Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files (x86)\iobit\advanced systemcare ultimate\ascservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	9176	Advanced SystemCare Ultimate 11 Service	Copyright© 2005-2018 IObit	932F153BE69CB4B05CE2A8CB4A4BC57F	1041.27 kb, rsAh,created: 17.10.2018 23:24:39,modified: 28.03.2018 15:06:32 Command line: "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe"
c:\users\admin\desktop\autologger\autologger.exe Script: Quarantine, Delete, Delete via BC, Terminate	1912	Automatic log collector	All rights for Autologger reserved by regist & Drongo © Copyright 2013 - 2015	617E87F94091C4B2DF4D9E0EEEEBD4DE	14334.33 kb, rsAh,created: 04.11.2018 23:01:19,modified: 04.11.2018 10:35:08 Command line: "C:\Users\Admin\Desktop\AutoLogger\AutoLogger.exe"
C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe Script: Quarantine, Delete, Delete via BC, Terminate	6764	Bitdefender redline update	©1997-2018 Bitdefender	73A861FC02BF20CEC6F32477F727EEAF	2143.87 kb, rsAh,created: 29.10.2018 01:10:26,modified: 22.03.2018 09:46:36 Command line:
c:\program files (x86)\corsair\corsair icue software\corsair.service.displayadapter.exe Script: Quarantine, Delete, Delete via BC, Terminate	6856	Corsair.Service.DisplayAdapter	Copyright 2015 © Corsair Components, Inc.	9619DD30584CFA0E9EDA6568F1AE379B	17.55 kb, rsAh,created: 04.10.2018 13:57:32,modified: 04.10.2018 13:57:32 Command line: "C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe"
c:\program files (x86)\corsair\corsair icue software\corsair.service.exe Script: Quarantine, Delete, Delete via BC, Terminate	4648	Corsair.Service	Copyright 2015 © Corsair Components, Inc.	2D2B87A058B4FFC2831A018396FC612C	45.55 kb, rsAh,created: 04.10.2018 13:57:34,modified: 04.10.2018 13:57:34 Command line: "C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe"
c:\program files (x86)\creative\sound blaster recon3di\sound blaster recon3di control panel\ctjckcfg.exe Script: Quarantine, Delete, Delete via BC, Terminate	12584	Creative Jack Configuration	Copyright (c) Creative Technology Ltd., 2011-2014. All rights reserved.	708EB0F290E18916E8FFCADE025C8A0E	1969.00 kb, rsAh,created: 20.09.2014 03:22:14,modified: 20.09.2014 03:22:14 Command line: "C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe" /r /appid=Sound Blaster Recon3Di SBX Control Panel /pdtid=2048
C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe Script: Quarantine, Delete, Delete via BC, Terminate	3168	Bitdefender Device Management Service	©1997-2018 Bitdefender	5C046B8E37D4603F46E758C539992069	92.28 kb, rsAh,created: 29.10.2018 01:11:44,modified: 04.08.2018 13:06:57 Command line:
c:\program files (x86)\google\update\1.3.33.17\googlecrashhandler.exe Script: Quarantine, Delete, Delete via BC, Terminate	10972	Google Crash Handler	Copyright 2007-2010 Google Inc.	6C718849D436A7CCEBED72538F8BD04B	282.08 kb, rsAh,created: 17.10.2018 23:09:41,modified: 17.10.2018 23:09:40 Command line: "C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe"
c:\users\admin\appdata\roaming\icq\bin\icq.exe Script: Quarantine, Delete, Delete via BC, Terminate	3300			1E0E0C65DD1675B2600FB4AC9FD4A165	27811.15 kb, rsAh,created: 04.11.2018 15:02:14,modified: 04.11.2018 15:02:14 Command line: "C:\Users\Admin\AppData\Roaming\ICQ\bin\icq.exe"
c:\program files (x86)\corsair\corsair icue software\icue.exe Script: Quarantine, Delete, Delete via BC, Terminate	12672	iCUE	Corsair Memory, Inc. (c) 2018, All rights reserved	410BCF856FA3C2411762909056D4978B	35439.05 kb, rsAh,created: 04.10.2018 14:24:32,modified: 04.10.2018 14:24:32 Command line: "C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe" --autorun
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Script: Quarantine, Delete, Delete via BC, Terminate	11688			184CF8F41804A1B6FA7EEC1EF89D43E0	468.00 kb, rsAh,created: 17.10.2018 23:53:24,modified: 18.10.2018 00:01:42 Command line:
c:\program files (x86)\iobit\advanced systemcare ultimate\monitor.exe Script: Quarantine, Delete, Delete via BC, Terminate	7608	Performance Monitor	Copyright © 2005-2018 IObit. All Rights Reserved.	E30E0F31C66BF776B04F79CC6478ACE0	3390.27 kb, rsAh,created: 17.10.2018 23:24:41,modified: 28.03.2018 15:07:22 Command line: "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe" /Task
c:\users\admin\appdata\local\microsoft\onedrive\onedrive.exe Script: Quarantine, Delete, Delete via BC, Terminate	8876	Microsoft OneDrive	© Microsoft Corporation. All rights reserved.	4DBF6B19F88792D89BD5E0DAD593F20C	1502.59 kb, rsAh,created: 17.10.2018 23:08:32,modified: 17.10.2018 23:08:59 Command line: "C:\Users\Admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Registry.exe Script: Quarantine, Delete, Delete via BC, Terminate	120				error getting file info Command line:
c:\program files (x86)\iobit\advanced systemcare ultimate\reminder.exe Script: Quarantine, Delete, Delete via BC, Terminate	3460	Advanced SystemCare Ultimate Reminder	Copyright© 2005-2018	B6E25F16C3552E260EDA8020876D0C76	667.78 kb, rsAh,created: 17.10.2018 23:24:41,modified: 07.12.2017 18:29:12 Command line: "C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\reminder.exe" /Remind /Exp N/A
c:\program files (x86)\creative\sound blaster recon3di\sound blaster recon3di control panel\sbrcni.exe Script: Quarantine, Delete, Delete via BC, Terminate	12544	Sound Blaster Control Panel	Copyright (c) Creative Technology Ltd., 2011-2014. All rights reserved.	F85C8852B663E1D1A69E9A59677AD393	1103.50 kb, rsAh,created: 20.03.2014 09:25:56,modified: 20.03.2014 09:25:56 Command line: "C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe Script: Quarantine, Delete, Delete via BC, Terminate	9396	SkypeApp	© Microsoft Corporation. All rights reserved.	CDDDF19722DF29BFBCCEF23349CABB26	18.00 kb, rsAh,created: 23.10.2018 20:48:56,modified: 23.10.2018 20:49:35 Command line:
C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe Script: Quarantine, Delete, Delete via BC, Terminate	9420			A6DB9965D1F1AEEF8DED572B0494BC86	179.50 kb, rsAh,created: 23.10.2018 20:48:56,modified: 23.10.2018 20:49:35 Command line:
C:\Program Files\UniKey\UniKeyNT.exe Script: Quarantine, Delete, Delete via BC, Terminate	4528			735439CF5E6FD89BF9C6209D0786884C	509.00 kb, rsAh,created: 17.10.2018 23:47:19,modified: 23.08.2014 16:24:50 Command line:
c:\program files (x86)\iobit\iobit uninstaller\uninstallmonitor.exe Script: Quarantine, Delete, Delete via BC, Terminate	2220	UninstallerMonitor	© IObit. All rights reserved.	14A81B17292756032ADB5DE053E51D31	2009.77 kb, rsAh,created: 17.10.2018 23:28:31,modified: 21.08.2018 14:27:48 Command line: "C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe" /srvupt
C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe Script: Quarantine, Delete, Delete via BC, Terminate	5088	Bitdefender Update Service	©1997-2018 Bitdefender	C4C06659C007F9FE2EF4F3A0A0033D9B	109.52 kb, rsAh,created: 01.11.2018 20:40:54,modified: 01.11.2018 20:40:54 Command line:
e:\vmware\setup\vmware-tray.exe Script: Quarantine, Delete, Delete via BC, Terminate	12480	VMware Tray Process	Copyright © 1998-2018 VMware, Inc.	E2309268073155650EE5F95B49FDACBA	122.92 kb, rsAh,created: 19.09.2018 04:17:58,modified: 19.09.2018 04:17:58 Command line: "E:\VMWARE\SETUP\vmware-tray.exe"
C:\Program Files\WindowsApps\Microsoft.WindowsStore_11809.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe Script: Quarantine, Delete, Delete via BC, Terminate	8600	Store	Copyright © 2015	870213F54B0FCACDB82CF7C87A782AC6	16.00 kb, rsAh,created: 17.10.2018 23:55:05,modified: 17.10.2018 23:55:41 Command line:
Detected:191, recognized as trusted 171

