Rootkit.Win64.FAKEVM.A

This Rootkit arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It hides files, processes, and/or registry entries.

Arrival Details

This Rootkit arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Autostart Technique

This Rootkit registers itself as a system service to ensure its automatic execution at every system startup by adding the following registry entries:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{random string}
DisplayName = "{random string}"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{random string}
ErrorControl = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{random string}
Group = "Boot Bus Extender"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{random string}
ImagePath = %System%\drivers\{random string}.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{random string}
Start = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{random string}
Tag = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{random string}
Type = 1

It registers as a system service to ensure its automatic execution at every system startup by adding the following registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{random string}

Rootkit Capabilities

This Rootkit hides files, processes, and/or registry entries.

Other Details

This Rootkit does the following:

• Queries the following registry entries that contains its configuration for the blacklisting of files, drivers and applications:
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{random string}
    Value: {S01 - S08}
    Data: {Hex Bytes}
  • Key: HKEY_LOCAL_MACHINE\SYSTEM\{Thread ID}
• It disables loaded and new drivers with the following Vendor Information:
  • Process Monitor Driver
  • Atool
  • Antiy Labs
  • AVZ
  • TDSS
  • cmcark.exe
  • EP_X0FF
  • CsrWalker
  • DrWeb
  • Igor Daniloff
  • Rootkit
  • DarkSpy
  • CardMagic
  • FilterMon
  • Daniel Pistelli
  • flister.exe
  • Gmer
  • HookAnalyser
  • HookShark.exe
  • IceSword
  • System Analyzing
  • kX-Ray
  • Brock Williams
  • NIAP XRay
  • NIAP
  • RootkitDetect
  • Process Walker
  • USEC Radix
  • RegReveal.exe
  • Unhooker
  • Detector For Windows
  • Andres Tarasco
  • RootQuest
  • ComSentry
  • RootRepeal
  • AD 2007
  • SafetyCheck
  • SUYI Studio
  • SysProt
  • TrueX64
  • By diyhack
  • Tuluka kernel
  • Libertad. All
  • Yas Anti
  • mbr.exe
  • Find_Hidden
  • F-Secure BlackLight
  • (C) Orkbluit
  • catchme.exe
  • Avast! Antirootkit
  • ALWIL Software
  • aswmbr.exe
  • SysInspector
  • ESET, spol.
  • DiamondCS
  • Symantec
  • Norton Power Eraser
  • Safe'nSec
  • S.N.Safe
  • SanityCheck
  • Detects and Delete
  • X-Wiretechnology
  • Sophos Limited
  • Pavark.exe
  • Malwarebytes Anti-Rootkit
  • RootkitBuster
  • Trend Micro
  • Mcafee Labs Rootkit
  • RootkitRemover
  • RootRpeal
  • Epoolsoft Windows Information
  • Anti~mal~ware tool
  • API Monitor Installer
  • Telerik Fiddler Web Debugger
  • Tachyon
• Driver load order priotization of itself via its registry entry.
• Denies access to its registry entries if not itself or its components.
• It disables loaded and new drivers with the following Signatures/Publisher:
  • Wen Jia Liu
  • Check Point Software Technologies Ltd
  • GRISOFT, s.r.o.
  • Avira GmbH
  • Avira Operations GmbH & Co. KG
  • BITDEFENDER LLC
  • BitDefender SRL
  • Doctor Web Ltd
  • ESET, spol. s r.o.
