Results of system analysis

List of processes

File name	PID	Description	Copyright	MD5	Information
c:\program files\lavasoft\ad-aware\aawservice.exe Script: Quarantine, Delete, BC delete, Terminate	364	Ad-Aware Service Application	Copyright (C) 2009 Lavasoft. All rights reserved.	??	900.33 kb, rsAh, created: 2009-01-18 13:34:37, modified: 2009-01-18 13:34:37 Command line: "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
c:\program files\lavasoft\ad-aware\aawtray.exe Script: Quarantine, Delete, BC delete, Terminate	3512	Ad-Aware Tray Application	Copyright (C) 2009 Lavasoft. All rights reserved.	??	494.84 kb, rsAh, created: 2009-01-18 13:34:48, modified: 2009-01-18 13:34:48 Command line: "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
c:\program files\animated reminder\ani_reminder.exe Script: Quarantine, Delete, BC delete, Terminate	3628		NiceKit Software	??	1608.50 kb, rsAh, created: 2007-05-09 13:12:48, modified: 2007-05-09 13:12:48 Command line: "C:\Program Files\Animated Reminder\ani_reminder.exe"
c:\program files\ati technologies\ati control panel\atiptaxx.exe Script: Quarantine, Delete, BC delete, Terminate	2276	ATI Desktop Control Panel	Copyright (C) 1998-2005 ATI Technologies Inc.	??	336.00 kb, rsAh, created: 2008-02-02 12:02:21, modified: 2005-09-27 21:05:00 Command line: "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
c:\program files\cvsnt\cvslock.exe Script: Quarantine, Delete, BC delete, Terminate	616			??	57.00 kb, rsAh, created: 2006-07-05 15:19:26, modified: 2006-07-05 15:19:26 Command line: "C:\Program Files\CVSNT\cvslock.exe"
c:\program files\cvsnt\cvsservice.exe Script: Quarantine, Delete, BC delete, Terminate	664	cvsnt service	Copyright (C) 2004-5, March Hare Software Ltd	??	37.00 kb, rsAh, created: 2006-07-05 15:19:26, modified: 2006-07-05 15:19:26 Command line: "C:\Program Files\CVSNT\cvsservice.exe"
c:\program files\hpq\quick launch buttons\eabservr.exe Script: Quarantine, Delete, BC delete, Terminate	2468	Quick Launch Buttons	Copyright © 2001-2003 Hewlett-Packard Company	??	284.00 kb, rsAh, created: 2008-02-02 11:12:21, modified: 2004-09-17 16:19:42 Command line: "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
c:\windows\explorer.exe Script: Quarantine, Delete, BC delete, Terminate	3924	Windows Explorer	© Microsoft Corporation. All rights reserved.	??	1009.00 kb, rsAh, created: 2004-08-04 04:00:00, modified: 2007-06-13 02:23:07 Command line: C:\WINDOWS\Explorer.EXE
c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate	860	Firefox	©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.	??	300.49 kb, rsAh, created: 2008-02-16 02:49:08, modified: 2008-12-30 07:48:58 Command line: "C:\Program Files\Mozilla Firefox\firefox.exe"
c:\program files\windows live\family safety\fsssvc.exe Script: Quarantine, Delete, BC delete, Terminate	700	Family Safety Service	Copyright ® 1995-2007 Microsoft Corporation.	??	511.54 kb, rsAh, created: 2007-12-17 10:13:18, modified: 2007-12-17 10:13:18 Command line: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
c:\progra~1\hpq\shared\hpqtoa~1.exe Script: Quarantine, Delete, BC delete, Terminate	1852	HpqToaster Module	Copyright 2005	??	504.08 kb, rsAh, created: 2008-02-02 11:35:31, modified: 2005-12-08 13:45:12 Command line: C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE -Embedding
c:\program files\hpq\shared\hpqwmi.exe Script: Quarantine, Delete, BC delete, Terminate	764	hpqwmi Module	© Copyright 2003, 2004 Hewlett-Packard Development Company, L.P.	??	96.00 kb, rsAh, created: 2008-02-02 11:12:21, modified: 2004-07-27 15:25:24 Command line: "C:\Program Files\HPQ\SHARED\HPQWMI.exe"
c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate	1412	LSA Shell (Export Version)	© Microsoft Corporation. All rights reserved.	??	13.00 kb, rsAh, created: 2004-08-04 04:00:00, modified: 2004-08-04 04:00:00 Command line: C:\WINDOWS\system32\lsass.exe
c:\program files\mediaring\mediaring talk\mrtalk.exe Script: Quarantine, Delete, BC delete, Terminate	3076	MediaRing Talk	Copyright (C) 2005 MediaRing Ltd	??	3248.00 kb, rsAh, created: 2008-10-22 18:32:30, modified: 2008-10-22 18:32:30 Command line: "C:\Program Files\MediaRing\MediaRing Talk\mrtalk.exe" /start
c:\program files\windows live\messenger\msnmsgr.exe Script: Quarantine, Delete, BC delete, Terminate	2828	Windows Live Messenger	Copyright (c) Microsoft Corporation. All rights reserved.	??	5590.02 kb, rsAh, created: 2007-10-18 10:34:02, modified: 2007-10-18 10:34:02 Command line: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
c:\program files\common files\system\mssearch\bin\mssearch.exe Script: Quarantine, Delete, BC delete, Terminate	1832	Microsoft PKM Search Service	Copyright (C) Microsoft Corp. 1998. All rights reserved.	??	72.00 kb, rsAh, created: 2000-07-12 17:44:20, modified: 2000-07-12 17:44:20 Command line: "C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"
c:\program files\microsoft office\office11\outlook.exe Script: Quarantine, Delete, BC delete, Terminate	3080	Microsoft Office Outlook	Copyright © 1995-2003 Microsoft Corporation. All rights reserved.	??	195.01 kb, rsAh, created: 2008-04-23 14:09:50, modified: 2008-04-23 14:09:50 Command line: "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE" /recycle
c:\myinstallations\sonicwall\sonicwall global vpn client\rampartsvc.exe Script: Quarantine, Delete, BC delete, Terminate	1060	RampartSvc Module	Copyright © 2002-2006 SonicWALL, Inc.	??	225.27 kb, rsAh, created: 2008-02-04 05:28:39, modified: 2007-09-27 11:10:02 Command line: "C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe"
c:\windows\system32\spoolsv.exe Script: Quarantine, Delete, BC delete, Terminate	436	Spooler SubSystem App	© Microsoft Corporation. All rights reserved.	??	56.50 kb, rsAh, created: 2004-08-04 04:00:00, modified: 2005-06-10 15:53:32 Command line: C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate	748	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 2004-08-04 04:00:00, modified: 2004-08-04 04:00:00 Command line: C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
c:\myinstallations\sonicwall\sonicwall global vpn client\swgvpnclient.exe Script: Quarantine, Delete, BC delete, Terminate	1448	SonicWALL Global VPN Client	Copyright (C) 1997-2006 SonicWall, Inc.	??	1133.27 kb, rsAh, created: 2008-02-04 05:28:33, modified: 2007-09-27 11:10:04 Command line: "C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe"
c:\program files\spybot - search & destroy\teatimer.exe Script: Quarantine, Delete, BC delete, Terminate	2816	System settings protector	© 2000-2008 Safer Networking Limited. Alle Rechte vorbehalten.	??	2093.84 kb, RSAH, created: 2009-02-06 23:46:31, modified: 2009-01-26 15:31:16 Command line: "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe Script: Quarantine, Delete, BC delete, Terminate	1008	Veoh Web Player Beta	Copyright (C) Veoh Networks 2008	??	3445.74 kb, rsAh, created: 2008-12-16 09:07:18, modified: 2008-12-16 09:07:18 Command line: "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
c:\program files\microsoft office\office11\winword.exe Script: Quarantine, Delete, BC delete, Terminate	3740	Microsoft Office Word	Copyright © 1983-2003 Microsoft Corporation. All rights reserved.	??	12022.33 kb, rsAh, created: 2008-10-13 11:25:02, modified: 2008-10-13 11:25:02 Command line: "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
c:\progra~1\system~1\wscheduler.exe Script: Quarantine, Delete, BC delete, Terminate	2392			??	96.00 kb, rsAh, created: 2008-08-19 22:32:29, modified: 2008-06-16 16:44:44 Command line: "C:\PROGRA~1\SYSTEM~1\WScheduler.exe" /LOGON
Detected:59, recognized as trusted 40

