Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files\capturewiz\pro\capturewiz.exe Script: Quarantine, Delete, Delete via BC, Terminate	3668	CaptureWiz Pro application file	Copyright © PixelMetrics 2000-2012	AD5522908D790C16382CABFC533A20CC	4930.28 kb, rsAh, created: 15.12.2014 07:20:48, modified: 15.12.2012 23:30:32 Command line: "C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe"
c:\program files\comodo\dragon\dragon_updater.exe Script: Quarantine, Delete, Delete via BC, Terminate	124	dragon_updater	Copyright (C) 2009-2013, Comodo Security Solutions, Inc.	871C2AF42E2535322DB226BB718B1978	2089.19 kb, rsAh, created: 27.05.2014 15:58:30, modified: 27.05.2014 15:58:30 Command line: "C:\Program Files\Comodo\Dragon\dragon_updater.exe"
c:\windows\explorer.exe Script: Quarantine, Delete, Delete via BC, Terminate	3288	Windows Explorer	© Microsoft Corporation. All rights reserved.	8B88EBBB05A0E56B7DCC708498C02B3E	2555.00 kb, rsah, created: 01.09.2014 19:47:04, modified: 25.02.2011 08:30:54 Command line: C:\Windows\Explorer.EXE
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	3376	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	265B49EF94A5AA713192EE97A7D248B5	330.11 kb, rsAh, created: 26.01.2015 23:19:28, modified: 26.01.2015 23:19:37 Command line: "C:\Program Files\Mozilla Firefox\firefox.exe" -p
c:\program files\blueberry software\bb flashback pro 5\flashback recorder.exe Script: Quarantine, Delete, Delete via BC, Terminate	2396	BB FlashBack Pro 5 Recorder	Blueberry Consultants Ltd. (c) 2014	4D7A17C02D8FBEC2AF4F3EDD46A0EF72	6133.32 kb, rsAh, created: 18.12.2014 14:46:20, modified: 18.12.2014 14:46:20 Command line: "C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FlashBack Recorder.exe"
c:\windows\system32\macromed\flash\flashplayerplugin_16_0_0_296.exe Script: Quarantine, Delete, Delete via BC, Terminate	5960	Adobe Flash Player 16.0 r0	Adobe® Flash® Player. Copyright © 1996-2015 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.	786840D3A66E08C99B617BEA4E30B5C0	1836.67 kb, rsAh, created: 25.01.2015 02:23:33, modified: 25.01.2015 02:23:35 Command line: "C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe" --channel=2684.0029F88C.302862657 --proxy-stub-channel=Flash1236.59E46220.1178 --plugin-path="C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll" --host-npapi-version=27 --type=renderer
c:\windows\system32\macromed\flash\flashplayerplugin_16_0_0_296.exe Script: Quarantine, Delete, Delete via BC, Terminate	2684	Adobe Flash Player 16.0 r0	Adobe® Flash® Player. Copyright © 1996-2015 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.	786840D3A66E08C99B617BEA4E30B5C0	1836.67 kb, rsAh, created: 25.01.2015 02:23:33, modified: 25.01.2015 02:23:35 Command line: "C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe" --proxy-stub-channel=Flash1236.59E46220.1178 --host-broker-channel=Flash1236.59E46220.3488 --host-pid=1236 --host-npapi-version=27 --plugin-path="C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll"
c:\program files\blueberry software\bb flashback pro 5\fbo\ftsuploadagent.exe Script: Quarantine, Delete, Delete via BC, Terminate	2996	FTSUploadAgent	Copyright © 2012	374F45FA68732633A163E5585AE41A68	35.32 kb, rsAh, created: 18.12.2014 14:12:46, modified: 18.12.2014 14:12:46 Command line: "C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FBO\FTSUploadAgent.exe" /p:95c /w:10470
c:\program files\joyvy\gcupdater.exe Script: Quarantine, Delete, Delete via BC, Terminate	2260	GameCenter Updater Application	Copyright http://joyvy.com/ (C) 2012	69D98881CCB583AF583CE6A1FA54290E	176.23 kb, rsAh, created: 31.10.2014 17:26:38, modified: 31.10.2014 17:26:38 Command line: "C:\Program Files\Joyvy\GCUpdater.exe"
c:\users\b\desktop\tweaking.com - windows repair\get system info.exe Script: Quarantine, Delete, Delete via BC, Terminate	2812			6BE03319DCE279E307C4F181C414B0A7	19617.09 kb, rsAh, created: 05.01.2015 13:04:52, modified: 22.01.2015 04:44:23 Command line: "C:\Users\b\Desktop\Tweaking.com - Windows Repair\Get System Info.exe"
c:\users\b\appdata\local\temp\gsi_lauch\gsi.exe Script: Quarantine, Delete, Delete via BC, Terminate	2064	Kaspersky Get System Info	2014 Kaspersky Lab ZAO. All Rights Reserved.	1E67322002EFF9A9DF0F746EA823802F	1379.09 kb, rsAh, created: 01.02.2015 01:12:44, modified: 01.02.2015 01:12:44 Command line: C:\Users\b\AppData\Local\Temp\\GSI_LAUCH\GSI.exe
c:\program files\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	2828	IAStorDataSvc	Copyright © Intel Corporation 2009-2010	31A0E93CDF29007D6C6FFFB632F375ED	13.02 kb, rsAh, created: 01.09.2014 00:41:42, modified: 03.03.2010 20:16:06 Command line: "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
c:\program files\kaspersky lab\kaspersky security scan\kss.exe Script: Quarantine, Delete, Delete via BC, Terminate	1508		© 2014 Kaspersky Lab ZAO. All Rights Reserved.	D84C2292C23790950BF3ACE496802D47	659.27 kb, rsAh, created: 13.12.2014 16:49:42, modified: 13.12.2014 16:49:42 Command line: "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" -r
c:\program files\blueberry software\bb flashback pro 5\logsysserver.exe Script: Quarantine, Delete, Delete via BC, Terminate	2472	LogSysServer Application	Copyright (C) 2003-2014	BF463DE2B2D5524D8C0A34E87A62E0B9	1083.32 kb, rsAh, created: 18.12.2014 14:12:44, modified: 18.12.2014 14:12:44 Command line: "C:\Program Files\Blueberry Software\BB FlashBack Pro 5\LogSysServer.exe" -x
c:\users\b\appdata\local\temp\mexetmp.ex~ Script: Quarantine, Delete, Delete via BC, Terminate	2580	MicroWorld Anti Virus & Spyware Toolkit Utility	Copyright © MicroWorld Technologies Inc.	22E0E501F6E0EB53A4350D9A1643254D	1066.79 kb, rsAh, created: 31.01.2015 22:31:58, modified: 31.01.2015 22:32:00 Command line: C:\Users\b\AppData\Local\Temp\mexetmp.ex~ /xsign
c:\windows\system32\mmc.exe Script: Quarantine, Delete, Delete via BC, Terminate	5944	Microsoft Management Console	© Microsoft Corporation. All rights reserved.	6AAF3BECE2C3D17091BCEF37C5A82AC0	1368.50 kb, rsAh, created: 14.07.2009 02:32:18, modified: 14.07.2009 04:14:24 Command line: "C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc"
c:\program files\oshi\defender\oshidfui.exe Script: Quarantine, Delete, Delete via BC, Terminate	4020	OSHI Defender	Copyright (c) 2013 Aveas Limited. All rights reserved.	F79786CC79F37C86233D87F505F3EFE9	4324.98 kb, rsAh, created: 09.04.2014 16:49:32, modified: 09.04.2014 16:49:32 Command line: "C:\Program Files\OSHI\Defender\oshidfui.exe" /scan 09073764-9BA8-4A36-9913-CCCEDC3D3C70 345E9B95-7F53-4FC6-BC01-4D1136176575
c:\program files\panda security\panda cloud cleaner\pcloudcleaner.exe Script: Quarantine, Delete, Delete via BC, Terminate	5092			24739A08A9501A0DD136877BEA85098D	4514.74 kb, rsAh, created: 02.01.2015 13:19:47, modified: 11.07.2014 13:21:42 Command line: "C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe"
c:\program files\mozilla firefox\plugin-container.exe Script: Quarantine, Delete, Delete via BC, Terminate	1236	Plugin Container for Firefox	License: MPL 2	72E7A13372047CA67AB84FAF2F49EF06	237.61 kb, rsAh, created: 26.01.2015 23:19:29, modified: 26.01.2015 23:19:34 Command line: "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=3376.12e72dc0.1585943514 "C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll" -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 308046B0AF4A39CB 3376 "\\.\pipe\gecko-crash-server-pipe.3376" plugin
c:\program files\common files\protexis\license service\psiservice_2.exe Script: Quarantine, Delete, Delete via BC, Terminate	2692	PsiService PsiService	© 2000-2005 Protexis Inc.	16783D49B6931414BAD1B2368ADD9656	270.86 kb, rsAh, created: 30.04.2014 16:00:36, modified: 30.04.2014 16:00:36 Command line: "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
c:\program files\openvpn technologies\privatetunnel\ptcore.exe Script: Quarantine, Delete, Delete via BC, Terminate	2944	PrivateTunnel Core Daemon	Copyright (C) 2002-2013 OpenVPN Technologies, Inc.	2002194586426E0AAB90B560673364CA	774.40 kb, rsAh, created: 14.10.2014 20:45:50, modified: 14.10.2014 20:45:50 Command line: ptcore
c:\program files\openvpn technologies\privatetunnel\ptservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	2720	PrivateTunnel Service	Copyright (C) 2002-2013 OpenVPN Technologies, Inc.	9C7AF5E1C7EE3BC595E97EE7CB4634FD	17.40 kb, rsAh, created: 02.10.2014 21:36:44, modified: 02.10.2014 21:36:44 Command line: "C:\Program Files\OpenVPN Technologies\PrivateTunnel\ptservice.exe"
c:\program files\blueberry software\bb flashback pro 5\recorderchecker.exe Script: Quarantine, Delete, Delete via BC, Terminate	5040	Recorder Checker Application	Copyright (C) 2014	189543E4D09D1C76A40E216DA4A44F99	246.32 kb, rsAh, created: 18.12.2014 14:12:44, modified: 18.12.2014 14:12:44 Command line: RecorderChecker.exe 2396 197246 "BB FlashBack Pro 5 Recorder"
c:\program files\cyberlink\shared files\richvideo.exe Script: Quarantine, Delete, Delete via BC, Terminate	3700	CyberLink RichVideo Module	Copyright 2004	0758FD515EDC3EC67FD38A0049A3768E	247.83 kb, rsAh, created: 06.09.2014 00:20:05, modified: 01.04.2014 15:08:06 Command line: "C:\Program Files\CyberLink\Shared files\RichVideo.exe"
c:\program files\superantispyware\superantispyware.exe Script: Quarantine, Delete, Delete via BC, Terminate	4748	SUPERAntiSpyware Application	Copyright (C) 2005-2014 SUPERAntiSpyware & Support.com	6B6E1D3A3A0CEBDE9FD3BF2BF42F76EE	6542.77 kb, rsAh, created: 22.01.2015 21:31:12, modified: 22.01.2015 21:31:12 Command line: "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:b159e011-ba99-4442-b520-646001b1cc0f
Detected:67, recognized as trusted 46

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\avcodec-52.dll Script: Quarantine, Delete, Delete via BC	141164544			28AACEC85D6B57D26CB3184078664826	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\avcore-0.dll Script: Quarantine, Delete, Delete via BC	1663303680			24E588192BDB9D67DE70D715C1FE89EC	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\avformat-52.dll Script: Quarantine, Delete, Delete via BC	1687420928			2D03A9700F3780B7E5648EEE718E6937	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\avutil-50.dll Script: Quarantine, Delete, Delete via BC	1793589248			417CE26EFCB4C34680AA933C391C831C	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\BBIPP.DLL Script: Quarantine, Delete, Delete via BC	1584857088			216A04FB21EE9E5482DC88EDA1B61E87	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\BORLNDMM.DLL Script: Quarantine, Delete, Delete via BC	1342373888	Embarcadero Memory Manager	Copyright © 1996,2013 Embarcadero Technologies, Inc.	6979A5037DE2910116165A1E5CA33628	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\CC32120MT.DLL Script: Quarantine, Delete, Delete via BC	851443712	Embarcadero RAD Studio C++ Multi-thread RTL (WIN/VCL MT)	Copyright © Embarcadero Technologies, Inc. 1994-2012	A26A70CC553BC7B0B89E90592FD72233	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\CheckForUpdate.dll Script: Quarantine, Delete, Delete via BC	71761920	Check for updates utility	Blueberry Software Ltd. (c) 2014	B3B0B73F53719585C814C18E33CE01BF	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\dbrtl170.bpl Script: Quarantine, Delete, Delete via BC	1352794112	Embarcadero Database Component Package	Copyright © 2001-2013 Embarcadero Technologies, Inc.	99765AF48F418EA57E481650AB48E9B7	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\dsnap170.bpl Script: Quarantine, Delete, Delete via BC	1352335360	Embarcadero Local Provider Component Package	Copyright © 1997-2013 Embarcadero Technologies, Inc.	7B5B9BE2A6C6C2BABB21F79C89A11AF9	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FBO\AWSSDK.dll Script: Quarantine, Delete, Delete via BC	1713831936	AWSSDK	Copyright 2009-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.	2B61708655108FC7E977027888D34D53	2996
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FBO\Blueberry.Logger.dll Script: Quarantine, Delete, Delete via BC	1837957120	Blueberry.Logger	Copyright © Blueberry Consultants Ltd. 2011	419F3D08C566B0C4069B3247F11A33D4	2996
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FBO\Blueberry.S3FileTransfer.dll Script: Quarantine, Delete, Delete via BC	1829568512	Blueberry.S3FileTransfer	Copyright © Blueberry Consultants, Ltd. 2011	E743C69CDBAB55B75D7213EE8A44C64C	2996
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FBO\Blueberry.TDFHandler.dll Script: Quarantine, Delete, Delete via BC	1831206912	Blueberry.RubricTDFHandler	Copyright © 2011	8FC5E3AB620C4C5D82E762FBFE5DF360	2996
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FBO\LogSys.Client.NET35.dll Script: Quarantine, Delete, Delete via BC	1821245440	LogSys.Client.NET35 Dynamic Link Library	Copyright (C) 2009-2011	B2D2E5A491930AA366CA18185AB7D4B7	2996
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FlashBackInstall.dll Script: Quarantine, Delete, Delete via BC	115671040			6D4A22271C0094FF67D828683796848A	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\inet170.bpl Script: Quarantine, Delete, Delete via BC	1356070912	Embarcadero Internet Component Package	Copyright © 1997-2013 Embarcadero Technologies, Inc.	1042EAE7FF1BE4CD7455AE953493BB87	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\LibAVEncoder.dll Script: Quarantine, Delete, Delete via BC	106168320	LibAVEncoder Dynamic Link Library	Copyright (C) 2014 Blueberry Software	1D70C6337EB08FBB92C158845E669DB9	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\libiomp5md.dll Script: Quarantine, Delete, Delete via BC	167051264	Intel(R) OMP Runtime Library	Copyright (C) 1997-2011, Intel Corporation. All rights reserved.	B85A3B59543ED2DF4F9B0F0A74890C91	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\libx264-128.dll Script: Quarantine, Delete, Delete via BC	1703673856	H.264 (MPEG-4 AVC) encoder library	Copyright (C) 2003-2012 x264 project	DE65379E8E402EE36E8FD75D77BA144E	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\rtl170.bpl Script: Quarantine, Delete, Delete via BC	1342504960	Embarcadero Component Package	Copyright © 1997-2013 Embarcadero Technologies, Inc.	3AF8A5000932A97FBE8DD8508384DB8F	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\soaprtl170.bpl Script: Quarantine, Delete, Delete via BC	1368522752	Embarcadero SOAP Runtime Support	Copyright © 2000-2013 Embarcadero Technologies, Inc.	4F7898886836DFE0578DC0548C4342F6	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\swscale-0.dll Script: Quarantine, Delete, Delete via BC	1836580864			0DD489FCF95A38C4671370C7CFC6D348	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\vcl170.bpl Script: Quarantine, Delete, Delete via BC	1346306048	Embarcadero Component Package	Copyright © 1997-2013 Embarcadero Technologies, Inc.	F77EA5D7CBEB284B821B659484E7C39D	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\vclimg170.bpl Script: Quarantine, Delete, Delete via BC	3407872	Embarcadero Imaging Package	Copyright © 1997-2013 Embarcadero Technologies, Inc.	F38D0A8589909F5EC79E2403752B574C	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\vclx170.bpl Script: Quarantine, Delete, Delete via BC	1350041600	Embarcadero Extended Component Package	Copyright © 1997-2013 Embarcadero Technologies, Inc.	AD76581E6CE875865BCE12F8EAF42854	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\VistaCoreSoundAPIWrap.dll Script: Quarantine, Delete, Delete via BC	268435456	Wrapper for Vista Sound Layer	Copyright Blueberry Consultants Ltd. (C) 2013	A064D73983318F6D583DF9B39A136853	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\XECompat.bpl Script: Quarantine, Delete, Delete via BC	3014656			9B74616C3569B3162D4652E4E59E0F9C	2396
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\xmlrtl170.bpl Script: Quarantine, Delete, Delete via BC	1353449472	Embarcadero XML Component Package	Copyright © 2000-2013 Embarcadero Technologies, Inc.	D198143922A934E2EA1C90B3F1EB0AF2	2396
C:\Program Files\Comodo\Dragon\distribution.dll Script: Quarantine, Delete, Delete via BC	1870462976	Comodo Dragon	Copyright (C) 2009-2014, Comodo Security Solutions, Inc.	608639882B9FD4C98BE9B245C6781095	124
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\minizip.ppl Script: Quarantine, Delete, Delete via BC	1778581504	ZIP MiniArchiver plugin	© 2014 Kaspersky Lab ZAO. All Rights Reserved.	B2CFF7607A30E4F7823564369A38AFD2	1508
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\prseqio.ppl Script: Quarantine, Delete, Delete via BC	1778515968	SEQIO	© 2014 Kaspersky Lab ZAO. All Rights Reserved.	1B2B12853CFCE6CD9CC2893FD095CD8C	1508
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\uniarc.ppl Script: Quarantine, Delete, Delete via BC	1935081472	UniArchiver plugin	© 2014 Kaspersky Lab ZAO. All Rights Reserved.	D9D29B497C30E8C380759F154B182081	1508
C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll Script: Quarantine, Delete, Delete via BC	1928396800		License: MPL 2	C2CF659F388EBCB9E5D4D579A3D192A4	3376
C:\Program Files\Mozilla Firefox\freebl3.dll Script: Quarantine, Delete, Delete via BC	1834024960	NSS freebl Library		ADAD1002BA29691F70F32DE219416FB8	3376
C:\Program Files\Mozilla Firefox\gkmedias.dll Script: Quarantine, Delete, Delete via BC	1544224768		License: MPL 2	6A8C679763F758AB111DA9BB64D21203	3376, 1236
C:\Program Files\Mozilla Firefox\icudt52.dll Script: Quarantine, Delete, Delete via BC	1565458432	ICU Data DLL	Copyright (C) 2013, International Business Machines Corporation and others. All Rights Reserved.	1A47B99FEFE67F3EC4FDAED17187B907	3376, 1236
C:\Program Files\Mozilla Firefox\icuin52.dll Script: Quarantine, Delete, Delete via BC	1812463616	ICU I18N DLL	Copyright (C) 2013, International Business Machines Corporation and others. All Rights Reserved.	3DCEB907632F335F1F7D88E9F62481E4	3376, 1236
C:\Program Files\Mozilla Firefox\icuuc52.dll Script: Quarantine, Delete, Delete via BC	1813708800	ICU Common DLL	Copyright (C) 2013, International Business Machines Corporation and others. All Rights Reserved.	23AC8F9740D57244CA0F035AD64A4D60	3376, 1236
C:\Program Files\Mozilla Firefox\mozalloc.dll Script: Quarantine, Delete, Delete via BC	1933705216		License: MPL 2	83CA994A5F030FCD4BC3AAD2DD499085	3376, 1236
C:\Program Files\Mozilla Firefox\mozglue.dll Script: Quarantine, Delete, Delete via BC	1855127552		License: MPL 2	43D496743D8775A80260177CC5CEC84E	3376, 1236
C:\Program Files\Mozilla Firefox\mozjs.dll Script: Quarantine, Delete, Delete via BC	1580859392			C2492C3E6580E942B2B730865A9C3374	3376, 1236
C:\Program Files\Mozilla Firefox\nss3.dll Script: Quarantine, Delete, Delete via BC	1814560768		License: MPL 2	18A32372444AD6A408E76784CD879AF7	3376, 1236
C:\Program Files\Mozilla Firefox\nssckbi.dll Script: Quarantine, Delete, Delete via BC	1818624000	NSS Builtin Trusted Root CAs		DAC64A0367AC121B7408A8E0F4B99CAA	3376
C:\Program Files\Mozilla Firefox\nssdbm3.dll Script: Quarantine, Delete, Delete via BC	1864237056	Legacy Database Driver		52A083E0F1C22838EE5E31BF76689668	3376
C:\Program Files\Mozilla Firefox\sandboxbroker.dll Script: Quarantine, Delete, Delete via BC	1835925504		License: MPL 2	B3C10E9DAD50E1F6B0A048C83B75B5B5	3376, 1236
C:\Program Files\Mozilla Firefox\softokn3.dll Script: Quarantine, Delete, Delete via BC	1855324160	NSS PKCS #11 Library		5A95915B9E942B9A5762AE0CE6E895C1	3376
C:\Program Files\Mozilla Firefox\xul.dll Script: Quarantine, Delete, Delete via BC	1487601664		License: MPL 2	D4CEB17185B3C509011864923CD34FB7	3376, 1236
C:\Program Files\OpenVPN Technologies\PrivateTunnel\libcurl.dll Script: Quarantine, Delete, Delete via BC	1934426112	libcurl Shared Library	© 1996 - 2014 Daniel Stenberg, .	1B24A2694D5E57F9D45AC1985B2E1874	2944
C:\Program Files\OpenVPN Technologies\PrivateTunnel\LIBEAY32.dll Script: Quarantine, Delete, Delete via BC	1918566400	OpenSSL Shared Library	Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	088FDC7BFB15BFCD256266BEC82F6411	2944
C:\Program Files\OpenVPN Technologies\PrivateTunnel\lzo2.dll Script: Quarantine, Delete, Delete via BC	1941372928			B99BE15DD0A0E3544D344EFDEA5B1E7F	2944
C:\Program Files\OpenVPN Technologies\PrivateTunnel\SSLEAY32.dll Script: Quarantine, Delete, Delete via BC	1934753792	OpenSSL Shared Library	Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	66710F5C83525B548DE1F59E48955A7B	2944
C:\Program Files\OSHI\Defender\sciter32.dll Script: Quarantine, Delete, Delete via BC	1685061632	The Sciter Engine: H-SMILE core + TIScript	Copyright Terra Informatica Software, Inc. (C) 2011	714E6DDE19D3A9DF89E9EBA1712B17A2	4020
C:\Program Files\Panda Security\Panda Cloud Cleaner\Backend.dll Script: Quarantine, Delete, Delete via BC	1774911488		Copyright (C) 2013	EA231FAE9ED38ABD5AB72312DE8A7E37	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\CommonCmp.dll Script: Quarantine, Delete, Delete via BC	1774714880		Copyright (C) 2013	50028D3EB21B2DBADB1CF270F68A26FF	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\CommonCODEC.dll Script: Quarantine, Delete, Delete via BC	34144256		Copyright (C) 2013	C31B2C9737C7173A5F7440A2FF1680E5	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\DllCustomInstall.dll Script: Quarantine, Delete, Delete via BC	1780088832		Copyright (C) 2013	89DB0507B6DD39652085D71636B12D37	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\Engine.dll Script: Quarantine, Delete, Delete via BC	1776746496		Copyright (C) 2013	8ADE2AFABFEF6D81C371938D4E08284E	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\libcurl.dll Script: Quarantine, Delete, Delete via BC	1797521408	libcurl Shared Library	© 1996 - 2013 Daniel Stenberg, .	981F71BC1F50CFBE711BF895F4ED0E1B	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\NemesisInteropModule.dll Script: Quarantine, Delete, Delete via BC	1809514496		Copyright (C) 2013	2661E97CE8E140D98B903C02E4DDA226	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\pascplh.dll Script: Quarantine, Delete, Delete via BC	1769275392		Copyright (C) 2013	87BAD3A49ABC41B1CE57F1515591DC78	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\PCCRef.dll Script: Quarantine, Delete, Delete via BC	1776877568		Copyright (C) 2013	A7324CEED41C3128D809CEE1573DE2A5	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\PRSBLib.dll Script: Quarantine, Delete, Delete via BC	268435456			2E274A43E88399FB23214EE1CE5B1022	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\prtkp.dll Script: Quarantine, Delete, Delete via BC	1788149760		Copyright (C) 2013	71F12C9DC50F8D1234DA8A3EE98D3594	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\prtn.dll Script: Quarantine, Delete, Delete via BC	1782120448		Copyright (C) 2013	C82BACBF1217935B69EBB5D6E2337A36	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\psclsp.dll Script: Quarantine, Delete, Delete via BC	1876033536		Copyright (C) 2013	DB445B925412DFF8E0EB51E3476A9580	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\pskernel.dll Script: Quarantine, Delete, Delete via BC	1863122944		Copyright (C) 2013	D01002AAF44692EFE39F03030CB9B7EC	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\SecureBootLauncher.dll Script: Quarantine, Delete, Delete via BC	71958528		Copyright (C) 2013	B289129F7809218FC4838F565B08BFFD	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\Snapshot.dll Script: Quarantine, Delete, Delete via BC	1769472000		Copyright (C) 2013	373BA831643F675B5B4461CC06901909	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\StatisticsManager.dll Script: Quarantine, Delete, Delete via BC	41222144		Copyright (C) 2013	DA8FA3E848D9DAB173A35053FC81D50E	5092
C:\Program Files\Panda Security\Panda Cloud Cleaner\Tucan.dll Script: Quarantine, Delete, Delete via BC	72351744		Copyright (C) 2013	CC3285CF0B7F027A02C209DC777BE178	5092
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL Script: Quarantine, Delete, Delete via BC	1810694144	SUPERAntiSpyware Context Menu Extension	(C) Copyright 2006-2013 SUPERAdBlocker.com and SUPERAntiSpyware.com	76C460CF51F482783932425F27DE6524	3288
C:\Program Files\WinRAR\rarext.dll Script: Quarantine, Delete, Delete via BC	1808203776	WinRAR shell extension	Copyright © Alexander Roshal 1993-2014	100A9E388371C284D14ED63EA263E2AC	3288, 2064
C:\PROGRA~1\9-lab\REMOVA~1\shellext.dll Script: Quarantine, Delete, Delete via BC	219152384	shellext.dl		CEA640C61C25581F92D9369F0F10D321	3288
C:\Users\b\AppData\Local\temp\msvl64.dll Script: Quarantine, Delete, Delete via BC	268435456	64-Bit and Vista Scanning Interface	Copyright © MicroWorld Technologies Inc.	2CD7CBACEEB1379768670C2008CA8816	2580
C:\Users\b\AppData\Local\Temp\scan.dll Script: Quarantine, Delete, Delete via BC	1834418176	eScan (DB) File Scanner	Copyright (c) 2012. All rights reserved.	79EA6C60089079E935A5F8AA55F2D987	2580
C:\Windows\assembly\NativeImages_v2.0.50727_32\EventViewer\461938601287f0d25490fc0707e7240a\EventViewer.ni.dll Script: Quarantine, Delete, Delete via BC	1700986880		Copyright (c) Microsoft Corporation. All rights reserved.	F3259435934B0410322A9906EBFCA988	5944
C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\c3c39ea6a37114da61e3c4c89eaf28ac\IAStorDataMgr.ni.dll Script: Quarantine, Delete, Delete via BC	1842675712	IAStorService	Copyright © Intel Corporation 2009-2010	D9F31C2FBBC8E36FD3F9735D5D0E0913	2828
C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1f861b2b88c8a5a5b3b6c6144dc261d2\IAStorUtil.ni.dll Script: Quarantine, Delete, Delete via BC	1840316416	IAStorUtil	Copyright © Intel Corporation 2009-2010	E32FAC46559FE5EF9576D8D7C3A8ADB6	2828
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\5226b41757b9adeaf2e8366923a285ac\Microsoft.ManagementConsole.ni.dll Script: Quarantine, Delete, Delete via BC	1701576704	MMCFx	Copyright (c) Microsoft Corporation. All rights reserved.	979D473E1B9E24B888F5B8892FD4B419	5944
C:\Windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\47ca0277533140cf1f83e36bb8a4f8d5\MIGUIControls.ni.dll Script: Quarantine, Delete, Delete via BC	1558970368		Copyright (c) Microsoft Corporation. All rights reserved.	25195DC0D229BC455C4F6D75667BD6A3	5944
C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCEx\b3f460ee8763e099485cb30b9af557ab\MMCEx.ni.dll Script: Quarantine, Delete, Delete via BC	1647575040	MMCEx	Copyright (c) Microsoft Corporation. All rights reserved.	864BCA817A04D805771A3E124F0F4215	5944
C:\Windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\475081bcfcacbee098b812818cce78de\MMCFxCommon.ni.dll Script: Quarantine, Delete, Delete via BC	1773600768	MMCFxCommon	Copyright (c) Microsoft Corporation. All rights reserved.	71997A3D08F9EBBBAF24414EAA876A5F	5944
C:\Windows\system32\BAIDUCN.IME Script: Quarantine, Delete, Delete via BC	1808662528	?????	Copyright (c) 2010 - 2012 Baidu, Inc. All Rights Reserved.	8375BA19592CFF6E5ADBD21B4F23C95F	3376, 5960
C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll Script: Quarantine, Delete, Delete via BC	1526333440			0FC325593893749364EC4A733E7D9100	5960, 1236
C:\Windows\system32\unrar.dll Script: Quarantine, Delete, Delete via BC	1817247744			A0F43D4AB011F8979E597C1393CA7C50	2580
Modules found:715, recognized as trusted 629

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\System32\drivers\BprotectEx.sys Script: Quarantine, Delete, Delete via BC	8C178000	01F000 (126976)	Baidu Antivirus Minifilter Driver	Copyright (C) 2013 Baidu, Inc. All rights reserved.
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, Delete via BC	977BC000	011000 (69632)
C:\Windows\System32\Drivers\dump_iaStor.sys Script: Quarantine, Delete, Delete via BC	94622000	1B5000 (1789952)
C:\Windows\System32\Drivers\HCDisk.SYS Script: Quarantine, Delete, Delete via BC	9CE90000	011000 (69632)
C:\Windows\System32\Drivers\VVBackd5.sys Script: Quarantine, Delete, Delete via BC	8BE0D000	23D000 (2347008)	Rit Driver	Farstone Corporation. All rights reserved.
Modules found - 162, recognized as trusted - 157

Services

Service	Description	Status	File	Group	Dependencies
DragonUpdater Service: Stop, Delete, Disable, Delete via BC	COMODO Dragon Update Service	Running	C:\Program Files\Comodo\Dragon\dragon_updater.exe Script: Quarantine, Delete, Delete via BC
PSI_SVC_2 Service: Stop, Delete, Disable, Delete via BC	Corel License Validation Service V2, Powered by arvato	Running	c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe Script: Quarantine, Delete, Delete via BC
ptservice Service: Stop, Delete, Disable, Delete via BC	Private Tunnel Core Service	Running	C:\Program Files\OpenVPN Technologies\PrivateTunnel\ptservice.exe Script: Quarantine, Delete, Delete via BC
RichVideo Service: Stop, Delete, Disable, Delete via BC	Cyberlink RichVideo Service(CRVS)	Running	C:\Program Files\CyberLink\Shared files\RichVideo.exe Script: Quarantine, Delete, Delete via BC		RPCSS
AdobeFlashPlayerUpdateSvc Service: Stop, Delete, Disable, Delete via BC	Adobe Flash Player Update Service	Not started	C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Script: Quarantine, Delete, Delete via BC
DriveClone Network Client IBP Service: Stop, Delete, Disable, Delete via BC	DriveClone Network Client IBP	Not started	C:\Program Files\RestoreIT 2014\IBP\fsloader.exe Script: Quarantine, Delete, Delete via BC
MozillaMaintenance Service: Stop, Delete, Disable, Delete via BC	Mozilla Maintenance Service	Not started	C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe Script: Quarantine, Delete, Delete via BC
Tweak7SystemService Service: Stop, Delete, Disable, Delete via BC	Tweak7SystemService	Not started	C:\Windows\system32\Tweak7SystemService.exe Script: Quarantine, Delete, Delete via BC
Winstep Xtreme Service Service: Stop, Delete, Disable, Delete via BC	Winstep Xtreme Service	Not started	Winstep Xtreme Service.sys Script: Quarantine, Delete, Delete via BC
Detected - 170, recognized as trusted - 161

Drivers

Service	Description	Status	File	Group	Dependencies
BprotectEx Driver: Unload, Delete, Disable, Delete via BC	Baidu ProtectEx	Running	C:\Windows\System32\drivers\BprotectEx.sys Script: Quarantine, Delete, Delete via BC	Base
HCDisk Driver: Unload, Delete, Disable, Delete via BC	HCDisk	Running	C:\Windows\system32\Drivers\HCDisk.sys Script: Quarantine, Delete, Delete via BC
VVBackd5 Driver: Unload, Delete, Disable, Delete via BC	VVBackd5	Running	C:\Windows\system32\Drivers\VVBackd5.sys Script: Quarantine, Delete, Delete via BC
avchv Driver: Unload, Delete, Disable, Delete via BC	avchv Function Driver	Not started	avchv.sys Script: Quarantine, Delete, Delete via BC
FARMNTIO Driver: Unload, Delete, Disable, Delete via BC	FARMNTIO	Not started	c:\windows\system32\drivers\farmntio.sys Script: Quarantine, Delete, Delete via BC
gfiark Driver: Unload, Delete, Disable, Delete via BC	gfiark	Not started	C:\Windows\system32\drivers\gfiark.sys Script: Quarantine, Delete, Delete via BC
gfiutil Driver: Unload, Delete, Disable, Delete via BC	gfiutil	Not started	C:\Windows\system32\drivers\gfiutil.sys Script: Quarantine, Delete, Delete via BC
MDA_NTDRV Driver: Unload, Delete, Disable, Delete via BC	MDA_NTDRV	Not started	C:\Windows\system32\MDA_NTDRV.sys Script: Quarantine, Delete, Delete via BC
rspCrash Driver: Unload, Delete, Disable, Delete via BC	rspCrash	Not started	C:\Windows\system32\DRIVERS\rspCrash32.sys Script: Quarantine, Delete, Delete via BC	FSFilter Activity Monitor	FltMgr
SpyEmrgAccess Driver: Unload, Delete, Disable, Delete via BC	Spy Emergency OnAccess Driver	Not started	C:\Windows\system32\Drivers\spyemrg_access.sys Script: Quarantine, Delete, Delete via BC	FSFilter Content Screener	FltMgr
taphss6 Driver: Unload, Delete, Disable, Delete via BC	Anchorfree HSS VPN Adapter	Not started	taphss6.sys Script: Quarantine, Delete, Delete via BC
UVFltr Driver: Unload, Delete, Disable, Delete via BC	UVFltr	Not started	C:\Windows\system32\DRIVERS\UVFltr.sys Script: Quarantine, Delete, Delete via BC	FSFilter Activity Monitor
zlnimc Driver: Unload, Delete, Disable, Delete via BC	zlnimc	Not started	zlnimc.sys Script: Quarantine, Delete, Delete via BC	ccekrnlG
zvijcv Driver: Unload, Delete, Disable, Delete via BC	zvijcv	Not started	zvijcv.sys Script: Quarantine, Delete, Delete via BC	ccekrnlG
Detected - 283, recognized as trusted - 269

Autoruns

File name	Status	Startup method	Description
AntiSpyware\PCBoosterFreeAntiSpyware.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PCBooster Free AntiSpyware.lnk,
C:\80116da0e7a53a5116\DW\DW20.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\PROGRA~1\9-lab\REMOVA~1\shellext.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8E571ABB-30D3-402F-BBEC-3954466CF529} Delete
C:\Program Files\ACD Systems\ACDSee Video Studio\ACDSeeVideoStudio.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ACDSee Video Studio.lnk,
C:\Program Files\Blueberry Software\BB FlashBack Pro 4\FlashBack Player.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BB FlashBack Pro 4 Player.lnk,
C:\Program Files\Blueberry Software\BB FlashBack Pro 4\FlashBack Recorder.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BB FlashBack Pro 4 Recorder.lnk,
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FlashBack Player.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BB FlashBack Pro 5 Player.lnk,
C:\Program Files\Blueberry Software\BB FlashBack Pro 5\FlashBack Recorder.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BB FlashBack Pro 5 Recorder.lnk,
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk,
C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} Delete
C:\Program Files\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\EventMessages.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Adobe Setup, EventMessageFile
C:\Program Files\CyberLink\PowerDirector13\EventLog.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\PowerDirector, EventMessageFile
C:\Program Files\Engelmann Media\Photomizer Retro\Photomizer Retro.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Photomizer Retro.lnk,
C:\Program Files\Free Shortcut Fix\FreeShortcutFix.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Shortcut Fix.lnk,
C:\Program Files\Google\Chrome\Application\chrome.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk,
C:\Program Files\Hotspot Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\hshld, EventMessageFile
C:\Program Files\Hotspot Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd, EventMessageFile
C:\Program Files\ImTOO\Movie Maker 6\SplashScreen.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ImTOO Movie Maker 6.lnk,
C:\Program Files\ImTOO\Video Converter Ultimate\vcloader.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ImTOO Video Converter Ultimate.lnk,
C:\Program Files\ImTOO\Video Editor 2\videoeditor.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ImTOO Video Editor 2.lnk,
C:\Program Files\Kepard\Kepard.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Kepard.lnk,
C:\Program Files\PCBooster Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PCBooster Free AntiSpyware.lnk,
C:\Program Files\Pointstone\Total Privacy 6\TotalPrivacy.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Total Privacy 6.lnk,
C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\RealPlayer Cloud Service, EventMessageFile
C:\Program Files\Real\RealPlayer\update\realsched.exe Script: Quarantine, Delete, Delete via BC	Disabled	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run-, TkBellExe Delete
C:\Program Files\Recool SWF to HTML5 Converter\SWFConverter.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Recool SWF to HTML5 Converter.lnk,
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, SUPERAntiSpyware Delete
C:\Program Files\SourceTec\Sothink SWF Decompiler\SWFDecompiler.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk,
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\TuneUp\TuneUp.UtilitiesSvc, EventMessageFile
C:\Program Files\VSO\VSO Video Converter\1\vsoVideoConverter.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VSO Video Converter 1.lnk,
C:\Program Files\WinRAR\rarext.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B41DB860-8EE4-11D2-9906-E49FADC173CA} Delete
C:\Program Files\mediAvatar\Video Editor\videoeditor.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\mediAvatar Video Editor .lnk,
C:\Users\b\AppData\Local\Epic Privacy Browser\Application\epic.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Epic Privacy Browser.lnk,
C:\Users\b\AppData\Local\PlayFree Browser\Application\playfreebrowser.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\b\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PlayFree Browser.lnk,
C:\Users\b\AppData\Local\Temp\750315FF-50579D13-6A2312C8-F3FB5B96\7nZnMuDnw8Q.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Doctor Web\DrWebARKDaemon, EventMessageFile
C:\Users\b\AppData\Local\Temp\750315FF-50579D13-6A2312C8-F3FB5B96\obmomgs2ZF.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Doctor Web\Dr.Web Engine, EventMessageFile
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ar\aspnet_rc.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ASP.NET 4.0.30319.0, EventMessageFile
C:\Windows\System32\MsSpellCheckingFacility.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spell-Checking, EventMessageFile
C:\Windows\System32\MsSpellCheckingFacility.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SpellChecker, EventMessageFile
C:\Windows\System32\MsSpellCheckingFacility.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Spell-Checking, EventMessageFile
C:\Windows\System32\MsSpellCheckingFacility.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SpellChecker, EventMessageFile
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\Windows\winstart.bat Script: Quarantine, Delete, Delete via BC	--	File in Startup folder	C:\Windows\, C:\Windows\winstart.bat,
Shield\bin\cmw_srv.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\hshld, EventMessageFile
Shield\bin\hsswd.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd, EventMessageFile
c:\PROGRA~1\Corel\CORELV~2\Dvacm.acm Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.dvacm_vspx7 Delete
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Protexis Licensing Service, EventMessageFile
progman.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, shell Delete
Autoruns items found - 772, recognized as trusted - 724

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
Items found - 1, recognized as trusted - 1

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	Blueberry FlashBack Client			{A8065B9E-193F-4797-B62D-8F6321E7FCCB} Delete
	WebCheck			{E6FB5E20-DE35-11CF-9C87-00AA005127ED} Delete
C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll Script: Quarantine, Delete, Delete via BC	PicaViewCtxMenuShlExt	PicaView Shell Extension	Copyright (c) 2014	{F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} Delete
C:\PROGRA~1\9-lab\REMOVA~1\shellext.dll Script: Quarantine, Delete, Delete via BC	ShellExtContextMenu Object	shellext.dl		{8E571ABB-30D3-402F-BBEC-3954466CF529} Delete
C:\Program Files\WinRAR\rarext.dll Script: Quarantine, Delete, Delete via BC	WinRAR shell extension	WinRAR shell extension	Copyright © Alexander Roshal 1993-2014	{B41DB860-8EE4-11D2-9906-E49FADC173CA} Delete
	Pointstone SecureErase Context Menu Shell Extension			{432FD30C-8EA7-4347-87C1-1AE8A1A424C7} Delete
Items found - 22, recognized as trusted - 16

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
Items found - 7, recognized as trusted - 7

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer	Path	Command line
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Script: Quarantine, Delete, Delete via BC	Adobe Flash Player Updater.job Script: Delete	The task is ready to run at its next scheduled time.	Adobe® Flash® Player Update Service 16.0 r0	Copyright © 1996-2015 Adobe Systems Incorporated		C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Script: Quarantine, Delete, Delete via BC	SUPERAntiSpyware Scheduled Task 63788948-f58c-4afb-8d1a-443945a83126.job Script: Delete	The task is ready to run at its next scheduled time.	SUPERAntiSpyware Application	Copyright (C) 2005-2014 SUPERAntiSpyware & Support.com		C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:63788948-f58c-4afb-8d1a-443945a83126
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Script: Quarantine, Delete, Delete via BC	SUPERAntiSpyware Scheduled Task b159e011-ba99-4442-b520-646001b1cc0f.job Script: Delete	The task is ready to run at its next scheduled time.	SUPERAntiSpyware Application	Copyright (C) 2005-2014 SUPERAntiSpyware & Support.com		C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:b159e011-ba99-4442-b520-646001b1cc0f
C:\Program Files\Restore Point Creator\Restore Script: Quarantine, Delete, Delete via BC	System Restore Checkpoint by System Restore Point Creator.job Script: Delete	The task is ready to run at its next scheduled time.				C:\Program Files\Restore Point Creator\Restore Point Creator.exe -createscheduledrestorepoint
Creator.exe Script: Quarantine, Delete, Delete via BC	System Restore Checkpoint by System Restore Point Creator.job Script: Delete	The task is ready to run at its next scheduled time.				C:\Program Files\Restore Point Creator\Restore Point Creator.exe -createscheduledrestorepoint
C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Script: Quarantine, Delete, Delete via BC	Adobe Flash Player Updater Script: Delete	The task is ready to run at its next scheduled time.	Adobe® Flash® Player Update Service 16.0 r0	Copyright © 1996-2015 Adobe Systems Incorporated	C:\Windows\system32\Tasks\	C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\sniper\commndes.exe Script: Quarantine, Delete, Delete via BC	Bunifu Sniper Antimalware Script: Delete	The task is ready to run at its next scheduled time.	commndes	Copyright © Microsoft 2013	C:\Windows\system32\Tasks\	C:\sniper\commndes.exe
C:\Program Files\Cybertron\Privacy Eraser\PrivacyEraser.exe Script: Quarantine, Delete, Delete via BC	SkipUAC_b Script: Delete	The task is ready to run at its next scheduled time.	Privacy Eraser	© 2002-2014 Cybertron Software Co., Ltd. All rights reserved.	C:\Windows\system32\Tasks\Cybertron\Privacy Eraser\	C:\Program Files\Cybertron\Privacy Eraser\PrivacyEraser.exe $(Arg0)
C:\Program Files\ExpressPlayer\ExpressPlayerUpdater.exe Script: Quarantine, Delete, Delete via BC	Express PlayerUpdate Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Program Files\ExpressPlayer\ExpressPlayerUpdater.exe
C:\Program Files\Joyvy\GCUpdater.exe Script: Quarantine, Delete, Delete via BC	JoyvyUpdate Script: Delete	The task is ready to run at its next scheduled time.	GameCenter Updater Application	Copyright http://joyvy.com/ (C) 2012	C:\Windows\system32\Tasks\	C:\Program Files\Joyvy\GCUpdater.exe
C:\Program Files\spotflux\.\spotflux.exe Script: Quarantine, Delete, Delete via BC	launchspotflux Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	"C:\Program Files\spotflux\.\spotflux.exe"
aitagent Script: Quarantine, Delete, Delete via BC	AitAgent Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\Microsoft\Windows\Application Experience\	aitagent
C:\Windows\ehome\mcupdate Script: Quarantine, Delete, Delete via BC	mcupdate Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\	%SystemRoot%\ehome\mcupdate $(Arg0)
C:\Windows\ehome\ehrec Script: Quarantine, Delete, Delete via BC	RecordingRestart Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\	%SystemRoot%\ehome\ehrec /RestartRecording
C:\Windows\ehome\ehrec Script: Quarantine, Delete, Delete via BC	StartRecording Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\Microsoft\Windows\Media Center\	%SystemRoot%\ehome\ehrec /StartRecording
C:\Program Files\OSHI\Defender\oshidfui.exe Script: Quarantine, Delete, Delete via BC	Anti-winlock Script: Delete	The task is ready to run at its next scheduled time.	OSHI Defender	Copyright (c) 2013 Aveas Limited. All rights reserved.	C:\Windows\system32\Tasks\OSHI\Defender\	C:\Program Files\OSHI\Defender\oshidfui.exe /scan 09073764-9BA8-4A36-9913-CCCEDC3D3C70 345E9B95-7F53-4FC6-BC01-4D1136176575
C:\Program Files\OSHI\Defender\oshidfui.exe Script: Quarantine, Delete, Delete via BC	Daily Full Scan Script: Delete	The task is ready to run at its next scheduled time.	OSHI Defender	Copyright (c) 2013 Aveas Limited. All rights reserved.	C:\Windows\system32\Tasks\OSHI\Defender\	C:\Program Files\OSHI\Defender\oshidfui.exe /scan A6E4412A-F598-49D6-8DFC-8335F1A585A0 DC3540DD-522B-49A2-8C2F-1FB169927459
C:\Program Files\OSHI\Defender\oshidfui.exe Script: Quarantine, Delete, Delete via BC	Launch Defender Script: Delete	The task is ready to run at its next scheduled time.	OSHI Defender	Copyright (c) 2013 Aveas Limited. All rights reserved.	C:\Windows\system32\Tasks\OSHI\	C:\Program Files\OSHI\Defender\oshidfui.exe $(Arg0)
C:\Program Files\Real\RealPlayer\update\realsched.exe Script: Quarantine, Delete, Delete via BC	Real Player online update program Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Program Files\Real\RealPlayer\update\realsched.exe -osboot
C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Script: Quarantine, Delete, Delete via BC	RealDownloaderRealUpgradeLogonTaskS-1-5-21-514264213-2229734732-364638501-1000 Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe /logoncheck
C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Script: Quarantine, Delete, Delete via BC	RealDownloaderRealUpgradeScheduledTaskS-1-5-21-514264213-2229734732-364638501-1000 Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe /scheduledcheck
C:\Program Files\Restore Point Creator\Restore Point Creator.exe Script: Quarantine, Delete, Delete via BC	Restore Point Creator -- Run with no UAC (Create Custom Restore Point) (For User b) Script: Delete	The task is ready to run at its next scheduled time.	Restore Point Creator	Copyright Thomas Parkison © 2012-2015	C:\Windows\system32\Tasks\Restore Point Creator\	"C:\Program Files\Restore Point Creator\Restore Point Creator.exe" -createrestorepointcustomname
C:\Program Files\Restore Point Creator\Restore Point Creator.exe Script: Quarantine, Delete, Delete via BC	Restore Point Creator -- Run with no UAC (Create Restore Point) (For User b) Script: Delete	The task is ready to run at its next scheduled time.	Restore Point Creator	Copyright Thomas Parkison © 2012-2015	C:\Windows\system32\Tasks\Restore Point Creator\	"C:\Program Files\Restore Point Creator\Restore Point Creator.exe" -createrestorepoint
C:\Program Files\Restore Point Creator\Restore Point Creator.exe Script: Quarantine, Delete, Delete via BC	Restore Point Creator -- Run with no UAC (For User b) Script: Delete	The task is ready to run at its next scheduled time.	Restore Point Creator	Copyright Thomas Parkison © 2012-2015	C:\Windows\system32\Tasks\Restore Point Creator\	"C:\Program Files\Restore Point Creator\Restore Point Creator.exe"
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Script: Quarantine, Delete, Delete via BC	SUPERAntiSpyware Scheduled Task 63788948-f58c-4afb-8d1a-443945a83126 Script: Delete	The task is ready to run at its next scheduled time.	SUPERAntiSpyware Application	Copyright (C) 2005-2014 SUPERAntiSpyware & Support.com	C:\Windows\system32\Tasks\	C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:63788948-f58c-4afb-8d1a-443945a83126
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Script: Quarantine, Delete, Delete via BC	SUPERAntiSpyware Scheduled Task b159e011-ba99-4442-b520-646001b1cc0f Script: Delete	The task is ready to run at its next scheduled time.	SUPERAntiSpyware Application	Copyright (C) 2005-2014 SUPERAntiSpyware & Support.com	C:\Windows\system32\Tasks\	C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:b159e011-ba99-4442-b520-646001b1cc0f
C:\Program Files\Restore Point Creator\Restore Script: Quarantine, Delete, Delete via BC	System Restore Checkpoint by System Restore Point Creator Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Program Files\Restore Point Creator\Restore Point Creator.exe -createscheduledrestorepoint
Creator.exe Script: Quarantine, Delete, Delete via BC	System Restore Checkpoint by System Restore Point Creator Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Program Files\Restore Point Creator\Restore Point Creator.exe -createscheduledrestorepoint
C:\Program Files\UnHackMe\hackmon.exe Script: Quarantine, Delete, Delete via BC	UnHackMe Task Scheduler Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Program Files\UnHackMe\hackmon.exe $(Arg0)
C:\Users\b\Downloads\video-converter-ultimate7.exe Script: Quarantine, Delete, Delete via BC	{09F495F9-EA31-4FCF-8B33-79EB7E54F6BE} Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Windows\system32\pcalua.exe -a C:\Users\b\Downloads\video-converter-ultimate7.exe -d C:\Users\b\Downloads
C:\Users\b\Downloads\ZillyaScanner_en.exe Script: Quarantine, Delete, Delete via BC	{3492375E-4907-49A0-B6A5-41D96C81AB5E} Script: Delete	The task is ready to run at its next scheduled time.	7z Setup SFX	Copyright (c) 1999-2010 Igor Pavlov	C:\Windows\system32\Tasks\	C:\Windows\system32\pcalua.exe -a C:\Users\b\Downloads\ZillyaScanner_en.exe -d C:\Users\b\Downloads
C:\Users\b\Desktop\Tweaking.com - Windows Repair\SASUNINST.EXE Script: Quarantine, Delete, Delete via BC	{6925863C-18A2-4A9F-B022-67A0E5D11F7F} Script: Delete	The task is ready to run at its next scheduled time.	SUPERAntiSpyware Application UnInstaller	Copyright (C) 2008 SUPERAntiSpyware.com	C:\Windows\system32\Tasks\	C:\Windows\system32\pcalua.exe -a "C:\Users\b\Desktop\Tweaking.com - Windows Repair\SASUNINST.EXE" -d "C:\Users\b\Desktop\Tweaking.com - Windows Repair"
C:\Users\b\Desktop\Tweaking.com - Windows Repair Script: Quarantine, Delete, Delete via BC	{6925863C-18A2-4A9F-B022-67A0E5D11F7F} Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Windows\system32\pcalua.exe -a "C:\Users\b\Desktop\Tweaking.com - Windows Repair\SASUNINST.EXE" -d "C:\Users\b\Desktop\Tweaking.com - Windows Repair"
C:\Users\b\Downloads\clocksnd.exe Script: Quarantine, Delete, Delete via BC	{CE5A8728-2DE3-4E8C-ABD9-13E63FE52790} Script: Delete	The task is ready to run at its next scheduled time.			C:\Windows\system32\Tasks\	C:\Windows\system32\pcalua.exe -a C:\Users\b\Downloads\clocksnd.exe -d C:\Users\b\Downloads
Items found - 107, recognized as trusted - 73

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 6, recognized as trusted - 6

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 28, recognized as trusted - 28
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
139 LISTENING 0.0.0.0 0 [4] System.exe
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 0 [4] System.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5357 LISTENING 0.0.0.0 0 [4] System.exe
Script: Quarantine, Delete, Delete via BC, Terminate
6060 LISTENING 0.0.0.0 0 [2944] c:\program files\openvpn technologies\privatetunnel\ptcore.exe
Script: Quarantine, Delete, Delete via BC, Terminate
53946 ESTABLISHED 127.0.0.1 53947 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
53947 ESTABLISHED 127.0.0.1 53946 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55257 ESTABLISHED 216.58.210.197 443 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55378 ESTABLISHED 74.125.133.141 80 [5092] c:\program files\panda security\panda cloud cleaner\pcloudcleaner.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55597 CLOSE_WAIT 62.99.71.113 443 [5092] c:\program files\panda security\panda cloud cleaner\pcloudcleaner.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55598 CLOSE_WAIT 62.99.71.113 443 [5092] c:\program files\panda security\panda cloud cleaner\pcloudcleaner.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55619 ESTABLISHED 174.36.44.234 9220 [5960] c:\windows\system32\macromed\flash\flashplayerplugin_16_0_0_296.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55662 ESTABLISHED 216.58.210.238 443 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55670 ESTABLISHED 216.58.210.238 443 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55675 ESTABLISHED 74.125.218.23 443 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55676 ESTABLISHED 74.125.218.23 443 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55689 TIME_WAIT 199.119.100.39 80 [0]
55697 ESTABLISHED 216.58.210.238 443 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55705 ESTABLISHED 74.86.53.162 80 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
55709 ESTABLISHED 74.125.98.51 443 [3376] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137 LISTENING -- -- [4] System.exe
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- [4] System.exe
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
C:\Windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, Delete via BC Adobe Flash Player Control Panel Applet Copyright © 1996-2015 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Items found - 24, recognized as trusted - 23

Active Setup

File name Description Manufacturer CLSID
C:\Program Files\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
Script: Quarantine, Delete, Delete via BC Google Chrome Installer Copyright 2012 Google Inc. All rights reserved. {8A69D345-D564-463c-AFF1-A69D9E530F96}
Delete
Items found - 8, recognized as trusted - 7

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Items found - 20, recognized as trusted - 17

Shared resources

Network name Path Notes
ADMIN$ C:\Windows Remote Admin
C$ C:\ Default share
D$ D:\ Default share
IPC$ Remote IPC

Suspicious objects

File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.43
Scanning started at 01.02.2015 01:19:54
Database loaded: signatures - 297605, NN profile(s) - 2, malware removal microprograms - 56, signature database released 31.01.2015 16:00
Heuristic microprograms loaded: 408
PVS microprograms loaded: 9
Digital signatures of system files loaded: 716910
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Ultimate" ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=169B00)
 Kernel ntkrnlpa.exe found in memory at address 82E4F000
   SDT = 82FB8B00
   KiST = 82ECD59C (401)
Functions checked: 401, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
 Analyzing CPU 1
 Analyzing CPU 2
 Analyzing CPU 3
 Analyzing CPU 4
 Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Driver loaded successfully
 Checking - complete
2. Scanning RAM
 Number of processes found: 65
 Number of modules loaded: 711
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remote Desktop Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 776, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 01.02.2015 01:21:05
Time of scanning: 00:01:12
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="213.180.204.11,213.180.193.11,93.158.134.11", Ping=OK (0,157,213.180.204.11)
  Host="google.ru", IP="216.58.210.227", Ping=OK (0,96,216.58.210.227)
  Host="google.com", IP="216.58.210.238", Ping=OK (0,95,216.58.210.238)
  Host="www.kaspersky.com", IP="195.27.252.18", Ping=OK (0,203,195.27.252.18)
  Host="www.kaspersky.ru", IP="93.159.228.17", Ping=OK (0,155,93.159.228.17)
  Host="dnl-03.geo.kaspersky.com", IP="80.239.174.44", Ping=OK (0,172,80.239.174.44)
  Host="dnl-11.geo.kaspersky.com", IP="80.239.169.132", Ping=OK (0,172,80.239.169.132)
  Host="activation-v2.kaspersky.com", IP="212.5.89.37", Ping=OK (0,161,212.5.89.37)
  Host="odnoklassniki.ru", IP="217.20.147.94", Ping=OK (0,171,217.20.147.94)
  Host="vk.com", IP="87.240.131.97,87.240.131.99,87.240.143.241", Ping=OK (0,151,87.240.131.97)
  Host="vkontakte.ru", IP="95.213.4.247,95.213.4.248,95.213.4.241", Ping=OK (0,158,95.213.4.247)
  Host="twitter.com", IP="199.59.149.198,199.59.148.82,199.59.150.7,199.59.148.10", Ping=OK (0,284,199.59.149.198)
  Host="facebook.com", IP="173.252.120.6", Ping=OK (0,215,173.252.120.6)
  Host="ru-ru.facebook.com", IP="31.13.86.8", Ping=OK (0,101,31.13.86.8)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Remote Desktop Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery)
Performance tweaking: disable service Schedule (Task Scheduler)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
139	LISTENING	0.0.0.0	0	[4] System.exe Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	0	[4] System.exe Script: Quarantine, Delete, Delete via BC, Terminate
5357	LISTENING	0.0.0.0	0	[4] System.exe Script: Quarantine, Delete, Delete via BC, Terminate
6060	LISTENING	0.0.0.0	0	[2944] c:\program files\openvpn technologies\privatetunnel\ptcore.exe Script: Quarantine, Delete, Delete via BC, Terminate
53946	ESTABLISHED	127.0.0.1	53947	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
53947	ESTABLISHED	127.0.0.1	53946	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
55257	ESTABLISHED	216.58.210.197	443	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
55378	ESTABLISHED	74.125.133.141	80	[5092] c:\program files\panda security\panda cloud cleaner\pcloudcleaner.exe Script: Quarantine, Delete, Delete via BC, Terminate
55597	CLOSE_WAIT	62.99.71.113	443	[5092] c:\program files\panda security\panda cloud cleaner\pcloudcleaner.exe Script: Quarantine, Delete, Delete via BC, Terminate
55598	CLOSE_WAIT	62.99.71.113	443	[5092] c:\program files\panda security\panda cloud cleaner\pcloudcleaner.exe Script: Quarantine, Delete, Delete via BC, Terminate
55619	ESTABLISHED	174.36.44.234	9220	[5960] c:\windows\system32\macromed\flash\flashplayerplugin_16_0_0_296.exe Script: Quarantine, Delete, Delete via BC, Terminate
55662	ESTABLISHED	216.58.210.238	443	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
55670	ESTABLISHED	216.58.210.238	443	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
55675	ESTABLISHED	74.125.218.23	443	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
55676	ESTABLISHED	74.125.218.23	443	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
55689	TIME_WAIT	199.119.100.39	80	[0]
55697	ESTABLISHED	216.58.210.238	443	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
55705	ESTABLISHED	74.86.53.162	80	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
55709	ESTABLISHED	74.125.98.51	443	[3376] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
137	LISTENING	--	--	[4] System.exe Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	[4] System.exe Script: Quarantine, Delete, Delete via BC, Terminate

Network name	Path	Notes
ADMIN$	C:\Windows	Remote Admin
C$	C:\	Default share
D$	D:\	Default share
IPC$		Remote IPC