Kaspersky Virus Removal Tool 2010 9.0.0.722 (database released 28/06/2011; 19:54)
| File name | PID | Description | Copyright | MD5 | Information
| AERTSr64.exe | Script: Quarantine, Delete, BC delete, Terminate 1968 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\amazon\amazon games & software downloader\amazongsdownloaderservice.exe | Script: Quarantine, Delete, BC delete, Terminate 2008 | Amazon Games & Software Downloader Service | (c) 2009 Amazon.com, Inc. or its affiliates | ?? | 392.50 kb, rsAh, | created: 11/13/2010 12:12:45 PM, modified: 10/23/2009 1:31:44 PM Command line: "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe" c:\program files (x86)\amazon\amazon games & software downloader\amazongsdownloadertray.exe | Script: Quarantine, Delete, BC delete, Terminate 3752 | TaskTray Application | (c) 2009 Amazon.com, Inc. or its affiliates | ?? | 318.50 kb, rsAh, | created: 11/13/2010 12:12:45 PM, modified: 10/23/2009 1:31:44 PM Command line: "C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" audiodg.exe | Script: Quarantine, Delete, BC delete, Terminate 5808 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files\avast software\avast\avastsvc.exe | Script: Quarantine, Delete, BC delete, Terminate 1336 | avast! Service | Copyright (c) 2011 AVAST Software | ?? | 41.20 kb, rsAh, | created: 6/24/2011 5:42:33 PM, modified: 5/10/2011 8:10:57 AM Command line: "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" consent.exe | Script: Quarantine, Delete, BC delete, Terminate 6488 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: csrss.exe | Script: Quarantine, Delete, BC delete, Terminate 660 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: csrss.exe | Script: Quarantine, Delete, BC delete, Terminate 580 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\dell datasafe online\datasafeonline.exe | Script: Quarantine, Delete, BC delete, Terminate 3196 | DataSafeOnline | Copyright © 2007 | ?? | 1765.23 kb, rsAh, | created: 11/13/2009 6:15:00 PM, modified: 11/13/2009 6:15:00 PM Command line: "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m DellDock.exe | Script: Quarantine, Delete, BC delete, Terminate 4532 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: dwm.exe | Script: Quarantine, Delete, BC delete, Terminate 1456 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: hkcmd.exe | Script: Quarantine, Delete, BC delete, Terminate 4892 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: igfxpers.exe | Script: Quarantine, Delete, BC delete, Terminate 4924 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: igfxtray.exe | Script: Quarantine, Delete, BC delete, Terminate 4868 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe | Script: Quarantine, Delete, BC delete, Terminate 6896 | Intuit Update Service | Copyright © 2010 Intuit Inc. All Rights Reserved. | ?? | 13.35 kb, rsAh, | created: 8/23/2010 8:21:40 PM, modified: 8/23/2010 8:21:40 PM Command line: "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" iPodService.exe | Script: Quarantine, Delete, BC delete, Terminate 4192 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: lsass.exe | Script: Quarantine, Delete, BC delete, Terminate 740 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: lsm.exe | Script: Quarantine, Delete, BC delete, Terminate 756 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: mcagent.exe | Script: Quarantine, Delete, BC delete, Terminate 4348 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: mcshield.exe | Script: Quarantine, Delete, BC delete, Terminate 2672 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: McSvHost.exe | Script: Quarantine, Delete, BC delete, Terminate 2876 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: mfefire.exe | Script: Quarantine, Delete, BC delete, Terminate 2768 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: mfevtps.exe | Script: Quarantine, Delete, BC delete, Terminate 2328 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: PresentationFontCache.exe | Script: Quarantine, Delete, BC delete, Terminate 7140 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: RAVCpl64.exe | Script: Quarantine, Delete, BC delete, Terminate 4640 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: services.exe | Script: Quarantine, Delete, BC delete, Terminate 700 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: smss.exe | Script: Quarantine, Delete, BC delete, Terminate 348 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: spoolsv.exe | Script: Quarantine, Delete, BC delete, Terminate 1768 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: taskhost.exe | Script: Quarantine, Delete, BC delete, Terminate 2068 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: taskhost.exe | Script: Quarantine, Delete, BC delete, Terminate 1784 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: c:\program files (x86)\dell datasafe local backup\toaster.exe | Script: Quarantine, Delete, BC delete, Terminate 4428 | Dell DataSafe Local Backup | © 2007-2009 SoftThinks SAS | ?? | 327.73 kb, rsAh, | created: 2/18/2010 2:30:44 PM, modified: 9/18/2009 6:10:26 PM Command line: "C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe" C:\Users\Cathy" TrustedInstaller.exe | Script: Quarantine, Delete, BC delete, Terminate 4048 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: winlogon.exe | Script: Quarantine, Delete, BC delete, Terminate 748 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: wmpnetwk.exe | Script: Quarantine, Delete, BC delete, Terminate 4404 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: wuauclt.exe | Script: Quarantine, Delete, BC delete, Terminate 604 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: WUDFHost.exe | Script: Quarantine, Delete, BC delete, Terminate 3616 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: ZuneLauncher.exe | Script: Quarantine, Delete, BC delete, Terminate 4684 | | | ?? | is (user-mode Rootkit),error getting file info | Command line: Detected:87, recognized as trusted 54
| | |||||
| Module | Base address | Size in memory | Description | Manufacturer
| C:\Windows\system32\DRIVERS\9020797.sys | Script: Quarantine, Delete, BC delete 2A3D000 | 05C000 (376832) | Klif Mini-Filter [fre_wlh_AMD64] | Copyright © Kaspersky Lab 1996-2009.