Module name	Handle	Description	Copyright	AVZ0311	Used by processes
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairAudioDevice.dll Script: Quarantine, Delete, Delete via BC	1583808512	Corsair Gaming Headset Drivers	Corsair Components, Inc. (c) 2018, All rights reserved	MD5=8D78176279FDF74F283028A9EDD074C3 156.05 kb, rsAh, created: 04.10.2018 14:24:14, modified: 04.10.2018 14:24:14	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\cpuidsdk.dll Script: Quarantine, Delete, Delete via BC	268435456	CPUID DLL SDK	Copyright (C) 2009-2018	MD5=F96E0AFA741799CF8F7A16D0EFA08821 1382.00 kb, rsAh, created: 12.09.2018 11:08:00, modified: 12.09.2018 11:08:00	4648
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qgif.dll Script: Quarantine, Delete, Delete via BC	1623785472	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=DF4DBF74A4D86C138D04FE4751254FBD 25.50 kb, rsAh, created: 16.01.2018 10:13:12, modified: 16.01.2018 10:13:12	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qicns.dll Script: Quarantine, Delete, Delete via BC	1578565632	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=DD31BFAAF7E08F1993A9166F5F506F0F 32.50 kb, rsAh, created: 16.01.2018 14:14:56, modified: 16.01.2018 14:14:56	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qico.dll Script: Quarantine, Delete, Delete via BC	1623851008	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=3C527F3A67219B9C4EBD3C7FB67C5573 27.00 kb, rsAh, created: 16.01.2018 10:13:10, modified: 16.01.2018 10:13:10	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qjpeg.dll Script: Quarantine, Delete, Delete via BC	1578237952	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=A16F5F43EC8253A75B07EDE45BFAB6EB 238.00 kb, rsAh, created: 16.01.2018 10:14:08, modified: 16.01.2018 10:14:08	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qsvg.dll Script: Quarantine, Delete, Delete via BC	1578172416	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=8D8B7336EAB678EBD6B3864BCFCAD740 21.00 kb, rsAh, created: 16.01.2018 14:09:38, modified: 16.01.2018 14:09:38	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtga.dll Script: Quarantine, Delete, Delete via BC	1577779200	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=21426182C239BA611C7FBAA9862BF210 20.50 kb, rsAh, created: 16.01.2018 14:14:14, modified: 16.01.2018 14:14:14	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qtiff.dll Script: Quarantine, Delete, Delete via BC	1577385984	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=278DCAE0BCB02C1249D1E8853723C3D6 320.00 kb, rsAh, created: 16.01.2018 14:14:30, modified: 16.01.2018 14:14:30	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwbmp.dll Script: Quarantine, Delete, Delete via BC	1577320448	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=37732C28D7A92F691968E2ECD02D7FFC 19.50 kb, rsAh, created: 16.01.2018 14:14:38, modified: 16.01.2018 14:14:38	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\imageformats\qwebp.dll Script: Quarantine, Delete, Delete via BC	1576861696	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=1796E9EEA718A57033C32317FD334F10 391.50 kb, rsAh, created: 16.01.2018 14:15:16, modified: 16.01.2018 14:15:16	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libEGL.DLL Script: Quarantine, Delete, Delete via BC	1573060608			MD5=8C77566A1A4F287BFD656DD6E4005AC1 13.00 kb, rsAh, created: 16.01.2018 10:05:44, modified: 16.01.2018 10:05:44	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libGLESv2.dll Script: Quarantine, Delete, Delete via BC	1571028992			MD5=FBD1F46F1BA139D4D97F82E6D996B6D7 1905.00 kb, rsAh, created: 16.01.2018 10:05:32, modified: 16.01.2018 10:05:32	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MacroRecording.dll Script: Quarantine, Delete, Delete via BC	1593901056			MD5=EC213715D3AA97A2C18E6BC4F56DEC9A 43.50 kb, rsAh, created: 04.10.2018 13:55:16, modified: 04.10.2018 13:55:16	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\platforms\qwindows.dll Script: Quarantine, Delete, Delete via BC	1578893312	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=6A1F3FF2207F1E72B7ACFE8928E7D5A2 1070.50 kb, rsAh, created: 16.01.2018 10:14:34, modified: 16.01.2018 10:14:34	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\plugins\CUEPlugin.dll Script: Quarantine, Delete, Delete via BC	1574633472	CUEPlugin	Copyright 2018 Compal Electronics, Inc.	MD5=8DB696D99AABC169396A62903C80D226 2099.31 kb, rsAh, created: 17.09.2018 08:58:52, modified: 17.09.2018 08:58:52	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Concurrent.dll Script: Quarantine, Delete, Delete via BC	1605107712	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=D9E4917CB4EF25336AD08DBF7E4A5579 23.50 kb, rsAh, created: 16.01.2018 10:06:46, modified: 16.01.2018 10:06:46	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Core.dll Script: Quarantine, Delete, Delete via BC	1584005120	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=15F2DB14637C7BA457E44B69B27EFF81 4666.00 kb, rsAh, created: 04.10.2018 14:24:08, modified: 04.10.2018 14:24:08	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Gui.dll Script: Quarantine, Delete, Delete via BC	1588854784	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=DC2219A0126B7A73D90EE765F310319B 4850.50 kb, rsAh, created: 16.01.2018 10:09:14, modified: 16.01.2018 10:09:14	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Multimedia.dll Script: Quarantine, Delete, Delete via BC	1605173248	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=C7C00EE135CDC2687BB219F0ED4E8A0A 563.00 kb, rsAh, created: 18.01.2018 08:39:30, modified: 18.01.2018 08:39:30	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Network.dll Script: Quarantine, Delete, Delete via BC	1598488576	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=F3EE683B4F2701DB6A97E97A41D125BF 938.50 kb, rsAh, created: 16.01.2018 10:08:56, modified: 16.01.2018 10:08:56	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Qml.dll Script: Quarantine, Delete, Delete via BC	1599537152	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=88ACFDD9E10B5A3BE927549D26A57401 2599.00 kb, rsAh, created: 18.01.2018 08:22:50, modified: 18.01.2018 08:22:50	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Quick.dll Script: Quarantine, Delete, Delete via BC	1602224128	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=6291DC78786A0333256B099CC9D2DE27 2790.00 kb, rsAh, created: 18.01.2018 08:26:00, modified: 18.01.2018 08:26:00	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickControls2.dll Script: Quarantine, Delete, Delete via BC	1548288000	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=B14CE88B7E0047D6CF4AE777836D75D6 96.00 kb, rsAh, created: 18.01.2018 08:51:14, modified: 18.01.2018 08:51:14	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5QuickTemplates2.dll Script: Quarantine, Delete, Delete via BC	1547632640	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=E58CF161C5BB5FD8669C4E24DAEC3E62 623.50 kb, rsAh, created: 18.01.2018 08:50:22, modified: 18.01.2018 08:50:22	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Svg.dll Script: Quarantine, Delete, Delete via BC	1577844736	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=E90BB2F2936FA5C642AA68CFA9A1699A 258.50 kb, rsAh, created: 16.01.2018 14:09:22, modified: 16.01.2018 14:09:22	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Widgets.dll Script: Quarantine, Delete, Delete via BC	1593966592	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=042931A686431FE3E30100EDDB346BD9 4358.00 kb, rsAh, created: 16.01.2018 10:12:18, modified: 16.01.2018 10:12:18	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5WinExtras.dll Script: Quarantine, Delete, Delete via BC	1606025216	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=51FF8FDC35F9C01EAD37A8A4349E77AA 229.00 kb, rsAh, created: 18.01.2018 08:57:00, modified: 18.01.2018 08:57:00	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Qt5Xml.dll Script: Quarantine, Delete, Delete via BC	1605828608	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=9838FD7E544B5FFBD5CBBC16B59BE3BB 147.00 kb, rsAh, created: 16.01.2018 10:06:20, modified: 16.01.2018 10:06:20	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll Script: Quarantine, Delete, Delete via BC	1548681216	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=57A0DEF6AC274795EBC2D47CC685CF52 40.50 kb, rsAh, created: 18.01.2018 08:37:48, modified: 18.01.2018 08:37:48	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtGraphicalEffects\qtgraphicaleffectsplugin.dll Script: Quarantine, Delete, Delete via BC	1570832384	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=810AE3F7D04789573E9A2594C9E986A1 15.50 kb, rsAh, created: 18.01.2018 08:37:50, modified: 18.01.2018 08:37:50	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick.2\qtquick2plugin.dll Script: Quarantine, Delete, Delete via BC	1570963456	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=862A43BA874C1FB52484149A885F16BA 15.50 kb, rsAh, created: 18.01.2018 08:28:50, modified: 18.01.2018 08:28:50	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls.2\qtquickcontrols2plugin.dll Script: Quarantine, Delete, Delete via BC	1548419072	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=E9DD5B23929878141A477026CDFD5F16 80.00 kb, rsAh, created: 18.01.2018 08:55:02, modified: 18.01.2018 08:55:02	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Controls\qtquickcontrolsplugin.dll Script: Quarantine, Delete, Delete via BC	1547042816	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=5FD91FDEAE8E7447F66153A3C37E782C 253.50 kb, rsAh, created: 18.01.2018 08:55:10, modified: 18.01.2018 08:55:10	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Layouts\qquicklayoutsplugin.dll Script: Quarantine, Delete, Delete via BC	1548550144	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=707A9228F314DD8146647A8EF9CD5838 70.00 kb, rsAh, created: 18.01.2018 08:29:28, modified: 18.01.2018 08:29:28	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Templates.2\qtquicktemplates2plugin.dll Script: Quarantine, Delete, Delete via BC	1547370496	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=7D000A870C488DC7FC48F65D1142E40A 219.50 kb, rsAh, created: 18.01.2018 08:55:24, modified: 18.01.2018 08:55:24	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\QtQuick\Window.2\windowplugin.dll Script: Quarantine, Delete, Delete via BC	1570897920	C++ Application Development Framework	Copyright (C) 2017 The Qt Company Ltd.	MD5=CF4467ACB6A369B8CA6F00A5FF63F3DA 15.50 kb, rsAh, created: 18.01.2018 08:28:58, modified: 18.01.2018 08:28:58	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll Script: Quarantine, Delete, Delete via BC	1606287360			MD5=24D29C5AF5AFB77F4F9D203775D90320 192.50 kb, rsAh, created: 04.10.2018 13:58:44, modified: 04.10.2018 13:58:44	12672
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll Script: Quarantine, Delete, Delete via BC	1583677440	zlib data compression library	(C) 1995-2013 Jean-loup Gailly & Mark Adler	MD5=0CD4AEC032DD947160E886789ABF479C 95.00 kb, rsAh, created: 04.10.2018 13:55:16, modified: 04.10.2018 13:55:16	12672
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTAudEp.dll Script: Quarantine, Delete, Delete via BC	268435456	Audio Endpoint Selection	Copyright (c) Creative Technology Ltd., 2006-2014. All rights reserved.	MD5=5829120CD7F1C6A0A40749F265A61F4B 539.00 kb, rsAh, created: 19.02.2014 01:40:48, modified: 19.02.2014 01:40:48	12584, 12544
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTGetPdt.dll Script: Quarantine, Delete, Delete via BC	1624440832	CTGetPdt Dynamic Link Library	Copyright (c) Creative Technology Ltd., 2011-2015. All rights reserved.	MD5=4D04CEDEE92FD806E7EAE60B702BDF6F 65.50 kb, rsAh, created: 06.02.2015 03:56:34, modified: 06.02.2015 03:56:34	12584
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\HomepageSvc.dll Script: Quarantine, Delete, Delete via BC	25886720	Homepage Protection Service	Copyright© 2005-2018 IObit	MD5=4095B34CA160647D4E530F5AC1111C6A 1068.77 kb, rsAh, created: 17.10.2018 23:24:41, modified: 28.03.2018 15:07:16	9176
C:\Program Files\Bitdefender\Bitdefender Security\atcuf\263451680625032704\atcuf32.dll Script: Quarantine, Delete, Delete via BC	1800208384	BitDefender Active Threat Control Usermode Filter	© BitDefender S.R.L. All rights reserved.	MD5=4ED90D4784DB30334227F444D8B8FFA1 627.52 kb, rsAh, created: 04.11.2018 21:38:06, modified: 04.06.2018 18:10:46	12584, 10972, 3300, 12672, 8876, 12544, 12480
C:\Users\Admin\AppData\Roaming\ICQ\bin\corelib.dll Script: Quarantine, Delete, Delete via BC	1542127616	ICQ CORE		MD5=0220F2AF0CC2CFF1813F88B34E94F124 4762.65 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14	3300
C:\Users\Admin\AppData\Roaming\ICQ\bin\libvoip_x86.dll Script: Quarantine, Delete, Delete via BC	1533214720	Mail.Ru v2oip DLL	Copyright (C) 2001-2012	MD5=AA4FB7BCD70EE3F264E6418BC67FC0D7 8067.65 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14	3300
C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\6c1e64d8874d596ce32e0f798d95fc95\PresentationFramework.ni.dll Script: Quarantine, Delete, Delete via BC	1645346816	PresentationFramework.dll	© Microsoft Corporation. All rights reserved.	MD5=0157A3EB475EC39391DF69B18D705EFF 19478.00 kb, rsAh, created: 19.10.2018 23:27:35, modified: 19.10.2018 23:27:35	12544
C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\67d6dc9830c62a258a26a9cfc2b1dbfd\PresentationCore.ni.dll Script: Quarantine, Delete, Delete via BC	1665335296	PresentationCore.dll	© Microsoft Corporation. All rights reserved.	MD5=E18EB34122DD4BC96A3B8FD2B0781D9A 11950.00 kb, rsAh, created: 19.10.2018 23:27:27, modified: 19.10.2018 23:27:27	12544
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8846731d994fa859cd9667d09fae3b47\System.Configuration.ni.dll Script: Quarantine, Delete, Delete via BC	1814102016	System.Configuration.dll	© Microsoft Corporation. All rights reserved.	MD5=D32118566CE383519719DEA9863597F8 997.00 kb, rsAh, created: 19.10.2018 23:27:36, modified: 19.10.2018 23:27:36	4648, 12544
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\1be8b02f4c7ab0c43558ff9d7d2ffa33\System.Core.ni.dll Script: Quarantine, Delete, Delete via BC	1858535424	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=61999900EEEB4DA5065C0A2472B7A05B 8053.00 kb, rsAh, created: 19.10.2018 23:27:20, modified: 19.10.2018 23:27:20	6856, 4648, 12544
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b0606862850100a70cfd1278da36e4c3\System.Drawing.ni.dll Script: Quarantine, Delete, Delete via BC	1641545728	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=D562A120D4571331A57069250BF1A59B 1608.00 kb, rsAh, created: 21.10.2018 03:12:55, modified: 21.10.2018 03:12:55	12544
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d039e672fc731539d999d3f19bcc7dad\System.Management.ni.dll Script: Quarantine, Delete, Delete via BC	1867644928	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=DA358419D39537C635ED89A63D29C601 1153.00 kb, rsAh, created: 21.10.2018 03:12:53, modified: 21.10.2018 03:12:53	6856, 4648
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\d69e57f8af1721549d44a86fd6634a39\System.Runtime.Serialization.ni.dll Script: Quarantine, Delete, Delete via BC	1826291712	System.Runtime.Serialization.dll	© Microsoft Corporation. All rights reserved.	MD5=7053F0BB10778AB92CA8A3F90C419548 2784.00 kb, rsAh, created: 19.10.2018 23:27:38, modified: 19.10.2018 23:27:38	6856, 4648
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e96e70fa7fd4b701892862957ad96d9\System.Windows.Forms.ni.dll Script: Quarantine, Delete, Delete via BC	1624637440	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=68DC6913B125310B982854D419E02570 13418.50 kb, rsAh, created: 21.10.2018 03:13:00, modified: 21.10.2018 03:13:00	12544
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\222517d033bbdcd2175058faf4856241\System.Xaml.ni.dll Script: Quarantine, Delete, Delete via BC	1643249664	System.Xaml.dll	© Microsoft Corporation. All rights reserved.	MD5=C1B43B510E451E26F769C29DA551945E 1988.00 kb, rsAh, created: 19.10.2018 23:27:40, modified: 19.10.2018 23:27:40	12544
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0dc3063f4d775efe036233e51625f0a9\System.Xml.ni.dll Script: Quarantine, Delete, Delete via BC	1815150592	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=3F3E01C25A3DDCE230E44A192033A7C7 7411.50 kb, rsAh, created: 19.10.2018 23:27:43, modified: 19.10.2018 23:27:43	6856, 4648, 12544
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d805a7881a24de85782fa1791ef05f3d\System.ni.dll Script: Quarantine, Delete, Delete via BC	1868890112	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=3352CDF8E4CDADFFA9C6EE4A94405950 10295.00 kb, rsAh, created: 19.10.2018 23:27:16, modified: 19.10.2018 23:27:16	6856, 4648, 12544
C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\989e662dc0f5c45d380fbfbd5f042ea8\WindowsBase.ni.dll Script: Quarantine, Delete, Delete via BC	1677590528	WindowsBase.dll	© Microsoft Corporation. All rights reserved.	MD5=C1F580E714577A42BF2619C23580F113 4029.00 kb, rsAh, created: 19.10.2018 23:27:21, modified: 19.10.2018 23:27:21	12544
Modules found:370, recognized as trusted 313