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Application Data\Mozilla\Firefox\Profiles\uehz5cl7.default\extensions\piclens@cooliris.com\libs\piclens19.dll Script: Quarantine, Delete, BC delete	24117248			--	860
C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Application Data\Mozilla\Firefox\Profiles\uehz5cl7.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll Script: Quarantine, Delete, BC delete	243793920			--	860
C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Application Data\Mozilla\Firefox\Profiles\uehz5cl7.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\platform\WINNT_x86-msvc\components\mgMouseService.dll Script: Quarantine, Delete, BC delete	243859456	MozGest Mouse-Service	Jochen (krickelkrackel.de) 2007	--	860
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\CRYPTO.dll Script: Quarantine, Delete, BC delete	1610612736	SonicWALL Cryptographic Library	Copyright © 1998-2003 SonicWALL, Inc.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\dbghelp.dll Script: Quarantine, Delete, BC delete	1627389952	Windows Image Helper	© Microsoft Corporation. All rights reserved.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\IsaCmn.dll Script: Quarantine, Delete, BC delete	1610743808	IsaCmn DLL	Copyright © 1998-2005 SonicWALL, Inc.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\LIBEAY32.dll Script: Quarantine, Delete, BC delete	1610940416	OpenSSL Shared Library	Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe Script: Quarantine, Delete, BC delete	4194304	RampartSvc Module	Copyright © 2002-2006 SonicWALL, Inc.	??	1060
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RCBIGNUM.dll Script: Quarantine, Delete, BC delete	1611988992	SonicWALL Big Number Library	Copyright © 1998-2003 SonicWALL, Inc.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RCIPHlp.dll Script: Quarantine, Delete, BC delete	1612054528	SonicWALL IP Helper DLL	Copyright © 1999-2003 SonicWALL, Inc.	--	1060, 1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RSDrvrApi.dll Script: Quarantine, Delete, BC delete	1612185600	SonicWALL Driver Interface DLL	Copyright © 1999-2003 SonicWALL, Inc.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RSXMLAPI.dll Script: Quarantine, Delete, BC delete	1612382208	SonicWALL XML Library	Copyright © 2000-2003 SonicWALL, Inc.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\SWCommon.dll Script: Quarantine, Delete, BC delete	1612644352	SWCommon Dynamic Link Library	Copyright © 2003-2006 SonicWALL, Inc.	--	1060, 1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe Script: Quarantine, Delete, BC delete	4194304	SonicWALL Global VPN Client	Copyright (C) 1997-2006 SonicWall, Inc.	??	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\SWLog.dll Script: Quarantine, Delete, BC delete	1612775424	SWLog Dynamic Link Library	Copyright © 2003-2006 SonicWALL, Inc.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\SWPkiApi.dll Script: Quarantine, Delete, BC delete	1612972032	SonicWALL PKI API Library	Copyright © 2002-2003 SonicWALL, Inc.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\SWSA.dll Script: Quarantine, Delete, BC delete	1613103104	SWSA DLL	Copyright © 2002-2006 SonicWALL, Inc.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\SWSynch.dll Script: Quarantine, Delete, BC delete	1613234176	SWSynch Dynamic Link Library	Copyright © 2002-2003 SonicWALL, Inc.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\XT1931Lib.dll Script: Quarantine, Delete, BC delete	1613430784	Xtreme Toolkit Library DLL	©1998-2002 Codejock Software, All Rights Reserved.	--	1448
C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\zlib.dll Script: Quarantine, Delete, BC delete	1614479360	zlib data compression library	(C) 1995-2002 Jean-loup Gailly & Mark Adler	--	1448
C:\Program Files\Animated Reminder\ani_reminder.exe Script: Quarantine, Delete, BC delete	4194304		NiceKit Software	??	3628
C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll Script: Quarantine, Delete, BC delete	268435456	ATI Desktop Control Panel	Copyright (C) 1998-2005 ATI Technologies Inc.	--	2276
C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll Script: Quarantine, Delete, BC delete	13697024	ATI Desktop Control Panel	Copyright (C) 1998-2005 ATI Technologies Inc.	--	2276
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Script: Quarantine, Delete, BC delete	4194304	ATI Desktop Control Panel	Copyright (C) 1998-2005 ATI Technologies Inc.	??	2276
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU Script: Quarantine, Delete, BC delete	12320768	ATI Desktop Control Panel	Copyright (C) 1998-2005 ATI Technologies Inc.	--	2276
C:\Program Files\Citrix\GoToMeeting\320\G2MOutlookAddin.dll Script: Quarantine, Delete, BC delete	1738211328	GoToMeeting Outlook Integration	Copyright © 2004-2008 Citrix Systems, Inc.	--	3080
C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\EMSMDB32.DLL Script: Quarantine, Delete, BC delete	901185536	Microsoft Exchange Server Information Store Service Provider	Copyright © 1995-2003 Microsoft Corporation. All rights reserved.	--	3080
C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MAPIR.DLL Script: Quarantine, Delete, BC delete	904396800	ExOlk Intl Pluggable UI	Copyright © 1995-2003 Microsoft Corporation. All rights reserved.	--	3080
C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\MSPST32.DLL Script: Quarantine, Delete, BC delete	902496256	Microsoft Personal Folder/Address Book Service Provider	Copyright © 1995-2003 Microsoft Corporation. All rights reserved.	--	3080
C:\Program Files\Common Files\SYSTEM\MSMAPI\1033\OUTEX.dll Script: Quarantine, Delete, BC delete	903544832	Outlook Exchange User Interface	Copyright © 1995-2003 Microsoft Corporation. All rights reserved.	--	3080
C:\Program Files\Common Files\System\MSSearch\Bin\mssws.dll Script: Quarantine, Delete, BC delete	1610612736	Microsoft PKM	Copyright (C) Microsoft Corp. 1998. All rights reserved.	--	1832
C:\Program Files\Common Files\System\MSSearch\Bin\tquery.dll Script: Quarantine, Delete, BC delete	17039360	Microsoft Tripoli Query	Copyright (C) Microsoft Corp. 1998. All rights reserved.	--	1832
C:\Program Files\CVSNT\cvsapi.dll Script: Quarantine, Delete, BC delete	3276800	cvsnt generic API	Copyright (C) 2004-5, March Hare Software Ltd	--	616, 664
C:\Program Files\CVSNT\cvslock.exe Script: Quarantine, Delete, BC delete	4194304			??	616
C:\Program Files\CVSNT\cvsservice.exe Script: Quarantine, Delete, BC delete	4194304	cvsnt service	Copyright (C) 2004-5, March Hare Software Ltd	??	664
C:\Program Files\CVSNT\cvstools.dll Script: Quarantine, Delete, BC delete	268435456	cvsnt hepler application API	Copyright (C) 2004-5, March Hare Software Ltd	--	616, 664
C:\Program Files\CVSNT\iconv.dll Script: Quarantine, Delete, BC delete	4325376	LGPLed libiconv for Windows NT/2000/XP and Windows 95/98/ME	Copyright (C) 1999-2003	--	616, 664
C:\Program Files\CVSNT\mdnsclient.dll Script: Quarantine, Delete, BC delete	3801088			--	616, 664
c:\program files\hp\digital imaging\bin\hpqcxs08.dll Script: Quarantine, Delete, BC delete	346030080	HP CUE Context Manager Objects	Copyright (C) Hewlett-Packard Co. 1995-2005	--	748
C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL Script: Quarantine, Delete, BC delete	268435456	Quick Launch Buttons	Copyright © 2001-2003 Hewlett-Packard Company	--	2468
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe Script: Quarantine, Delete, BC delete	4194304	Quick Launch Buttons	Copyright © 2001-2003 Hewlett-Packard Company	??	2468
C:\Program Files\HPQ\SHARED\HPQWMI.exe Script: Quarantine, Delete, BC delete	4194304	hpqwmi Module	© Copyright 2003, 2004 Hewlett-Packard Development Company, L.P.	??	764
C:\Program Files\iTunes\iTunesOutlookAddIn.dll Script: Quarantine, Delete, BC delete	98369536	iTunes Outlook Add-in	© 2003-2008 Apple Inc. All Rights Reserved.	--	3080
C:\Program Files\Lavasoft\Ad-Aware\ceapi.dll Script: Quarantine, Delete, BC delete	27328512	CEAPI Dynamic Link Library	Copyright (C) 2009	--	364
C:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll Script: Quarantine, Delete, BC delete	18219008	License solution (desktop edition)	Copyright (C) 2008	--	364
C:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll Script: Quarantine, Delete, BC delete	19726336	Messaging system for client notification delivery	Lavasoft	--	364
C:\Program Files\Lavasoft\Ad-Aware\Resources.dll Script: Quarantine, Delete, BC delete	11337728			--	364, 3512
C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll Script: Quarantine, Delete, BC delete	268435456			--	364
C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll Script: Quarantine, Delete, BC delete	29163520	Shell Extension		--	3924
C:\Program Files\MediaRing\MediaRing Talk\mrtalk.exe Script: Quarantine, Delete, BC delete	4194304	MediaRing Talk	Copyright (C) 2005 MediaRing Ltd	??	3076
C:\Program Files\MediaRing\MediaRing Talk\mrwaudio.dll Script: Quarantine, Delete, BC delete	268435456	MRWAudio	Mediaring, Ltd. All rights reserved.	--	3076
C:\Program Files\MediaRing\MediaRing Talk\RealDuplex.dll Script: Quarantine, Delete, BC delete	47579136	SpeechEnh	Copyright (C) SPIRIT 1992-2007	--	3076
C:\Program Files\MediaRing\MediaRing Talk\Redemption.dll Script: Quarantine, Delete, BC delete	35782656	Outlook Redemption COM library	Copyright (c) 2000 - 2007 Dmitry Streblechenko	--	3080
C:\Program Files\MediaRing\MediaRing Talk\xerces-c_2_7.dll Script: Quarantine, Delete, BC delete	301989888	Shared Library for Xerces-C Version 2.7.0	Copyright © Apache Software Foundation 2000 subject to licensing terms	--	3076
C:\Program Files\Microsoft Office\OFFICE11\1033\outllibr.dll Script: Quarantine, Delete, BC delete	814612480	Outlook Intl Pluggable UI	Copyright © 1995-2003 Microsoft Corporation. All rights reserved.	--	3080
C:\Program Files\Microsoft Office\OFFICE11\1033\srintl.dll Script: Quarantine, Delete, BC delete	1040187392	Microsoft Office component	Copyright (c) 2001-2003 Microsoft Corporation. All rights reserved.	--	3080
C:\Program Files\Microsoft Office\OFFICE11\OUTLLIB.dll Script: Quarantine, Delete, BC delete	805568512	Outlook Core	Copyright © 1995-2003 Microsoft Corporation. All rights reserved.	--	3080
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE Script: Quarantine, Delete, BC delete	805306368	Microsoft Office Outlook	Copyright © 1995-2003 Microsoft Corporation. All rights reserved.	??	3080
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Script: Quarantine, Delete, BC delete	805306368	Microsoft Office Word	Copyright © 1983-2003 Microsoft Corporation. All rights reserved.	??	3740
C:\Program Files\Spybot - Search & Destroy\advcheck.dll Script: Quarantine, Delete, BC delete	62521344	Dateiьberprьfungs-Bibliothek	© 2003-2008 Safer Networking Limited. Alle Rechte vorbehalten.	--	2816
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Script: Quarantine, Delete, BC delete	4194304	System settings protector	© 2000-2008 Safer Networking Limited. Alle Rechte vorbehalten.	??	2816
C:\Program Files\Veoh Networks\VeohWebPlayer\BugSplat.dll Script: Quarantine, Delete, BC delete	268435456	Crash reporting module, BugSplat.DLL	Copyright BugSplat, LLC (C) 2004	--	1008
C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll Script: Quarantine, Delete, BC delete	18022400			--	1008
C:\Program Files\Veoh Networks\VeohWebPlayer\LIBEAY32.dll Script: Quarantine, Delete, BC delete	39976960	OpenSSL Shared Library	Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	--	1008
C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll Script: Quarantine, Delete, BC delete	1728053248			--	1008
C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll Script: Quarantine, Delete, BC delete	1694498816			--	1008
C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll Script: Quarantine, Delete, BC delete	1677721600			--	1008
C:\Program Files\Veoh Networks\VeohWebPlayer\ssleay32.dll Script: Quarantine, Delete, BC delete	39649280	OpenSSL Shared Library	Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	--	1008
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe Script: Quarantine, Delete, BC delete	4194304	Veoh Web Player Beta	Copyright (C) Veoh Networks 2008	??	1008
C:\Program Files\Windows Live\Family Safety\fsssvc.exe Script: Quarantine, Delete, BC delete	4194304	Family Safety Service	Copyright ® 1995-2007 Microsoft Corporation.	??	700
C:\Program Files\Windows Live\Family Safety\msidcrl40.dll Script: Quarantine, Delete, BC delete	659554304	IDCRL Dynamic Link Library	Copyright © 1995-2006 Microsoft Corporation.	--	700
C:\Program Files\Windows Live\Messenger\lcres.dll Script: Quarantine, Delete, BC delete	2047868928	LC Resource DLL	© Microsoft Corporation. All rights reserved.	--	2828
C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll Script: Quarantine, Delete, BC delete	1496317952	Windows Live Messenger Language Specific Resources	Copyright (c) Microsoft Corporation. All rights reserved.	--	2828
C:\Program Files\Windows Live\Messenger\msnmsgr.exe Script: Quarantine, Delete, BC delete	4194304	Windows Live Messenger	Copyright (c) Microsoft Corporation. All rights reserved.	??	2828
C:\PROGRA~1\COMMON~1\Apple\MOBILE~1\bin\OUTLOO~1.DLL Script: Quarantine, Delete, BC delete	104923136	OutlookChangeNotifier	© 2007 Apple Inc. All rights reserved.	--	3080
C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\1033\stintl.dll Script: Quarantine, Delete, BC delete	927662080	Microsoft Office 2003 component	Copyright © 2002-2003 Microsoft Corporation. All rights reserved.	--	3740
C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL Script: Quarantine, Delete, BC delete	926023680	Microsoft Office 2003 component	Copyright © 2000-2003 Microsoft Corporation. All rights reserved.	--	3740
C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\mssrch.dll Script: Quarantine, Delete, BC delete	9568256	Microsoft PKM Search Core	Copyright (C) Microsoft Corp. 1998. All rights reserved.	--	1832
C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\propdefs.dll Script: Quarantine, Delete, BC delete	19333120	Microsoft PKM Search Property Definition DLL	Copyright (C) Microsoft Corp. 1998. All rights reserved.	--	1832
C:\PROGRA~1\COMMON~1\System\MSSearch\Bin\srchidx.dll Script: Quarantine, Delete, BC delete	21037056	Microsoft PKM Search Indexer	Copyright (C) Microsoft Corp. 1998. All rights reserved.	--	1832
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE Script: Quarantine, Delete, BC delete	4194304	HpqToaster Module	Copyright 2005	??	1852
C:\PROGRA~1\SPYBOT~1\SDHelper.dll Script: Quarantine, Delete, BC delete	59244544	SBSD IE Protection	© 2000-2008 Safer Networking Limited. Alle Rechte vorbehalten.	--	3924
C:\PROGRA~1\SYSTEM~1\WScheduler.exe Script: Quarantine, Delete, BC delete	4194304			??	2392
C:\WINDOWS\system32\dopdfmn5.dll Script: Quarantine, Delete, BC delete	11141120	doPDF Port Monitor	© Softland. All rights reserved.	--	436
C:\WINDOWS\system32\hptcpmib.dll Script: Quarantine, Delete, BC delete	21626880	Standard TCP/IP Port Monitor UI DLL	Copyright (C) Hewlett Packard Corp. 1996-2004	--	436
C:\WINDOWS\system32\hptcpmon.dll Script: Quarantine, Delete, BC delete	16580608	Standard TCP/IP Port Monitor DLL	Copyright (C) Hewlett Packard Corp. 1996-2004	--	436
C:\WINDOWS\system32\HPTcpMUI.dll Script: Quarantine, Delete, BC delete	21299200	Standard TCP/IP Port Monitor UI DLL	Copyright (C) Hewlett Packard Corp. 1996-2004	--	436
C:\WINDOWS\system32\msvdm.dll Script: Quarantine, Delete, BC delete	20185088			--	3924
C:\WINDOWS\system32\setuid.dll Script: Quarantine, Delete, BC delete	268435456	Setuid Lsa Helper DLL	Copyright (C) 2004,2005 Tony Hoyle and March-Hare Software Ltd	--	1412
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\ATL90.DLL Script: Quarantine, Delete, BC delete	2028077056	ATL Module for Windows (Unicode)	© Microsoft Corporation. All rights reserved.	--	3924
Modules detected:566, recognized as trusted 476

