2110) intercepted, method - ProcAddressHijack.GetProcAddress ->76F2CFB0->6E868740
Function user32.dll:MessageBoxIndirectA (2111) intercepted, method - ProcAddressHijack.GetProcAddress ->76F2CFE0->6E8687C0
Function user32.dll:MessageBoxIndirectW (2112) intercepted, method - ProcAddressHijack.GetProcAddress ->76F2D0E0->6E868830
Function user32.dll:MessageBoxW (2115) intercepted, method - ProcAddressHijack.GetProcAddress ->76F2D280->6E8688A0
Function user32.dll:SetWindowsHookExW (2339) intercepted, method - ProcAddressHijack.GetProcAddress ->76ECD910->6E867250
Function user32.dll:gSharedInfo (2433) intercepted, method - CodeHijack (not defined)
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
Function netapi32.dll:NetFreeAadJoinInformation (139) intercepted, method - ProcAddressHijack.GetProcAddress ->748CC11E->729D8C40
Function netapi32.dll:NetGetAadJoinInformation (140) intercepted, method - ProcAddressHijack.GetProcAddress ->748CC14D->729D8D40
1.2 Searching for kernel-mode API hooks
 Error - file not found (C:\SystemRoot\system32\ntoskrnl.exe)
 >>>> Process masking detected 5488 c:\program files (x86)\google\chrome\application\chrome.exe
 >>>> Process masking detected 5732 c:\program files (x86)\google\chrome\application\chrome.exe
 >>>> Process masking detected 4864 c:\program files (x86)\punto switcher\punto.exe
 >>>> Process masking detected 5496 c:\program files (x86)\skillbrains\lightshot\5.2.1.1\lightshot.exe
 >>>> Process masking detected 6496 c:\program files (x86)\google\chrome\application\chrome.exe
 >>>> Process masking detected 5412 e:\downloads\autologger.exe
 >>>> Process masking detected 7636 e:\downloads\autologger\avz\avz.exe
 >>>> Process masking detected 9560 c:\program files (x86)\google\update\googleupdate.exe
 >>>> Process masking detected 3776 c:\program files (x86)\google\chrome\application\chrome.exe
 >>>> Process masking detected 10120 c:\program files (x86)\google\chrome\application\chrome.exe
 >>>> Process masking detected 3044 c:\program files (x86)\google\chrome\application\chrome.exe
 >>>> Process masking detected 2060 c:\program files (x86)\internet explorer\iexplore.exe
 >>>> Process masking detected 6116 c:\program files (x86)\google\chrome\application\chrome.exe
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
 Number of processes found: 14
 Number of modules loaded: 237
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Users\Denis\AppData\Local\Temp\~DF0BE5ADE56DB2FC65.TMP
Direct reading: C:\Users\Denis\AppData\Local\Temp\~DF3391A07E0093A2AB.TMP
Direct reading: C:\Users\Denis\AppData\Local\Temp\~DFB1624D7176D2D0F9.TMP
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 52261, extracted from archives: 17320, malicious software found 0, suspicions - 0
Scanning finished at 05.09.2015 08:15:36
Time of scanning: 00:13:05
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.55,5.255.255.5,5.255.255.55,77.88.55.66", Ping=OK (0,30,77.88.55.55)
  Host="google.ru", IP="87.245.196.177,87.245.196.155,87.245.196.187,87.245.196.157,87.245.196.147,87.245.196.162,87.245.196.172,87.245.196.151,87.245.196.185,87.245.196.173,87.245.196.170,87.245.196.143,87.245.196.166,87.245.196.158,87.245.196.181", Ping=OK (0,9,87.245.196.177)
  Host="google.com", IP="87.245.196.172,87.245.196.177,87.245.196.151,87.245.196.187,87.245.196.181,87.245.196.157,87.245.196.185,87.245.196.143,87.245.196.166,87.245.196.155,87.245.196.162,87.245.196.147,87.245.196.170,87.245.196.173,87.245.196.158", Ping=OK (0,9,87.245.196.172)
  Host="www.kaspersky.com", IP="77.74.178.16", Ping=OK (0,27,77.74.178.16)
  Host="www.kaspersky.ru", IP="93.159.228.17", Ping=OK (0,92,93.159.228.17)
  Host="dnl-03.geo.kaspersky.com", IP="37.48.82.103", Ping=OK (0,49,37.48.82.103)
  Host="dnl-11.geo.kaspersky.com", IP="130.117.190.137", Ping=OK (0,44,130.117.190.137)
  Host="activation-v2.kaspersky.com", IP="212.5.89.37", Ping=OK (0,25,212.5.89.37)
  Host="odnoklassniki.ru", IP="217.20.155.58,217.20.156.159,217.20.147.94", Ping=OK (0,32,217.20.155.58)
  Host="vk.com", IP="87.240.131.120,87.240.131.97,87.240.131.119", Ping=OK (0,33,87.240.131.120)
  Host="vkontakte.ru", IP="95.213.4.245,95.213.4.246,95.213.4.247", Ping=OK (0,36,95.213.4.245)
  Host="twitter.com", IP="199.16.156.6,199.16.156.102,199.16.156.230,199.16.156.198", Ping=OK (0,155,199.16.156.6)
  Host="facebook.com", IP="31.13.65.1", Ping=OK (0,154,31.13.65.1)
  Host="ru-ru.facebook.com", IP="66.220.158.19", Ping=OK (0,151,66.220.158.19)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes

 System Analysis - complete


Script commands
 

Add commands to script:
Additional operations:

File list