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\system32\DRIVERS\bddci.sys error getting file info Script: Quarantine, Delete, Delete via BC	76390000	02B000 (176128)	BDDCI filter driver	Copyright © Bitdefender
C:\Windows\system32\DRIVERS\bdprivmon.sys error getting file info Script: Quarantine, Delete, Delete via BC	700D0000	00B000 (45056)	privacy Filter Driver	© Bitdefender SRL
C:\Windows\system32\DRIVERS\bdvedisk.sys error getting file info Script: Quarantine, Delete, Delete via BC	71AD0000	016000 (90112)	FileVault Disk Driver	Copyright© BitDefender
C:\Windows\temp\cpuz147\cpuz147_x64.sys 52.59 kb, rsAh, created: 04.11.2018 21:38:02, modified: 04.11.2018 21:38:02 Script: Quarantine, Delete, Delete via BC	76E40000	00B000 (45056)	CPUID Driver	Copyright(C) 2018 CPUID
C:\Windows\System32\Drivers\dump_diskdump.sys error getting file info Script: Quarantine, Delete, Delete via BC	72810000	00F000 (61440)
C:\Windows\System32\Drivers\dump_dumpfve.sys error getting file info Script: Quarantine, Delete, Delete via BC	71A50000	01D000 (118784)
C:\Windows\System32\Drivers\dump_iaStorAVC.sys error getting file info Script: Quarantine, Delete, Delete via BC	71060000	115000 (1134592)
C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys 36.31 kb, rsAH, created: 17.10.2018 23:28:38, modified: 12.05.2018 17:08:06 Script: Quarantine, Delete, Delete via BC	76EB0000	008000 (32768)	IUProcessFilter	Copyright© 2005-2018 IObit
C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys 42.38 kb, rsAH, created: 17.10.2018 23:28:38, modified: 15.05.2018 19:01:06 Script: Quarantine, Delete, Delete via BC	76EC0000	009000 (36864)	IURegistryFilter	Copyright© 2005-2018 IObit
Modules found - 223, recognized as trusted - 214