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, BC delete	EE4AF000	018000 (98304)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, BC delete	F7B74000	002000 (8192)
C:\WINDOWS\system32\DRIVERS\fssfltr.sys Script: Quarantine, Delete, BC delete	EC327000	009000 (36864)	Family Safety Filter Driver	Copyright ® 1995-2007 Microsoft Corporation.
C:\WINDOWS\system32\Drivers\Lbd.sys Script: Quarantine, Delete, BC delete	F7682000	00F000 (61440)
C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys Script: Quarantine, Delete, BC delete	F7732000	00A000 (40960)	Toaster Bus Enumerator	Copyright (C) Microsoft Corp. 1981-1997
C:\WINDOWS\system32\Drivers\RCFOX.sys Script: Quarantine, Delete, BC delete	EE724000	018000 (98304)	SonicWALL VPN Client IPSec Driver for Windows 98/Me/NT/2000/XP/Vista/Pocket PC	(c) 1998-2007 SonicWALL, Inc. All rights reserved.
Modules detected - 150, recognized as trusted - 144

Services

Service	Description	Status	File	Group	Dependencies
cvslock Service: Stop, Delete, Disable	CVSNT Locking Service 2.5.03.2382	Running	C:\Program Files\CVSNT\cvslock.exe Script: Quarantine, Delete, BC delete
cvsnt Service: Stop, Delete, Disable	CVSNT Dispatch service 2.5.03.2382	Running	C:\Program Files\CVSNT\cvsservice.exe Script: Quarantine, Delete, BC delete
fsssvc Service: Stop, Delete, Disable	Windows Live OneCare Family Safety	Running	C:\Program Files\Windows Live\Family Safety\fsssvc.exe Script: Quarantine, Delete, BC delete		rpcss
hpqwmi Service: Stop, Delete, Disable	HP WMI Interface	Running	C:\Program Files\HPQ\SHARED\HPQWMI.exe Script: Quarantine, Delete, BC delete		RPCSS
Lavasoft Ad-Aware Service Service: Stop, Delete, Disable	Lavasoft Ad-Aware Service	Running	C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe Script: Quarantine, Delete, BC delete	ShellSvcGroup	RpcSS
RampartSvc Service: Stop, Delete, Disable	SonicWall VPN Client Service	Running	C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe Script: Quarantine, Delete, BC delete		RPCSS
AppServer9PE Service: Stop, Delete, Disable	SunJavaSystemAppserver9PE	Not started	C:\Sun\SDK\lib\appservService.exe Script: Quarantine, Delete, BC delete
ASMySQL Service: Stop, Delete, Disable	ASMySQL	Not started	C:\Sun\AppServer\mysql\bin\mysqld-nt.exe Script: Quarantine, Delete, BC delete
gusvc Service: Stop, Delete, Disable	Google Software Updater	Not started	C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Script: Quarantine, Delete, BC delete		RPCSS
MSSQLServerADHelper Service: Stop, Delete, Disable	MSSQLServerADHelper	Not started	C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe Script: Quarantine, Delete, BC delete
MySQL Service: Stop, Delete, Disable	MySQL	Not started	C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe Script: Quarantine, Delete, BC delete
Detected - 120, recognized as trusted - 109

Drivers

Service	Description	Status	File	Group	Dependencies
fssfltr Driver: Unload, Delete, Disable	fssfltr	Running	C:\WINDOWS\system32\DRIVERS\fssfltr.sys Script: Quarantine, Delete, BC delete	PNP_TDI	tcpip
Lbd Driver: Unload, Delete, Disable	Lbd	Running	C:\WINDOWS\system32\DRIVERS\Lbd.sys Script: Quarantine, Delete, BC delete	FSFilter Activity Monitor	FltMgr
ncfvsbus Driver: Unload, Delete, Disable	NCF Virtual Serial Bus Enumerator	Running	C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys Script: Quarantine, Delete, BC delete	Extended Base
RCFOX Driver: Unload, Delete, Disable	SonicWALL IPsec Driver	Running	C:\WINDOWS\system32\Drivers\RCFOX.sys Script: Quarantine, Delete, BC delete	PNP_TDI
Abiosdsk Driver: Unload, Delete, Disable	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, BC delete	Primary disk
abp480n5 Driver: Unload, Delete, Disable	abp480n5	Not started	abp480n5.sys Script: Quarantine, Delete, BC delete	SCSI miniport
adpu160m Driver: Unload, Delete, Disable	adpu160m	Not started	adpu160m.sys Script: Quarantine, Delete, BC delete	SCSI miniport
Aha154x Driver: Unload, Delete, Disable	Aha154x	Not started	Aha154x.sys Script: Quarantine, Delete, BC delete	SCSI miniport
aic78u2 Driver: Unload, Delete, Disable	aic78u2	Not started	aic78u2.sys Script: Quarantine, Delete, BC delete	SCSI miniport
aic78xx Driver: Unload, Delete, Disable	aic78xx	Not started	aic78xx.sys Script: Quarantine, Delete, BC delete	SCSI miniport
AliIde Driver: Unload, Delete, Disable	AliIde	Not started	AliIde.sys Script: Quarantine, Delete, BC delete	System Bus Extender
amsint Driver: Unload, Delete, Disable	amsint	Not started	amsint.sys Script: Quarantine, Delete, BC delete	SCSI miniport
asc Driver: Unload, Delete, Disable	asc	Not started	asc.sys Script: Quarantine, Delete, BC delete	SCSI miniport
asc3350p Driver: Unload, Delete, Disable	asc3350p	Not started	asc3350p.sys Script: Quarantine, Delete, BC delete	SCSI miniport
asc3550 Driver: Unload, Delete, Disable	asc3550	Not started	asc3550.sys Script: Quarantine, Delete, BC delete	SCSI miniport
Atdisk Driver: Unload, Delete, Disable	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, BC delete	Primary disk
cd20xrnt Driver: Unload, Delete, Disable	cd20xrnt	Not started	cd20xrnt.sys Script: Quarantine, Delete, BC delete	SCSI miniport
Changer Driver: Unload, Delete, Disable	Changer	Not started	Changer.sys Script: Quarantine, Delete, BC delete	Filter
CmdIde Driver: Unload, Delete, Disable	CmdIde	Not started	CmdIde.sys Script: Quarantine, Delete, BC delete	System Bus Extender
Cpqarray Driver: Unload, Delete, Disable	Cpqarray	Not started	Cpqarray.sys Script: Quarantine, Delete, BC delete	SCSI miniport
dac960nt Driver: Unload, Delete, Disable	dac960nt	Not started	dac960nt.sys Script: Quarantine, Delete, BC delete	SCSI miniport
dpti2o Driver: Unload, Delete, Disable	dpti2o	Not started	dpti2o.sys Script: Quarantine, Delete, BC delete	SCSI miniport
hpn Driver: Unload, Delete, Disable	hpn	Not started	hpn.sys Script: Quarantine, Delete, BC delete	SCSI miniport
i2omgmt Driver: Unload, Delete, Disable	i2omgmt	Not started	i2omgmt.sys Script: Quarantine, Delete, BC delete	SCSI Class
i2omp Driver: Unload, Delete, Disable	i2omp	Not started	i2omp.sys Script: Quarantine, Delete, BC delete	SCSI miniport
ini910u Driver: Unload, Delete, Disable	ini910u	Not started	ini910u.sys Script: Quarantine, Delete, BC delete	SCSI miniport
IntelIde Driver: Unload, Delete, Disable	IntelIde	Not started	IntelIde.sys Script: Quarantine, Delete, BC delete	System Bus Extender
lbrtfdc Driver: Unload, Delete, Disable	lbrtfdc	Not started	lbrtfdc.sys Script: Quarantine, Delete, BC delete	System Bus Extender
misalign Driver: Unload, Delete, Disable	Data Misalignment Exception Kernel Driver	Not started	C:\WINDOWS\system32\drivers\misalign.sys Script: Quarantine, Delete, BC delete
mraid35x Driver: Unload, Delete, Disable	mraid35x	Not started	mraid35x.sys Script: Quarantine, Delete, BC delete	SCSI miniport
PCIDump Driver: Unload, Delete, Disable	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, BC delete	PCI Configuration
PDCOMP Driver: Unload, Delete, Disable	PDCOMP	Not started	PDCOMP.sys Script: Quarantine, Delete, BC delete
PDFRAME Driver: Unload, Delete, Disable	PDFRAME	Not started	PDFRAME.sys Script: Quarantine, Delete, BC delete
PDRELI Driver: Unload, Delete, Disable	PDRELI	Not started	PDRELI.sys Script: Quarantine, Delete, BC delete
PDRFRAME Driver: Unload, Delete, Disable	PDRFRAME	Not started	PDRFRAME.sys Script: Quarantine, Delete, BC delete
perc2 Driver: Unload, Delete, Disable	perc2	Not started	perc2.sys Script: Quarantine, Delete, BC delete	SCSI miniport
perc2hib Driver: Unload, Delete, Disable	perc2hib	Not started	perc2hib.sys Script: Quarantine, Delete, BC delete	Filter
ql1080 Driver: Unload, Delete, Disable	ql1080	Not started	ql1080.sys Script: Quarantine, Delete, BC delete	SCSI miniport
Ql10wnt Driver: Unload, Delete, Disable	Ql10wnt	Not started	Ql10wnt.sys Script: Quarantine, Delete, BC delete	SCSI miniport
ql12160 Driver: Unload, Delete, Disable	ql12160	Not started	ql12160.sys Script: Quarantine, Delete, BC delete	SCSI miniport
ql1240 Driver: Unload, Delete, Disable	ql1240	Not started	ql1240.sys Script: Quarantine, Delete, BC delete	SCSI miniport
ql1280 Driver: Unload, Delete, Disable	ql1280	Not started	ql1280.sys Script: Quarantine, Delete, BC delete	SCSI miniport
Simbad Driver: Unload, Delete, Disable	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, BC delete	Filter
Sparrow Driver: Unload, Delete, Disable	Sparrow	Not started	Sparrow.sys Script: Quarantine, Delete, BC delete	SCSI miniport
sym_hi Driver: Unload, Delete, Disable	sym_hi	Not started	sym_hi.sys Script: Quarantine, Delete, BC delete	SCSI miniport
sym_u3 Driver: Unload, Delete, Disable	sym_u3	Not started	sym_u3.sys Script: Quarantine, Delete, BC delete	SCSI miniport
symc810 Driver: Unload, Delete, Disable	symc810	Not started	symc810.sys Script: Quarantine, Delete, BC delete	SCSI miniport
symc8xx Driver: Unload, Delete, Disable	symc8xx	Not started	symc8xx.sys Script: Quarantine, Delete, BC delete	SCSI miniport
TosIde Driver: Unload, Delete, Disable	TosIde	Not started	TosIde.sys Script: Quarantine, Delete, BC delete	System Bus Extender
ultra Driver: Unload, Delete, Disable	ultra	Not started	ultra.sys Script: Quarantine, Delete, BC delete	SCSI miniport
ViaIde Driver: Unload, Delete, Disable	ViaIde	Not started	ViaIde.sys Script: Quarantine, Delete, BC delete	System Bus Extender
WDICA Driver: Unload, Delete, Disable	WDICA	Not started	WDICA.sys Script: Quarantine, Delete, BC delete
Detected - 212, recognized as trusted - 160

Autoruns

File name	Status	Startup method	Description
C:\PROGRA~1\SYSTEM~1\WScheduler.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, WScheduler
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, ATIPTA
C:\Program Files\Animated Reminder\ani_reminder.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Animated reminder
C:\Program Files\CCleaner\CCleaner.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Sonic RecordNow!
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, eabconfg.cpl
C:\Program Files\MediaRing\MediaRing Talk\mrtalk.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Start Menu\Programs\Startup\, C:\Documents and Settings\ttellamsetty.MOBILECANDYDISH\Start Menu\Programs\Startup\MediaRing Talk.lnk,
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SpybotSnD
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, SpybotSD TeaTimer
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, VeohPlugin
C:\Program Files\Windows Live\Messenger\msnmsgr.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MsnMsgr
Autoruns items detected - 75, recognized as trusted - 65

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll Script: Quarantine, Delete, BC delete	BHO	Yahoo! Toolbar	(c) Yahoo! Inc. All rights reserved.	{02478D38-C3F9-4efb-9B51-7695ECA05670} Delete
C:\Program Files\Windows Live\Family Safety\fssbho.dll Script: Quarantine, Delete, BC delete	BHO	Family Safety Browser Helper Object Library	Copyright ® 1995-2007 Microsoft Corporation.	{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} Delete
C:\PROGRA~1\SPYBOT~1\SDHelper.dll Script: Quarantine, Delete, BC delete	BHO	SBSD IE Protection	© 2000-2008 Safer Networking Limited. Alle Rechte vorbehalten.	{53707962-6F74-2D53-2644-206D7942484F} Delete
C:\Program Files\CoolIris\CoolIrisIEHelperObject.dll Script: Quarantine, Delete, BC delete	BHO			{AD0BAB4B-212D-45D7-9E5B-CB1579132715} Delete
C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll Script: Quarantine, Delete, BC delete	BHO	PDFCreator Toolbar	Copyright 2006	{C451C08A-EC37-45DF-AAAD-18B51AB5E837} Delete
C:\Program Files\iBit-Lab\JJFormBHO.dll Script: Quarantine, Delete, BC delete	BHO	Cute Password Manager BHO	2007-2009	{DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} Delete
C:\Program Files\PicLensIE\cooliris.dll Script: Quarantine, Delete, BC delete	BHO	Cooliris for Internet Explorer	© Cooliris Inc. All rights reserved.	{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} Delete
C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll Script: Quarantine, Delete, BC delete	BHO	Yahoo! Single Instance for Mail	(c) Yahoo! Inc. All rights reserved.	{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Delete
C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll Script: Quarantine, Delete, BC delete	Toolbar	PDFCreator Toolbar	Copyright 2006	{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} Delete
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll Script: Quarantine, Delete, BC delete	Toolbar	Yahoo! Toolbar	(c) Yahoo! Inc. All rights reserved.	{EF99BD32-C1FB-11D2-892F-0090271D4F88} Delete
C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll Script: Quarantine, Delete, BC delete	Toolbar	Veoh Video Finder	(c) Veoh Networks Inc. All rights reserved.	{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} Delete
C:\Program Files\iBit-Lab/SysTray.exe Script: Quarantine, Delete, BC delete	Extension module	Cute Password Manager System Tray	2007-2009	{1C86808B-076C-462C-9B24-6B943453DA95} Delete
	Extension module			{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} Delete
	Extension module			{3437D640-C91A-458f-89F5-B9095EA4C28B} Delete
C:\Program Files\CoolIris\CoolIrisPreferences.exe Script: Quarantine, Delete, BC delete	Extension module			{449DB14A-F988-4fd8-9361-F212D7B6414B} Delete
	Extension module			{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} Delete
Elements detected - 26, recognized as trusted - 10