| C:\Windows\system32\DRIVERS\90207971.sys | Script: Quarantine, Delete, BC delete 4671000 | 529000 (5410816) | Kaspersky Unified Driver | Copyright © Kaspersky Lab 1997-2009.
| C:\Windows\system32\DRIVERS\90207972.sys | Script: Quarantine, Delete, BC delete 16F2000 | 00E000 (57344) | Kaspersky Lab Boot Guard Driver | Copyright © Kaspersky Lab 1997-2009.
| C:\Windows\system32\DRIVERS\ACPI.sys | Script: Quarantine, Delete, BC delete E00000 | 057000 (356352) | ACPI Driver for NT | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\afd.sys | Script: Quarantine, Delete, BC delete 3AD4000 | 089000 (561152) | Ancillary Function Driver for WinSock | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\AgileVpn.sys | Script: Quarantine, Delete, BC delete 5FCC000 | 016000 (90112) | RAS Agile Vpn Miniport Call Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\amdxata.sys | Script: Quarantine, Delete, BC delete DD9000 | 00B000 (45056) | Storage Filter Driver | Copyright © 2008-2010 AMD, Inc.
| C:\Windows\System32\Drivers\aswFsBlk.SYS | Script: Quarantine, Delete, BC delete 20AA000 | 009000 (36864) | avast! File System Access Blocking Driver | Copyright (c) 1996-2010 AVAST Software
| C:\Windows\system32\drivers\aswMonFlt.sys | Script: Quarantine, Delete, BC delete 2070000 | 03A000 (237568) | avast! File System Minifilter for Windows 2003/Vista | Copyright (c) 1996-2010 AVAST Software
| C:\Windows\System32\Drivers\aswRdr.SYS | Script: Quarantine, Delete, BC delete 3B5D000 | 00A000 (40960) | avast! TDI RDR Driver | Copyright (c) 1996-2010 AVAST Software
| C:\Windows\System32\Drivers\aswSnx.SYS | Script: Quarantine, Delete, BC delete 1760000 | 098000 (622592) | avast! Virtualization Driver | Copyright (c) 1996-2010 AVAST Software
| C:\Windows\System32\Drivers\aswSP.SYS | Script: Quarantine, Delete, BC delete 4019000 | 04D000 (315392) | avast! self protection module | Copyright (c) 1996-2010 AVAST Software
| C:\Windows\System32\Drivers\aswTdi.SYS | Script: Quarantine, Delete, BC delete 2BDC000 | 010000 (65536) | avast! TDI Filter Driver | Copyright (c) 1996-2010 AVAST Software
| C:\Windows\system32\DRIVERS\atapi.sys | Script: Quarantine, Delete, BC delete E7E000 | 009000 (36864) | ATAPI IDE Miniport Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\ataport.SYS | Script: Quarantine, Delete, BC delete DAF000 | 02A000 (172032) | ATAPI Driver Extension | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Beep.SYS | Script: Quarantine, Delete, BC delete 2AA2000 | 007000 (28672) | BEEP Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\blbdrive.sys | Script: Quarantine, Delete, BC delete 3A77000 | 011000 (69632) | BLB Drive Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\bowser.sys | Script: Quarantine, Delete, BC delete 3D8C000 | 01E000 (122880) | NT Lan Manager Datagram Receiver Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\cdd.dll | Script: Quarantine, Delete, BC delete 610000 | 027000 (159744) |
| C:\Windows\system32\DRIVERS\cdrom.sys | Script: Quarantine, Delete, BC delete 1736000 | 02A000 (172032) | SCSI CD-ROM Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\cfwids.sys | Script: Quarantine, Delete, BC delete 6C67000 | 00E000 (57344) | McAfee Personal Firewall IDS Plugin | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\CI.dll | Script: Quarantine, Delete, BC delete E88000 | 0C0000 (786432) |
| C:\Windows\system32\DRIVERS\CLASSPNP.SYS | Script: Quarantine, Delete, BC delete 16C2000 | 030000 (196608) | SCSI Class System Dll | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\CLFS.SYS | Script: Quarantine, Delete, BC delete CF4000 | 05E000 (385024) |
| C:\Windows\System32\Drivers\cng.sys | Script: Quarantine, Delete, BC delete 115F000 | 073000 (471040) | Kernel Cryptography, Next Generation | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\CompositeBus.sys | Script: Quarantine, Delete, BC delete 5499000 | 010000 (65536) | Multi-Transport Composite Bus Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\crashdmp.sys | Script: Quarantine, Delete, BC delete 4E76000 | 00E000 (57344) | Crash Dump Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\dfsc.sys | Script: Quarantine, Delete, BC delete 2A00000 | 01E000 (122880) | DFS Namespace Client Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\discache.sys | Script: Quarantine, Delete, BC delete 3A68000 | 00F000 (61440) | System Indexer/Cache Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\disk.sys | Script: Quarantine, Delete, BC delete 16AC000 | 016000 (90112) | PnP Disk Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\drmk.sys | Script: Quarantine, Delete, BC delete 4ED4000 | 022000 (139264) | Microsoft Trusted Audio Drivers | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\dump_atapi.sys | Script: Quarantine, Delete, BC delete 4FA7000 | 009000 (36864) |
| C:\Windows\System32\Drivers\dump_dumpata.sys | Script: Quarantine, Delete, BC delete 4E84000 | 00C000 (49152) |
| C:\Windows\System32\Drivers\dump_dumpfve.sys | Script: Quarantine, Delete, BC delete 4FB0000 | 013000 (77824) |
| C:\Windows\System32\drivers\Dxapi.sys | Script: Quarantine, Delete, BC delete 4E6A000 | 00C000 (49152) | DirectX API Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\dxgkrnl.sys | Script: Quarantine, Delete, BC delete 5ED8000 | 0F4000 (999424) | DirectX Graphics Kernel | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\dxgmms1.sys | Script: Quarantine, Delete, BC delete 5400000 | 046000 (286720) | DirectX Graphics MMS | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\fastfat.SYS | Script: Quarantine, Delete, BC delete 6DC7000 | 036000 (221184) | Fast FAT File System Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\fileinfo.sys | Script: Quarantine, Delete, BC delete 1061000 | 014000 (81920) | FileInfo Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\fltmgr.sys | Script: Quarantine, Delete, BC delete 1015000 | 04C000 (311296) | Microsoft Filesystem Filter Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Fs_Rec.sys | Script: Quarantine, Delete, BC delete 13F0000 | 00A000 (40960) | File System Recognizer Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\fvevol.sys | Script: Quarantine, Delete, BC delete 1672000 | 03A000 (237568) | BitLocker Drive Encryption Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\fwpkclnt.sys | Script: Quarantine, Delete, BC delete 2B23000 | 04A000 (303104) | FWP/IPsec Kernel-Mode API | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\GEARAspiWDM.sys | Script: Quarantine, Delete, BC delete 548C000 | 00D000 (53248) | CD DVD Filter | Copyright (C) GEAR Software Inc. 1997-2009
| C:\Windows\system32\hal.dll | Script: Quarantine, Delete, BC delete 3401000 | 049000 (299008) |
| C:\Windows\system32\DRIVERS\HDAudBus.sys | Script: Quarantine, Delete, BC delete 5468000 | 024000 (147456) | High Definition Audio Bus Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\HECIx64.sys | Script: Quarantine, Delete, BC delete 5446000 | 011000 (69632) | Intel(R) Management Engine Interface | Copyright © 2006-2009, Intel Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\HIDCLASS.SYS | Script: Quarantine, Delete, BC delete 4F48000 | 019000 (102400) | Hid Class Library | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\HIDPARSE.SYS | Script: Quarantine, Delete, BC delete 4F61000 | 009000 (36864) | Hid Parsing Library | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\hidusb.sys | Script: Quarantine, Delete, BC delete 4F3A000 | 00E000 (57344) | USB Miniport Driver for Input Devices | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\HTTP.sys | Script: Quarantine, Delete, BC delete 3CC4000 | 0C8000 (819200) | HTTP Protocol Stack | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\hwpolicy.sys | Script: Quarantine, Delete, BC delete 1669000 | 009000 (36864) | Hardware Policy Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\igdkmd64.sys | Script: Quarantine, Delete, BC delete 54B9000 | A1F000 (10612736) | Intel Graphics Kernel Mode Driver | Copyright (c) 1998-2006 Intel Corporation.
| C:\Windows\system32\DRIVERS\IntcDAud.sys | Script: Quarantine, Delete, BC delete 4EFC000 | 03E000 (253952) | Intel(R) Display HD Audio driver | Intel(R) Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\intelppm.sys | Script: Quarantine, Delete, BC delete 4BC0000 | 016000 (90112) | Processor Device Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\k57nd60a.sys | Script: Quarantine, Delete, BC delete 4066000 | 051000 (331776) | Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver. | Copyright 2000-2009, Broadcom Corporation.
| C:\Windows\system32\DRIVERS\kbdclass.sys | Script: Quarantine, Delete, BC delete 5FEE000 | 00F000 (61440) | Keyboard Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\kbdhid.sys | Script: Quarantine, Delete, BC delete 4F6C000 | 00E000 (57344) | HID Keyboard Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\kdcom.dll | Script: Quarantine, Delete, BC delete BC9000 | 00A000 (40960) |
| C:\Windows\system32\DRIVERS\ks.sys | Script: Quarantine, Delete, BC delete 4121000 | 043000 (274432) | Kernel CSA Library | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\ksecdd.sys | Script: Quarantine, Delete, BC delete 13C5000 | 01A000 (106496) | Kernel Security Support Provider Interface | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\ksecpkg.sys | Script: Quarantine, Delete, BC delete 1400000 | 02B000 (176128) | Kernel Security Support Provider Interface Packages | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\ksthunk.sys | Script: Quarantine, Delete, BC delete 4EF6000 | 006000 (24576) | Kernel Streaming WOW Thunk Service | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\lltdio.sys | Script: Quarantine, Delete, BC delete 20D4000 | 015000 (86016) | Link-Layer Topology Mapper I/O Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\luafv.sys | Script: Quarantine, Delete, BC delete 1700000 | 023000 (143360) | LUA File Virtualization Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\mcupdate_GenuineIntel.dll | Script: Quarantine, Delete, BC delete C9C000 | 044000 (278528) |
| C:\Windows\system32\drivers\mfeapfk.sys | Script: Quarantine, Delete, BC delete 6CA6000 | 01C000 (114688) | Access Protection Filter Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\drivers\mfeavfk.sys | Script: Quarantine, Delete, BC delete 4F7A000 | 02D000 (184320) | Anti-Virus File System Filter Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\drivers\mfefirek.sys | Script: Quarantine, Delete, BC delete 4E00000 | 06A000 (434176) | McAfee Core Firewall Engine Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\drivers\mfehidk.sys | Script: Quarantine, Delete, BC delete 1075000 | 080000 (524288) | McAfee Link Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\DRIVERS\mfenlfk.sys | Script: Quarantine, Delete, BC delete 3B96000 | 011000 (69632) | McAfee NDIS Light Filter Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\drivers\mfewfpk.sys | Script: Quarantine, Delete, BC delete 2B6D000 | 044000 (278528) | Anti-Virus Mini-Firewall Driver | Copyright© 1995-2011 McAfee, Inc. All Rights Reserved.
| C:\Windows\system32\DRIVERS\monitor.sys | Script: Quarantine, Delete, BC delete 4FEB000 | 00E000 (57344) | Monitor Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mouclass.sys | Script: Quarantine, Delete, BC delete 54A9000 | 00F000 (61440) | Mouse Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mouhid.sys | Script: Quarantine, Delete, BC delete 4FC3000 | 00D000 (53248) | HID Mouse Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\mountmgr.sys | Script: Quarantine, Delete, BC delete C6C000 | 01A000 (106496) | Mount Point Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\mpsdrv.sys | Script: Quarantine, Delete, BC delete 3DAA000 | 018000 (98304) | Microsoft Protection Service Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mrxsmb.sys | Script: Quarantine, Delete, BC delete 3DC2000 | 02D000 (184320) | Windows NT SMB Minirdr | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mrxsmb10.sys | Script: Quarantine, Delete, BC delete 3C00000 | 04E000 (319488) | Longhorn SMB Downlevel SubRdr | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mrxsmb20.sys | Script: Quarantine, Delete, BC delete 3C4E000 | 023000 (143360) | Longhorn SMB 2.0 Redirector | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Msfs.SYS | Script: Quarantine, Delete, BC delete 2B07000 | 00B000 (45056) | Mailslot driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\msisadrv.sys | Script: Quarantine, Delete, BC delete E60000 | 00A000 (40960) | ISA Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\msrpc.sys | Script: Quarantine, Delete, BC delete 1101000 | 05E000 (385024) | Kernel Remote Procedure Call Provider | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\mssmbios.sys | Script: Quarantine, Delete, BC delete 3A5D000 | 00B000 (45056) | System Management BIOS Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\mup.sys | Script: Quarantine, Delete, BC delete 1657000 | 012000 (73728) | Multiple UNC Provider Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\ndis.sys | Script: Quarantine, Delete, BC delete 14A5000 | 0F2000 (991232) | NDIS 6.20 driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\ndistapi.sys | Script: Quarantine, Delete, BC delete 5FE2000 | 00C000 (49152) | NDIS 3.0 connection wrapper driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\ndisuio.sys | Script: Quarantine, Delete, BC delete 213C000 | 013000 (77824) | NDIS User mode I/O driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\ndiswan.sys | Script: Quarantine, Delete, BC delete 40B7000 | 02F000 (192512) | MS PPP Framing Driver (Strong Encryption) | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\NDProxy.SYS | Script: Quarantine, Delete, BC delete 41D0000 | 015000 (86016) | NDIS Proxy | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\netbios.sys | Script: Quarantine, Delete, BC delete 3BBD000 | 00F000 (61440) | NetBIOS interface driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\netbt.sys | Script: Quarantine, Delete, BC delete 3A8F000 | 045000 (282624) | MBT Transport driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\NETIO.SYS | Script: Quarantine, Delete, BC delete 1597000 | 060000 (393216) | Network I/O Subsystem | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Npfs.SYS | Script: Quarantine, Delete, BC delete 2B12000 | 011000 (69632) | NPFS Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\nsiproxy.sys | Script: Quarantine, Delete, BC delete 3A51000 | 00C000 (49152) | NSI Proxy | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Ntfs.sys | Script: Quarantine, Delete, BC delete 1223000 | 1A2000 (1712128) | NT File System Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\Null.SYS | Script: Quarantine, Delete, BC delete 2A99000 | 009000 (36864) | NULL Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\nwifi.sys | Script: Quarantine, Delete, BC delete 20E9000 | 053000 (339968) | NativeWiFi Miniport Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\pacer.sys | Script: Quarantine, Delete, BC delete 3B70000 | 026000 (155648) | QoS Packet Scheduler | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\partmgr.sys | Script: Quarantine, Delete, BC delete D85000 | 015000 (86016) | Partition Management Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\pci.sys | Script: Quarantine, Delete, BC delete D52000 | 033000 (208896) | NT Plug and Play PCI Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\pciide.sys | Script: Quarantine, Delete, BC delete E77000 | 007000 (28672) | Generic PCI IDE Bus Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\PCIIDEX.SYS | Script: Quarantine, Delete, BC delete C5C000 | 010000 (65536) | PCI IDE Bus Driver Extension | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\pcw.sys | Script: Quarantine, Delete, BC delete 13DF000 | 011000 (69632) | Performance Counters for Windows Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\peauth.sys | Script: Quarantine, Delete, BC delete 6CD7000 | 0A6000 (679936) | Protected Environment Authentication and Authorization Export Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\portcls.sys | Script: Quarantine, Delete, BC delete 4E97000 | 03D000 (249856) | Port Class (Class Driver for Port/Miniport Devices) | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\Drivers\PxHlpa64.sys | Script: Quarantine, Delete, BC delete 10F5000 | 00C000 (49152) | Px Engine Device Driver for 64-bit Windows | Copyright © Sonic Solutions
| C:\Windows\system32\DRIVERS\rasl2tp.sys | Script: Quarantine, Delete, BC delete 4BD6000 | 024000 (147456) | RAS L2TP mini-port/call-manager driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\raspppoe.sys | Script: Quarantine, Delete, BC delete 4656000 | 01B000 (110592) | RAS PPPoE mini-port/call-manager driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\raspptp.sys | Script: Quarantine, Delete, BC delete 40E6000 | 021000 (135168) | Peer-to-Peer Tunneling Protocol | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rassstp.sys | Script: Quarantine, Delete, BC delete 4107000 | 01A000 (106496) | RAS SSTP Miniport Call Manager | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rdbss.sys | Script: Quarantine, Delete, BC delete 3A00000 | 051000 (331776) | Redirected Drive Buffering SubSystem Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\RDPCDD.sys | Script: Quarantine, Delete, BC delete 2AEC000 | 009000 (36864) | RDP Miniport | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\rdpencdd.sys | Script: Quarantine, Delete, BC delete 2AF5000 | 009000 (36864) | RDP Encoder Miniport | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\rdprefmp.sys | Script: Quarantine, Delete, BC delete 2AFE000 | 009000 (36864) | RDP Reflector Driver Miniport | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\rdyboost.sys | Script: Quarantine, Delete, BC delete 161D000 | 03A000 (237568) | ReadyBoost Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\rspndr.sys | Script: Quarantine, Delete, BC delete 214F000 | 018000 (98304) | Link-Layer Topology Responder Driver for NDIS 6 | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\RTKVHD64.sys | Script: Quarantine, Delete, BC delete 4C01000 | 1E3000 (1978368) | Realtek(r) High Definition Audio Function Driver | Copyright (c) Realtek Semiconductor Corp.1998-2012
| C:\Windows\System32\Drivers\secdrv.SYS | Script: Quarantine, Delete, BC delete 6D7D000 | 00B000 (45056) | Macrovision SECURITY Driver | © 2006 Macrovision Corporation
| C:\Windows\System32\smss.exe | Script: Quarantine, Delete, BC delete 48400000 | 020000 (131072) |
| C:\Windows\System32\Drivers\spldr.sys | Script: Quarantine, Delete, BC delete 1477000 | 008000 (32768) | loader for security processor | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\srv.sys | Script: Quarantine, Delete, BC delete 2167000 | 095000 (610304) | Server driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\srv2.sys | Script: Quarantine, Delete, BC delete 6C00000 | 067000 (421888) | Smb 2.0 Server driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\DRIVERS\srvnet.sys | Script: Quarantine, Delete, BC delete 6D88000 | 02D000 (184320) | Server Network driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\swenum.sys | Script: Quarantine, Delete, BC delete 5FFD000 | 002000 (8192) | Plug and Play Software Device Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\tcpip.sys | Script: Quarantine, Delete, BC delete 3803000 | 1FD000 (2084864) | TCP/IP Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\tcpipreg.sys | Script: Quarantine, Delete, BC delete 6DB5000 | 012000 (73728) | TCP/IP Registry Compatibility Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\TDI.SYS | Script: Quarantine, Delete, BC delete 2BB1000 | 00D000 (53248) | TDI Wrapper | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\tdx.sys | Script: Quarantine, Delete, BC delete 2BBE000 | 01E000 (122880) | TDI Translation Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\termdd.sys | Script: Quarantine, Delete, BC delete 3BE7000 | 014000 (81920) | Remote Desktop Server Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\TSDDD.dll | Script: Quarantine, Delete, BC delete 470000 | 00A000 (40960) |
| C:\Windows\system32\DRIVERS\tunnel.sys | Script: Quarantine, Delete, BC delete 4B9A000 | 026000 (155648) | Microsoft Tunnel Interface Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\umbus.sys | Script: Quarantine, Delete, BC delete 4164000 | 012000 (73728) | User-Mode Bus Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\USBD.SYS | Script: Quarantine, Delete, BC delete 4F6A000 | 002000 (8192) | Universal Serial Bus Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\usbehci.sys | Script: Quarantine, Delete, BC delete 5457000 | 011000 (69632) | EHCI eUSB Miniport Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\usbhub.sys | Script: Quarantine, Delete, BC delete 4176000 | 05A000 (368640) | Default Hub Driver for USB | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\USBPORT.SYS | Script: Quarantine, Delete, BC delete 4600000 | 056000 (352256) | USB 1.1 & 2.0 Port Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\USBSTOR.SYS | Script: Quarantine, Delete, BC delete 4FD0000 | 01B000 (110592) | USB Mass Storage Class Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\vdrvroot.sys | Script: Quarantine, Delete, BC delete E6A000 | 00D000 (53248) | Virtual Drive Root Enumerator | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\vga.sys | Script: Quarantine, Delete, BC delete 2AA9000 | 00E000 (57344) | VGA/Super VGA Video Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\VIDEOPRT.SYS | Script: Quarantine, Delete, BC delete 2AB7000 | 025000 (151552) | Video Port Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\volmgr.sys | Script: Quarantine, Delete, BC delete D9A000 | 015000 (86016) | Volume Manager Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\volmgrx.sys | Script: Quarantine, Delete, BC delete C00000 | 05C000 (376832) | Volume Manager Extension Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\volsnap.sys | Script: Quarantine, Delete, BC delete 142B000 | 04C000 (311296) | Volume Shadow Copy Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\vwififlt.sys | Script: Quarantine, Delete, BC delete 3BA7000 | 016000 (90112) | Virtual WiFi Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\wanarp.sys | Script: Quarantine, Delete, BC delete 3BCC000 | 01B000 (110592) | MS Remote Access and Routing ARP Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\drivers\watchdog.sys | Script: Quarantine, Delete, BC delete 2ADC000 | 010000 (65536) | Watchdog Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\Wdf01000.sys | Script: Quarantine, Delete, BC delete F48000 | 0A4000 (671744) | Kernel Mode Driver Framework Runtime | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\WDFLDR.SYS | Script: Quarantine, Delete, BC delete FEC000 | 00F000 (61440) | Kernel Mode Driver Framework Loader | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\wfplwf.sys | Script: Quarantine, Delete, BC delete 3B67000 | 009000 (36864) | WFP NDIS 6.20 Lightweight Filter Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\System32\win32k.sys | Script: Quarantine, Delete, BC delete 0A0000 | 312000 (3219456) |
| C:\Windows\system32\DRIVERS\WMILIB.SYS | Script: Quarantine, Delete, BC delete E57000 | 009000 (36864) | WMILIB WMI support library Dll | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\drivers\WudfPf.sys | Script: Quarantine, Delete, BC delete 20B3000 | 021000 (135168) | Windows Driver Foundation - User-mode Driver Framework Platform Driver | © Microsoft Corporation. All rights reserved.
| C:\Windows\system32\DRIVERS\WUDFRd.sys | Script: Quarantine, Delete, BC delete 6C75000 | 031000 (200704) | Windows Driver Foundation - User-mode Driver Framework Reflector | © Microsoft Corporation. All rights reserved.
| Modules detected - 195, recognized as trusted - 41
| | ||||||||||||||||
| Service | Description | Status | File | Group | Dependencies
| Amazon Download Agent | Service: Stop, Delete, Disable Amazon Download Agent | Running | C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe | Script: Quarantine, Delete, BC delete |
| EFS | Service: Stop, Delete, Disable Encrypting File System (EFS) | Running | C:\Windows\System32\lsass.exe | Script: Quarantine, Delete, BC delete | RPCSS
| KeyIso | Service: Stop, Delete, Disable CNG Key Isolation | Running | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete | RpcSs
| SamSs | Service: Stop, Delete, Disable Security Accounts Manager | Running | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete MS_WindowsLocalValidation | RPCSS
| Spooler | Service: Stop, Delete, Disable Print Spooler | Running | C:\Windows\System32\spoolsv.exe | Script: Quarantine, Delete, BC delete SpoolerGroup | RPCSS
| ALG | Service: Stop, Delete, Disable Application Layer Gateway Service | Not started | C:\Windows\System32\alg.exe | Script: Quarantine, Delete, BC delete |
| Fax | Service: Stop, Delete, Disable Fax | Not started | C:\Windows\system32\fxssvc.exe | Script: Quarantine, Delete, BC delete | TapiSrv
| MSDTC | Service: Stop, Delete, Disable Distributed Transaction Coordinator | Not started | C:\Windows\System32\msdtc.exe | Script: Quarantine, Delete, BC delete | RPCSS
| Netlogon | Service: Stop, Delete, Disable Netlogon | Not started | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete MS_WindowsRemoteValidation | LanmanWorkstation
| ProtectedStorage | Service: Stop, Delete, Disable Protected Storage | Not started | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete | RpcSs
| RpcLocator | Service: Stop, Delete, Disable Remote Procedure Call (RPC) Locator | Not started | C:\Windows\system32\locator.exe | Script: Quarantine, Delete, BC delete |
| SNMPTRAP | Service: Stop, Delete, Disable SNMP Trap | Not started | C:\Windows\System32\snmptrap.exe | Script: Quarantine, Delete, BC delete |
| sppsvc | Service: Stop, Delete, Disable Software Protection | Not started | C:\Windows\system32\sppsvc.exe | Script: Quarantine, Delete, BC delete | RpcSs
| UI0Detect | Service: Stop, Delete, Disable Interactive Services Detection | Not started | C:\Windows\system32\UI0Detect.exe | Script: Quarantine, Delete, BC delete |
| VaultSvc | Service: Stop, Delete, Disable Credential Manager | Not started | C:\Windows\system32\lsass.exe | Script: Quarantine, Delete, BC delete | rpcss
| vds | Service: Stop, Delete, Disable Virtual Disk | Not started | C:\Windows\System32\vds.exe | Script: Quarantine, Delete, BC delete | RpcSs
| VSS | Service: Stop, Delete, Disable Volume Shadow Copy | Not started | C:\Windows\system32\vssvc.exe | Script: Quarantine, Delete, BC delete | RPCSS
| WatAdminSvc | Service: Stop, Delete, Disable Windows Activation Technologies Service | Not started | C:\Windows\system32\Wat\WatAdminSvc.exe | Script: Quarantine, Delete, BC delete |
| wbengine | Service: Stop, Delete, Disable Block Level Backup Engine Service | Not started | C:\Windows\system32\wbengine.exe | Script: Quarantine, Delete, BC delete |
| wmiApSrv | Service: Stop, Delete, Disable WMI Performance Adapter | Not started | C:\Windows\system32\wbem\WmiApSrv.exe | Script: Quarantine, Delete, BC delete |
| Detected - 181, recognized as trusted - 161
| | ||||||
| File name | Status | Startup method | Description
| C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AmazonGSDownloaderTray | Delete C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, DellSupportCenter | Delete C:\Program Files (x86)\Dell\DellDock\DellDock.exe | Script: Quarantine, Delete, BC delete Active | Shortcut in Autoruns folder | C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk,
| C:\Program Files (x86)\\DVD Maker\DVDMaker.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile | Delete C:\Program Files (x86)\\Windows Defender\MpEvMsg.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile | Delete C:\Program Files (x86)\\Windows Defender\mpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinDefend\Parameters, ServiceDll | Delete C:\Windows\System32\Audiosrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll | Delete C:\Windows\System32\Audiosrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters, ServiceDll | Delete C:\Windows\System32\AxInstSV.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll | Delete C:\Windows\System32\AxInstSv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile | Delete C:\Windows\System32\DFDTS.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile | Delete C:\Windows\System32\DispCI.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile | Delete C:\Windows\System32\RpcEpMap.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll | Delete C:\Windows\System32\SCardSvr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll | Delete C:\Windows\System32\TabSvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll | Delete C:\Windows\System32\UI0Detect.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile | Delete C:\Windows\System32\VSSVC.EXE | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile | Delete C:\Windows\System32\WUDFSvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll | Delete C:\Windows\System32\aelupsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll | Delete C:\Windows\System32\aelupsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile | Delete C:\Windows\System32\appidsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll | Delete C:\Windows\System32\appinfo.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll | Delete C:\Windows\System32\bfe.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll | Delete C:\Windows\System32\browser.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll | Delete C:\Windows\System32\certprop.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll | Delete C:\Windows\System32\certprop.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll | Delete C:\Windows\System32\dnsrslvr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll | Delete C:\Windows\System32\dot3svc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll | Delete C:\Windows\System32\drivers\fltmgr.sys;C:\Windows\System32\IoLogMsg.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile | Delete C:\Windows\System32\drivers\ipmidrv.sys | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile | Delete C:\Windows\System32\drivers\wd.sys | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile | Delete C:\Windows\System32\gpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll | Delete C:\Windows\System32\ikeext.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll | Delete C:\Windows\System32\iphlpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll | Delete C:\Windows\System32\ipnathlp.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll | Delete C:\Windows\System32\ipsecsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll | Delete C:\Windows\System32\iscsiexe.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile | Delete C:\Windows\System32\iscsilog.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile | Delete C:\Windows\System32\lltdsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll | Delete C:\Windows\System32\lmhsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll | Delete C:\Windows\System32\lsasrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile | Delete C:\Windows\System32\lsasrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile | Delete C:\Windows\System32\mctadmin.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_USERS, S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin | Delete C:\Windows\System32\mctadmin.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_USERS, S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce, mctadmin | Delete C:\Windows\System32\mdsched.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile | Delete C:\Windows\System32\netman.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll | Delete C:\Windows\System32\nlasvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll | Delete C:\Windows\System32\pcasvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll | Delete C:\Windows\System32\profsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile | Delete C:\Windows\System32\profsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile | Delete C:\Windows\System32\qmgr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll | Delete C:\Windows\System32\rasauto.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll | Delete C:\Windows\System32\rasmans.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll | Delete C:\Windows\System32\relpost.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile | Delete C:\Windows\System32\samsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile | Delete C:\Windows\System32\samsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile | Delete C:\Windows\System32\snmptrap.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile | Delete C:\Windows\System32\ssdpsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll | Delete C:\Windows\System32\sstpsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile | Delete C:\Windows\System32\swprv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll | Delete C:\Windows\System32\tcpmon.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile | Delete C:\Windows\System32\termsrv.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll | Delete C:\Windows\System32\trkwks.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll | Delete C:\Windows\System32\umpnpmgr.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile | Delete C:\Windows\System32\umpo.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile | Delete C:\Windows\System32\uxsms.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UxSms\Parameters, ServiceDll | Delete C:\Windows\System32\wbiosrvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll | Delete C:\Windows\System32\wercplsupport.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll | Delete C:\Windows\System32\wersvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile | Delete C:\Windows\System32\wevtsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile | Delete C:\Windows\System32\wevtsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile | Delete C:\Windows\System32\wiaservc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll | Delete C:\Windows\System32\wiaservc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile | Delete C:\Windows\System32\win32k.sys | Script: Quarantine, Delete, BC delete -- | Registry key | HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
| C:\Windows\System32\winlogon.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile | Delete C:\Windows\System32\winlogon.exe | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile | Delete C:\Windows\System32\wkssvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll | Delete C:\Windows\System32\wlansvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters, ServiceDll | Delete C:\Windows\System32\wscsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll | Delete C:\Windows\System32\wscsvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile | Delete C:\Windows\System32\wwansvc.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll | Delete C:\Windows\system32\BlbEvents.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile | Delete C:\Windows\system32\FntCache.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll | Delete C:\Windows\system32\HPZinw12.dll | Script: Quarantine, Delete, BC delete Active | Registry key | HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Net Driver HPZ12\Parameters, ServiceDll | Delete C:\Windows\system32\HPZipm12.dll | Script: |