Kaspersky Virus Removal Tool 2010 9.0.0.722 (database released 28/04/2011; 14:38)
| File name | PID | Description | Copyright | MD5 | Information
| AMD Reservation Manager.exe | Script: Quarantine, Delete, BC delete, Terminate 1640 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: atieclxx.exe | Script: Quarantine, Delete, BC delete, Terminate 3108 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: atiesrxx.exe | Script: Quarantine, Delete, BC delete, Terminate 948 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: audiodg.exe | Script: Quarantine, Delete, BC delete, Terminate 3756 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: conhost.exe | Script: Quarantine, Delete, BC delete, Terminate 5792 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: csrss.exe | Script: Quarantine, Delete, BC delete, Terminate 572 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: csrss.exe | Script: Quarantine, Delete, BC delete, Terminate 512 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: DesktopIconToy.exe | Script: Quarantine, Delete, BC delete, Terminate 4200 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\digsby\lib\digsby-app.exe | Script: Quarantine, Delete, BC delete, Terminate 2548 | Digsby | Copyright (C) 2005-2010 dotSyntax, LLC | ?? | 119.18 kb, rsAh, | created: 2/16/2011 4:33:01 PM, modified: 4/12/2011 1:41:53 PM Command line: "C:\Program Files (x86)\Digsby\lib\digsby-app.exe" dwm.exe | Script: Quarantine, Delete, BC delete, Terminate 2844 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: ehmsas.exe | Script: Quarantine, Delete, BC delete, Terminate 396 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\mozilla firefox\firefox.exe | Script: Quarantine, Delete, BC delete, Terminate 1436 | Firefox | ©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable. | ?? | 902.96 kb, rsAh, | created: 2/11/2011 10:30:02 PM, modified: 3/18/2011 1:53:06 PM Command line: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" Fuel.Service.exe | Script: Quarantine, Delete, BC delete, Terminate 2728 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: HPAuto.exe | Script: Quarantine, Delete, BC delete, Terminate 2884 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: HPClientServices.exe | Script: Quarantine, Delete, BC delete, Terminate 1876 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: HPHC_Service.exe | Script: Quarantine, Delete, BC delete, Terminate 944 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: lsass.exe | Script: Quarantine, Delete, BC delete, Terminate 684 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: lsm.exe | Script: Quarantine, Delete, BC delete, Terminate 692 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: NOBuAgent.exe | Script: Quarantine, Delete, BC delete, Terminate 1608 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: PresentationFontCache.exe | Script: Quarantine, Delete, BC delete, Terminate 5292 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: SASCore64.exe | Script: Quarantine, Delete, BC delete, Terminate 1620 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: services.exe | Script: Quarantine, Delete, BC delete, Terminate 676 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: sidebar.exe | Script: Quarantine, Delete, BC delete, Terminate 4340 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: SmartMenu.exe | Script: Quarantine, Delete, BC delete, Terminate 3416 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: smss.exe | Script: Quarantine, Delete, BC delete, Terminate 364 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: spoolsv.exe | Script: Quarantine, Delete, BC delete, Terminate 1412 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: SUPERANTISPYWARE.EXE | Script: Quarantine, Delete, BC delete, Terminate 4236 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: taskhost.exe | Script: Quarantine, Delete, BC delete, Terminate 3500 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\twhirl\twhirl.exe | Script: Quarantine, Delete, BC delete, Terminate 6396 | | | ?? | 139.50 kb, rsAh, | created: 4/20/2011 12:04:47 PM, modified: 4/20/2011 12:04:47 PM Command line: "C:\Program Files (x86)\twhirl\twhirl.exe" unsecapp.exe | Script: Quarantine, Delete, BC delete, Terminate 2196 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: UpdateChecker.exe | Script: Quarantine, Delete, BC delete, Terminate 4864 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: winlogon.exe | Script: Quarantine, Delete, BC delete, Terminate 628 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: wmpnetwk.exe | Script: Quarantine, Delete, BC delete, Terminate 4584 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: WUDFHost.exe | Script: Quarantine, Delete, BC delete, Terminate 3800 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: Detected:93, recognized as trusted 61
| | |||||
| Module name | Handle | Description | Copyright | MD5 | Used by processes
| C:\Program Files (x86)\Digsby\lib\wxmsw28uh_core_vc.dll | Script: Quarantine, Delete, BC delete 45481984 | | | -- | 2548
| C:\Program Files (x86)\twhirl\twhirl.exe | Script: Quarantine, Delete, BC delete 2162688 | | | ?? | 6396
| C:\Users\Angie\AppData\Roaming\Mozilla\Firefox\Profiles\9eeqmm79.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll | Script: Quarantine, Delete, BC delete 76677120 | | | -- | 1436
| Modules detected:696, recognized as trusted 693
| | |||||
| Module | Base address | Size in memory | Description | Manufacturer
| C:\Windows\system32\DRIVERS\3927275.sys | Script: Quarantine, Delete, BC delete 3E80000 | 05C000 (376832) | Klif Mini-Filter [fre_wlh_AMD64] | Copyright © Kaspersky Lab 1996-2009.
| C:\Windows\system32\DRIVERS\39272751.sys | Script: Quarantine, Delete, BC delete B064000 | 529000 (5410816) | Kaspersky Unified Driver | Copyright © Kaspersky Lab 1997-2009.
| C:\Windows\system32\DRIVERS\39272752.sys | Script: Quarantine, Delete, BC delete B58D000 | 00E000 (57344) | Kaspersky Lab Boot Guard Driver | Copyright © Kaspersky Lab 1997-2009.
| C:\Windows\system32\drivers\ACPI.sys | Script: Quarantine, Delete, BC delete F79000 | 057000 (356352) | ACPI Driver for NT | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\afd.sys | Script: Quarantine, Delete, BC delete 3D41000 | 089000 (561152) | Ancillary Function Driver for WinSock | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\AgileVpn.sys | Script: Quarantine, Delete, BC delete 4200000 | 016000 (90112) | RAS Agile Vpn Miniport Call Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\amd_sata.sys | Script: Quarantine, Delete, BC delete D94000 | 016000 (90112) | AHCI 1.2 Device Driver | Copyright © 2008-2010 AMD, Inc.
| C:\Windows\system32\DRIVERS\amd_xata.sys | Script: Quarantine, Delete, BC delete 1098000 | 00D000 (53248) | Stor Filter Driver | Copyright © 2008-2010 AMD, Inc.
| C:\Windows\system32\DRIVERS\amdiox64.sys | Script: Quarantine, Delete, BC delete 3E6C000 | 014000 (81920) | AMD IO Driver | Copyright © 2010 AMD, Inc.
| C:\Windows\system32\DRIVERS\amdppm.sys | Script: Quarantine, Delete, BC delete 437D000 | 015000 (86016) | Processor Device Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\amdxata.sys | Script: Quarantine, Delete, BC delete 10A5000 | 00B000 (45056) | Storage Filter Driver | Copyright © 2008-2010 AMD, Inc.
| C:\Windows\system32\drivers\AtihdW76.sys | Script: Quarantine, Delete, BC delete 5953000 | 020000 (131072) | AMD High Definition Audio Function Driver | Copyright (c) 2004-2010 Advanced Micro Devices
| C:\Windows\system32\DRIVERS\atikmdag.sys | Script: Quarantine, Delete, BC delete 4A05000 | 6CB000 (7122944) | ATI Radeon Kernel Mode Driver | Copyright (C) 1998-2006 ATI Technologies Inc.
| C:\Windows\system32\DRIVERS\atikmpag.sys | Script: Quarantine, Delete, BC delete 4392000 | 03B000 (241664) | AMD multi-vendor Miniport Driver | Copyright (C) 2007 Advanced Micro Devices, Inc.
| C:\Windows\system32\DRIVERS\AtiPcie64.sys | Script: Quarantine, Delete, BC delete 1830000 | 008000 (32768) | AMD PCIE Filter Driver for ATI PCIE chipset | Copyright© AMD Inc. 2006-2010
| C:\Windows\System32\Drivers\Beep.SYS | Script: Quarantine, Delete, BC delete 2FF3000 | 007000 (28672) | BEEP Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\blbdrive.sys | Script: Quarantine, Delete, BC delete 4143000 | 011000 (69632) | BLB Drive Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\bowser.sys | Script: Quarantine, Delete, BC delete 5CA7000 | 01E000 (122880) | NT Lan Manager Datagram Receiver Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys | Script: Quarantine, Delete, BC delete 40A7000 | 09C000 (638976) | Common Client Hash Provider Driver | Copyright (c) 2000-2010 Symantec Corporation. All rights reserved.
| C:\Windows\System32\cdd.dll | Script: Quarantine, Delete, BC delete 7D0000 | 027000 (159744) |
| C:\Windows\system32\DRIVERS\cdrom.sys | Script: Quarantine, Delete, BC delete 168B000 | 02A000 (172032) | SCSI CD-ROM Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\CI.dll | Script: Quarantine, Delete, BC delete CD4000 | 0C0000 (786432) |
| C:\Windows\system32\DRIVERS\CLASSPNP.SYS | Script: Quarantine, Delete, BC delete 1800000 | 030000 (196608) | SCSI Class System Dll | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\CLFS.SYS | Script: Quarantine, Delete, BC delete C76000 | 05E000 (385024) |
| C:\Windows\System32\Drivers\cng.sys | Script: Quarantine, Delete, BC delete 1532000 | 072000 (466944) | Kernel Cryptography, Next Generation | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\CompositeBus.sys | Script: Quarantine, Delete, BC delete 43E3000 | 010000 (65536) | Multi-Transport Composite Bus Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\crashdmp.sys | Script: Quarantine, Delete, BC delete 5F2C000 | 00E000 (57344) | Crash Dump Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\dfsc.sys | Script: Quarantine, Delete, BC delete 3FB4000 | 01E000 (122880) | DFS Namespace Client Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\discache.sys | Script: Quarantine, Delete, BC delete 3FA5000 | 00F000 (61440) | System Indexer/Cache Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\disk.sys | Script: Quarantine, Delete, BC delete 1BD1000 | 016000 (90112) | PnP Disk Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\drmk.sys | Script: Quarantine, Delete, BC delete 59B0000 | 022000 (139264) | Microsoft Trusted Audio Drivers | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\dump_amd_sata.sys | Script: Quarantine, Delete, BC delete 5F44000 | 016000 (90112) |
| C:\Windows\System32\Drivers\dump_diskdump.sys | Script: Quarantine, Delete, BC delete 5F3A000 | 00A000 (40960) |
| C:\Windows\System32\Drivers\dump_dumpfve.sys | Script: Quarantine, Delete, BC delete 5F5A000 | 013000 (77824) |
| C:\Windows\System32\drivers\Dxapi.sys | Script: Quarantine, Delete, BC delete 5F6D000 | 00C000 (49152) | DirectX API Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\dxgkrnl.sys | Script: Quarantine, Delete, BC delete 50D0000 | 0F4000 (999424) | DirectX Graphics Kernel | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\dxgmms1.sys | Script: Quarantine, Delete, BC delete 4154000 | 046000 (286720) | DirectX Graphics MMS | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\fileinfo.sys | Script: Quarantine, Delete, BC delete 116A000 | 014000 (81920) | FileInfo Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\fltmgr.sys | Script: Quarantine, Delete, BC delete 10B0000 | 04C000 (311296) | Microsoft Filesystem Filter Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Fs_Rec.sys | Script: Quarantine, Delete, BC delete 15B5000 | 00A000 (40960) | File System Recognizer Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\fvevol.sys | Script: Quarantine, Delete, BC delete 1B97000 | 03A000 (237568) | BitLocker Drive Encryption Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\fwpkclnt.sys | Script: Quarantine, Delete, BC delete 1AA4000 | 04A000 (303104) | FWP/IPsec Kernel-Mode API | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\GEARAspiWDM.sys | Script: Quarantine, Delete, BC delete 51E8000 | 00D000 (53248) | CD DVD Filter | Copyright (C) GEAR Software Inc. 1997-2009
| C:\Windows\system32\hal.dll | Script: Quarantine, Delete, BC delete 2C06000 | 049000 (299008) |
| C:\Windows\system32\drivers\HDAudBus.sys | Script: Quarantine, Delete, BC delete 51C4000 | 024000 (147456) | High Definition Audio Bus Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\HIDCLASS.SYS | Script: Quarantine, Delete, BC delete 5FD1000 | 019000 (102400) | Hid Class Library | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\HIDPARSE.SYS | Script: Quarantine, Delete, BC delete 5FEA000 | 009000 (36864) | Hid Parsing Library | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\hidusb.sys | Script: Quarantine, Delete, BC delete 5FC3000 | 00E000 (57344) | USB Miniport Driver for Input Devices | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\HTTP.sys | Script: Quarantine, Delete, BC delete 5800000 | 0C9000 (823296) | HTTP Protocol Stack | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\hwpolicy.sys | Script: Quarantine, Delete, BC delete 1B8E000 | 009000 (36864) | Hardware Policy Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS | Script: Quarantine, Delete, BC delete 1879000 | 027000 (159744) | Iron Driver | Copyright (c) 2000-2009 Symantec Corporation. All rights reserved.
| C:\Windows\system32\drivers\kbdclass.sys | Script: Quarantine, Delete, BC delete 41F1000 | 00F000 (61440) | Keyboard Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\kbdhid.sys | Script: Quarantine, Delete, BC delete 5C28000 | 00E000 (57344) | HID Keyboard Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\kdcom.dll | Script: Quarantine, Delete, BC delete BC1000 | 00A000 (40960) |
| C:\Windows\system32\drivers\ks.sys | Script: Quarantine, Delete, BC delete 3E29000 | 043000 (274432) | Kernel CSA Library | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\ksecdd.sys | Script: Quarantine, Delete, BC delete 1517000 | 01B000 (110592) | Kernel Security Support Provider Interface | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\ksecpkg.sys | Script: Quarantine, Delete, BC delete 1660000 | 02B000 (176128) | Kernel Security Support Provider Interface Packages | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\ksthunk.sys | Script: Quarantine, Delete, BC delete 59D2000 | 006000 (24576) | Kernel Streaming WOW Thunk Service | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\lltdio.sys | Script: Quarantine, Delete, BC delete 5C7A000 | 015000 (86016) | Link-Layer Topology Mapper I/O Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\luafv.sys | Script: Quarantine, Delete, BC delete 5C36000 | 023000 (143360) | LUA File Virtualization Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\mcupdate_AuthenticAMD.dll | Script: Quarantine, Delete, BC delete C55000 | 00D000 (53248) |
| C:\Windows\system32\DRIVERS\monitor.sys | Script: Quarantine, Delete, BC delete 5F79000 | 00E000 (57344) | Monitor Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\mouclass.sys | Script: Quarantine, Delete, BC delete 3E1A000 | 00F000 (61440) | Mouse Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mouhid.sys | Script: Quarantine, Delete, BC delete 5C1B000 | 00D000 (53248) | HID Mouse Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\mountmgr.sys | Script: Quarantine, Delete, BC delete FE3000 | 01A000 (106496) | Mount Point Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\mpsdrv.sys | Script: Quarantine, Delete, BC delete 58C9000 | 018000 (98304) | Microsoft Protection Service Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mrxsmb.sys | Script: Quarantine, Delete, BC delete 1838000 | 02D000 (184320) | Windows NT SMB Minirdr | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mrxsmb10.sys | Script: Quarantine, Delete, BC delete C00000 | 04D000 (315392) | Longhorn SMB Downlevel SubRdr | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mrxsmb20.sys | Script: Quarantine, Delete, BC delete 59D8000 | 024000 (147456) | Longhorn SMB 2.0 Redirector | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Msfs.SYS | Script: Quarantine, Delete, BC delete 15D1000 | 00B000 (45056) | Mailslot driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\msisadrv.sys | Script: Quarantine, Delete, BC delete FD9000 | 00A000 (40960) | ISA Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\msrpc.sys | Script: Quarantine, Delete, BC delete 14B9000 | 05E000 (385024) | Kernel Remote Procedure Call Provider | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\mssmbios.sys | Script: Quarantine, Delete, BC delete 3CBE000 | 00B000 (45056) | System Management BIOS Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\mup.sys | Script: Quarantine, Delete, BC delete 1B7C000 | 012000 (73728) | Multiple UNC Provider Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\ndis.sys | Script: Quarantine, Delete, BC delete 16ED000 | 0F3000 (995328) | NDIS 6.20 driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\ndistapi.sys | Script: Quarantine, Delete, BC delete 43F3000 | 00C000 (49152) | NDIS 3.0 connection wrapper driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\ndiswan.sys | Script: Quarantine, Delete, BC delete 4056000 | 02F000 (192512) | MS PPP Framing Driver (Strong Encryption) | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\NDProxy.SYS | Script: Quarantine, Delete, BC delete 593E000 | 015000 (86016) | NDIS Proxy | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\netbios.sys | Script: Quarantine, Delete, BC delete 3C74000 | 00F000 (61440) | NetBIOS interface driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\netbt.sys | Script: Quarantine, Delete, BC delete 3C00000 | 045000 (282624) | MBT Transport driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\NETIO.SYS | Script: Quarantine, Delete, BC delete 1600000 | 060000 (393216) | Network I/O Subsystem | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Npfs.SYS | Script: Quarantine, Delete, BC delete 15DC000 | 011000 (69632) | NPFS Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\nsiproxy.sys | Script: Quarantine, Delete, BC delete 3CB2000 | 00C000 (49152) | NSI Proxy | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Ntfs.sys | Script: Quarantine, Delete, BC delete 1247000 | 1A3000 (1716224) | NT File System Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Null.SYS | Script: Quarantine, Delete, BC delete 2FEA000 | 009000 (36864) | NULL Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\pacer.sys | Script: Quarantine, Delete, BC delete 3C4E000 | 026000 (155648) | QoS Packet Scheduler | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\partmgr.sys | Script: Quarantine, Delete, BC delete E40000 | 015000 (86016) | Partition Management Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\pci.sys | Script: Quarantine, Delete, BC delete E00000 | 033000 (208896) | NT Plug and Play PCI Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\pcw.sys | Script: Quarantine, Delete, BC delete 15A4000 | 011000 (69632) | Performance Counters for Windows Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\peauth.sys | Script: Quarantine, Delete, BC delete 62E1000 | 0A6000 (679936) | Protected Environment Authentication and Authorization Export Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\portcls.sys | Script: Quarantine, Delete, BC delete 5973000 | 03D000 (249856) | Port Class (Class Driver for Port/Miniport Devices) | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rasl2tp.sys | Script: Quarantine, Delete, BC delete 4216000 | 024000 (147456) | RAS L2TP mini-port/call-manager driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\raspppoe.sys | Script: Quarantine, Delete, BC delete 4085000 | 01B000 (110592) | RAS PPPoE mini-port/call-manager driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\raspptp.sys | Script: Quarantine, Delete, BC delete 3FD2000 | 021000 (135168) | Peer-to-Peer Tunneling Protocol | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rassstp.sys | Script: Quarantine, Delete, BC delete 3E00000 | 01A000 (106496) | RAS SSTP Miniport Call Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rdbss.sys | Script: Quarantine, Delete, BC delete DAA000 | 051000 (331776) | Redirected Drive Buffering SubSystem Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\RDPCDD.sys | Script: Quarantine, Delete, BC delete 14AB000 | 009000 (36864) | RDP Miniport | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\rdpencdd.sys | Script: Quarantine, Delete, BC delete 15BF000 | 009000 (36864) | RDP Encoder Miniport | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\rdprefmp.sys | Script: Quarantine, Delete, BC delete 15C8000 | 009000 (36864) | RDP Reflector Driver Miniport | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\RDPWD.SYS | Script: Quarantine, Delete, BC delete 6200000 | 039000 (233472) | RDP Terminal Stack Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\rdyboost.sys | Script: Quarantine, Delete, BC delete 1B42000 | 03A000 (237568) | ReadyBoost Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rspndr.sys | Script: Quarantine, Delete, BC delete 5C8F000 | 018000 (98304) | Link-Layer Topology Responder Driver for NDIS 6 | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\Rt64win7.sys | Script: Quarantine, Delete, BC delete 419A000 | 057000 (356352) | Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver | Copyright (C) 2010 Realtek Semiconductor Corporation. All Right Reserved.
| C:\Windows\system32\drivers\RTKVHD64.sys | Script: Quarantine, Delete, BC delete 5CCF000 | 25D000 (2478080) | Realtek(r) High Definition Audio Function Driver | Copyright (c) Realtek Semiconductor Corp.1998-2012
| C:\Windows\System32\Drivers\SCDEmu.SYS | Script: Quarantine, Delete, BC delete 3DCA000 | 01A000 (106496) | PowerISO Virtual Drive | Copyright (C) 2004-2010
| C:\Windows\System32\Drivers\secdrv.SYS | Script: Quarantine, Delete, BC delete 6387000 | 00B000 (45056) | Macrovision SECURITY Driver | © 2006 Macrovision Corporation
| C:\Windows\System32\smss.exe | Script: Quarantine, Delete, BC delete 483C0000 | 020000 (131072) |
| C:\Windows\System32\Drivers\spldr.sys | Script: Quarantine, Delete, BC delete 1B3A000 | 008000 (32768) | loader for security processor | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS | Script: Quarantine, Delete, BC delete 1400000 | 086000 (548864) | Symantec AutoProtect | Copyright (c) 2006 - 2009 Symantec Corporation
| C:\Windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS | Script: Quarantine, Delete, BC delete 1BE7000 | 014000 (81920) | Symantec AutoProtect | Copyright (c) 2006 - 2009 Symantec Corporation
| C:\Windows\System32\DRIVERS\srv.sys | Script: Quarantine, Delete, BC delete 6EF2000 | 098000 (622592) | Server driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\srv2.sys | Script: Quarantine, Delete, BC delete 6239000 | 06A000 (434176) | Smb 2.0 Server driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\srvnet.sys | Script: Quarantine, Delete, BC delete 6392000 | 031000 (200704) | Server Network driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\storport.sys | Script: Quarantine, Delete, BC delete 1035000 | 063000 (405504) | Microsoft Storage Port Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\swenum.sys | Script: Quarantine, Delete, BC delete 4A00000 | 002000 (8192) | Plug and Play Software Device Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS | Script: Quarantine, Delete, BC delete 10FC000 | 06E000 (450560) | Symantec Data Store | Copyright (c) 2007 - 2008 Symantec Corporation
| C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS | Script: Quarantine, Delete, BC delete 117E000 | 03B000 (241664) | Symantec Extended File Attributes | Copyright (c) 2007 - 2009 Symantec Corporation
| C:\Windows\system32\Drivers\SYMEVENT64x86.SYS | Script: Quarantine, Delete, BC delete 16B5000 | 036000 (221184) | Symantec Event Library | Copyright (C) Symantec Corporation 1992-2007
| C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS | Script: Quarantine, Delete, BC delete 3CCB000 | 076000 (483328) | Network Dispatch Driver | Copyright 2009 Symantec Corporation
| C:\Windows\System32\drivers\tcpip.sys | Script: Quarantine, Delete, BC delete 18A0000 | 204000 (2113536) | TCP/IP Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\tcpipreg.sys | Script: Quarantine, Delete, BC delete 63C3000 | 012000 (73728) | TCP/IP Registry Compatibility Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\TDI.SYS | Script: Quarantine, Delete, BC delete 15ED000 | 00D000 (53248) | TDI Wrapper | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\tdtcp.sys | Script: Quarantine, Delete, BC delete 63D5000 | 00B000 (45056) | TCP Transport Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\tdx.sys | Script: Quarantine, Delete, BC delete 1200000 | 022000 (139264) | TDI Translation Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\termdd.sys | Script: Quarantine, Delete, BC delete 3C9E000 | 014000 (81920) | Remote Desktop Server Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\TSDDD.dll | Script: Quarantine, Delete, BC delete 460000 | 00A000 (40960) |
| C:\Windows\System32\DRIVERS\tssecsrv.sys | Script: Quarantine, Delete, BC delete 63E0000 | 00F000 (61440) | TS Security Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\tunnel.sys | Script: Quarantine, Delete, BC delete 4357000 | 026000 (155648) | Microsoft Tunnel Interface Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\umbus.sys | Script: Quarantine, Delete, BC delete 1222000 | 012000 (73728) | User-Mode Bus Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\usbccgp.sys | Script: Quarantine, Delete, BC delete 5F87000 | 01D000 (118784) | USB Common Class Generic Parent Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\USBD.SYS | Script: Quarantine, Delete, BC delete 5FA4000 | 002000 (8192) | Universal Serial Bus Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\usbfilter.sys | Script: Quarantine, Delete, BC delete 43CD000 | 00D000 (53248) | AMD USB Filter Driver | Copyright © 2010 AMD, Inc.
| C:\Windows\system32\drivers\usbhub.sys | Script: Quarantine, Delete, BC delete 58E4000 | 05A000 (368640) | Default Hub Driver for USB | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\usbohci.sys | Script: Quarantine, Delete, BC delete 51F5000 | 00B000 (45056) | OHCI USB Miniport Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\USBPORT.SYS | Script: Quarantine, Delete, BC delete 4000000 | 056000 (352256) | USB 1.1 & 2.0 Port Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\usbprint.sys | Script: Quarantine, Delete, BC delete 5FB7000 | 00C000 (49152) | USB Printer driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\usbscan.sys | Script: Quarantine, Delete, BC delete 5FA6000 | 011000 (69632) | USB Scanner Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\USBSTOR.SYS | Script: Quarantine, Delete, BC delete 5C00000 | 01B000 (110592) | USB Mass Storage Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\vdrvroot.sys | Script: Quarantine, Delete, BC delete E33000 | 00D000 (53248) | Virtual Drive Root Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\vga.sys | Script: Quarantine, Delete, BC delete 17E0000 | 00E000 (57344) | VGA/Super VGA Video Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\VIDEOPRT.SYS | Script: Quarantine, Delete, BC delete 1486000 | 025000 (151552) | Video Port Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\volmgr.sys | Script: Quarantine, Delete, BC delete E55000 | 015000 (86016) | Volume Manager Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\volmgrx.sys | Script: Quarantine, Delete, BC delete E6A000 | 05C000 (376832) | Volume Manager Extension Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\volsnap.sys | Script: Quarantine, Delete, BC delete 1AEE000 | 04C000 (311296) | Volume Shadow Copy Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\wanarp.sys | Script: Quarantine, Delete, BC delete 3C83000 | 01B000 (110592) | MS Remote Access and Routing ARP Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\watchdog.sys | Script: Quarantine, Delete, BC delete 17EE000 | 010000 (65536) | Watchdog Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\Wdf01000.sys | Script: Quarantine, Delete, BC delete EC6000 | 0A4000 (671744) | Kernel Mode Driver Framework Runtime | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\WDFLDR.SYS | Script: Quarantine, Delete, BC delete F6A000 | 00F000 (61440) | Kernel Mode Driver Framework Loader | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\wfplwf.sys | Script: Quarantine, Delete, BC delete 3C45000 | 009000 (36864) | WFP NDIS 6.20 Lightweight Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\win32k.sys | Script: Quarantine, Delete, BC delete 070000 | 312000 (3219456) |
| C:\Windows\system32\drivers\wmiacpi.sys | Script: Quarantine, Delete, BC delete 43DA000 | 009000 (36864) | Windows Management Interface for ACPI | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\WMILIB.SYS | Script: Quarantine, Delete, BC delete FD0000 | 009000 (36864) | WMILIB WMI support library Dll | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\WudfPf.sys | Script: Quarantine, Delete, BC delete 5C59000 | 021000 (135168) | Windows Driver Foundation - User-mode Driver Framework Platform Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\WUDFRd.sys | Script: Quarantine, Delete, BC delete 6F8A000 | 031000 (200704) | Windows Driver Foundation - User-mode Driver Framework Reflector | © Microsoft Corporation. All rights reserved.
| Modules detected - 206, recognized as trusted - 52
| | ||||||||||||||||
| Service | Description | Status | File | Group | Dependencies
| AMD External Events Utility | Service: Stop, Delete, Disable AMD External Events Utility | Running | C:\Windows\system32\atiesrxx.exe | Script: Quarantine, Delete, BC delete Event log |
| EFS | Service: Stop, Delete, Disable Encrypting File System (EFS) | Running | C:\Windows\System32\lsass.exe | Script: Quarantine, Delete, BC delete | RPCSS
| KeyIso | Service: Stop, Delete, Disable CNG Key Isolation | Running | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete | RpcSs
| SamSs | Service: Stop, Delete, Disable Security Accounts Manager | Running | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete MS_WindowsLocalValidation | RPCSS
| Spooler | Service: Stop, Delete, Disable Print Spooler | Running | C:\Windows\System32\spoolsv.exe | Script: Quarantine, Delete, BC delete SpoolerGroup | RPCSS
| ALG | Service: Stop, Delete, Disable Application Layer Gateway Service | Not started | C:\Windows\System32\alg.exe | Script: Quarantine, Delete, BC delete |
| Fax | Service: Stop, Delete, Disable Fax | Not started | C:\Windows\system32\fxssvc.exe | Script: Quarantine, Delete, BC delete | TapiSrv
| MSDTC | Service: Stop, Delete, Disable Distributed Transaction Coordinator | Not started | C:\Windows\System32\msdtc.exe | Script: Quarantine, Delete, BC delete | RPCSS
| Netlogon | Service: Stop, Delete, Disable Netlogon | Not started | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete MS_WindowsRemoteValidation | LanmanWorkstation
| ProtectedStorage | Service: Stop, Delete, Disable Protected Storage | Not started | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete | RpcSs
| RpcLocator | Service: Stop, Delete, Disable Remote Procedure Call (RPC) Locator | Not started | C:\Windows\system32\locator.exe | Script: Quarantine, Delete, BC delete |
| SNMPTRAP | Service: Stop, Delete, Disable SNMP Trap | Not started | C:\Windows\System32\snmptrap.exe | Script: Quarantine, Delete, BC delete |
| sppsvc | Service: Stop, Delete, Disable Software Protection | Not started | C:\Windows\system32\sppsvc.exe | Script: Quarantine, Delete, BC delete | RpcSs
| UI0Detect | Service: Stop, Delete, Disable Interactive Services Detection | Not started | C:\Windows\system32\UI0Detect.exe | Script: Quarantine, Delete, BC delete |
| VaultSvc | Service: Stop, Delete, Disable Credential Manager | Not started | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete | rpcss
| vds | Service: Stop, Delete, Disable Virtual Disk | Not started | C:\Windows\System32\vds.exe | Script: Quarantine, Delete, BC delete | RpcSs
| VSS | Service: Stop, Delete, Disable Volume Shadow Copy | Not started | C:\Windows\system32\vssvc.exe | Script: Quarantine, Delete, BC delete | RPCSS
| WatAdminSvc | Service: Stop, Delete, Disable Windows Activation Technologies Service | Not started | C:\Windows\system32\Wat\WatAdminSvc.exe | Script: Quarantine, Delete, BC delete |
| wbengine | Service: Stop, Delete, Disable Block Level Backup Engine Service | Not started | C:\Windows\system32\wbengine.exe | Script: Quarantine, Delete, BC delete |
| wmiApSrv | Service: Stop, Delete, Disable WMI Performance Adapter | Not started | C:\Windows\system32\wbem\WmiApSrv.exe | Script: Quarantine, Delete, BC delete |
| Detected - 177, recognized as trusted - 157
| | ||||||
| File name | Status | Startup method | Description
| C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Intel AppUp(SM) center | Delete C:\Program Files (x86)\\DVD Maker\DVDMaker.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile | Delete C:\Program Files (x86)\\Windows Defender\MpEvMsg.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile | Delete C:\Program Files (x86)\\Windows Defender\mpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinDefend\Parameters, ServiceDll | Delete C:\Windows\System32\Audiosrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll | Delete C:\Windows\System32\Audiosrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters, ServiceDll | Delete C:\Windows\System32\AxInstSV.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll | Delete C:\Windows\System32\AxInstSv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile | Delete C:\Windows\System32\DFDTS.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile | Delete C:\Windows\System32\DispCI.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile | Delete C:\Windows\System32\RpcEpMap.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll | Delete C:\Windows\System32\SCardSvr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll | Delete C:\Windows\System32\TabSvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll | Delete C:\Windows\System32\UI0Detect.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile | Delete C:\Windows\System32\VSSVC.EXE | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile | Delete C:\Windows\System32\WUDFSvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll | Delete C:\Windows\System32\aelupsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll | Delete C:\Windows\System32\aelupsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile | Delete C:\Windows\System32\appidsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll | Delete C:\Windows\System32\appinfo.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll | Delete C:\Windows\System32\bfe.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll | Delete C:\Windows\System32\browser.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll | Delete C:\Windows\System32\certprop.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll | Delete C:\Windows\System32\certprop.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll | Delete C:\Windows\System32\dnsrslvr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll | Delete C:\Windows\System32\dot3svc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll | Delete C:\Windows\System32\drivers\ati2erec.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, EventMessageFile | Delete C:\Windows\System32\drivers\ati2erec.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag, EventMessageFile | Delete C:\Windows\System32\drivers\ati2erec.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdap, EventMessageFile | Delete C:\Windows\System32\drivers\fltmgr.sys;C:\Windows\System32\IoLogMsg.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile | Delete C:\Windows\System32\drivers\ipmidrv.sys | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile | Delete C:\Windows\System32\drivers\tsusbflt.sys | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt, EventMessageFile | Delete C:\Windows\System32\drivers\wd.sys | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile | Delete C:\Windows\System32\gpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll | Delete C:\Windows\System32\ikeext.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll | Delete C:\Windows\System32\iphlpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll | Delete C:\Windows\System32\ipnathlp.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll | Delete C:\Windows\System32\ipsecsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll | Delete C:\Windows\System32\iscsiexe.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile | Delete C:\Windows\System32\iscsilog.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile | Delete C:\Windows\System32\lltdsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll | Delete C:\Windows\System32\lmhsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll | Delete C:\Windows\System32\lsasrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile | Delete C:\Windows\System32\lsasrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile | Delete C:\Windows\System32\mctadmin.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin | Delete C:\Windows\System32\mctadmin.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin | Delete C:\Windows\System32\mdsched.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile | Delete C:\Windows\System32\netman.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll | Delete C:\Windows\System32\nlasvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll | Delete C:\Windows\System32\pcasvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll | Delete C:\Windows\System32\profsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile | Delete C:\Windows\System32\profsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile | Delete C:\Windows\System32\qmgr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll | Delete C:\Windows\System32\rasauto.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll | Delete C:\Windows\System32\rasmans.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll | Delete C:\Windows\System32\relpost.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile | Delete C:\Windows\System32\samsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile | Delete C:\Windows\System32\samsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile | Delete C:\Windows\System32\snmptrap.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile | Delete C:\Windows\System32\ssdpsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll | Delete C:\Windows\System32\sstpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile | Delete C:\Windows\System32\swprv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll | Delete C:\Windows\System32\tcpmon.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile | Delete C:\Windows\System32\termsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll | Delete C:\Windows\System32\trkwks.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll | Delete C:\Windows\System32\umpnpmgr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile | Delete C:\Windows\System32\umpo.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile | Delete C:\Windows\System32\uxsms.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UxSms\Parameters, ServiceDll | Delete C:\Windows\System32\wbiosrvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll | Delete C:\Windows\System32\wercplsupport.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll | Delete C:\Windows\System32\wersvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile | Delete C:\Windows\System32\wevtsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile | Delete C:\Windows\System32\wevtsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile | Delete C:\Windows\System32\wiaservc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll | Delete C:\Windows\System32\wiaservc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile | Delete C:\Windows\System32\win32k.sys | Script: Quarantine, Delete, BC delete -- | Registry key | HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
| C:\Windows\System32\winlogon.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile | Delete C:\Windows\System32\winlogon.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile | Delete C:\Windows\System32\wkssvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll | Delete C:\Windows\System32\wlansvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters, ServiceDll | Delete C:\Windows\System32\wscsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll | Delete C:\Windows\System32\wscsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile | Delete C:\Windows\System32\wwansvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll | Delete C:\Windows\system32\BlbEvents.dll | Script: |