  • FRISK Software International Ltd
  • Kaspersky Lab
  • Panda Software International
  • Check Point Software Technologies
  • BullGuard Ltd
  • antimalware
  • NovaShield Inc
  • CJSC Returnil Software
  • Anti-Virus
  • Sophos Plc
  • Comodo Security Solutions
  • Quick Heal Technologies
  • G DATA Software
  • Beijing Rising
  • Immunet Corporation
  • K7 Computing
  • Sunbelt Software
  • Beijing Jiangmin
  • VirusBuster Ltd
  • KProcessHacker
  • Microsoft Malware Protection
  • KSLDriver.sys
  • STOPzilla
  • Essentware
  • Filseclab
  • Lavasoft
  • IKARUS
  • VirusBlokAda
  • Immunet
  • FortiClient
  • Quick Heal
  • VIPRE
  • AhnLab
  • Malwarebytes
  • Malwarebytes Corporation
  • Sophos
  • BullGuard
  • F-Secure
  • TrustPort
  • Trend Micro
  • McAfee
  • G Data
  • Kaspersky
  • AVAST
  • Emsisoft
  • Qihoo 360
  • Webroot
  • Bitdefender
  • Trend Micro, Inc.
  • McAfee, Inc.
  • X-Wire Technology
  • Sophos Ltd
  • Protection Technology, Ltd.
  • Daniel Terhell
  • F-Secure Corporation
  • ALWIL Software
  • Antiy Technology Co. Ltd
  • Antiy Labs
  • Kernel Detective
  • Safe'nSec
  • S.N.Safe
  • HookAnalyser
  • IceSword
  • Brock Williams
  • Unhooker
  • Process Walker
  • RootkitDetect
  • CsrWalker
  • F-Secure BlackLight
  • Avast! Antirootkit
  • SysInspector
  • DiamondCS
  • Norton Power Eraser
  • Detects and Delete
  • SanityCheck
  • Sophos Limited
  • X-Wiretechnology
  • Malwarebytes Anti-Rootkit
  • RootkitBuster
  • RootkitRemover
  • Mcafee Labs Rootkit
  • RootRpeal
  • Epoolsoft Windows Information
  • FilterMon
  • RootQuest
  • Andres Tarasco
  • kX-Ray
  • NIAP XRay
  • DarkSpy
  • CardMagic
  • SUYI Studio
  • Yas Anti
  • Tuluka kernel
  • (C) Orkbluit
  • Orkblutt
  • Find_Hidden
  • ESTsecurity Corp.
  • SGA Co.,LTD
  • ESTsoft Corp
  • www.sgacorp.kr
  • AhnLab, Inc.
  • Hauri, Inc
  • QIHU 360 SOFTWARE CO. LIMITED
  • AVAST Software s.r.o.
  • AVG Technologies USA, Inc.
  • Panda Security S.L.
  • VIPRE Security (ThreatTrack Security, Inc.)
  • NANO Security Ltd
  • Webroot Inc.
  • Emsisoft Ltd
  • G DATA Software AG
  • BullGuard Ltd.
  • Check Point Software Technologies Ltd.
  • Quick Heal Technologies Limited
  • TrustPort, a.s.
  • IS3, Inc.
  • MicroWorld Technologies Inc.
  • Total Defense Inc
  • Adaware Software
  • FRISK Software International
  • K7 Computing Pvt Ltd
  • Doctor Web Ltd.
  • SPAMMfighter ApS
  • Security Softvare Limeted
  • VIRUSBLOKADA ODO
  • Fortinet Technologies (Canada) inc.
  • ALLIT Service LLC
  • Adlice
  • Rohitab Batra
  • INCA Internet Co., Ltd.
• It disables the execution of the following applications and drivers:
  • processhacker-2.39-setup.exe
  • flister.exe
  • cmcark.exe
  • HookShark.exe
  • RegReveal.exe
  • mbr.exe
  • catchme.exe
  • aswmbr.exe
  • Pavark.exe
  • PCKAVService.exe
  • STOPzilla.exe
  • SZServer.exe
  • RsMgrSvc.exe
  • RsTray.exe
  • QQPCTray.exe
  • QQPCRTP.exe
  • EEYEEVNT.exe
  • Blink.exe
  • blinksvc.exe
  • twssrv.exe
  • twister.exe
  • mskrn.exe
  • msgui.exe
  • grizzlysvc.exe
  • grizzlyav.exe
  • AdAwareService.exe
  • AdAwareTray.exe
  • AVScanningService.exe
  • AVWatchService.exe
  • AAV_Service_Vista.exe
  • AAV_Guard.exe
  • AutoCare.exe
  • ASCService.exe
  • AdvancedSystemProtector.exe
  • guardxkickoff.exe
  • guardxkickoff_64.exe
  • guardxservice.exe
  • guardxservice_x64.exe
  • vba32ldr.exe
  • vba32ldrgui.exe
  • sfc.exe
  • iptray.exe
  • FortiSettings.exe
  • FortiTray.exe
  • FortiESNAC.exe
  • nanoav.exe
  • nanoav64.exe
  • nanosvc.exe
  • msseces.exe
  • MsMpEng.exe
  • ARWSRVC.exe
  • BDSSVC.exe
  • qhpisvr.exe
  • REPRSVC.exe
  • ASDSvc.exe
  • ASDUp.exe
  • VipreAAPSvc.exe
  • SBAMSvc.exe
  • SBAMTray.exe
  • ALMon.exe
  • ALsvc.exe
  • McsAgent.exe
  • MBAMService.exe
  • mbamtray.exe
  • MFEConsole.exe
  • nortonsecurity.exe
  • ccSvcHst.exe
  • SISIPSService.exe
  • ZIS.exe
  • ZISCore.exe
  • avguard.exe
  • Avira.ServiceHost.exe
  • avgnt.exe
  • econser.exe
  • avpmapp.exe
  • ZAPrivacyService.exe
  • vsmon.exe
  • K7CrvSvc.exe
  • K7FWSrvc.exe
  • K7PSSrvc.exe
  • K7TSecurity.exe
  • BullGuard.exe
  • BullGuardCore.exe
  • fsulprothoster.exe
  • fshoster64.exe
  • fshoster.exe
  • AgentSvc.exe
  • PSANHost.exe
  • PSUAService.exe
  • avss.exe
  • axengine.exe
  • avcom.exe
  • coreServiceShell.exe
  • coreFrameworkHost.exe
  • uiWatchDog.exe
  • McCSPServiceHost.exe
  • McUICnt.exe
  • ModuleCoreService.exe
  • GDFwSvcx.exe
  • ekrn.exe
  • avp.exe
  • bdservicehost.exe
  • dwservice.exe
  • spideragent.exe
  • AVGSvc.exe
  • afwServ.exe
  • AvastSvc.exe
  • a2service.exe
  • QHWatchdog.exe
  • QHActiveDefense.exe
  • WRSA.exe
  • cis.exe
  • ccavsrv.exe
  • eeCtrl.sys
  • eraser.sys
  • SRTSP.sys
  • SRTSPIT.sys
  • SRTSP64.SYS
  • a2gffx86.sys
  • a2gffx64.sys
  • a2gffi64.sys
  • a2acc.sys
  • a2acc64.sys
  • mbam.sys
  • eamonm.sys
  • MaxProtector.sys
  • SDActMon.sys
  • tmevtmgr.sys
  • tmpreflt.sys
  • vcMFilter.sys
  • drivesentryfilterdriver2lite.sys
  • mpFilter.sys
  • PSINPROC.SYS
  • PSINFILE.SYS
  • amfsm.sys
  • amm8660.sys
  • amm6460.sys
  • caavFltr.sys
  • ino_fltr.sys
  • avmf.sys
  • PLGFltr.sys
  • AshAvScan.sys
  • csaav.sys
  • SegF.sys
  • eeyehv.sys
  • eeyehv64.sys
  • NovaShield.sys
  • BdFileSpy.sys
  • tkfsft.sys
  • tkfsft64.sys
  • tkfsavxp.sys
  • tkfsavxp64.sys
  • SMDrvNt.sys
  • ATamptNt.sys
  • V3Flt2k.sys
  • V3MifiNt.sys
  • V3Ift2k.sys
  • V3IftmNt.sys
  • ArfMonNt.sys
  • AhnRghLh.sys
  • AszFltNt.sys
  • OMFltLh.sys
  • V3Flu2k.sys
  • vcdriv.sys
  • vcreg.sys
  • vchle.sys
  • NxFsMon.sys
  • AntiLeakFilter.sys
  • NanoAVMF.sys
  • shldflt.sys
  • nprosec.sys
  • nregsec.sys
  • issregistry.sys
  • THFilter.sys
  • pervac.sys
  • avgmfx86.sys
  • avgmfx64.sys
  • avgmfi64.sys
  • avgmfrs.sys
  • fortimon2.sys
  • fortirmon.sys
  • fortishield.sys
  • savonaccess.sys
  • OADevice.sys
  • pwipf6.sys
  • EstRkmon.sys
  • EstRkr.sys
  • dwprot.sys
  • Spiderg3.sys
  • STKrnl64.sys
  • UFDFilter.sys
  • SCFltr.sys
  • fildds.sys
  • fsfilter.sys
  • fpav_rtp.sys
  • cwdriver.sys
  • Rtw.sys
  • HookSys.sys
  • snscore.sys
  • ssvhook.sys
  • strapvista.sys
  • strapvista64.sys
  • sascan.sys
  • savant.sys
  • vradfil2.sys
  • fsgk.sys
  • PCTCore64.sys
  • PCTCore.sys
  • ikfilesec.sys
  • ZxFsFilt.sys
  • antispyfilter.sys
  • PZDrvXP.sys
  • ggc.sys
  • catflt.sys
  • kmkuflt.sys
  • mfencoas.sys
  • mfehidk.sys
  • cmdguard.sys
  • K7Sentry.sys
  • nvcmflt.sys
  • issfltr.sys
  • AVCKF.SYS
  • bdfsfltr.sys
  • bdfm.sys
  • AVC3.SYS
  • aswmonflt.sys
  • HookCentre.sys
  • PktIcpt.sys
  • MiniIcpt.sys
  • avgntflt.sys
  • klbg.sys
  • kldback.sys
  • kldlinf.sys
  • kldtool.sys
  • klif.sys
  • lbd.sys
  • rvsmon.sys
  • ssfmonm.sys
  • KmxAgent.sys
  • KmxAMRT.sys
  • KmxAMVet.sys
  • KmxStart.sys
  • ahnflt2k.sys
  • AhnRec2k.sys
  • AntiyFW.sys
  • v3engine.sys
  • Vba32dNT.sys
  • kprocesshacker.sys
  • gdbehave2.sys
  • gdkbb32.sys
  • gdwfpcd32.sys
  • grd.sys
  • avgidsdrivera.sys
  • avgidsha.sys
  • avgldx64.sys
  • avgloga.sys
  • avgrkx64.sys
  • avgtdia.sys
  • avgdiska.sys
  • avguniva.sys
  • avgidsdriverx.sys
  • avgidshx.sys
  • avgidsshimx.sys
  • avgldx86.sys
  • avglogx.sys
  • avgrkx86.sys
  • avgtdix.sys
  • bhdrvx64.sys
  • ccsetx64.sys
  • eectrl64.sys
  • idsvia64.sys
  • eng64.sys
  • ex64.sys
  • smr510.sys
  • symefasi.sys
  • eraserutilrebootdrv.sys
  • bhdrvx86.sys
  • ccsetx86.sys
  • idsvix86.sys
  • srtspx.sys
  • symevent.sys
  • ironx86.sys
  • symnets.sys
  • gfiark.sys
  • gfiutil.sys
  • sbwtis.sys
  • sbapifs.sys
  • webexaminer64.sys
  • tmactmon.sys
  • tmcomm.sys
  • tmebc64.sys
  • tmeevw.sys
  • tmel.sys
  • tmxpflt.sys
  • tmnciesc.sys
  • tmusa.sys
  • vsapint.sys
  • tmtdi.sys
  • kl1.sys
  • klflt.sys
  • klfltdev.sys
  • klhk.sys
  • klim6.sys
  • klpd.sys
  • kltdi.sys
  • klwtp.sys
  • kneps.sys
  • sdcfilter.sys
  • sntp.sys
  • sophosed.sys
  • mfeapfk.sys
  • mfeavfk.sys
  • mferkdet.sys
  • mfewfpk.sys
  • mfebopk.sys
  • mfeaack.sys
  • mfeclftk.sys
  • mfedisk.sys
  • mfefirek.sys
  • mfehck.sys
  • mfenlfk.sys
  • mfeplk.sys
  • mfeepmpk.sys
  • mfeepnfcp.sys
  • mfencbdc.sys
  • mfencrk.sys
  • mpnwmon.sys
  • WdBoot.sys
  • WdFilter.sys
  • WdNisDrv.sys
  • aswfsblk.sys
  • aswrdr.sys
  • aswsp.sys
  • aswtdi.sys
  • srtspx64.sys
  • symds64.sys
  • symefa64.sys
  • symevent64x86.sys
  • ironx64.sys
  • avipbb.sys
  • ssmdrv.sys
  • avkmgr.sys
  • avnetflt.sys
  • mbamchameleon.sys
  • mbamswissarmy.sys
  • mwac.sys
  • edevmon.sys
  • ehdrv.sys
  • epfwwfpr.sys
  • epfw.sys
  • epfwndis.sys
  • epfwwfp.sys
  • epfwlwf.sys
  • eamon.sys
  • immunetnetworkmonitor.sys
  • immunetprotect.sys
  • immunetselfprotect.sys
  • 360AntiHacker64.sys
  • 360AvFlt.sys
  • 360Box64.sys
  • 360Camera64.sys
  • 360FsFlt.sys
  • 360netmon.sys
  • bapidrv64.sys
  • fsvista.sys
  • fshs.sys
  • fsbts.sys
  • fses.sys
  • fsdfw.sys
  • fsni64.sys
  • bddevflt.sys
  • bdfwfpf.sys
  • gzflt.sys
  • bdupflt.sys
  • ignis.sys
  • atc.sys
  • bdfndisf.sys
  • bdftdif.sys
  • bdselfpr.sys
  • trufos.sys
  • avdisk.sys
  • econceal.sys
  • mwfsmflt.sys
  • procobsrvesx.sys
  • nnsalpc.sys
  • nnshttp.sys
  • nnshttps.sys
  • nnsids.sys
  • nnspicc.sys
  • nnspop3.sys
  • nnsprot.sys
  • nnsprv.sys
  • nnssmtp.sys
  • nnsstrm.sys
  • nnstlsc.sys
  • psinaflt.sys
  • psinknc.sys
  • psinprot.sys
  • psinreg.sys
  • pskmad.sys
  • dvctprov.sys
  • nnsnahsl.sys
  • nnspihsw.sys
  • psindvct.sys
  • wrkrn.sys
  • wrurlflt.sys
  • ahnactnt.sys
  • ahnrghnt.sys
  • amonlwlh.sys
  • amontdlh.sys
  • ahawkent.sys
  • tffregnt.sys
  • ascrts.sys
  • cdm2drnt.sys
  • medcored.sys
  • medvpdrv.sys
  • tnfwnt.sys
  • tnhipsnt.sys
  • tnnipsnt.sys
  • tsfltdrv.sys
  • tmebc32.sys
  • aswarpot.sys
  • aswbidsdrivera.sys
  • aswbidsha.sys
  • aswbloga.sys
  • aswbuniva.sys
  • aswhdske.sys
  • aswhwid.sys
  • aswrdr2.sys
  • aswrvrt.sys
  • aswsnx.sys
  • aswstm.sys
  • aswvmm.sys
  • k7fwhlpr.sys
  • avasdmft.sys
  • tpsec.sys
  • dsio.sys
  • tdifw.sys
  • tdimapper.sys
  • tppfhook.sys
  • kldisk.sys
  • klbackupflt.sys
  • klbackupdisk.sys
  • aswbidsdriverx.sys
  • aswbidshx.sys
  • aswblogx.sys
  • aswbunivx.sys
  • avgarpot.sys
  • avgbidsdrivera.sys
  • avgbidsha.sys
  • avgbloga.sys
  • avgmonflt.sys
  • avgnetsec.sys
  • avgrdr2.sys
  • avgsp.sys
  • avgsnx.sys
  • avgstm.sys
  • avgvmm.sys
  • cfwids.sys
  • mcpvdrv.sys
  • mfesapsn.sys
  • avdevprot.sys
  • avusbflt.sys
  • EraserUtilDrvI32.sys
  • SYMEFASI64.sys
  • avchv.sys
  • tmlwf.sys
  • tmwfp.sys
  • axflt.sys
  • sbwfw.sys
  • panda_url_filteringd.sys
  • gdwfpcd64.sys
  • TS4nt.sys
  • SISIPSDriver.sys
  • SysPlant.sys
  • Teefer.sys
  • avgbuniva.sys
  • avgNetNd6.sys
  • mbae64.sys
  • cm_km.sys
  • epp.sys
  • eppwfp.sys
  • 360FsFlt_win10.sys
  • BAPIDRV.sys
  • BAPIDRV_win10.sys
  • BAPIDRV64_win10.sys
  • DsArk.sys
  • DsArk_win10.sys
  • dsark64.sys
  • DsArk64_win10.sys
  • qutmdrv.sys
  • qutmdrv_win10.sys
  • EfiMon.sys
  • 360AvFlt_win10.sys
  • 360avflt64.sys
  • 360AvFlt64_win10.sys
  • 360AntiHacker.sys
  • 360AntiHacker_win10.sys
  • 360AntiHacker64_win10.sys
  • 360Box.sys
  • 360Box_win10.sys
  • 360Box64_win10.sys
  • 360Camera.sys
  • 360Camera_win10.sys
  • 360Camera64_win10.sys
  • qutmipc.sys
  • qutmipc_win10.sys
  • 360netmon_50.sys
  • 360netmon_60.sys
  • 360netmon_wfp.sys
  • 360netmon_x64_wfp.sys
  • 360netmon_x64.sys
  • 360SelfProtection.sys
  • 360SelfProtection_win10.sys
  • hookport.sys
  • hookport_win10.sys
  • MorphiDriver.sys
  • aswbdiska.sys
  • aswNetNd6.sys
  • aswNetSec.sys
  • BdAgent.sys
  • BdSpy.sys
  • BdNet.sys
  • BdSentry.sys
  • CdmDrvNt.sys
  • ISPrxEnt.sys
  • ISFWEnt.sys
  • ISIPSEnt.sys
  • ISPIBEnt.sys
  • AhnSZE.sys
  • cmderd.sys
  • cmdhlp.sys
  • inspect.sys
  • isedrv.sys
  • CiscoAMPCEFWDriver.sys
  • CiscoAMPHeurDriver.sys
  • FortiFilter.sys
  • fortiapd.sys
  • ftvnic.sys
  • ftsvnic.sys
  • pppop64.sys
  • DrWebLwf.sys
  • dwdg.sys
  • dw_wfp.sys
  • NTGUARD_X64.sys
  • Vba32d64.sys
  • Vba32m64.sys
  • atkldrvr.sys
  • wsnf.sys
  • WSFILTER.sys
  • webssx.sys
  • bdsflt.sys
  • bdsnm.sys
  • arwflt.sys
  • emltdi.sys
  • ISWKL.sys
  • vsdatant.sys
  • zef.sys
  • zsc.sys
  • znf.sys
  • aswTap.sys
  • avgbdiska.sys
  • avgHwid.sys
  • avgRvrt.sys
  • cmdboot.sys
  • cmdcss_vista.sys
  • cmdcss_win7.sys
  • cmdcss_win8.sys
  • cmdcss_xp.sys
  • isedrv_vista.sys
  • isedrv_win7.sys
  • isedrv_win8.sys
  • isedrv_xp.sys
  • klbackupdisk.sys
  • klelam.sys
  • klkbdflt2.sys
  • klpnpflt.sys
  • klwfp.sys
  • kltap.sys
  • bddci.sys
  • bdelam.sys
  • bdprivmon.sys
  • bdsyslogphysicalmemorydumper.sys
  • bdvedisk.sys
  • trufosalt.sys
  • eelam.sys
  • ekbdflt.sys
  • epfwtdi.sys
  • EpfwTdiR.sys
  • mfeclnrk.sys
  • HipShieldK.sys
  • tmumh.sys
  • BdBoot.sys
  • fwndislwf32.sys
  • fwndislwf64.sys
  • fwwfp732.sys
  • fwwfp764.sys
  • fselms.sys
  • fsulgk.sys
  • fsbts_x64.sys
  • aftap0901.sys
  • PSBoot.sys
  • K7FWFilt.sys
  • K7RKScan.sys
  • K7TdiHlp.sys
  • avdisk64.sys
  • econceal.lwf.Vista64.sys
  • econceal.lwf.Win7_64.sys
  • econceal.lwf.Win8_64.sys
  • econceal.vista64.sys
  • ESWfp64.sys
  • mwfsmfltx.sys
  • MWRM64.sys
  • PROCOBSRVES.sys
  • icsak.sys
  • kl2.sys
  • klim5.sys
  • kltdf.sys
  • farflt.sys
  • eraser64.sys
  • symevnt.sys
  • SyDvCtrl64.sys
  • WGX64.sys
  • SISIDSRegDrv32_post-vista.sys
  • SISIDSRegDrv64_post-vista.sys
  • SISIPSDeviceFilter32_post-vista.sys
  • SISIPSDeviceFilter64_post-vista.sys
  • SISIPSDriver32_post-vista.sys
  • SISIPSDriver64_post-vista.sys
  • SISIPSFileFilter32_post-vista.sys
  • SISIPSFileFilter64_post-vista.sys
  • SISIPSNetFilter32_post-vista.sys
  • SISIPSNetFilter64_post-vista.sys
  • NisDrvWFP.sys
  • BSFS.sys
  • CONIO.sys
  • ELAMDRV.sys
  • ELRKTRM.sys
  • EMLSSX.sys
  • KBFLTR.sys
  • llio.sys
  • mscank.sys
  • WEBSSX8.sys
  • wstif.sys
  • athpexnt.sys
  • MeDVpHkD.sys
  • gfiark32.sys
  • gfiark64.sys
  • gfiutl32.sys
  • gfiutl64.sys
  • VipreELAM.sys
  • sbfw.sys
  • sbhips.sys
  • SBTIS.sys
  • sbfwht.sys
  • SbFwIm.sys
  • SBTISHT.sys
  • sbaphd.sys
  • sbapifsl.sys
  • ALYac40.exe
  • EstPdc.sys
  • EstRtw.sys
  • EstFwt.sys
  • VC90Setup_P_DESKTOP_All_x64.exe
  • sga_ntf_x64.sys
  • sga_ntf_x86.sys
  • eps_sys_x64.sys
  • eps_sys_10_x64.sys
  • eps_min_xp64.sys
  • eps_min_x64.sys
  • eps_min_10_x64.sys
  • V3Lite_Setup.exe
  • hsbdrvnt.sys
  • mkd2bthf.sys
  • mkd2nadr.sys
  • ViRobot7x64_Trial.exe
  • ViRobot7x86_Trial.exe
  • ViRobotAPTShieldSetup_Free.exe
  • tewebproect.sys
  • tkctrl2k.sys
  • tkfsav.sys
  • tkfsft.sys
  • tkfwfv.sys
  • tkfwvt.sys
  • tkidsvt.sys
  • tkpcfthk.sys
  • tkrgac2k.sys
  • tkrgftxp.sys