Services

Service	Description	Status	File	Group	Dependencies
AdvancedSystemCareService11 Service: Stop, Delete, Disable, Delete via BC	Advanced SystemCare Service 11	Running	C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCService.exe 1041.27 kb, rsAh, created: 17.10.2018 23:24:39, modified: 28.03.2018 15:06:32 Script: Quarantine, Delete, Delete via BC
BDProtSrv Service: Stop, Delete, Disable, Delete via BC	Bitdefender Protected Service	Running	C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe 760.89 kb, rsAh, created: 01.11.2018 20:41:06, modified: 01.11.2018 20:41:06 Script: Quarantine, Delete, Delete via BC
bdredline Service: Stop, Delete, Disable, Delete via BC	Bitdefender RedLine Service	Running	C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe 2143.87 kb, rsAh, created: 29.10.2018 01:10:26, modified: 22.03.2018 09:46:36 Script: Quarantine, Delete, Delete via BC
CorsairService Service: Stop, Delete, Disable, Delete via BC	Corsair Service	Running	C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe 45.55 kb, rsAh, created: 04.10.2018 13:57:34, modified: 04.10.2018 13:57:34 Script: Quarantine, Delete, Delete via BC
DevMgmtService Service: Stop, Delete, Disable, Delete via BC	Bitdefender Device Management Service	Running	C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe 92.28 kb, rsAh, created: 29.10.2018 01:11:44, modified: 04.08.2018 13:06:57 Script: Quarantine, Delete, Delete via BC	Event Log
UPDATESRV Service: Stop, Delete, Disable, Delete via BC	Bitdefender Desktop Update Service	Running	C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe 109.52 kb, rsAh, created: 01.11.2018 20:40:54, modified: 01.11.2018 20:40:54 Script: Quarantine, Delete, Delete via BC
BDAuxSrv Service: Stop, Delete, Disable, Delete via BC	Bitdefender Auxiliary Service	Not started	C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe 760.89 kb, rsAh, created: 01.11.2018 20:41:06, modified: 01.11.2018 20:41:06 Script: Quarantine, Delete, Delete via BC	Event Log
IObitUnSvr Service: Stop, Delete, Disable, Delete via BC	IObit Uninstaller Service	Not started	C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe 149.77 kb, rsAh, created: 17.10.2018 23:28:34, modified: 25.09.2018 15:17:26 Script: Quarantine, Delete, Delete via BC
MozillaMaintenance Service: Stop, Delete, Disable, Delete via BC	Mozilla Maintenance Service	Not started	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 211.45 kb, rsAh, created: 17.10.2018 23:16:04, modified: 03.11.2018 23:42:40 Script: Quarantine, Delete, Delete via BC
vsserv Service: Stop, Delete, Disable, Delete via BC	Bitdefender Virus Shield	Not started	C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe 785.30 kb, rsAh, created: 01.11.2018 20:40:50, modified: 01.11.2018 20:40:50 Script: Quarantine, Delete, Delete via BC	System Reserved
Detected - 261, recognized as trusted - 251

Drivers

Service	Description	Status	File	Group	Dependencies
BdDci Driver: Unload, Delete, Disable, Delete via BC	BdDci Service	Running	C:\Windows\system32\DRIVERS\bddci.sys 153.23 kb, rsAh, created: 01.11.2018 20:40:32, modified: 01.11.2018 20:40:32 Script: Quarantine, Delete, Delete via BC		BFE
bdprivmon Driver: Unload, Delete, Disable, Delete via BC	bdprivmon	Running	C:\Windows\system32\DRIVERS\bdprivmon.sys 44.66 kb, rsAh, created: 29.10.2018 01:10:11, modified: 17.09.2018 05:36:24 Script: Quarantine, Delete, Delete via BC	FSFilter Activity Monitor	FltMgr
BDVEDISK Driver: Unload, Delete, Disable, Delete via BC	BDVEDISK	Running	C:\Windows\system32\DRIVERS\bdvedisk.sys 94.19 kb, rsAh, created: 29.10.2018 01:10:11, modified: 27.04.2018 08:45:04 Script: Quarantine, Delete, Delete via BC
cpuz147 Driver: Unload, Delete, Disable, Delete via BC	cpuz147	Running	C:\Windows\temp\cpuz147\cpuz147_x64.sys 52.59 kb, rsAh, created: 04.11.2018 21:38:02, modified: 04.11.2018 21:38:02 Script: Quarantine, Delete, Delete via BC
Ignis Driver: Unload, Delete, Disable, Delete via BC	Ignis Service	Running	C:\Windows\SystemRoot\system32\DRIVERS\ignis.sys error getting file info Script: Quarantine, Delete, Delete via BC	NDIS	TCPIP
IUProcessFilter Driver: Unload, Delete, Disable, Delete via BC	IUProcessFilter	Running	C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys 36.31 kb, rsAH, created: 17.10.2018 23:28:38, modified: 12.05.2018 17:08:06 Script: Quarantine, Delete, Delete via BC
IURegistryFilter Driver: Unload, Delete, Disable, Delete via BC	IURegistryFilter	Running	C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys 42.38 kb, rsAH, created: 17.10.2018 23:28:38, modified: 15.05.2018 19:01:06 Script: Quarantine, Delete, Delete via BC
bdelam Driver: Unload, Delete, Disable, Delete via BC	bdelam	Not started	C:\Windows\system32\drivers\bdelam.sys 22.49 kb, rsAh, created: 29.10.2018 01:10:16, modified: 19.04.2018 08:37:04 Script: Quarantine, Delete, Delete via BC	Early-Launch
vdqwnzm1 Driver: Unload, Delete, Disable, Delete via BC	AVZ-BC Kernel Driver	Not started	C:\Windows\system32\Drivers\vdqwnzm1.sys error getting file info Script: Quarantine, Delete, Delete via BC	EMS
WdBoot Driver: Unload, Delete, Disable, Delete via BC	Windows Defender Antivirus Boot Driver	Not started	C:\Windows\system32\drivers\wd\WdBoot.sys 45.10 kb, rsAh, created: 24.10.2018 23:40:00, modified: 24.10.2018 23:39:59 Script: Quarantine, Delete, Delete via BC	_Early-Launch
Detected - 382, recognized as trusted - 372

Autoruns

File name	Status	Startup method	Description
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe 1103.50 kb, rsAh, created: 20.03.2014 09:25:56, modified: 20.03.2014 09:25:56 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Sound Blaster Recon3Di SBX Control Panel Delete
C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe 35439.05 kb, rsAh, created: 04.10.2018 14:24:32, modified: 04.10.2018 14:24:32 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, CORSAIR iCUE Software Delete
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe 3616.77 kb, rsAh, created: 17.10.2018 23:24:40, modified: 15.08.2018 15:24:10 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Advanced SystemCare Ultimate Delete
C:\Users\Admin\AppData\Roaming\ICQ\bin\icq.exe 27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, icq.desktop Delete
C:\Windows\System32\AJRouter.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AJRouter\Parameters, ServiceDll Delete
C:\Windows\System32\appidsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll Delete
C:\Windows\System32\appinfo.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll Delete
C:\Windows\system32\AppReadiness.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppReadiness\Parameters, ServiceDll Delete
C:\Windows\system32\appxdeploymentserver.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppXSvc\Parameters, ServiceDll Delete
C:\Windows\System32\AudioEndpointBuilder.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll Delete
C:\Windows\System32\Audiosrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Audiosrv\Parameters, ServiceDll Delete
C:\Windows\System32\AxInstSV.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll Delete
C:\Windows\System32\BcastDVRUserService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BcastDVRUserService\Parameters, ServiceDll Delete
C:\Windows\System32\bdesvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BDESVC\Parameters, ServiceDll Delete
C:\Windows\System32\bfe.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll Delete
C:\Windows\System32\qmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll Delete
C:\Windows\System32\Microsoft.Bluetooth.UserService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BluetoothUserService\Parameters, ServiceDll Delete
C:\Windows\System32\bisrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\Parameters, ServiceDll Delete
C:\Windows\System32\browser.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll Delete
C:\Windows\System32\BTAGService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BTAGService\Parameters, ServiceDll Delete
C:\Windows\System32\BthAvctpSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BthAvctpSvc\Parameters, ServiceDll Delete
C:\Windows\system32\bthserv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll Delete
C:\Windows\system32\CapabilityAccessManager.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\camsvc\Parameters, ServiceDll Delete
C:\Windows\System32\CDPSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CDPSvc\Parameters, ServiceDll Delete
C:\Windows\System32\CDPUserSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CDPUserSvc\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll Delete
C:\Windows\System32\ClipSVC.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ClipSVC\Parameters, ServiceDll Delete
C:\Windows\system32\cryptsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll Delete
C:\Windows\System32\defragsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\defragsvc\Parameters, ServiceDll Delete
C:\Windows\system32\das.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceAssociationService\Parameters, ServiceDll Delete
C:\Windows\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceInstall\Parameters, ServiceDll Delete
C:\Windows\System32\DevicesFlowBroker.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc\Parameters, ServiceDll Delete
C:\Windows\system32\DevQueryBroker.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DevQueryBroker\Parameters, ServiceDll Delete
C:\Windows\system32\DiagSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\diagsvc\Parameters, ServiceDll Delete
C:\Windows\system32\diagtrack.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DiagTrack\Parameters, ServiceDll Delete
C:\Windows\system32\dmwappushsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dmwappushservice\Parameters, ServiceDll Delete
C:\Windows\System32\dnsrslvr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll Delete
C:\Windows\System32\dot3svc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll Delete
C:\Windows\system32\dps.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DPS\Parameters, ServiceDll Delete
C:\Windows\System32\DeviceSetupManager.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DsmSvc\Parameters, ServiceDll Delete
C:\Windows\System32\DsSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DsSvc\Parameters, ServiceDll Delete
C:\Windows\System32\dusmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DusmSvc\Parameters, ServiceDll Delete
C:\Windows\System32\eapsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eaphost\Parameters, ServiceDll Delete
C:\Windows\system32\efssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EFS\Parameters, ServiceDll Delete
C:\Windows\System32\embeddedmodesvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\embeddedmode\Parameters, ServiceDll Delete
C:\Windows\system32\EnterpriseAppMgmtSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EntAppSvc\Parameters, ServiceDll Delete
C:\Windows\system32\fdPHost.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll Delete
C:\Windows\system32\fdrespub.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll Delete
C:\Windows\system32\fhsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fhsvc\Parameters, ServiceDll Delete
C:\Windows\system32\FntCache.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll Delete
C:\Windows\system32\FrameServer.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FrameServer\Parameters, ServiceDll Delete
C:\Windows\System32\gpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll Delete
C:\Windows\System32\GraphicsPerfSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\GraphicsPerfSvc\Parameters, ServiceDll Delete
C:\Windows\system32\ListSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll Delete
C:\Windows\System32\hvhostsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HvHost\Parameters, ServiceDll Delete
C:\Windows\System32\tetheringservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\icssvc\Parameters, ServiceDll Delete
C:\Windows\System32\ikeext.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll Delete
C:\Windows\System32\iphlpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll Delete
C:\Windows\System32\IpxlatCfg.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc\Parameters, ServiceDll Delete
C:\Windows\System32\irmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\irmon\Parameters, ServiceDll Delete
C:\Windows\system32\msdtckrm.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll Delete
C:\Windows\system32\srvsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll Delete
C:\Windows\System32\wkssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll Delete
C:\Windows\System32\lfsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lfsvc\Parameters, ServiceDll Delete
C:\Windows\system32\LicenseManagerSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LicenseManager\Parameters, ServiceDll Delete
C:\Windows\System32\lltdsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll Delete
C:\Windows\System32\lmhsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll Delete
C:\Windows\System32\lsm.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LSM\Parameters, ServiceDll Delete
C:\Windows\System32\LanguageOverlayServer.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LxpSvc\Parameters, ServiceDll Delete
C:\Windows\System32\moshost.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MapsBroker\Parameters, ServiceDll Delete
C:\Windows\System32\MessagingService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MessagingService\Parameters, ServiceDll Delete
C:\Windows\system32\mpssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\mpssvc\Parameters, ServiceDll Delete
C:\Windows\system32\iscsiexe.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll Delete
C:\Windows\System32\NaturalAuth.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NaturalAuthentication\Parameters, ServiceDll Delete
C:\Windows\System32\ncasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcaSvc\Parameters, ServiceDll Delete
C:\Windows\System32\ncbservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcbService\Parameters, ServiceDll Delete
C:\Windows\System32\NcdAutoSetup.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcdAutoSetup\Parameters, ServiceDll Delete
C:\Windows\System32\netman.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll Delete
C:\Windows\System32\netprofmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\netprofm\Parameters, ServiceDll Delete
C:\Windows\System32\NetSetupSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NetSetupSvc\Parameters, ServiceDll Delete
C:\Windows\System32\NgcCtnrSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\Parameters, ServiceDll Delete
C:\Windows\system32\ngcsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NgcSvc\Parameters, ServiceDll Delete
C:\Windows\System32\nlasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll Delete
C:\Windows\system32\nsisvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll Delete
C:\Windows\System32\APHostService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\OneSyncSvc\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters, ServiceDll Delete
C:\Windows\system32\p2psvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2psvc\Parameters, ServiceDll Delete
C:\Windows\System32\pcasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll Delete
C:\Windows\System32\PhoneService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PhoneSvc\Parameters, ServiceDll Delete
C:\Windows\System32\PimIndexMaintenance.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\Parameters, ServiceDll Delete
C:\Windows\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpauto.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters, ServiceDll Delete
C:\Windows\system32\pnrpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll Delete
C:\Windows\System32\ipsecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll Delete
C:\Windows\system32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll Delete
C:\Windows\system32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll Delete
C:\Windows\system32\PushToInstall.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PushToInstall\Parameters, ServiceDll Delete
C:\Windows\System32\rasauto.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll Delete
C:\Windows\System32\rasmans.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll Delete
C:\Windows\system32\regsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll Delete
C:\Windows\system32\RDXService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RetailDemo\Parameters, ServiceDll Delete
C:\Windows\System32\RMapi.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RmSvc\Parameters, ServiceDll Delete
C:\Windows\System32\RpcEpMap.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll Delete
C:\Windows\system32\rpcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll Delete
C:\Windows\System32\SCardSvr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll Delete
C:\Windows\System32\ScDeviceEnum.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ScDeviceEnum\Parameters, ServiceDll Delete
C:\Windows\system32\schedsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll Delete
C:\Windows\System32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll Delete
C:\Windows\System32\SDRSVC.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters, ServiceDll Delete
C:\Windows\system32\seclogon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll Delete
C:\Windows\system32\SEMgrSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SEMgrSvc\Parameters, ServiceDll Delete
C:\Windows\System32\sens.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SENS\Parameters, ServiceDll Delete
C:\Windows\system32\SensorService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensorService\Parameters, ServiceDll Delete
C:\Windows\system32\sensrsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll Delete
C:\Windows\System32\ipnathlp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll Delete
C:\Windows\System32\SharedRealitySvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedRealitySvc\Parameters, ServiceDll Delete
C:\Windows\system32\Windows.SharedPC.AccountManager.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\shpamsvc\Parameters, ServiceDll Delete
C:\Windows\system32\SmsRouterSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SmsRouter\Parameters, ServiceDll Delete
C:\Windows\System32\ssdpsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll Delete
C:\Windows\system32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll Delete
C:\Windows\System32\wiaservc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll Delete
C:\Windows\system32\storsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\StorSvc\Parameters, ServiceDll Delete
C:\Windows\system32\svsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\svsvc\Parameters, ServiceDll Delete
C:\Windows\System32\swprv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll Delete
C:\Windows\System32\SystemEventsBrokerServer.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SystemEventsBroker\Parameters, ServiceDll Delete
C:\Windows\System32\TabSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll Delete
C:\Windows\System32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll Delete
C:\Windows\system32\themeservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll Delete
C:\Windows\System32\TimeBrokerServer.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\Parameters, ServiceDll Delete
C:\Windows\System32\trkwks.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll Delete
C:\Windows\System32\umrdp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UmRdpService\Parameters, ServiceDll Delete
C:\Windows\System32\userdataservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UserDataSvc\Parameters, ServiceDll Delete
C:\Windows\System32\usermgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UserManager\Parameters, ServiceDll Delete
C:\Windows\system32\usocore.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UsoSvc\Parameters, ServiceDll Delete
C:\Windows\System32\vac.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\VacSvc\Parameters, ServiceDll Delete
C:\Windows\System32\vaultsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\VaultSvc\Parameters, ServiceDll Delete
C:\Windows\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicguestinterface\Parameters, ServiceDll Delete
C:\Windows\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicheartbeat\Parameters, ServiceDll Delete
C:\Windows\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmickvpexchange\Parameters, ServiceDll Delete
C:\Windows\System32\icsvcext.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicrdv\Parameters, ServiceDll Delete
C:\Windows\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicshutdown\Parameters, ServiceDll Delete
C:\Windows\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmictimesync\Parameters, ServiceDll Delete
C:\Windows\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicvmsession\Parameters, ServiceDll Delete
C:\Windows\System32\icsvcext.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicvss\Parameters, ServiceDll Delete
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll Delete
C:\Windows\System32\WaaSMedicSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WaaSMedicSvc\Parameters, ServiceDll Delete
C:\Windows\system32\WalletService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WalletService\Parameters, ServiceDll Delete
C:\Windows\System32\Windows.WARP.JITService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WarpJITSvc\Parameters, ServiceDll Delete
C:\Windows\System32\wbiosrvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll Delete
C:\Windows\System32\wcmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wcmsvc\Parameters, ServiceDll Delete
C:\Windows\System32\wcncsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wcncsvc\Parameters, ServiceDll Delete
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll Delete
C:\Windows\system32\wephostsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\Parameters, ServiceDll Delete
C:\Windows\System32\wercplsupport.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll Delete
C:\Windows\System32\WerSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WerSvc\Parameters, ServiceDll Delete
C:\Windows\System32\wfdsconmgrsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc\Parameters, ServiceDll Delete
C:\Windows\System32\wiarpc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WiaRpc\Parameters, ServiceDll Delete
C:\Windows\system32\wbem\WMIsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll Delete
C:\Windows\System32\wlansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters, ServiceDll Delete
C:\Windows\system32\wlidsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wlidsvc\Parameters, ServiceDll Delete
C:\Windows\System32\lpasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wlpasvc\Parameters, ServiceDll Delete
C:\Windows\system32\workfolderssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\workfolderssvc\Parameters, ServiceDll Delete
C:\Windows\System32\WpcDesktopMonSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WpcMonSvc\Parameters, ServiceDll Delete
C:\Windows\system32\wpdbusenum.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll Delete
C:\Windows\system32\WpnService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WpnService\Parameters, ServiceDll Delete
C:\Windows\System32\WpnUserService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WpnUserService\Parameters, ServiceDll Delete
C:\Windows\System32\wscsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll Delete
C:\Windows\system32\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll Delete
C:\Windows\System32\wwansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll Delete
C:\Windows\System32\XblAuthManager.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XblAuthManager\Parameters, ServiceDll Delete
C:\Windows\System32\XblGameSave.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XblGameSave\Parameters, ServiceDll Delete
C:\Windows\System32\XboxGipSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XboxGipSvc\Parameters, ServiceDll Delete
C:\Windows\system32\XboxNetApiSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\Parameters, ServiceDll Delete
C:\Windows\system32\sysmain.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library Delete
C:\Windows\System32\wersvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Windows\system32\dosvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeliveryOptimization, EventMessageFile
C:\Windows\system32\dwm.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
C:\Windows\system32\dwminit.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dwminit, EventMessageFile
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\Windows\System32\fxsevent.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-Runtime, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-State, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Audit-CVE, EventMessageFile
C:\Windows\System32\AxInstSv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
C:\Windows\system32\BlbEvents.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
C:\Windows\system32\defragsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag, EventMessageFile
C:\Windows\System32\dosvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-DeliveryOptimization, EventMessageFile
C:\Windows\system32\eapsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
C:\Windows\system32\efscore.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EFS, EventMessageFile
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies, EventMessageFile
C:\Windows\System32\MsSpellCheckingHost.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spellchecking-Host, EventMessageFile
C:\Windows\system32\SrEvents.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-System-Restore, EventMessageFile
C:\Windows\System32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User-Loader, EventMessageFile
C:\Windows\system32\WINSAT.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
C:\Windows\system32\winsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
C:\Windows\system32\wbem\WinMgmtR.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WMI, EventMessageFile
C:\Windows\System32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
C:\Windows\System32\wscsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
C:\Windows\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
C:\Windows\system32\srcore.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore, EventMessageFile
C:\Windows\System32\VSSVC.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS, EventMessageFile
d:\3187b9589eddefa5f194\DW\DW20.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\Windows\System32\wersvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc, EventMessageFile
C:\Windows\system32\sdengin2.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup, EventMessageFile
C:\Windows\system32\wsepno.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification, EventMessageFile
C:\Windows\System32\wininit.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wininit, EventMessageFile
C:\Windows\System32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
C:\Windows\System32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
C:\Windows\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service, DisplayNameFile
C:\Windows\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
C:\Windows\System32\wevtsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\System32\VSSVC.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
C:\Windows\System32\Drivers\acpi.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\Windows\System32\drivers\amdk8.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\Windows\System32\drivers\amdppm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\Windows\system32\winsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup, EventMessageFile
C:\Windows\system32\AppReadiness.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AppReadiness, EventMessageFile
C:\Windows\System32\drivers\bxvbda.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\Windows\System32\Drivers\BthEnum.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BthEnum, EventMessageFile
C:\Windows\System32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BthLEEnum, EventMessageFile
C:\Windows\System32\Drivers\Bthport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT, EventMessageFile
C:\Windows\System32\Drivers\Bthport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\Windows\System32\Drivers\BthUsb.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\Windows\System32\drivers\cht4sx64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cht4iscsi, EventMessageFile
C:\Windows\System32\drivers\cht4vx64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cht4vbd, EventMessageFile
C:\Windows\System32\dxgwdi.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
C:\Windows\System32\Drivers\e2xw10x64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\e2xw10x64, EventMessageFile
C:\Windows\System32\drivers\evbda.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\Windows\System32\drivers\fltmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\Windows\System32\drivers\hcmon.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\hcmon, EventMessageFile
C:\Windows\System32\Drivers\hidbth.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\Windows\System32\Drivers\hidi2c.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\hidi2c, EventMessageFile
C:\Windows\System32\drivers\i8042prt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\Windows\System32\drivers\iaStorAVC.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorAVC, EventMessageFile
C:\Windows\System32\drivers\iaStorV.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\Windows\System32\drivers\ibbus.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ibbus, EventMessageFile
C:\Windows\system32\drivers\iaLPSSi_GPIO.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS-GPIO, EventMessageFile
C:\Windows\system32\drivers\iaLPSSi_I2C.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS-I2C, EventMessageFile
C:\Windows\system32\drivers\iaLPSS2i_GPIO2.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS2-GPIO2, EventMessageFile
C:\Windows\system32\drivers\iaLPSS2i_I2C.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS2-I2C, EventMessageFile
C:\Windows\System32\drivers\intelppm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\Windows\System32\drivers\ipmidrv.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
C:\Windows\System32\irmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\irevents, EventMessageFile
C:\Windows\System32\drivers\isapnp.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\Windows\System32\iscsilog.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
C:\Windows\System32\drivers\kbdclass.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\Windows\System32\drivers\kbdhid.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\Windows\System32\Drivers\e2xw10x64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\KillerEth, EventMessageFile
C:\Windows\System32\locationframework.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Lfsvc, EventMessageFile
C:\Windows\System32\lsasrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
C:\Windows\system32\lsm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM, EventMessageFile
C:\Windows\System32\drivers\megasas2i.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\megasas2i, EventMessageFile
C:\Windows\System32\drivers\megasas35i.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\megasas35i, EventMessageFile
C:\Windows\System32\drivers\TeeDriverW8x64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MEIx64, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Audit-CVE, EventMessageFile
C:\Windows\system32\drivers\fvevol.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
C:\Windows\system32\qmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
C:\Windows\system32\bthserv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bluetooth-BthLEPrepairing, EventMessageFile
C:\Windows\system32\drivers\cmimcext.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CoreSystem-InitMachineConfig, EventMessageFile
C:\Windows\system32\cofiredm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
C:\Windows\system32\cofiredm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
C:\Windows\System32\samsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
C:\Windows\system32\dfdts.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
C:\Windows\system32\WUDFPlatform.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
C:\Windows\System32\Drivers\EhStorTcgDrv.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv, EventMessageFile
C:\Windows\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
C:\Windows\System32\wevtsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
C:\Windows\system32\drivers\exfat.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-exFAT-SQM, EventMessageFile
C:\Windows\system32\drivers\fastfat.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fat-SQM, EventMessageFile
C:\Windows\system32\fthsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap, EventMessageFile
C:\Windows\system32\drivers\fltmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
C:\Windows\System32\mpssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
C:\Windows\system32\fdphost.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
C:\Windows\system32\drivers\msgpioclx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GPIO-ClassExtension, EventMessageFile
C:\Windows\system32\gpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
C:\Windows\system32\microsoft-windows-hal-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
C:\Windows\system32\drivers\http.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
C:\Windows\system32\drivers\hvservice.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Hyper-V-Hypervisor, EventMessageFile
C:\Windows\system32\iphlpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
C:\Windows\system32\iumbase.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IsolatedUserMode, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Boot, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-General, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Interrupt-Steering, EventMessageFile
C:\Windows\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-IO, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-pnp-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-PnP, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
C:\Windows\System32\Drivers\VerifierExt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-XDV, EventMessageFile
C:\Windows\system32\lpksetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
C:\Windows\system32\MemoryDiagnostic.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Memory-Diagnostic-Task-Handler, EventMessageFile
C:\Windows\System32\relpost.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
C:\Windows\System32\mdsched.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
C:\Windows\system32\drivers\mountmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MountMgr, EventMessageFile
C:\Windows\system32\drivers\ndis.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NDIS, EventMessageFile
C:\Windows\system32\drivers\NdisImPlatform.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NdisImPlatformSysEvtProvider, EventMessageFile
C:\Windows\system32\drivers\bridge.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NetworkBridge, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs-UBPM, EventMessageFile
C:\Windows\system32\drivers\wof.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-OverlayFilter, EventMessageFile
C:\Windows\system32\drivers\nvdimm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-PersistentMemory-Nvdimm, EventMessageFile
C:\Windows\system32\drivers\pmem.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-PersistentMemory-PmemDisk, EventMessageFile
C:\Windows\system32\umpoext.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Power-Meter-Polling, EventMessageFile
C:\Windows\system32\drivers\refs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ReFS, EventMessageFile
C:\Windows\system32\drivers\refsv1.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ReFS-v1, EventMessageFile
C:\Windows\system32\reseteng.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResetEng, EventMessageFile
C:\Windows\system32\fdrespub.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
C:\Windows\system32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
C:\Windows\system32\drivers\SerCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension, EventMessageFile
C:\Windows\system32\drivers\SerCx2.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension-V2, EventMessageFile
C:\Windows\system32\oobe\winsetup.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
C:\Windows\system32\setupetw.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SetupPlatform, EventMessageFile
C:\Windows\system32\drivers\SpbCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-ClassExtension, EventMessageFile
C:\Windows\system32\drivers\hidi2c.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-HIDI2C, EventMessageFile
C:\Windows\system32\csrsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
C:\Windows\system32\schedsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
C:\Windows\system32\lsm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
C:\Windows\system32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
C:\Windows\System32\Drivers\UMDF\UsbccidDriver.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-CCID, EventMessageFile
C:\Windows\system32\drivers\MAUSBHOST.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-MAUSBHOST, EventMessageFile
C:\Windows\System32\drivers\usbhub3.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-USBHUB3, EventMessageFile
C:\Windows\system32\drivers\usbxhci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-USBXHCI, EventMessageFile
C:\Windows\system32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserModePowerService, EventMessageFile
C:\Windows\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
C:\Windows\system32\whealogr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WHEA-Logger, EventMessageFile
C:\Windows\System32\pwlauncher.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsToGo-StartupOptions, EventMessageFile
C:\Windows\system32\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
C:\Windows\system32\wininit.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Wininit, EventMessageFile
C:\Windows\system32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
C:\Windows\system32\wlansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
C:\Windows\System32\drivers\mlx4_bus.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mlx4_bus, EventMessageFile
C:\Windows\System32\drivers\mouclass.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\Windows\System32\drivers\mouhid.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\Windows\System32\Drivers\umdf\Microsoft.Bluetooth.Profiles.HidOverGatt.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mshidumdf, EventMessageFile
C:\Windows\System32\iscsiexe.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
C:\Windows\System32\drivers\MTConfig.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\Windows\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
C:\Windows\System32\drivers\nvdimm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvdimm, EventMessageFile
C:\Windows\System32\drivers\nvstor.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\Windows\System32\drivers\parport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\Windows\System32\Drivers\Pcmcia.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\Windows\System32\drivers\pmem.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pmem, EventMessageFile
C:\Windows\System32\drivers\pnpmem.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PNPMEM, EventMessageFile
C:\Windows\System32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
C:\Windows\System32\drivers\processr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\Windows\system32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp, EventMessageFile
C:\Windows\system32\RDXService.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RetailDemo, EventMessageFile
C:\Windows\System32\Drivers\rfcomm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RFCOMM, EventMessageFile
C:\Windows\System32\Drivers\rhproxy.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\rhproxy, EventMessageFile
C:\Windows\System32\samsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
C:\Windows\System32\drivers\sbp2port.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\Windows\System32\lsasrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
C:\Windows\system32\drivers\SerCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx, EventMessageFile
C:\Windows\system32\drivers\SerCx2.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx2, EventMessageFile
C:\Windows\System32\drivers\serial.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\Windows\System32\drivers\sermouse.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\Windows\system32\services.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
C:\Windows\System32\snmptrap.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
C:\Windows\system32\drivers\SpbCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\spbcx, EventMessageFile
C:\Windows\System32\wiaservc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
C:\Windows\System32\drivers\SynTP.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SynTP, EventMessageFile
C:\Windows\System32\tcpmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
C:\Windows\system32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService, EventMessageFile
C:\Windows\System32\drivers\tpm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TPM, EventMessageFile
C:\Windows\System32\Drivers\uefi.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UEFI, EventMessageFile
C:\Windows\System32\umrdp.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UmRdpService, EventMessageFile
C:\Windows\System32\Drivers\usbehci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\usbehci, EventMessageFile
C:\Windows\System32\Drivers\usbser.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\usbser, EventMessageFile
C:\Windows\System32\vdsbas.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Basic Provider, EventMessageFile
C:\Windows\System32\vdsdyn.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Dynamic Provider, EventMessageFile
C:\Windows\System32\vdsvd.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Virtual Disk Provider, EventMessageFile
C:\Windows\System32\vds.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service, EventMessageFile
C:\Windows\System32\drivers\vmci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vmci, EventMessageFile
C:\Windows\system32\DRIVERS\vmnetadapter.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VMnetAdapter, EventMessageFile
C:\Windows\system32\DRIVERS\vmnetbridge.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VMnetBridge, EventMessageFile
C:\Windows\system32\drivers\vmnetuserif.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VMnetuserif, EventMessageFile
C:\Windows\system32\drivers\volsnap.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\Windows\System32\drivers\vpci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vpci, EventMessageFile
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
C:\Windows\System32\drivers\wacompen.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\Windows\system32\WalletService.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WalletService, EventMessageFile
C:\Windows\System32\drivers\Wdf01000.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
C:\Windows\System32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc, EventMessageFile
C:\Windows\System32\win32kbase.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k, EventMessageFile
C:\Program Files (x86)\Windows Defender\MpEvMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
C:\Windows\System32\DFDTS.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName Delete
C:\Windows\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName Delete
C:\Windows\System32\vmictimeprovider.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider, DllName Delete
.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	?	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
auditcse.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{16be69fa-4209-4250-88cb-716cf41954e0}, DLLName Delete
C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}, DLLName Delete
WorkFoldersGPExt.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4d968b55-cac2-4ff5-983f-0a54603781a3}, DLLName Delete
pwlauncher.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}, DLLName Delete
pwlauncher.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C34B2751-1CF4-44F5-9262-C3FC39666591}, DLLName Delete
auditcse.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
nvoglv64.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers\MSOGL, DLL Delete
C:\Windows\System32\WUDFHost.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath Delete
C:\Windows\System32\WUDFCompanionHost.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{2c0a6c48-3046-7713-a07b-18ab5d813333}, HostProcessImagePath Delete
C:\Users\Admin\AppData\Roaming\ICQ\bin\icq.exe 27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14 Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ.lnk,
Autoruns items found - 843, recognized as trusted - 437