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
deskpan.dll Script: Quarantine, Delete, BC delete	Display Panning CPL Extension			{42071714-76d4-11d1-8b24-00a0c9068ff3}
	Shell extensions for file compression			{764BF0E1-F219-11ce-972D-00AA00A14F56}
	Encryption Context Menu			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
	Taskbar and Start Menu			{0DF44EAA-FF21-4412-828E-260A8728E7F1}
rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Script: Quarantine, Delete, BC delete	Autoplay for SlideShow			{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
	User Accounts			{7A9D77BD-5403-11d2-8785-2E0420524153}
C:\WINDOWS\system32\mscoree.dll Script: Quarantine, Delete, BC delete	Fusion Cache	Microsoft .NET Runtime Execution Engine	© Microsoft Corporation. All rights reserved.	{1D2680C9-0E2A-469d-B787-065558BC7D43}
C:\Program Files\Sonic\RecordNow!\shlext.dll Script: Quarantine, Delete, BC delete	RecordNow! SendToExt	Shell Extensions	(c) Sonic Solutions. All rights reserved.	{DEE12703-6333-4D4E-8F34-738C4DCC2E04}
C:\MyInstallations\Vim\vim71\gvimext.dll Script: Quarantine, Delete, BC delete	Vim Shell Extension	A small project for the context menu of gvim!	Copyright © 1999 Tianmiao Hu	{51EEE242-AD87-11d3-9C1E-0090278BBD99}
"C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll" Script: Quarantine, Delete, BC delete	OpenOffice.org Column Handler			{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
"C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll" Script: Quarantine, Delete, BC delete	OpenOffice.org Infotip Handler			{087B3AE3-E237-4467-B8DB-5A38AB959AC9}
"C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll" Script: Quarantine, Delete, BC delete	OpenOffice.org Property Sheet Handler			{63542C48-9552-494A-84F7-73AA6A7C99C1}
"C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll" Script: Quarantine, Delete, BC delete	OpenOffice.org Thumbnail Viewer			{3B092F0C-7696-40E3-A80F-68D74DA84210}
C:\MyInstallations\TextPad 4\System\shellext.dll Script: Quarantine, Delete, BC delete	TextPad			{2F25CF20-C569-11D1-B94C-00608CB45480}
C:\Program Files\WoLoSoft\SuperEdi\SuperEdiExt.dll Script: Quarantine, Delete, BC delete	WoLoSoft SuperEdi Menu Extension	SuperEdi Shell Extension	(c) 2002-2007 WoLoSoft International. All rights reserved.	{03DC7C5D-E41B-4437-BD6C-496B88A5E458}
C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe Script: Quarantine, Delete, BC delete		Windows Live Photo Acquisition Wizard	Copyright (c) Microsoft Corporation. All rights reserved.	{06A2568A-CED6-4187-BB20-400B8C02BE5A}
				{00F33137-EE26-412F-8D71-F84E4C2C6625}
C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} Script: Quarantine, Delete, BC delete	Windows Live Photo Gallery Autoplay Drop Target			{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}
C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} Script: Quarantine, Delete, BC delete	Windows Live Photo Gallery Viewer Drop Target			{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}
C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll",PhotoViewerComServer {00F374B7-B390-4884-B372-2FC349F2172B} Script: Quarantine, Delete, BC delete	Windows Live Photo Gallery Editor Drop Target			{00F374B7-B390-4884-B372-2FC349F2172B}
	Windows Live Photo Gallery Viewer Drop Target Shim			{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}
	Windows Live Photo Gallery Editor Drop Target Shim			{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}
	Windows Live Photo Gallery Autoplay Drop Target Shim			{00F30F90-3E96-453B-AFCD-D71989ECC2C7}
C:\Program Files\Workrave\lib\workrave-applet.dll Script: Quarantine, Delete, BC delete	Workrave			{B6407CFF-FCB5-4883-90D2-3B4E7B2756BF}
C:\WINDOWS\system32\msvdm.dll Script: Quarantine, Delete, BC delete	Desktop Manager			{709C6E11-538F-4759-86AC-6ACB302AA0DE}

Elements detected - 223, recognized as trusted - 197

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
C:\WINDOWS\system32\dopdfmn5.dll Script: Quarantine, Delete, BC delete	Monitor	doPDF 5 Monitor	doPDF Port Monitor	© Softland. All rights reserved.
C:\WINDOWS\system32\hptcpmon.dll Script: Quarantine, Delete, BC delete	Monitor	HP Standard TCP/IP Port	Standard TCP/IP Port Monitor DLL	Copyright (C) Hewlett Packard Corp. 1996-2004
Elements detected - 15, recognized as trusted - 13

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Script: Quarantine, Delete, BC delete	Ad-Aware Update (Weekly).job	The task is ready to run at its next scheduled time.	Ad-Aware Admin Application	Copyright (C) 2009 Lavasoft. All rights reserved.
Elements detected - 5, recognized as trusted - 4

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 6, recognized as trusted - 6

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 32, recognized as trusted - 32
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
7 LISTENING 0.0.0.0 55530 [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
9 LISTENING 0.0.0.0 30764 [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
13 LISTENING 0.0.0.0 47212 [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
17 LISTENING 0.0.0.0 51332 [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
19 LISTENING 0.0.0.0 39150 [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
21 LISTENING 0.0.0.0 55514 [816] c:\windows\system32\inetsrv\inetinfo.exe
Script: Quarantine, Delete, BC delete, Terminate
25 LISTENING 0.0.0.0 22755 [816] c:\windows\system32\inetsrv\inetinfo.exe
Script: Quarantine, Delete, BC delete, Terminate
80 LISTENING 0.0.0.0 30817 [816] c:\windows\system32\inetsrv\inetinfo.exe
Script: Quarantine, Delete, BC delete, Terminate
135 LISTENING 0.0.0.0 8220 [1672] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 37020 [4] System
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 49164 [4] System
Script: Quarantine, Delete, BC delete, Terminate
443 LISTENING 0.0.0.0 38926 [816] c:\windows\system32\inetsrv\inetinfo.exe
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 30873 [4] System
Script: Quarantine, Delete, BC delete, Terminate
1025 LISTENING 0.0.0.0 55338 [816] c:\windows\system32\inetsrv\inetinfo.exe
Script: Quarantine, Delete, BC delete, Terminate
1028 LISTENING 0.0.0.0 38974 [580] c:\windows\system32\alg.exe
Script: Quarantine, Delete, BC delete, Terminate
1067 LISTENING 0.0.0.0 39118 [1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
Script: Quarantine, Delete, BC delete, Terminate
1115 ESTABLISHED 127.0.0.1 1116 [860] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
1116 ESTABLISHED 127.0.0.1 1115 [860] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
1120 ESTABLISHED 127.0.0.1 1121 [860] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
1121 ESTABLISHED 127.0.0.1 1120 [860] c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
1433 ESTABLISHED 198.107.153.171 445 [4] System
Script: Quarantine, Delete, BC delete, Terminate
1447 CLOSE_WAIT 89.108.66.156 80 [588] c:\documents and settings\ttellamsetty.mobilecandydish\desktop\avz4\avz4\avz.exe
Script: Quarantine, Delete, BC delete, Terminate
2401 LISTENING 0.0.0.0 55386 [664] c:\program files\cvsnt\cvsservice.exe
Script: Quarantine, Delete, BC delete, Terminate
2402 LISTENING 0.0.0.0 222 [616] c:\program files\cvsnt\cvslock.exe
Script: Quarantine, Delete, BC delete, Terminate
3389 LISTENING 0.0.0.0 2128 [1592] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5152 LISTENING 0.0.0.0 32952 [876] c:\program files\java\jre6\bin\jqs.exe
Script: Quarantine, Delete, BC delete, Terminate
5152 CLOSE_WAIT 127.0.0.1 1119 [876] c:\program files\java\jre6\bin\jqs.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
7 LISTENING -- -- [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
9 LISTENING -- -- [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
13 LISTENING -- -- [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
17 LISTENING -- -- [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
19 LISTENING -- -- [1104] c:\windows\system32\tcpsvcs.exe
Script: Quarantine, Delete, BC delete, Terminate
123 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
123 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
123 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
161 LISTENING -- -- [1132] c:\windows\system32\snmp.exe
Script: Quarantine, Delete, BC delete, Terminate
162 LISTENING -- -- [1168] c:\windows\system32\snmptrap.exe
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [1448] c:\myinstallations\sonicwall\sonicwall global vpn client\swgvpnclient.exe
Script: Quarantine, Delete, BC delete, Terminate
1026 LISTENING -- -- [436] c:\windows\system32\spoolsv.exe
Script: Quarantine, Delete, BC delete, Terminate
1031 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1059 LISTENING -- -- [3076] c:\program files\mediaring\mediaring talk\mrtalk.exe
Script: Quarantine, Delete, BC delete, Terminate
1060 LISTENING -- -- [3076] c:\program files\mediaring\mediaring talk\mrtalk.exe
Script: Quarantine, Delete, BC delete, Terminate
1061 LISTENING -- -- [3076] c:\program files\mediaring\mediaring talk\mrtalk.exe
Script: Quarantine, Delete, BC delete, Terminate
1066 LISTENING -- -- [1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
Script: Quarantine, Delete, BC delete, Terminate
1068 LISTENING -- -- [1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
Script: Quarantine, Delete, BC delete, Terminate
1069 LISTENING -- -- [1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
Script: Quarantine, Delete, BC delete, Terminate
1071 LISTENING -- -- [2828] c:\program files\windows live\messenger\msnmsgr.exe
Script: Quarantine, Delete, BC delete, Terminate
1095 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1096 LISTENING -- -- [1412] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
1315 LISTENING -- -- [2828] c:\program files\windows live\messenger\msnmsgr.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1912] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1912] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1912] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3456 LISTENING -- -- [816] c:\windows\system32\inetsrv\inetinfo.exe
Script: Quarantine, Delete, BC delete, Terminate
3544 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [1448] c:\myinstallations\sonicwall\sonicwall global vpn client\swgvpnclient.exe
Script: Quarantine, Delete, BC delete, Terminate
7745 LISTENING -- -- [2828] c:\program files\windows live\messenger\msnmsgr.exe
Script: Quarantine, Delete, BC delete, Terminate
7913 LISTENING -- -- [2828] c:\program files\windows live\messenger\msnmsgr.exe
Script: Quarantine, Delete, BC delete, Terminate
16636 LISTENING -- -- [2828] c:\program files\windows live\messenger\msnmsgr.exe
Script: Quarantine, Delete, BC delete, Terminate
24105 LISTENING -- -- [1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
Script: Quarantine, Delete, BC delete, Terminate
24106 LISTENING -- -- [1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe
Script: Quarantine, Delete, BC delete, Terminate
52024 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
55476 LISTENING -- -- [1760] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
57353 LISTENING -- -- [1712] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
C:\Program Files\QuickTime\QTPlugin.ocx
Script: Quarantine, Delete, BC delete The QuickTime Control allows you to view a wide variety of multimedia content in web pages. Copyright Apple Inc. 1989-2008 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
Delete http://www.apple.com/qtactivex/qtplugin.cab
C:\WINDOWS\Downloaded Program Files\plinstll.dll
Script: Quarantine, Delete, BC delete PicLens Installer for Internet Explorer (c) Cooliris Inc. All rights reserved. {EAC139A9-D22D-4C29-8D1C-252BE63750F9}
Delete http://www.cooliris.com/shared/plinstll.cab
Elements detected - 9, recognized as trusted - 7

Control Panel Applets (CPL)

File name Description Manufacturer
C:\WINDOWS\system32\hpBat.cpl
Script: Quarantine, Delete, BC delete
C:\WINDOWS\system32\WACntlPnl.cpl
Script: Quarantine, Delete, BC delete hp Wireless Assistant CPL Applet © Copyright 2005 Hewlett-Packard Development Company, L.P.
C:\WINDOWS\system32\XMOUSE.CPL
Script: Quarantine, Delete, BC delete xMouse DLL Copyright (C) 2006
Elements detected - 28, recognized as trusted - 25

Active Setup

File name Description Manufacturer CLSID
Elements detected - 14, recognized as trusted - 14

HOSTS file

Hosts file record
127.0.0.1 localhost

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Elements detected - 36, recognized as trusted - 33

Suspicious objects

File Description Type
C:\WINDOWS\system32\Drivers\Lbd.sys
Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook

AVZ Antiviral Toolkit log; AVZ version is 4.30 Scanning started at 2009-02-13 09:56:16 Database loaded: signatures - 209738, NN profile(s) - 2, microprograms of healing - 56, signature database released 12.02.2009 20:45 Heuristic microprograms loaded: 372 SPV microprograms loaded: 9 Digital signatures of system files loaded: 94155 Heuristic analyzer mode: Maximum heuristics level Healing mode: disabled Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights System Restore: enabled 1. Searching for Rootkits and programs intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=07B400) Kernel ntkrnlpa.exe found in memory at address 804D7000 SDT = 80552400 KiST = 8050121C (284) Function NtCreateKey (29) intercepted (80618F12->F768287E), hook C:\WINDOWS\system32\Drivers\Lbd.sys Function NtSetValueKey (F7) intercepted (806175D2->F7682C10), hook C:\WINDOWS\system32\Drivers\Lbd.sys Functions checked: 284, intercepted: 2, restored: 0 1.3 Checking IDT and SYSENTER Analysis for CPU 1 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed Driver loaded successfully 1.5 Checking of IRP handlers Checking - complete 2. Scanning memory Number of processes found: 58 Analyzer: process under analysis is 364 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer: process under analysis is 616 C:\Program Files\CVSNT\cvslock.exe [ES]:Contains network functionality [ES]:Listens on TCP ports ! [ES]:Application has no visible windows Analyzer: process under analysis is 664 C:\Program Files\CVSNT\cvsservice.exe [ES]:Contains network functionality [ES]:Listens on TCP ports ! [ES]:Application has no visible windows >>> The real size is supposed to be = 2101248 Analyzer: process under analysis is 700 C:\Program Files\Windows Live\Family Safety\fsssvc.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer: process under analysis is 764 C:\Program Files\HPQ\SHARED\HPQWMI.exe [ES]:Application has no visible windows Analyzer: process under analysis is 1060 C:\MyInstallations\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer: process under analysis is 3512 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [ES]:Application has no visible windows Analyzer: process under analysis is 2276 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer: process under analysis is 2392 C:\PROGRA~1\SYSTEM~1\WScheduler.exe [ES]:Application has no visible windows [ES]:EXE runtime packer ? [ES]:Registered in autoruns !! Analyzer: process under analysis is 2468 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer: process under analysis is 1852 C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE [ES]:Application has no visible windows Analyzer: process under analysis is 3080 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE [ES]:Contains network functionality [ES]:Loads RASAPI DLL - may use dialing ? Number of modules loaded: 520 Scanning memory - complete 3. Scanning disks 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious programs Checking disabled by user 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry) >> Services: potentially dangerous service allowed: TermService (Terminal Services) >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service) >> Services: potentially dangerous service allowed: Alerter (Alerter) >> Services: potentially dangerous service allowed: Schedule (Task Scheduler) >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing) >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: terminal connections to the PC are allowed >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard >> HDD autorun are allowed >> Autorun from network drives are allowed >> Removable media autorun are allowed Checking - complete Files scanned: 578, extracted from archives: 0, malicious software found 0, suspicions - 0 Scanning finished at 2009-02-13 09:56:52 Time of scanning: 00:00:38 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference System Analysis in progress
Script commands

Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
BootCleaner - import list of deleted files
Registry cleanup after deleting files
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:
Performance tweaking: disable service RemoteRegistry (Remote Registry)
Performance tweaking: disable service TermService (Terminal Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery Service)
Performance tweaking: disable service Alerter (Alerter)
Performance tweaking: disable service Schedule (Task Scheduler)
Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)
Performance tweaking: disable service RDSessMgr (Remote Desktop Help Session Manager)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: prevent terminal connections to the PC
Security: disable sending Remote Assistant queries
File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
7	LISTENING	0.0.0.0	55530	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
9	LISTENING	0.0.0.0	30764	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
13	LISTENING	0.0.0.0	47212	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
17	LISTENING	0.0.0.0	51332	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
19	LISTENING	0.0.0.0	39150	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
21	LISTENING	0.0.0.0	55514	[816] c:\windows\system32\inetsrv\inetinfo.exe Script: Quarantine, Delete, BC delete, Terminate
25	LISTENING	0.0.0.0	22755	[816] c:\windows\system32\inetsrv\inetinfo.exe Script: Quarantine, Delete, BC delete, Terminate
80	LISTENING	0.0.0.0	30817	[816] c:\windows\system32\inetsrv\inetinfo.exe Script: Quarantine, Delete, BC delete, Terminate
135	LISTENING	0.0.0.0	8220	[1672] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
139	LISTENING	0.0.0.0	37020	[4] System Script: Quarantine, Delete, BC delete, Terminate
139	LISTENING	0.0.0.0	49164	[4] System Script: Quarantine, Delete, BC delete, Terminate
443	LISTENING	0.0.0.0	38926	[816] c:\windows\system32\inetsrv\inetinfo.exe Script: Quarantine, Delete, BC delete, Terminate
445	LISTENING	0.0.0.0	30873	[4] System Script: Quarantine, Delete, BC delete, Terminate
1025	LISTENING	0.0.0.0	55338	[816] c:\windows\system32\inetsrv\inetinfo.exe Script: Quarantine, Delete, BC delete, Terminate
1028	LISTENING	0.0.0.0	38974	[580] c:\windows\system32\alg.exe Script: Quarantine, Delete, BC delete, Terminate
1067	LISTENING	0.0.0.0	39118	[1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe Script: Quarantine, Delete, BC delete, Terminate
1115	ESTABLISHED	127.0.0.1	1116	[860] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
1116	ESTABLISHED	127.0.0.1	1115	[860] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
1120	ESTABLISHED	127.0.0.1	1121	[860] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
1121	ESTABLISHED	127.0.0.1	1120	[860] c:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
1433	ESTABLISHED	198.107.153.171	445	[4] System Script: Quarantine, Delete, BC delete, Terminate
1447	CLOSE_WAIT	89.108.66.156	80	[588] c:\documents and settings\ttellamsetty.mobilecandydish\desktop\avz4\avz4\avz.exe Script: Quarantine, Delete, BC delete, Terminate
2401	LISTENING	0.0.0.0	55386	[664] c:\program files\cvsnt\cvsservice.exe Script: Quarantine, Delete, BC delete, Terminate
2402	LISTENING	0.0.0.0	222	[616] c:\program files\cvsnt\cvslock.exe Script: Quarantine, Delete, BC delete, Terminate
3389	LISTENING	0.0.0.0	2128	[1592] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
5152	LISTENING	0.0.0.0	32952	[876] c:\program files\java\jre6\bin\jqs.exe Script: Quarantine, Delete, BC delete, Terminate
5152	CLOSE_WAIT	127.0.0.1	1119	[876] c:\program files\java\jre6\bin\jqs.exe Script: Quarantine, Delete, BC delete, Terminate
UDP ports
7	LISTENING	--	--	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
9	LISTENING	--	--	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
13	LISTENING	--	--	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
17	LISTENING	--	--	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
19	LISTENING	--	--	[1104] c:\windows\system32\tcpsvcs.exe Script: Quarantine, Delete, BC delete, Terminate
123	LISTENING	--	--	[1712] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
123	LISTENING	--	--	[1712] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
123	LISTENING	--	--	[1712] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
161	LISTENING	--	--	[1132] c:\windows\system32\snmp.exe Script: Quarantine, Delete, BC delete, Terminate
162	LISTENING	--	--	[1168] c:\windows\system32\snmptrap.exe Script: Quarantine, Delete, BC delete, Terminate
445	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
500	LISTENING	--	--	[1448] c:\myinstallations\sonicwall\sonicwall global vpn client\swgvpnclient.exe Script: Quarantine, Delete, BC delete, Terminate
1026	LISTENING	--	--	[436] c:\windows\system32\spoolsv.exe Script: Quarantine, Delete, BC delete, Terminate
1031	LISTENING	--	--	[1712] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1059	LISTENING	--	--	[3076] c:\program files\mediaring\mediaring talk\mrtalk.exe Script: Quarantine, Delete, BC delete, Terminate
1060	LISTENING	--	--	[3076] c:\program files\mediaring\mediaring talk\mrtalk.exe Script: Quarantine, Delete, BC delete, Terminate
1061	LISTENING	--	--	[3076] c:\program files\mediaring\mediaring talk\mrtalk.exe Script: Quarantine, Delete, BC delete, Terminate
1066	LISTENING	--	--	[1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe Script: Quarantine, Delete, BC delete, Terminate
1068	LISTENING	--	--	[1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe Script: Quarantine, Delete, BC delete, Terminate
1069	LISTENING	--	--	[1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe Script: Quarantine, Delete, BC delete, Terminate
1071	LISTENING	--	--	[2828] c:\program files\windows live\messenger\msnmsgr.exe Script: Quarantine, Delete, BC delete, Terminate
1095	LISTENING	--	--	[1712] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1096	LISTENING	--	--	[1412] c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate
1315	LISTENING	--	--	[2828] c:\program files\windows live\messenger\msnmsgr.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[1912] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[1912] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[1912] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3456	LISTENING	--	--	[816] c:\windows\system32\inetsrv\inetinfo.exe Script: Quarantine, Delete, BC delete, Terminate
3544	LISTENING	--	--	[1712] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
4500	LISTENING	--	--	[1448] c:\myinstallations\sonicwall\sonicwall global vpn client\swgvpnclient.exe Script: Quarantine, Delete, BC delete, Terminate
7745	LISTENING	--	--	[2828] c:\program files\windows live\messenger\msnmsgr.exe Script: Quarantine, Delete, BC delete, Terminate
7913	LISTENING	--	--	[2828] c:\program files\windows live\messenger\msnmsgr.exe Script: Quarantine, Delete, BC delete, Terminate
16636	LISTENING	--	--	[2828] c:\program files\windows live\messenger\msnmsgr.exe Script: Quarantine, Delete, BC delete, Terminate
24105	LISTENING	--	--	[1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe Script: Quarantine, Delete, BC delete, Terminate
24106	LISTENING	--	--	[1008] c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe Script: Quarantine, Delete, BC delete, Terminate
52024	LISTENING	--	--	[1712] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
55476	LISTENING	--	--	[1760] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
57353	LISTENING	--	--	[1712] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate