Kaspersky Virus Removal Tool 2010 9.0.0.722 (database released 30/05/2011; 13:03)
| File name | PID | Description | Copyright | MD5 | Information
| AESTSr64.exe | Script: Quarantine, Delete, BC delete, Terminate 1888 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: atieclxx.exe | Script: Quarantine, Delete, BC delete, Terminate 1704 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: atiesrxx.exe | Script: Quarantine, Delete, BC delete, Terminate 1012 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: audiodg.exe | Script: Quarantine, Delete, BC delete, Terminate 3240 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: csrss.exe | Script: Quarantine, Delete, BC delete, Terminate 612 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: csrss.exe | Script: Quarantine, Delete, BC delete, Terminate 704 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\dell datasafe online\datasafeonline.exe | Script: Quarantine, Delete, BC delete, Terminate 4388 | DataSafeOnline | Copyright © 2007 | ?? | 1765.23 kb, rsAh, | created: 11/13/2009 4:15:00 PM, modified: 11/13/2009 4:15:00 PM Command line: "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m DellDock.exe | Script: Quarantine, Delete, BC delete, Terminate 4356 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: dwm.exe | Script: Quarantine, Delete, BC delete, Terminate 1952 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\sensible vision\fast access\faservice.exe | Script: Quarantine, Delete, BC delete, Terminate 832 | FastAccess | Copyright © 2005-2010 Sensible Vision | ?? | 2353.32 kb, rsAh, | created: 4/4/2010 11:43:38 AM, modified: 4/4/2010 11:43:38 AM Command line: "C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe" c:\program files (x86)\sensible vision\fast access\fatrayalert.exe | Script: Quarantine, Delete, BC delete, Terminate 4960 | FATrayAlert Application | Copyright © 2005-2007 Sensible Vision | ?? | 1945.32 kb, rsAh, | created: 4/4/2010 11:44:08 AM, modified: 4/4/2010 11:44:08 AM Command line: FATrayAlert.exe iPodService.exe | Script: Quarantine, Delete, BC delete, Terminate 5580 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: ipoint.exe | Script: Quarantine, Delete, BC delete, Terminate 4180 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: itype.exe | Script: Quarantine, Delete, BC delete, Terminate 4156 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: lsass.exe | Script: Quarantine, Delete, BC delete, Terminate 772 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: lsm.exe | Script: Quarantine, Delete, BC delete, Terminate 780 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: mcagent.exe | Script: Quarantine, Delete, BC delete, Terminate 4860 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: mcshield.exe | Script: Quarantine, Delete, BC delete, Terminate 2304 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: McSvHost.exe | Script: Quarantine, Delete, BC delete, Terminate 2572 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: mfefire.exe | Script: Quarantine, Delete, BC delete, Terminate 2420 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: mfevtps.exe | Script: Quarantine, Delete, BC delete, Terminate 1352 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\digidesign\drivers\mmerefresh.exe | Script: Quarantine, Delete, BC delete, Terminate 2004 | Digidesign MME Binder | ©1999-2004 Digidesign, A Division of Avid Technology, Inc. | ?? | 48.00 kb, rsAh, | created: 8/29/2010 5:23:33 PM, modified: 10/8/2004 2:48:18 AM Command line: "C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe" -s services.exe | Script: Quarantine, Delete, BC delete, Terminate 744 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: smss.exe | Script: Quarantine, Delete, BC delete, Terminate 364 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: spoolsv.exe | Script: Quarantine, Delete, BC delete, Terminate 1736 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\dell support center\bin\sprtcmd.exe | Script: Quarantine, Delete, BC delete, Terminate 4696 | Dell Support Center Updates | Copyright 1997-2009 SupportSoft | ?? | 201.23 kb, rsAh, | created: 5/21/2009 8:59:08 AM, modified: 5/21/2009 8:59:08 AM Command line: "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter stacsv64.exe | Script: Quarantine, Delete, BC delete, Terminate 1068 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: sttray64.exe | Script: Quarantine, Delete, BC delete, Terminate 3788 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: SynTPEnh.exe | Script: Quarantine, Delete, BC delete, Terminate 2580 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: SynTPHelper.exe | Script: Quarantine, Delete, BC delete, Terminate 4340 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: taskhost.exe | Script: Quarantine, Delete, BC delete, Terminate 3852 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: winlogon.exe | Script: Quarantine, Delete, BC delete, Terminate 260 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: wuauclt.exe | Script: Quarantine, Delete, BC delete, Terminate 3220 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: Detected:78, recognized as trusted 49
| | |||||
| Module | Base address | Size in memory | Description | Manufacturer
| C:\Windows\system32\drivers\1394ohci.sys | Script: Quarantine, Delete, BC delete 5F84000 | 03E000 (253952) | 1394 OpenHCI Port Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\7657377.sys | Script: Quarantine, Delete, BC delete BE69000 | 05C000 (376832) | Klif Mini-Filter [fre_wlh_AMD64] | Copyright © Kaspersky Lab 1996-2009.
| C:\Windows\system32\DRIVERS\76573771.sys | Script: Quarantine, Delete, BC delete C062000 | 529000 (5410816) | Kaspersky Unified Driver | Copyright © Kaspersky Lab 1997-2009.
| C:\Windows\system32\DRIVERS\76573772.sys | Script: Quarantine, Delete, BC delete C58B000 | 00E000 (57344) | Kaspersky Lab Boot Guard Driver | Copyright © Kaspersky Lab 1997-2009.
| C:\Windows\system32\drivers\ACPI.sys | Script: Quarantine, Delete, BC delete F1F000 | 057000 (356352) | ACPI Driver for NT | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\afd.sys | Script: Quarantine, Delete, BC delete 3E49000 | 089000 (561152) | Ancillary Function Driver for WinSock | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\AgileVpn.sys | Script: Quarantine, Delete, BC delete 53E6000 | 016000 (90112) | RAS Agile Vpn Miniport Call Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\amdxata.sys | Script: Quarantine, Delete, BC delete 11E7000 | 00B000 (45056) | Storage Filter Driver | Copyright © 2008-2010 AMD, Inc.
| C:\Users\Adam\AppData\Local\Temp\aswMBR.sys | Script: Quarantine, Delete, BC delete 7C1C000 | 00E000 (57344) |
| C:\Windows\system32\DRIVERS\asyncmac.sys | Script: Quarantine, Delete, BC delete 7DD8000 | 00B000 (45056) | MS Remote Access serial network driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\atapi.sys | Script: Quarantine, Delete, BC delete 11DE000 | 009000 (36864) | ATAPI IDE Miniport Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\ataport.SYS | Script: Quarantine, Delete, BC delete 1000000 | 02A000 (172032) | ATAPI Driver Extension | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\AtiHdmi.sys | Script: Quarantine, Delete, BC delete 6169000 | 021000 (135168) | ATI High Definition Audio Function Driver | Copyright (c) 2004-2009 ATI Technologies Inc.
| C:\Windows\system32\DRIVERS\atikmpag.sys | Script: Quarantine, Delete, BC delete 1272000 | 02C000 (180224) | AMD multi-vendor Miniport Driver | Copyright (C) 2007 Advanced Micro Devices, Inc.
| C:\Windows\system32\DRIVERS\atipmdag.sys | Script: Quarantine, Delete, BC delete 4A0A000 | 644000 (6569984) | ATI Radeon Kernel Mode Driver | Copyright (C) 1998-2006 ATI Technologies Inc.
| C:\Windows\system32\DRIVERS\BATTC.SYS | Script: Quarantine, Delete, BC delete FE7000 | 00C000 (49152) | Battery Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Beep.SYS | Script: Quarantine, Delete, BC delete 2FDE000 | 007000 (28672) | BEEP Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\blbdrive.sys | Script: Quarantine, Delete, BC delete 3E00000 | 011000 (69632) | BLB Drive Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\bowser.sys | Script: Quarantine, Delete, BC delete 6572000 | 01E000 (122880) | NT Lan Manager Datagram Receiver Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\cdd.dll | Script: Quarantine, Delete, BC delete 600000 | 027000 (159744) |
| C:\Windows\system32\drivers\cdrom.sys | Script: Quarantine, Delete, BC delete 2FAB000 | 02A000 (172032) | SCSI CD-ROM Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\cfwids.sys | Script: Quarantine, Delete, BC delete 7DEC000 | 00E000 (57344) | McAfee Personal Firewall IDS Plugin | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\CI.dll | Script: Quarantine, Delete, BC delete C00000 | 0C0000 (786432) |
| C:\Windows\system32\DRIVERS\circlass.sys | Script: Quarantine, Delete, BC delete 582F000 | 012000 (73728) | Consumer IR Class Driver for eHome | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\CLASSPNP.SYS | Script: Quarantine, Delete, BC delete 1816000 | 030000 (196608) | SCSI Class System Dll | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\CLFS.SYS | Script: Quarantine, Delete, BC delete D4E000 | 05E000 (385024) |
| C:\Windows\system32\DRIVERS\CmBatt.sys | Script: Quarantine, Delete, BC delete 5313000 | 005000 (20480) | Control Method Battery Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\cng.sys | Script: Quarantine, Delete, BC delete 1200000 | 072000 (466944) | Kernel Cryptography, Next Generation | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\compbatt.sys | Script: Quarantine, Delete, BC delete FDE000 | 009000 (36864) | Composite Battery Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\CompositeBus.sys | Script: Quarantine, Delete, BC delete 5318000 | 010000 (65536) | Multi-Transport Composite Bus Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\crashdmp.sys | Script: Quarantine, Delete, BC delete 76A9000 | 00E000 (57344) | Crash Dump Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\CtClsFlt.sys | Script: Quarantine, Delete, BC delete 53B5000 | 02B000 (176128) | Video Class Upper Filter Driver (64-bit) | Copyright (c) Creative Technology Ltd., 2007-2009. All rights reserved.
| C:\Windows\System32\Drivers\dfsc.sys | Script: Quarantine, Delete, BC delete 3FDD000 | 01E000 (122880) | DFS Namespace Client Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\discache.sys | Script: Quarantine, Delete, BC delete 3FCE000 | 00F000 (61440) | System Indexer/Cache Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\disk.sys | Script: Quarantine, Delete, BC delete 1800000 | 016000 (90112) | PnP Disk Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\drmk.sys | Script: Quarantine, Delete, BC delete 61C7000 | 022000 (139264) | Microsoft Trusted Audio Drivers | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\dump_dumpfve.sys | Script: Quarantine, Delete, BC delete 77D3000 | 013000 (77824) |
| C:\Windows\System32\Drivers\dump_iaStor.sys | Script: Quarantine, Delete, BC delete 76B7000 | 11C000 (1163264) |
| C:\Windows\System32\drivers\Dxapi.sys | Script: Quarantine, Delete, BC delete 769D000 | 00C000 (49152) | DirectX API Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\dxgkrnl.sys | Script: Quarantine, Delete, BC delete 504E000 | 0F4000 (999424) | DirectX Graphics Kernel | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\dxgmms1.sys | Script: Quarantine, Delete, BC delete 5142000 | 046000 (286720) | DirectX Graphics MMS | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\facap.sys | Script: Quarantine, Delete, BC delete 4973000 | 039000 (233472) | faCap WebCam Capture | Copyright © 2005-2008 Sensible Vision
| C:\Windows\System32\Drivers\fastfat.SYS | Script: Quarantine, Delete, BC delete 48A3000 | 036000 (221184) | Fast FAT File System Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\fileinfo.sys | Script: Quarantine, Delete, BC delete CC0000 | 014000 (81920) | FileInfo Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\fltmgr.sys | Script: Quarantine, Delete, BC delete E15000 | 04C000 (311296) | Microsoft Filesystem Filter Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Fs_Rec.sys | Script: Quarantine, Delete, BC delete 15DF000 | 00A000 (40960) | File System Recognizer Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\fvevol.sys | Script: Quarantine, Delete, BC delete 1BB2000 | 03A000 (237568) | BitLocker Drive Encryption Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\fwpkclnt.sys | Script: Quarantine, Delete, BC delete 1ABF000 | 04A000 (303104) | FWP/IPsec Kernel-Mode API | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\GEARAspiWDM.sys | Script: Quarantine, Delete, BC delete 52E9000 | 00B000 (45056) | CD DVD Filter | Copyright (C) GEAR Software Inc. 1997-2009
| C:\Windows\system32\hal.dll | Script: Quarantine, Delete, BC delete 35F7000 | 049000 (299008) |
| C:\Windows\system32\drivers\HDAudBus.sys | Script: Quarantine, Delete, BC delete 5188000 | 024000 (147456) | High Definition Audio Bus Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\HIDCLASS.SYS | Script: Quarantine, Delete, BC delete 6090000 | 019000 (102400) | Hid Class Library | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\hidir.sys | Script: Quarantine, Delete, BC delete 607F000 | 011000 (69632) | Infrared Miniport Driver for Input Devices | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\HIDPARSE.SYS | Script: Quarantine, Delete, BC delete 60A9000 | 009000 (36864) | Hid Parsing Library | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\hidusb.sys | Script: Quarantine, Delete, BC delete 5FF2000 | 00E000 (57344) | USB Miniport Driver for Input Devices | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\HTTP.sys | Script: Quarantine, Delete, BC delete 64A9000 | 0C9000 (823296) | HTTP Protocol Stack | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\hwpolicy.sys | Script: Quarantine, Delete, BC delete 1BA9000 | 009000 (36864) | Hardware Policy Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\i8042prt.sys | Script: Quarantine, Delete, BC delete 5260000 | 01E000 (122880) | i8042 Port Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\iaStor.sys | Script: Quarantine, Delete, BC delete 10C2000 | 11C000 (1163264) | Intel Matrix Storage Manager driver - x64 | Copyright(C) Intel Corporation 1994-2009
| C:\Windows\system32\DRIVERS\intelppm.sys | Script: Quarantine, Delete, BC delete 52F4000 | 016000 (90112) | Processor Device Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\itecir.sys | Script: Quarantine, Delete, BC delete 5204000 | 05C000 (376832) | ITE Consumer IR Driver for eHome | Copyright (c) ITE Tech. Inc. 2006
| C:\Windows\system32\DRIVERS\k57nd60a.sys | Script: Quarantine, Delete, BC delete DAC000 | 051000 (331776) | Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver. | Copyright 2000-2009, Broadcom Corporation.
| C:\Windows\system32\drivers\kbdclass.sys | Script: Quarantine, Delete, BC delete 527E000 | 00F000 (61440) | Keyboard Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\kbdhid.sys | Script: Quarantine, Delete, BC delete 60B2000 | 00E000 (57344) | HID Keyboard Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\kdcom.dll | Script: Quarantine, Delete, BC delete BCB000 | 00A000 (40960) |
| C:\Windows\system32\DRIVERS\ks.sys | Script: Quarantine, Delete, BC delete 5372000 | 043000 (274432) | Kernel CSA Library | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\ksecdd.sys | Script: Quarantine, Delete, BC delete 15B3000 | 01B000 (110592) | Kernel Security Support Provider Interface | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\ksecpkg.sys | Script: Quarantine, Delete, BC delete 1600000 | 02B000 (176128) | Kernel Security Support Provider Interface Packages | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\ksthunk.sys | Script: Quarantine, Delete, BC delete 53E0000 | 006000 (24576) | Kernel Streaming WOW Thunk Service | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\lltdio.sys | Script: Quarantine, Delete, BC delete 48D9000 | 015000 (86016) | Link-Layer Topology Mapper I/O Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\luafv.sys | Script: Quarantine, Delete, BC delete 2F62000 | 023000 (143360) | LUA File Virtualization Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\mcupdate_GenuineIntel.dll | Script: Quarantine, Delete, BC delete CEB000 | 04F000 (323584) |
| C:\Windows\system32\drivers\mfeapfk.sys | Script: Quarantine, Delete, BC delete C5D0000 | 01C000 (114688) | Access Protection Filter Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\drivers\mfeavfk.sys | Script: Quarantine, Delete, BC delete 60CD000 | 02D000 (184320) | Anti-Virus File System Filter Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\drivers\mfefirek.sys | Script: Quarantine, Delete, BC delete 7633000 | 06A000 (434176) | McAfee Core Firewall Engine Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\drivers\mfehidk.sys | Script: Quarantine, Delete, BC delete 12A7000 | 080000 (524288) | McAfee Link Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\DRIVERS\mfenlfk.sys | Script: Quarantine, Delete, BC delete 3F17000 | 011000 (69632) | McAfee NDIS Light Filter Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\drivers\mfewfpk.sys | Script: Quarantine, Delete, BC delete 1854000 | 044000 (278528) | Anti-Virus Mini-Firewall Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\DRIVERS\monitor.sys | Script: Quarantine, Delete, BC delete 761D000 | 00E000 (57344) | Monitor Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\mouclass.sys | Script: Quarantine, Delete, BC delete 52DA000 | 00F000 (61440) | Mouse Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mouhid.sys | Script: Quarantine, Delete, BC delete 60C0000 | 00D000 (53248) | HID Mouse Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\mountmgr.sys | Script: Quarantine, Delete, BC delete 10A8000 | 01A000 (106496) | Mount Point Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\mpsdrv.sys | Script: Quarantine, Delete, BC delete 6590000 | 018000 (98304) | Microsoft Protection Service Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mrxsmb.sys | Script: Quarantine, Delete, BC delete 65A8000 | 02D000 (184320) | Windows NT SMB Minirdr | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mrxsmb10.sys | Script: Quarantine, Delete, BC delete 6400000 | 04D000 (315392) | Longhorn SMB Downlevel SubRdr | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mrxsmb20.sys | Script: Quarantine, Delete, BC delete 644D000 | 024000 (147456) | Longhorn SMB 2.0 Redirector | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\msahci.sys | Script: Quarantine, Delete, BC delete 102A000 | 00B000 (45056) | MS AHCI 1.0 Standard Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Msfs.SYS | Script: Quarantine, Delete, BC delete 2E50000 | 00B000 (45056) | Mailslot driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\msisadrv.sys | Script: Quarantine, Delete, BC delete F7F000 | 00A000 (40960) | ISA Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\MSPCLOCK.sys | Script: Quarantine, Delete, BC delete C01D000 | 002000 (8192) | MS Proxy Clock | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\MSPQM.sys | Script: Quarantine, Delete, BC delete C01B000 | 002000 (8192) | MS Proxy Quality Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\msrpc.sys | Script: Quarantine, Delete, BC delete 1334000 | 05E000 (385024) | Kernel Remote Procedure Call Provider | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\mssmbios.sys | Script: Quarantine, Delete, BC delete 3FC3000 | 00B000 (45056) | System Management BIOS Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\mup.sys | Script: Quarantine, Delete, BC delete 1B97000 | 012000 (73728) | Multiple UNC Provider Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\ndis.sys | Script: Quarantine, Delete, BC delete 168A000 | 0F3000 (995328) | NDIS 6.20 driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\ndistapi.sys | Script: Quarantine, Delete, BC delete 5FE6000 | 00C000 (49152) | NDIS 3.0 connection wrapper driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\ndisuio.sys | Script: Quarantine, Delete, BC delete 4941000 | 013000 (77824) | NDIS User mode I/O driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\ndiswan.sys | Script: Quarantine, Delete, BC delete 5800000 | 02F000 (192512) | MS PPP Framing Driver (Strong Encryption) | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\NDProxy.SYS | Script: Quarantine, Delete, BC delete 6154000 | 015000 (86016) | NDIS Proxy | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\netbios.sys | Script: Quarantine, Delete, BC delete 3F28000 | 00F000 (61440) | NetBIOS interface driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\netbt.sys | Script: Quarantine, Delete, BC delete 162B000 | 045000 (282624) | MBT Transport driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\NETIO.SYS | Script: Quarantine, Delete, BC delete 177D000 | 060000 (393216) | Network I/O Subsystem | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\NETw5s64.sys | Script: Quarantine, Delete, BC delete 5842000 | 6AD000 (7000064) | Intel® Wireless WiFi Link Driver | Copyright © Intel Corporation 2009
| C:\Windows\System32\Drivers\Npfs.SYS | Script: Quarantine, Delete, BC delete 2E5B000 | 011000 (69632) | NPFS Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\nsiproxy.sys | Script: Quarantine, Delete, BC delete 3FB7000 | 00C000 (49152) | NSI Proxy | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Ntfs.sys | Script: Quarantine, Delete, BC delete 1410000 | 1A3000 (1716224) | NT File System Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Null.SYS | Script: Quarantine, Delete, BC delete 2FD5000 | 009000 (36864) | NULL Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\nwifi.sys | Script: Quarantine, Delete, BC delete 48EE000 | 053000 (339968) | NativeWiFi Miniport Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\pacer.sys | Script: Quarantine, Delete, BC delete 3EDB000 | 026000 (155648) | QoS Packet Scheduler | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\partmgr.sys | Script: Quarantine, Delete, BC delete FC9000 | 015000 (86016) | Partition Management Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\pci.sys | Script: Quarantine, Delete, BC delete F89000 | 033000 (208896) | NT Plug and Play PCI Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\PCIIDEX.SYS | Script: Quarantine, Delete, BC delete 1035000 | 010000 (65536) | PCI IDE Bus Driver Extension | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\pcw.sys | Script: Quarantine, Delete, BC delete 15CE000 | 011000 (69632) | Performance Counters for Windows Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\peauth.sys | Script: Quarantine, Delete, BC delete 7C5D000 | 0A6000 (679936) | Protected Environment Authentication and Authorization Export Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\point64.sys | Script: Quarantine, Delete, BC delete 2F37000 | 010000 (65536) | Point64k.sys | © Microsoft Corporation 1983-2010.
| C:\Windows\system32\drivers\portcls.sys | Script: Quarantine, Delete, BC delete 618A000 | 03D000 (249856) | Port Class (Class Driver for Port/Miniport Devices) | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\psabusba.sys | Script: Quarantine, Delete, BC delete 61E9000 | 010000 (65536) | USB-Audio WDM Adapter | Copyright (C) Ploytec GmbH 2000-2009
| C:\Windows\system32\drivers\psabusbm.sys | Script: Quarantine, Delete, BC delete 77E6000 | 00D000 (53248) | Ploytec WDM MIDI Driver | Copyright (C) Ploytec GmbH 2000-2009
| C:\Windows\System32\Drivers\psabusbu.sys | Script: Quarantine, Delete, BC delete 2EA7000 | 075000 (479232) | Ploytec USB Audio driver | Copyright (C) Ploytec GmbH 2000-2009
| C:\Windows\System32\Drivers\PxHlpa64.sys | Script: Quarantine, Delete, BC delete 1327000 | 00D000 (53248) | Px Engine Device Driver for 64-bit Windows | Copyright © Sonic Solutions
| C:\Windows\system32\DRIVERS\rasl2tp.sys | Script: Quarantine, Delete, BC delete 5FC2000 | 024000 (147456) | RAS L2TP mini-port/call-manager driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\raspppoe.sys | Script: Quarantine, Delete, BC delete 51BD000 | 01B000 (110592) | RAS PPPoE mini-port/call-manager driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\raspptp.sys | Script: Quarantine, Delete, BC delete 51D8000 | 021000 (135168) | Peer-to-Peer Tunneling Protocol | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rassstp.sys | Script: Quarantine, Delete, BC delete 1670000 | 01A000 (106496) | RAS SSTP Miniport Call Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rdbss.sys | Script: Quarantine, Delete, BC delete 3F66000 | 051000 (331776) | Redirected Drive Buffering SubSystem Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\RDPCDD.sys | Script: Quarantine, Delete, BC delete 2E35000 | 009000 (36864) | RDP Miniport | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\rdpencdd.sys | Script: Quarantine, Delete, BC delete 2E3E000 | 009000 (36864) | RDP Encoder Miniport | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\rdprefmp.sys | Script: Quarantine, Delete, BC delete 2E47000 | 009000 (36864) | RDP Reflector Driver Miniport | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\rdyboost.sys | Script: Quarantine, Delete, BC delete 1B5D000 | 03A000 (237568) | ReadyBoost Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rimspe64.sys | Script: Quarantine, Delete, BC delete 5F15000 | 019000 (102400) | RICOH MS Driver | Copyright c 2001-2009, Ricoh Company Ltd.,
| C:\Windows\system32\DRIVERS\risdpe64.sys | Script: Quarantine, Delete, BC delete 5EFC000 | 019000 (102400) | RICOH SD/MMC Driver | Copyright c 2001-2009, Ricoh Company Ltd.,
| C:\Windows\system32\DRIVERS\rixdpe64.sys | Script: Quarantine, Delete, BC delete 5F2E000 | 056000 (352256) | RICOH PCIe XD Driver | Copyright c 2001-2009, Ricoh Company Ltd.,
| C:\Windows\system32\DRIVERS\rspndr.sys | Script: Quarantine, Delete, BC delete 4954000 | 018000 (98304) | Link-Layer Topology Responder Driver for NDIS 6 | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\secdrv.SYS | Script: Quarantine, Delete, BC delete 7D03000 | 00B000 (45056) | Macrovision SECURITY Driver | © 2006 Macrovision Corporation
| C:\Windows\System32\smss.exe | Script: Quarantine, Delete, BC delete 47870000 | 020000 (131072) |
| C:\Windows\System32\Drivers\spldr.sys | Script: Quarantine, Delete, BC delete 1B55000 | 008000 (32768) | loader for security processor | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\srv.sys | Script: Quarantine, Delete, BC delete 4800000 | 098000 (622592) | Server driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\srv2.sys | Script: Quarantine, Delete, BC delete 7D51000 | 06A000 (434176) | Smb 2.0 Server driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\srvnet.sys | Script: Quarantine, Delete, BC delete 7D0E000 | 031000 (200704) | Server Network driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\STREAM.SYS | Script: Quarantine, Delete, BC delete 7C2C000 | 011000 (69632) | WDM CODEC Class Device Driver 2.0 | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\stwrt64.sys | Script: Quarantine, Delete, BC delete 6000000 | 07F000 (520192) | IDT PC Audio | Copyright © 2004 - 2009 IDT, Inc.
| C:\Windows\system32\drivers\swenum.sys | Script: Quarantine, Delete, BC delete 53FC000 | 002000 (8192) | Plug and Play Software Device Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\SynTP.sys | Script: Quarantine, Delete, BC delete 528D000 | 04B000 (307200) | Synaptics Touchpad Driver | Copyright (C) Synaptics Incorporated 1996-2009
| C:\Windows\System32\drivers\tcpip.sys | Script: Quarantine, Delete, BC delete 18BB000 | 204000 (2113536) | TCP/IP Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\tcpipreg.sys | Script: Quarantine, Delete, BC delete 7D3F000 | 012000 (73728) | TCP/IP Registry Compatibility Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\TDI.SYS | Script: Quarantine, Delete, BC delete 2E6C000 | 00D000 (53248) | TDI Wrapper | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\tdx.sys | Script: Quarantine, Delete, BC delete 1898000 | 022000 (139264) | TDI Translation Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\termdd.sys | Script: Quarantine, Delete, BC delete 3F52000 | 014000 (81920) | Remote Desktop Server Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\TSDDD.dll | Script: Quarantine, Delete, BC delete 5C0000 | 00A000 (40960) |
| C:\Windows\system32\DRIVERS\tunnel.sys | Script: Quarantine, Delete, BC delete 3E11000 | 026000 (155648) | Microsoft Tunnel Interface Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\TurboB.sys | Script: Quarantine, Delete, BC delete 496C000 | 007000 (28672) |
| C:\Windows\system32\drivers\umbus.sys | Script: Quarantine, Delete, BC delete 3E37000 | 012000 (73728) | User-Mode Bus Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\usbaudio.sys | Script: Quarantine, Delete, BC delete 2F47000 | 01B000 (110592) | USB Audio Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\usbccgp.sys | Script: Quarantine, Delete, BC delete 7600000 | 01D000 (118784) | USB Common Class Generic Parent Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\USBD.SYS | Script: Quarantine, Delete, BC delete 52D8000 | 002000 (8192) | Universal Serial Bus Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\usbehci.sys | Script: Quarantine, Delete, BC delete 51AC000 | 011000 (69632) | EHCI eUSB Miniport Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\usbhub.sys | Script: Quarantine, Delete, BC delete 60FA000 | 05A000 (368640) | Default Hub Driver for USB | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\USBPORT.SYS | Script: Quarantine, Delete, BC delete 1392000 | 056000 (352256) | USB 1.1 & 2.0 Port Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\USBSTOR.SYS | Script: Quarantine, Delete, BC delete C000000 | 01B000 (110592) | USB Mass Storage Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\usbvideo.sys | Script: Quarantine, Delete, BC delete 2E79000 | 02E000 (188416) | USB Video Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\vdrvroot.sys | Script: Quarantine, Delete, BC delete FBC000 | 00D000 (53248) | Virtual Drive Root Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\vga.sys | Script: Quarantine, Delete, BC delete 2FE5000 | 00E000 (57344) | VGA/Super VGA Video Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\VIDEOPRT.SYS | Script: Quarantine, Delete, BC delete 2E00000 | 025000 (151552) | Video Port Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\volmgr.sys | Script: Quarantine, Delete, BC delete E00000 | 015000 (86016) | Volume Manager Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\volmgrx.sys | Script: Quarantine, Delete, BC delete 104C000 | 05C000 (376832) | Volume Manager Extension Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\volsnap.sys | Script: Quarantine, Delete, BC delete 1B09000 | 04C000 (311296) | Volume Shadow Copy Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\vwifibus.sys | Script: Quarantine, Delete, BC delete 5EEF000 | 00D000 (53248) | Virtual WiFi Bus Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\vwififlt.sys | Script: Quarantine, Delete, BC delete 3F01000 | 016000 (90112) | Virtual WiFi Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\wanarp.sys | Script: Quarantine, Delete, BC delete 3F37000 | 01B000 (110592) | MS Remote Access and Routing ARP Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\watchdog.sys | Script: Quarantine, Delete, BC delete 2E25000 | 010000 (65536) | Watchdog Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\Wdf01000.sys | Script: Quarantine, Delete, BC delete E6C000 | 0A4000 (671744) | Kernel Mode Driver Framework Runtime | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\WDFLDR.SYS | Script: Quarantine, Delete, BC delete F10000 | 00F000 (61440) | Kernel Mode Driver Framework Loader | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\wfplwf.sys | Script: Quarantine, Delete, BC delete 3ED2000 | 009000 (36864) | WFP NDIS 6.20 Lightweight Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\win32k.sys | Script: Quarantine, Delete, BC delete 070000 | 312000 (3219456) |
| C:\Windows\system32\drivers\wmiacpi.sys | Script: Quarantine, Delete, BC delete 530A000 | 009000 (36864) | Windows Management Interface for ACPI | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\WMILIB.SYS | Script: Quarantine, Delete, BC delete F76000 | 009000 (36864) | WMILIB WMI support library Dll | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\WudfPf.sys | Script: Quarantine, Delete, BC delete 2F85000 | 021000 (135168) | Windows Driver Foundation - User-mode Driver Framework Platform Driver | © Microsoft Corporation. All rights reserved.
| Modules detected - 219, recognized as trusted - 42
| | |||||||||||||||||
| Service | Description | Status | File | Group | Dependencies
| AMD External Events Utility | Service: Stop, Delete, Disable AMD External Events Utility | Running | C:\Windows\system32\atiesrxx.exe | Script: Quarantine, Delete, BC delete Event log |
| DigiRefresh | Service: Stop, Delete, Disable Digidesign MME Refresh Service | Running | C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe | Script: Quarantine, Delete, BC delete | PlugPlay
| KeyIso | Service: Stop, Delete, Disable CNG Key Isolation | Running | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete | RpcSs
| SamSs | Service: Stop, Delete, Disable Security Accounts Manager | Running | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete MS_WindowsLocalValidation | RPCSS
| Spooler | Service: Stop, Delete, Disable Print Spooler | Running | C:\Windows\System32\spoolsv.exe | Script: Quarantine, Delete, BC delete SpoolerGroup | RPCSS
| ALG | Service: Stop, Delete, Disable Application Layer Gateway Service | Not started | C:\Windows\System32\alg.exe | Script: Quarantine, Delete, BC delete |
| EFS | Service: Stop, Delete, Disable Encrypting File System (EFS) | Not started | C:\Windows\System32\lsass.exe | Script: Quarantine, Delete, BC delete | RPCSS
| Fax | Service: Stop, Delete, Disable Fax | Not started | C:\Windows\system32\fxssvc.exe | Script: Quarantine, Delete, BC delete | TapiSrv
| MSDTC | Service: Stop, Delete, Disable Distributed Transaction Coordinator | Not started | C:\Windows\System32\msdtc.exe | Script: Quarantine, Delete, BC delete | RPCSS
| Netlogon | Service: Stop, Delete, Disable Netlogon | Not started | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete MS_WindowsRemoteValidation | LanmanWorkstation
| ProtectedStorage | Service: Stop, Delete, Disable Protected Storage | Not started | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete | RpcSs
| RpcLocator | Service: Stop, Delete, Disable Remote Procedure Call (RPC) Locator | Not started | C:\Windows\system32\locator.exe | Script: Quarantine, Delete, BC delete |
| SessionLauncher | Service: Stop, Delete, Disable SessionLauncher | Not started | c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe | Script: Quarantine, Delete, BC delete |
| SNMPTRAP | Service: Stop, Delete, Disable SNMP Trap | Not started | C:\Windows\System32\snmptrap.exe | Script: Quarantine, Delete, BC delete |
| sppsvc | Service: Stop, Delete, Disable Software Protection | Not started | C:\Windows\system32\sppsvc.exe | Script: Quarantine, Delete, BC delete | RpcSs
| UI0Detect | Service: Stop, Delete, Disable Interactive Services Detection | Not started | C:\Windows\system32\UI0Detect.exe | Script: Quarantine, Delete, BC delete |
| VaultSvc | Service: Stop, Delete, Disable Credential Manager | Not started | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete | rpcss
| vds | Service: Stop, Delete, Disable Virtual Disk | Not started | C:\Windows\System32\vds.exe | Script: Quarantine, Delete, BC delete | RpcSs
| VSS | Service: Stop, Delete, Disable Volume Shadow Copy | Not started | C:\Windows\system32\vssvc.exe | Script: Quarantine, Delete, BC delete | RPCSS
| WatAdminSvc | Service: Stop, Delete, Disable Windows Activation Technologies Service | Not started | C:\Windows\system32\Wat\WatAdminSvc.exe | Script: Quarantine, Delete, BC delete |
| wbengine | Service: Stop, Delete, Disable Block Level Backup Engine Service | Not started | C:\Windows\system32\wbengine.exe | Script: Quarantine, Delete, BC delete |
| wmiApSrv | Service: Stop, Delete, Disable WMI Performance Adapter | Not started | C:\Windows\system32\wbem\WmiApSrv.exe | Script: Quarantine, Delete, BC delete |
| Detected - 181, recognized as trusted - 159
| | ||||||
| File name | Status | Startup method | Description
| "c:\Program Files\Microsoft IntelliType Pro\dw15.exe" | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\IntelliType Pro, EventMessageFile | Delete C:\Program Files (x86)\Dell\DellDock\DellDock.exe | Script: Quarantine, Delete, BC delete Active | Shortcut in Autoruns folder | C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk,
| C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, DigidesignMMERefresh | Delete C:\Program Files (x86)\\DVD Maker\DVDMaker.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile | Delete C:\Program Files (x86)\\Windows Defender\MpEvMsg.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile | Delete C:\Windows\System32\Audiosrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll | Delete C:\Windows\System32\Audiosrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters, ServiceDll | Delete C:\Windows\System32\AxInstSV.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll | Delete C:\Windows\System32\AxInstSv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile | Delete C:\Windows\System32\DFDTS.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile | Delete C:\Windows\System32\DispCI.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile | Delete C:\Windows\System32\RpcEpMap.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll | Delete C:\Windows\System32\SCardSvr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll | Delete C:\Windows\System32\TabSvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll | Delete C:\Windows\System32\UI0Detect.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile | Delete C:\Windows\System32\VSSVC.EXE | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile | Delete C:\Windows\System32\WUDFSvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll | Delete C:\Windows\System32\aelupsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll | Delete C:\Windows\System32\aelupsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile | Delete C:\Windows\System32\appidsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll | Delete C:\Windows\System32\appinfo.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll | Delete C:\Windows\System32\appmgmts.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll | Delete C:\Windows\System32\bfe.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll | Delete C:\Windows\System32\browser.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll | Delete C:\Windows\System32\certprop.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll | Delete C:\Windows\System32\certprop.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll | Delete C:\Windows\System32\dnsrslvr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll | Delete C:\Windows\System32\dot3svc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll | Delete C:\Windows\System32\drivers\ati2erec.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, EventMessageFile | Delete C:\Windows\System32\drivers\ati2erec.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag, EventMessageFile | Delete C:\Windows\System32\drivers\ati2erec.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdap, EventMessageFile | Delete C:\Windows\System32\drivers\fltmgr.sys;C:\Windows\System32\IoLogMsg.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile | Delete C:\Windows\System32\drivers\ipmidrv.sys | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile | Delete C:\Windows\System32\drivers\tsusbflt.sys | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt, EventMessageFile | Delete C:\Windows\System32\drivers\wd.sys | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile | Delete C:\Windows\System32\gpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll | Delete C:\Windows\System32\ikeext.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll | Delete C:\Windows\System32\iphlpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll | Delete C:\Windows\System32\ipnathlp.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll | Delete C:\Windows\System32\ipsecsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll | Delete C:\Windows\System32\iscsiexe.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile | Delete C:\Windows\System32\iscsilog.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile | Delete C:\Windows\System32\lltdsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll | Delete C:\Windows\System32\lmhsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll | Delete C:\Windows\System32\lsasrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile | Delete C:\Windows\System32\lsasrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile | Delete C:\Windows\System32\mdsched.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile | Delete C:\Windows\System32\netman.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll | Delete C:\Windows\System32\nlasvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll | Delete C:\Windows\System32\pcasvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll | Delete C:\Windows\System32\profsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile | Delete C:\Windows\System32\profsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile | Delete C:\Windows\System32\rasauto.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll | Delete C:\Windows\System32\rasmans.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll | Delete C:\Windows\System32\relpost.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile | Delete C:\Windows\System32\samsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile | Delete C:\Windows\System32\samsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile | Delete C:\Windows\System32\snmptrap.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile | Delete C:\Windows\System32\srvsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll | Delete C:\Windows\System32\ssdpsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll | Delete C:\Windows\System32\sstpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile | Delete C:\Windows\System32\swprv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll | Delete C:\Windows\System32\tcpmon.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile | Delete C:\Windows\System32\termsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll | Delete C:\Windows\System32\trkwks.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll | Delete C:\Windows\System32\umpnpmgr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile | Delete C:\Windows\System32\umpo.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile | Delete C:\Windows\System32\uxsms.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UxSms\Parameters, ServiceDll | Delete C:\Windows\System32\wbiosrvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll | Delete C:\Windows\System32\wercplsupport.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll | Delete C:\Windows\System32\wersvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile | Delete C:\Windows\System32\wevtsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile | Delete C:\Windows\System32\wevtsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile | Delete C:\Windows\System32\wiaservc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll | Delete C:\Windows\System32\wiaservc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile | Delete C:\Windows\System32\win32k.sys | Script: Quarantine, Delete, BC delete -- | Registry key | HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
| C:\Windows\System32\winlogon.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile | Delete C:\Windows\System32\winlogon.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile | Delete C:\Windows\System32\wkssvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll | Delete C:\Windows\System32\wlansvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters, ServiceDll | Delete C:\Windows\System32\wscsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile | Delete C:\Windows\System32\wwansvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll | Delete C:\Windows\system32\BlbEvents.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile | Delete C:\Windows\system32\EventProviders\spcmsg.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Service Pack Installer, EventMessageFile | Delete C:\Windows\system32\FntCache.dll | Script: |