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll 587.93 kb, rsAh, created: 29.10.2018 01:10:10, modified: 04.08.2018 12:55:00 Script: Quarantine, Delete, Delete via BC	BHO	Bitdefender Password Manager Internet Explorer Browser Helper Object	©1997-2018 Bitdefender	{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} Delete
C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll 587.93 kb, rsAh, created: 29.10.2018 01:10:10, modified: 04.08.2018 12:55:00 Script: Quarantine, Delete, Delete via BC	Toolbar	Bitdefender Password Manager Internet Explorer Browser Helper Object	©1997-2018 Bitdefender	{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} Delete
error getting file info	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
error getting file info	Extension module			{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} Delete
Items found - 10, recognized as trusted - 6

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
error getting file info	Contacts folder			{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} Delete
error getting file info	WebCheck			{E6FB5E20-DE35-11CF-9C87-00AA005127ED} Delete
error getting file info	WinRAR shell extension			{B41DB860-64E4-11D2-9906-E49FADC173CA} Delete
Items found - 39, recognized as trusted - 36

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
AppMon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Appmon
IPPMon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	IppMon
localspl.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Local Port
FXSMON.DLL error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Standard TCP/IP Port
usbmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	USB Monitor
WSDMon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	WSD Port
inetpp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Provider	HTTP Print Services
win32spl.dll error getting file info Script: Quarantine, Delete, Delete via BC	Provider	LanMan Print Services
Items found - 9, recognized as trusted - 0

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer	Path	Command line	Type
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe 3390.27 kb, rsAh, created: 17.10.2018 23:24:41, modified: 28.03.2018 15:07:22 Script: Quarantine, Delete, Delete via BC	ASCU11_PerformanceMonitor Script: Delete		Performance Monitor	Copyright © 2005-2018 IObit. All Rights Reserved.	C:\Windows\system32\Tasks\	C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe /Task	64
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe 8316.27 kb, rsAh, created: 17.10.2018 23:24:39, modified: 17.09.2018 17:20:06 Script: Quarantine, Delete, Delete via BC	ASCU11_SkipUac_Admin Script: Delete		Advanced SystemCare Ultimate 11	© IObit. All rights reserved.	C:\Windows\system32\Tasks\	C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe /SkipUac	64
C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe 470.73 kb, rsAh, created: 01.11.2018 20:40:24, modified: 01.11.2018 20:40:24 Script: Quarantine, Delete, Delete via BC	Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C Script: Delete		Bitdefender agent	©1997-2018 Bitdefender	C:\Windows\system32\Tasks\	C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe	64
C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DriverBooster.exe 6972.77 kb, rsAh, created: 17.10.2018 23:26:55, modified: 25.09.2018 19:12:52 Script: Quarantine, Delete, Delete via BC	Driver Booster SkipUAC (Admin) Script: Delete		Driver Booster	© IObit. All rights reserved	C:\Windows\system32\Tasks\	C:\Program Files (x86)\IObit\Driver Booster\6.0.2\DriverBooster.exe /skipuac	64
%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" error getting file info Script: Quarantine, Delete, Delete via BC	UninstallSMB1ClientTask Script: Delete				C:\Windows\system32\Tasks\Microsoft\Windows\SMB\	%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"	64
%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" error getting file info Script: Quarantine, Delete, Delete via BC	UninstallSMB1ServerTask Script: Delete				C:\Windows\system32\Tasks\Microsoft\Windows\SMB\	%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"	64
C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe 5035.77 kb, rsAh, created: 17.10.2018 23:28:24, modified: 29.09.2018 15:54:00 Script: Quarantine, Delete, Delete via BC	Uninstaller_SkipUac_Admin Script: Delete		Uninstall Programs	© IObit. All rights reserved.	C:\Windows\system32\Tasks\	C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer	64
Items found - 100, recognized as trusted - 93

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 7, recognized as trusted - 7

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 14, recognized as trusted - 14
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
139 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1536 LISTENING 0.0.0.0 0 wininit.exe [848]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1547 ESTABLISHED 127.0.0.1 1548 DevMgmtService.exe [3168]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1548 ESTABLISHED 127.0.0.1 1547 DevMgmtService.exe [3168]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1549 ESTABLISHED 127.0.0.1 1550 DevMgmtService.exe [3168]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1550 ESTABLISHED 127.0.0.1 1549 DevMgmtService.exe [3168]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1563 LISTENING 0.0.0.0 0 spoolsv.exe [4664]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1576 LISTENING 0.0.0.0 0 services.exe [924]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1631 LISTENING 0.0.0.0 0 lsass.exe [944]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1722 ESTABLISHED 74.125.68.188 5228 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1890 ESTABLISHED 81.161.59.85 80 DevMgmtService.exe [3168]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
1905 ESTABLISHED 64.233.187.188 5228 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
2116 ESTABLISHED 31.13.95.8 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
2290 ESTABLISHED 31.13.95.36 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
2324 ESTABLISHED 74.125.130.188 5228 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
2598 ESTABLISHED 31.13.95.8 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
2929 ESTABLISHED 108.177.97.188 5228 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
2948 ESTABLISHED 216.58.220.197 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
2982 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
2984 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3031 ESTABLISHED 192.30.253.124 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3033 ESTABLISHED 192.30.253.124 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3043 ESTABLISHED 192.30.253.125 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3049 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3050 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3051 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3052 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3053 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3059 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3060 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3061 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3062 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3107 ESTABLISHED 178.237.20.120 443 c:\users\admin\appdata\roaming\icq\bin\icq.exe [3300]
27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14
Script: Quarantine, Delete, Delete via BC, Terminate
3108 ESTABLISHED 178.237.20.79 443 c:\users\admin\appdata\roaming\icq\bin\icq.exe [3300]
27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14
Script: Quarantine, Delete, Delete via BC, Terminate
3116 ESTABLISHED 77.246.157.60 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3119 CLOSE_WAIT 178.237.20.30 443 c:\users\admin\appdata\roaming\icq\bin\icq.exe [3300]
27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14
Script: Quarantine, Delete, Delete via BC, Terminate
3120 CLOSE_WAIT 192.30.253.112 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3122 CLOSE_WAIT 34.197.170.117 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3123 ESTABLISHED 192.30.253.112 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3124 ESTABLISHED 151.101.8.133 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3125 CLOSE_WAIT 192.30.253.116 443 chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3127 ESTABLISHED 178.237.20.30 443 c:\users\admin\appdata\roaming\icq\bin\icq.exe [3300]
27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
137 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
137 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
57017 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
57239 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
58958 LISTENING -- -- SkypeApp.exe [9396]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
63390 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
63702 LISTENING -- -- chrome.exe [11472]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 17, recognized as trusted - 17

Active Setup

File name Description Manufacturer CLSID
Items found - 3, recognized as trusted - 3

HOSTS file

Hosts file record

Protocols and handlers

File name Type Description Manufacturer CLSID
Items found - 15, recognized as trusted - 15

Shared resources

Network name Path Notes
IPC$ Remote IPC

Suspicious objects

File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.46
Scanning started at 04.11.2018 23:02:42
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 04.11.2018 04:00
Heuristic microprograms loaded: 411
PVS microprograms loaded: 10
Digital signatures of system files loaded: 1022867
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.17134,  "Windows 10 Home", install date 18.10.2018 13:01:40 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
Function kernel32.dll:ReadConsoleInputExA (1123) intercepted, method - ProcAddressHijack.GetProcAddress ->75DBBB8E->747312E0
Function kernel32.dll:ReadConsoleInputExW (1124) intercepted, method - ProcAddressHijack.GetProcAddress ->75DBBBC1->74731310
 Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:NtCreateFile (288) intercepted, method - ProcAddressHijack.GetProcAddress ->77AFA7B0->60741430
Function ntdll.dll:NtSetInformationFile (587) intercepted, method - ProcAddressHijack.GetProcAddress ->77AFA4D0->60741590
Function ntdll.dll:NtSetValueKey (619) intercepted, method - ProcAddressHijack.GetProcAddress ->77AFA860->60741610
Function ntdll.dll:ZwCreateFile (1789) intercepted, method - ProcAddressHijack.GetProcAddress ->77AFA7B0->60741430
Function ntdll.dll:ZwSetInformationFile (2086) intercepted, method - ProcAddressHijack.GetProcAddress ->77AFA4D0->60741590
Function ntdll.dll:ZwSetValueKey (2118) intercepted, method - ProcAddressHijack.GetProcAddress ->77AFA860->60741610
 Analysis: user32.dll, export table found in section .text
Function user32.dll:CallNextHookEx (1536) intercepted, method - ProcAddressHijack.GetProcAddress ->7585A7E0->60741300
Function user32.dll:SetWindowsHookExW (2402) intercepted, method - ProcAddressHijack.GetProcAddress ->7585B7C0->60741690
Function user32.dll:Wow64Transition (1505) intercepted, method - CodeHijack (not defined)
 Analysis: advapi32.dll, export table found in section .text
Function advapi32.dll:CveEventWrite (1234) intercepted, method - ProcAddressHijack.GetProcAddress ->75382804->74765400
Function advapi32.dll:I_ScRegisterPreshutdownRestart (1387) intercepted, method - ProcAddressHijack.GetProcAddress ->7538372B->776ECF10
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
Function netapi32.dll:NetFreeAadJoinInformation (130) intercepted, method - ProcAddressHijack.GetProcAddress ->72BCC27A->5A674FE0
Function netapi32.dll:NetGetAadJoinInformation (131) intercepted, method - ProcAddressHijack.GetProcAddress ->72BCC2A9->5A675350
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 26
 Number of modules loaded: 383
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>>> Security: Internet Explorer allows ActiveX, not marked as safe
>>> Security: block ActiveX, not marked as safe, in Internet Explorer
>>> Security: Internet Explorer allows unsigned ActiveX elements
>>> Security: Internet Explorer allows automatic queries of ActiveX administrative elements
>>> Security: Internet Explorer allows running files and applications in IFRAME window without asking user
Checking - complete
9. Troubleshooting wizard
 >>  Process termination timeout is out of admissible values
Checking - complete
Files scanned: 409, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 04.11.2018 23:03:06
Time of scanning: 00:00:25
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.88,77.88.55.80,5.255.255.88,5.255.255.5", Ping=OK (0,382,77.88.55.88)
  Host="google.ru", IP="216.58.203.35", Ping=OK (0,30,216.58.203.35)
  Host="google.com", IP="172.217.24.46", Ping=OK (0,39,172.217.24.46)
  Host="www.kaspersky.com", IP="68.142.68.28,68.142.70.28", Ping=OK (0,38,68.142.68.28)
  Host="www.kaspersky.ru", IP="68.142.68.28,68.142.70.28", Ping=OK (0,38,68.142.68.28)
  Host="dnl-03.geo.kaspersky.com", IP="103.254.155.2", Ping=OK (0,94,103.254.155.2)
  Host="dnl-11.geo.kaspersky.com", IP="43.249.37.43", Ping=OK (0,56,43.249.37.43)
  Host="activation-v2.kaspersky.com", IP="218.213.94.62", Ping=OK (0,55,218.213.94.62)
  Host="odnoklassniki.ru", IP="217.20.155.13,5.61.23.11,217.20.147.1", Ping=OK (0,239,217.20.155.13)
  Host="vk.com", IP="87.240.129.71,87.240.180.136,87.240.182.224,87.240.129.133", Ping=OK (0,323,87.240.129.71)
  Host="vkontakte.ru", IP="95.213.4.229,95.213.4.228", Ping=OK (0,325,95.213.4.229)
  Host="twitter.com", IP="104.244.42.65,104.244.42.1", Ping=OK (0,43,104.244.42.65)
  Host="facebook.com", IP="31.13.95.36", Ping=OK (0,39,31.13.95.36)
  Host="ru-ru.facebook.com", IP="31.13.95.8", Ping=OK (0,40,31.13.95.8)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Remote Desktop Services)
Security tweaking: disable CD autorun
Security: block ActiveX, not marked as safe, in Internet Explorer
Security: Internet Explorer allows ActiveX, not marked as safe, without asking user
Security: block unsigned ActiveX elements in Internet Explorer
Security: block automatic queries of ActiveX administrative elements in Internet Explorer
Security: block running files and applications in IFRAME window without asking user in Internet Explorer

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
139	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
139	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
139	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1536	LISTENING	0.0.0.0	0	wininit.exe [848] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1547	ESTABLISHED	127.0.0.1	1548	DevMgmtService.exe [3168] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1548	ESTABLISHED	127.0.0.1	1547	DevMgmtService.exe [3168] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1549	ESTABLISHED	127.0.0.1	1550	DevMgmtService.exe [3168] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1550	ESTABLISHED	127.0.0.1	1549	DevMgmtService.exe [3168] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1563	LISTENING	0.0.0.0	0	spoolsv.exe [4664] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1576	LISTENING	0.0.0.0	0	services.exe [924] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1631	LISTENING	0.0.0.0	0	lsass.exe [944] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1722	ESTABLISHED	74.125.68.188	5228	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1890	ESTABLISHED	81.161.59.85	80	DevMgmtService.exe [3168] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
1905	ESTABLISHED	64.233.187.188	5228	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
2116	ESTABLISHED	31.13.95.8	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
2290	ESTABLISHED	31.13.95.36	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
2324	ESTABLISHED	74.125.130.188	5228	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
2598	ESTABLISHED	31.13.95.8	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
2929	ESTABLISHED	108.177.97.188	5228	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
2948	ESTABLISHED	216.58.220.197	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
2982	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
2984	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3031	ESTABLISHED	192.30.253.124	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3033	ESTABLISHED	192.30.253.124	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3043	ESTABLISHED	192.30.253.125	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3049	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3050	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3051	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3052	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3053	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3059	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3060	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3061	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3062	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3107	ESTABLISHED	178.237.20.120	443	c:\users\admin\appdata\roaming\icq\bin\icq.exe [3300] 27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14 Script: Quarantine, Delete, Delete via BC, Terminate
3108	ESTABLISHED	178.237.20.79	443	c:\users\admin\appdata\roaming\icq\bin\icq.exe [3300] 27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14 Script: Quarantine, Delete, Delete via BC, Terminate
3116	ESTABLISHED	77.246.157.60	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3119	CLOSE_WAIT	178.237.20.30	443	c:\users\admin\appdata\roaming\icq\bin\icq.exe [3300] 27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14 Script: Quarantine, Delete, Delete via BC, Terminate
3120	CLOSE_WAIT	192.30.253.112	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3122	CLOSE_WAIT	34.197.170.117	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3123	ESTABLISHED	192.30.253.112	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3124	ESTABLISHED	151.101.8.133	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3125	CLOSE_WAIT	192.30.253.116	443	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3127	ESTABLISHED	178.237.20.30	443	c:\users\admin\appdata\roaming\icq\bin\icq.exe [3300] 27811.15 kb, rsAh, created: 04.11.2018 15:02:14, modified: 04.11.2018 15:02:14 Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
137	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
137	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
57017	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
57239	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
58958	LISTENING	--	--	SkypeApp.exe [9396] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
63390	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
63702	LISTENING	--	--	chrome.exe [11472] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate