Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
f:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	2172	Apple Mobile Device Service	© 2010 Apple Inc. All rights reserved.	??	141.28 kb, rsAh, created: 4/16/2010 8:33:40 AM, modified: 4/16/2010 8:33:40 AM Command line: "F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
f:\documents and settings\priesha\desktop\avz4\avz4\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	2124	???????????? ??????? AVZ	???????????? ??????? AVZ	??	745.00 kb, rsAh, created: 7/8/2010 10:19:08 AM, modified: 7/8/2010 10:19:08 AM Command line: "F:\Documents and Settings\Priesha\Desktop\avz4\avz4\avz.exe"
f:\windows\system32\bcmwltry.exe Script: Quarantine, Delete, Delete via BC, Terminate	1608	Broadcom 802.11 Network Adapter Wireless Network Controller	1998-2007, Broadcom Corporation All Rights Reserved.	??	1236.00 kb, rsAh, created: 11/15/2009 9:14:18 PM, modified: 7/23/2007 4:18:00 PM Command line: F:\WINDOWS\System32\bcmwltry.exe
f:\program files\common files\logishrd\lqcvfx\cocimanager.exe Script: Quarantine, Delete, Delete via BC, Terminate	1956	Camera Control Interface	(c) 1996-2007 Logitech. All rights reserved.	??	225.52 kb, rsAh, created: 2/8/2007 2:12:20 AM, modified: 2/8/2007 2:12:20 AM Command line: "F:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
f:\program files\common files\logishrd\lcommgr\communications_helper.exe Script: Quarantine, Delete, Delete via BC, Terminate	1496	Communications Manager	(c) 1996-2007 Logitech. All rights reserved.	??	477.52 kb, rsAh, created: 2/8/2007 2:12:48 AM, modified: 2/8/2007 2:12:48 AM Command line: "F:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
f:\windows\ehome\ehrecvr.exe Script: Quarantine, Delete, Delete via BC, Terminate	2328	Media Center Receiver Service	© Microsoft Corporation. All rights reserved.	??	232.00 kb, rsAh, created: 11/8/2009 9:09:35 PM, modified: 10/9/2006 5:16:56 PM Command line: F:\WINDOWS\eHome\ehRecvr.exe
f:\windows\ehome\ehsched.exe Script: Quarantine, Delete, Delete via BC, Terminate	2432	Media Center Scheduler Service	© Microsoft Corporation. All rights reserved.	??	100.50 kb, rsAh, created: 11/8/2009 9:09:35 PM, modified: 8/5/2005 2:56:32 PM Command line: F:\WINDOWS\eHome\ehSched.exe
f:\windows\ehome\ehtray.exe Script: Quarantine, Delete, Delete via BC, Terminate	1296	Media Center Tray Applet	© Microsoft Corporation. All rights reserved.	??	63.00 kb, rsAh, created: 11/8/2009 9:09:35 PM, modified: 8/5/2005 2:56:34 PM Command line: "F:\WINDOWS\ehome\ehtray.exe"
f:\windows\explorer.exe Script: Quarantine, Delete, Delete via BC, Terminate	684	Windows Explorer	© Microsoft Corporation. All rights reserved.	??	1009.50 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:19 PM Command line: F:\WINDOWS\Explorer.EXE
f:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate	3596	Firefox	©Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.	??	888.96 kb, rsAh, created: 7/11/2010 1:03:36 PM, modified: 6/26/2010 1:43:57 AM Command line: "F:\Program Files\Mozilla Firefox\firefox.exe"
f:\program files\microsoft office\office12\groovemonitor.exe Script: Quarantine, Delete, Delete via BC, Terminate	1768	GrooveMonitor Utility	© 2006 Microsoft Corporation. All rights reserved.	??	30.34 kb, rsAh, created: 10/25/2008 12:44:34 PM, modified: 10/25/2008 12:44:34 PM Command line: "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
f:\program files\ipod\bin\ipodservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	3492	iPodService Module (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	??	532.79 kb, rsAh, created: 4/28/2010 3:06:18 PM, modified: 4/28/2010 3:06:18 PM Command line: "F:\Program Files\iPod\bin\iPodService.exe"
f:\program files\itunes\ituneshelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	1928	iTunesHelper	© 2003-2010 Apple Inc. All rights reserved.	??	138.79 kb, rsAh, created: 4/28/2010 3:06:30 PM, modified: 4/28/2010 3:06:30 PM Command line: "F:\Program Files\iTunes\iTunesHelper.exe"
f:\windows\system32\java.exe Script: Quarantine, Delete, Delete via BC, Terminate	2980	Java(TM) Platform SE binary	Copyright © 2004	??	141.78 kb, rsAh, created: 5/15/2010 12:59:29 AM, modified: 1/27/2010 10:21:30 PM Command line: "F:\WINDOWS\system32\java.exe" -Xmx100m -Djava.library.path="../lib" -classpath "../lib/agent-2.5.8318.2077.jar;../lib/wrapper.jar;../lib/commons-lang-2.3.jar;../lib/commons-logging-1.1.jar;../lib/spring-2.0.6.jar;../lib/spring-ws-core-1.0.2.jar;../lib/spring-xml-1.0.2.jar;../lib/jdom-1.0.jar;../lib/jaxen-1.1.1.jar;../lib/xpp3_min-1.1.3.4.O.jar;../lib/xstream-1.2.2.jar" -Dwrapper.key="XTZplwD8qs3Anmj8" -Dwrapper.port=32000 -Dwrapper.jvm.port.min=31000 -Dwrapper.jvm.port.max=31999 -Dwrapper.pid=2700 -Dwrapper.version="3.2.3" -Dwrapper.native_library="wrapper" -Dwrapper.service="TRUE" -Dwrapper.cpu.timeout="10" -Dwrapper.jvmid=1 com.linksys.agent.Main
f:\program files\linksys\linksys updater\bin\linksysupdater.exe Script: Quarantine, Delete, Delete via BC, Terminate	2700			??	200.00 kb, rsAh, created: 11/13/2008 12:43:49 PM, modified: 11/13/2008 12:43:49 PM Command line: "F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "F:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf"
f:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe Script: Quarantine, Delete, Delete via BC, Terminate	280	Logitech Desktop Messenger	Copyright (C) Logitech 2000-2007. All rights reserved	??	65.55 kb, rsAh, created: 12/21/2009 3:00:03 PM, modified: 12/21/2009 3:00:03 PM Command line: "F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -startup
f:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate	760	LSA Shell (Export Version)	© Microsoft Corporation. All rights reserved.	??	13.00 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:24 PM Command line: F:\WINDOWS\system32\lsass.exe
f:\documents and settings\priesha\application data\systemproc\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate	1376	Gvqgeed	Nbfnbai	??	73.00 kb, rSaH, created: 7/11/2010 9:28:22 PM, modified: 7/11/2010 9:28:20 PM Command line: "F:\Documents and Settings\Priesha\Application Data\SystemProc\lsass.exe"
f:\program files\common files\logishrd\lcommgr\lvcomsx.exe Script: Quarantine, Delete, Delete via BC, Terminate	1976	LVCom Server	(c) 1996-2007 Logitech. All rights reserved.	??	246.78 kb, rsAh, created: 2/6/2007 6:43:26 PM, modified: 2/6/2007 6:43:26 PM Command line: "F:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" -Embedding
f:\program files\markany\contentsafer\maagent.exe Script: Quarantine, Delete, Delete via BC, Terminate	1800	MaSAFER Agent ?? ????	Copyright (C) 2003	??	56.00 kb, rsAh, created: 12/21/2009 2:54:48 PM, modified: 1/30/2007 9:36:30 PM Command line: "F:\Program Files\MarkAny\ContentSafer\MAAgent.exe"
f:\progra~1\ahead\neroph~1\data\xtras\mssysmgr.exe Script: Quarantine, Delete, Delete via BC, Terminate	2032	Nero PhotoShow Media Manager	Copyright © 2005 Ahead Software AG	??	208.00 kb, rsAh, created: 4/8/2010 2:38:06 AM, modified: 2/25/2005 5:28:03 PM Command line: "F:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe"
f:\program files\nike+ utility\nike+ utility.exe Script: Quarantine, Delete, Delete via BC, Terminate	112			??	1200.00 kb, rsAh, created: 4/30/2008 4:33:46 PM, modified: 4/30/2008 4:33:46 PM Command line: "F:\Program Files\Nike+ Utility\Nike+ Utility.exe"
f:\windows\system32\nvsvc32.exe Script: Quarantine, Delete, Delete via BC, Terminate	2984	NVIDIA Driver Helper Service, Version 178.13	(C) NVIDIA Corporation. All rights reserved.	??	160.07 kb, rsAh, created: 9/17/2005 5:32:00 PM, modified: 9/18/2008 12:55:00 AM Command line: F:\WINDOWS\system32\nvsvc32.exe
f:\program files\microsoft office\office12\onenotem.exe Script: Quarantine, Delete, Delete via BC, Terminate	388	Microsoft Office OneNote Quick Launcher	© 2006 Microsoft Corporation. All rights reserved.	??	95.39 kb, rsAh, created: 2/26/2009 3:24:50 PM, modified: 2/26/2009 3:24:50 PM Command line: "F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
f:\program files\logitech\quickcam10\quickcam10.exe Script: Quarantine, Delete, Delete via BC, Terminate	1544			??	756.02 kb, rsAh, created: 2/8/2007 2:13:48 AM, modified: 2/8/2007 2:13:48 AM Command line: "F:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
f:\windows\system32\searchindexer.exe Script: Quarantine, Delete, Delete via BC, Terminate	3480	Microsoft Windows Search Indexer	© Microsoft Corporation. All rights reserved.	??	429.50 kb, rsah, created: 5/26/2008 11:18:44 PM, modified: 5/26/2008 11:18:44 PM Command line: F:\WINDOWS\system32\SearchIndexer.exe /Embedding
f:\windows\system32\services.exe Script: Quarantine, Delete, Delete via BC, Terminate	748	Services and Controller app	© Microsoft Corporation. All rights reserved.	??	108.00 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 2/6/2009 4:11:05 AM Command line: F:\WINDOWS\system32\services.exe
f:\program files\samsung\samsung media studio 5\smstray.exe Script: Quarantine, Delete, Delete via BC, Terminate	1792	SMSTray.exe	(c) SAMSUNG ELECTRONICS All rights reserved.	??	124.00 kb, rsAh, created: 12/21/2009 2:54:38 PM, modified: 2/23/2007 5:32:56 PM Command line: "F:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe"
f:\windows\system32\spoolsv.exe Script: Quarantine, Delete, Delete via BC, Terminate	1652	Spooler SubSystem App	© Microsoft Corporation. All rights reserved.	??	56.50 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:36 PM Command line: F:\WINDOWS\system32\spoolsv.exe
f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	928	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:36 PM Command line: F:\WINDOWS\system32\svchost -k DcomLaunch
f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	1852	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:36 PM Command line: F:\WINDOWS\system32\svchost.exe -k LocalService
f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	1152	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:36 PM Command line: F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	2296	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:36 PM Command line: F:\WINDOWS\System32\svchost.exe -k HTTPFilter
f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	616	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:36 PM Command line: F:\WINDOWS\System32\svchost.exe -k netsvcs
f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	3052	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:36 PM Command line: F:\WINDOWS\system32\svchost.exe -k imgsvc
f:\program files\windows desktop search\windowssearch.exe Script: Quarantine, Delete, Delete via BC, Terminate	328	Windows Search System Tray	© Microsoft Corporation. All rights reserved.	??	121.00 kb, rsah, created: 5/26/2008 11:19:14 PM, modified: 5/26/2008 11:19:14 PM Command line: "F:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup
f:\windows\system32\winlogon.exe Script: Quarantine, Delete, Delete via BC, Terminate	704	Windows NT Logon Application	© Microsoft Corporation. All rights reserved.	??	496.00 kb, rsAh, created: 3/15/2006 5:00:00 AM, modified: 4/13/2008 5:12:39 PM Command line: winlogon.exe
f:\program files\winzip\winzip32.exe Script: Quarantine, Delete, Delete via BC, Terminate	3552	WinZip	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	??	5510.82 kb, RsAh, created: 2/4/2010 2:00:00 PM, modified: 2/4/2010 2:00:00 PM Command line: "F:\Program Files\WinZip\WINZIP32.EXE" "F:\Documents and Settings\Priesha\My Documents\Downloads\avz4.zip"
f:\windows\system32\wltrysvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	1596			??	23.50 kb, rsAh, created: 11/15/2009 9:14:18 PM, modified: 7/23/2007 4:18:00 PM Command line: F:\WINDOWS\System32\WLTRYSVC.EXE F:\WINDOWS\System32\bcmwltry.exe
f:\program files\linksys\wmp300n\wmp300n.exe Script: Quarantine, Delete, Delete via BC, Terminate	3176			??	5182.00 kb, rsAh, created: 11/15/2009 9:14:13 PM, modified: 8/20/2007 4:22:00 AM Command line: WMP300N.exe
Detected:61, recognized as trusted 52

Module name	Handle	Description	Copyright	MD5	Used by processes
F:\Program Files\Ahead\Nero PhotoShow\data\Xtras\NeAudio.ax Script: Quarantine, Delete, Delete via BC	473956352	Nero Digital Audio Decoding Filter	Copyright (C) 2004 Ahead Software AG and its licensors	--	684
F:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll Script: Quarantine, Delete, Delete via BC	98828288	AdvrCntr Module	Copyright (c) 1995-2003 Ahead Software and its licensors	--	684
F:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL Script: Quarantine, Delete, Delete via BC	268435456	iPodService Resource Library (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	--	3492
F:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL Script: Quarantine, Delete, Delete via BC	19922944	iTunesHelper Resource Library	© 2003-2010 Apple Inc. All rights reserved.	--	1928
F:\Program Files\Linksys\Linksys Updater\lib\wrapper.dll Script: Quarantine, Delete, Delete via BC	268435456			--	2980
F:\Program Files\Linksys\WMP300N\aviWMP300N.dll Script: Quarantine, Delete, Delete via BC	21364736	WMP300N-ResDLL		--	3176
F:\Program Files\Linksys\WMP300N\BCMDLLIF.dll Script: Quarantine, Delete, Delete via BC	36569088			--	3176
F:\Program Files\Linksys\WMP300N\broadcom.DLL Script: Quarantine, Delete, Delete via BC	38076416	BroadCom.dll file	Gemtek	--	3176
F:\Program Files\Linksys\WMP300N\GTW32N50.DLL Script: Quarantine, Delete, Delete via BC	38666240	WinDis 32 API & Platform Compatibility DLL		--	3176
F:\Program Files\Linksys\WMP300N\preflib.dll Script: Quarantine, Delete, Delete via BC	42401792			--	3176
F:\Program Files\Linksys\WMP300N\resWMP300N_US.dll Script: Quarantine, Delete, Delete via BC	18153472	WMP300N		--	3176
F:\Program Files\Linksys\WMP300N\Security.dll Script: Quarantine, Delete, Delete via BC	268435456	Security	Copyright c 2003	--	3176
F:\Program Files\Microsoft Office\Office12\1033\ONINTL.DLL Script: Quarantine, Delete, Delete via BC	869269504	Microsoft Office OneNote International Resources	© 2006 Microsoft Corporation. All rights reserved.	--	388
F:\Program Files\Nike+ Utility\QtCore4.dll Script: Quarantine, Delete, Delete via BC	1728053248			--	112
F:\Program Files\Nike+ Utility\QtGui4.dll Script: Quarantine, Delete, Delete via BC	1694498816			--	112
F:\Program Files\Nike+ Utility\QtNetwork4.dll Script: Quarantine, Delete, Delete via BC	1677721600			--	112
F:\Program Files\Nike+ Utility\QtXml4.dll Script: Quarantine, Delete, Delete via BC	1627389952			--	112
F:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, Delete via BC	35782656	WinZip Shell Extension DLL	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	--	684
F:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\AUTOPL~1.DLL Script: Quarantine, Delete, Delete via BC	15532032	PhotoShow Deluxe AutoPlay2 Cancel	Copyright © 2003 Simple Star, Inc.	--	2032
F:\PROGRA~1\WINZIP\7zxa.dll Script: Quarantine, Delete, Delete via BC	28508160	7z Standalone Extracting Plugin	Copyright (c) 1999-2009 Igor Pavlov	--	3552
F:\PROGRA~1\WINZIP\LDCdBldr.dll Script: Quarantine, Delete, Delete via BC	28770304	LDCdBldr Module	Copyright 2002-2009 Corel Inc.	--	3552
F:\PROGRA~1\WINZIP\lha.dll Script: Quarantine, Delete, Delete via BC	29556736			--	3552
F:\PROGRA~1\WINZIP\UNRAR.DLL Script: Quarantine, Delete, Delete via BC	27983872			--	3552
F:\PROGRA~1\WINZIP\VirtCDRDrv.dll Script: Quarantine, Delete, Delete via BC	29229056	VirtCDRDrv Module	Copyright 2001-2008 Corel Inc.	--	3552
F:\PROGRA~1\WINZIP\wz32.dll Script: Quarantine, Delete, Delete via BC	23724032	WinZip DLL	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	--	3552
F:\PROGRA~1\WINZIP\WZCAB3.DLL Script: Quarantine, Delete, Delete via BC	23527424	WinZip CAB Detection and Extractor	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	--	3552
F:\PROGRA~1\WINZIP\WZCKTREE.DLL Script: Quarantine, Delete, Delete via BC	19529728	WinZip Check Tree DLL	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	--	3552
F:\PROGRA~1\WINZIP\WZEAY32.DLL Script: Quarantine, Delete, Delete via BC	18612224	WinZip Openssl DLL	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	--	3552
F:\PROGRA~1\WINZIP\WZGDIP32.DLL Script: Quarantine, Delete, Delete via BC	22151168	WinZip GDI+ Wrapper	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	--	3552
F:\PROGRA~1\WINZIP\WZSMTP.DLL Script: Quarantine, Delete, Delete via BC	19922944	WinZip Email Support Library	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	--	3552
F:\PROGRA~1\WINZIP\WZVINFO.DLL Script: Quarantine, Delete, Delete via BC	21823488	WinZip FileInfo DLL	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	--	3552
F:\WINDOWS\System32\bcm1xsup.dll Script: Quarantine, Delete, Delete via BC	268435456			--	1608
F:\WINDOWS\System32\BCMLogon.dll Script: Quarantine, Delete, Delete via BC	268435456	Wireless Network Logon Provider	1998-2007, Broadcom Corporation All Rights Reserved.	--	704
F:\WINDOWS\system32\CRYPT32.dll Script: Quarantine, Delete, Delete via BC	2007498752	Crypto API32	© Microsoft Corporation. All rights reserved.	--	2172, 2124, 1608, 1956, 1496, 2328, 2432, 1296, 684, 3596, 1768, 3492, 1928, 280, 760, 1376, 1976, 1800, 112, 2984, 1544, 3480, 748, 1792, 1652, 928, 1852, 1152, 2296, 616, 3052, 328, 704, 3552, 3176
F:\WINDOWS\System32\wltrynt.dll Script: Quarantine, Delete, Delete via BC	11927552	Wireless Notification Provider	1998-2007, Broadcom Corporation All Rights Reserved.	--	1608
Modules found:454, recognized as trusted 419

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
F:\WINDOWS\System32\Drivers\AnyDVD.sys Script: Quarantine, Delete, Delete via BC	BA488000	006000 (24576)	Watch & copy any DVD!	Copyright 2002 - 2003 SlySoft, Inc.
F:\WINDOWS\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, Delete via BC	B62B3000	018000 (98304)
F:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, Delete via BC	BA638000	002000 (8192)
F:\WINDOWS\System32\Drivers\ElbyCDIO.sys Script: Quarantine, Delete, Delete via BC	BA5C2000	002000 (8192)	ElbyCD Windows NT/2000/XP I/O driver	Copyright (C) 2000 - 2006 Elaborate Bytes AG
Modules found - 132, recognized as trusted - 128

Services

Service	Description	Status	File	Group	Dependencies
LinksysUpdater Service: Stop, Delete, Disable, Delete via BC	Linksys Updater	Running	F:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe Script: Quarantine, Delete, Delete via BC
wltrysvc Service: Stop, Delete, Disable, Delete via BC	Broadcom Wireless LAN Tray Service	Running	F:\WINDOWS\System32\WLTRYSVC.EXE Script: Quarantine, Delete, Delete via BC	wltrysvc
Detected - 111, recognized as trusted - 109

Drivers

Service	Description	Status	File	Group	Dependencies
AnyDVD Driver: Unload, Delete, Disable, Delete via BC	AnyDVD	Running	F:\WINDOWS\system32\Drivers\AnyDVD.sys Script: Quarantine, Delete, Delete via BC
ElbyCDIO Driver: Unload, Delete, Disable, Delete via BC	ElbyCDIO Driver	Running	F:\WINDOWS\system32\Drivers\ElbyCDIO.sys Script: Quarantine, Delete, Delete via BC
Abiosdsk Driver: Unload, Delete, Disable, Delete via BC	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
abp480n5 Driver: Unload, Delete, Disable, Delete via BC	abp480n5	Not started	abp480n5.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ADIHdAudAddService Driver: Unload, Delete, Disable, Delete via BC	ADI UAA Function Driver for High Definition Audio Service	Not started	F:\WINDOWS\system32\drivers\ADIHdAud.sys Script: Quarantine, Delete, Delete via BC
adpu160m Driver: Unload, Delete, Disable, Delete via BC	adpu160m	Not started	adpu160m.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AEAudioService Driver: Unload, Delete, Disable, Delete via BC	AEAudio Service	Not started	F:\WINDOWS\system32\drivers\AEAudio.sys Script: Quarantine, Delete, Delete via BC
Aha154x Driver: Unload, Delete, Disable, Delete via BC	Aha154x	Not started	Aha154x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78u2 Driver: Unload, Delete, Disable, Delete via BC	aic78u2	Not started	aic78u2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78xx Driver: Unload, Delete, Disable, Delete via BC	aic78xx	Not started	aic78xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AliIde Driver: Unload, Delete, Disable, Delete via BC	AliIde	Not started	AliIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
amsint Driver: Unload, Delete, Disable, Delete via BC	amsint	Not started	amsint.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc Driver: Unload, Delete, Disable, Delete via BC	asc	Not started	asc.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3350p Driver: Unload, Delete, Disable, Delete via BC	asc3350p	Not started	asc3350p.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3550 Driver: Unload, Delete, Disable, Delete via BC	asc3550	Not started	asc3550.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Atdisk Driver: Unload, Delete, Disable, Delete via BC	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
BS_DEF Driver: Unload, Delete, Disable, Delete via BC	BS_DEF	Not started	F:\WINDOWS\BS_DEF.sys Script: Quarantine, Delete, Delete via BC
catchme Driver: Unload, Delete, Disable, Delete via BC	catchme	Not started	F:\DOCUME~1\Priesha\LOCALS~1\Temp\catchme.sys Script: Quarantine, Delete, Delete via BC	Base
cd20xrnt Driver: Unload, Delete, Disable, Delete via BC	cd20xrnt	Not started	cd20xrnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Changer Driver: Unload, Delete, Disable, Delete via BC	Changer	Not started	Changer.sys Script: Quarantine, Delete, Delete via BC	Filter
CmdIde Driver: Unload, Delete, Disable, Delete via BC	CmdIde	Not started	CmdIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
Cpqarray Driver: Unload, Delete, Disable, Delete via BC	Cpqarray	Not started	Cpqarray.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dac960nt Driver: Unload, Delete, Disable, Delete via BC	dac960nt	Not started	dac960nt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dpti2o Driver: Unload, Delete, Disable, Delete via BC	dpti2o	Not started	dpti2o.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
hpn Driver: Unload, Delete, Disable, Delete via BC	hpn	Not started	hpn.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
i2omgmt Driver: Unload, Delete, Disable, Delete via BC	i2omgmt	Not started	i2omgmt.sys Script: Quarantine, Delete, Delete via BC	SCSI Class
i2omp Driver: Unload, Delete, Disable, Delete via BC	i2omp	Not started	i2omp.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ini910u Driver: Unload, Delete, Disable, Delete via BC	ini910u	Not started	ini910u.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
IntelIde Driver: Unload, Delete, Disable, Delete via BC	IntelIde	Not started	IntelIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
lbrtfdc Driver: Unload, Delete, Disable, Delete via BC	lbrtfdc	Not started	lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
mraid35x Driver: Unload, Delete, Disable, Delete via BC	mraid35x	Not started	mraid35x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
PCIDump Driver: Unload, Delete, Disable, Delete via BC	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, Delete via BC	PCI Configuration
PDCOMP Driver: Unload, Delete, Disable, Delete via BC	PDCOMP	Not started	PDCOMP.sys Script: Quarantine, Delete, Delete via BC
PDFRAME Driver: Unload, Delete, Disable, Delete via BC	PDFRAME	Not started	PDFRAME.sys Script: Quarantine, Delete, Delete via BC
PDRELI Driver: Unload, Delete, Disable, Delete via BC	PDRELI	Not started	PDRELI.sys Script: Quarantine, Delete, Delete via BC
PDRFRAME Driver: Unload, Delete, Disable, Delete via BC	PDRFRAME	Not started	PDRFRAME.sys Script: Quarantine, Delete, Delete via BC
perc2 Driver: Unload, Delete, Disable, Delete via BC	perc2	Not started	perc2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
perc2hib Driver: Unload, Delete, Disable, Delete via BC	perc2hib	Not started	perc2hib.sys Script: Quarantine, Delete, Delete via BC	Filter
ql1080 Driver: Unload, Delete, Disable, Delete via BC	ql1080	Not started	ql1080.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Ql10wnt Driver: Unload, Delete, Disable, Delete via BC	Ql10wnt	Not started	Ql10wnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql12160 Driver: Unload, Delete, Disable, Delete via BC	ql12160	Not started	ql12160.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1240 Driver: Unload, Delete, Disable, Delete via BC	ql1240	Not started	ql1240.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1280 Driver: Unload, Delete, Disable, Delete via BC	ql1280	Not started	ql1280.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
SenFiltService Driver: Unload, Delete, Disable, Delete via BC	SenFilt Service	Not started	F:\WINDOWS\system32\drivers\Senfilt.sys Script: Quarantine, Delete, Delete via BC
Simbad Driver: Unload, Delete, Disable, Delete via BC	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, Delete via BC	Filter
Sparrow Driver: Unload, Delete, Disable, Delete via BC	Sparrow	Not started	Sparrow.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_hi Driver: Unload, Delete, Disable, Delete via BC	sym_hi	Not started	sym_hi.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_u3 Driver: Unload, Delete, Disable, Delete via BC	sym_u3	Not started	sym_u3.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc810 Driver: Unload, Delete, Disable, Delete via BC	symc810	Not started	symc810.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc8xx Driver: Unload, Delete, Disable, Delete via BC	symc8xx	Not started	symc8xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
TosIde Driver: Unload, Delete, Disable, Delete via BC	TosIde	Not started	TosIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
ultra Driver: Unload, Delete, Disable, Delete via BC	ultra	Not started	ultra.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ViaIde Driver: Unload, Delete, Disable, Delete via BC	ViaIde	Not started	ViaIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
WDICA Driver: Unload, Delete, Disable, Delete via BC	WDICA	Not started	WDICA.sys Script: Quarantine, Delete, Delete via BC
Detected - 204, recognized as trusted - 150

Autoruns

File name	Status	Startup method	Description
F:\Documents and Settings\Priesha\Application Data\SystemProc\lsass.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, RTHDBPL Delete
F:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, PhotoShow Deluxe Media Manager Delete
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, nmctxth Delete
F:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Pure Networks Platform Service, EventMessageFile
F:\Program Files\Google\Picasa3\Picasa3.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Picasa3, EventMessageFile
F:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv, EventMessageFile
F:\Program Files\Hotspot Shield\bin\hsswd.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd, EventMessageFile
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	F:\Documents and Settings\All Users\Start Menu\Programs\Startup\, F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk,
F:\Program Files\Nike+ Utility\Nike+ Utility.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	F:\Documents and Settings\All Users\Start Menu\Programs\Startup\, F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nike+ Utility.lnk,
F:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E0D79304-84BE-11CE-9641-444553540000} Delete
F:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E0D79305-84BE-11CE-9641-444553540000} Delete
F:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E0D79306-84BE-11CE-9641-444553540000} Delete
F:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E0D79307-84BE-11CE-9641-444553540000} Delete
F:\Program Files\iolo\Common\Lib\EventMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\iolo Applications\Active Care, EventMessageFile
F:\Program Files\iolo\Common\Lib\EventMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\iolo Applications\Drive Scrubber, EventMessageFile
F:\Program Files\iolo\Common\Lib\EventMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\iolo Applications\Installer, EventMessageFile
F:\Program Files\iolo\Common\Lib\EventMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\iolo Applications\Search Recover, EventMessageFile
F:\Program Files\iolo\Common\Lib\EventMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\iolo Applications\Service Manager, EventMessageFile
F:\Program Files\iolo\Common\Lib\EventMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\iolo Applications\System Guard, EventMessageFile
F:\Program Files\iolo\Common\Lib\EventMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\iolo Applications\System Mechanich, EventMessageFile
F:\Program Files\iolo\Common\Lib\EventMsg.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\iolo Applications\System Shield, EventMessageFile
F:\WINDOWS\System32\BCMLogon.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BCMLogon\NetworkProvider, ProviderPath Delete
F:\WINDOWS\System32\Drivers\AliIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide, EventMessageFile
F:\WINDOWS\System32\Drivers\CmdIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide, EventMessageFile
F:\WINDOWS\System32\Drivers\IntelIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide, EventMessageFile
F:\WINDOWS\System32\Drivers\TosIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\toside, EventMessageFile
F:\WINDOWS\System32\Drivers\ViaIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide, EventMessageFile
F:\WINDOWS\System32\Drivers\lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc, EventMessageFile
F:\WINDOWS\System32\PrintFilterPipelineSvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile
F:\WINDOWS\System32\WLTRYSVC.EXE Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\wltrysvc, EventMessageFile
F:\WINDOWS\System32\crypt32.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\crypt32, EventMessageFile
F:\WINDOWS\System32\igmpv2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
F:\WINDOWS\System32\ipbootp.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
F:\WINDOWS\System32\iprip2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
F:\WINDOWS\System32\ospf.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile
F:\WINDOWS\System32\ospfmib.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile
F:\WINDOWS\System32\polagent.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile
F:\WINDOWS\System32\tssdis.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile
F:\WINDOWS\System\LVMaLogD.DLL Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\LOGITECH, EventMessageFile
F:\WINDOWS\system32\MsSip1.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL Delete
F:\WINDOWS\system32\MsSip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL Delete
F:\WINDOWS\system32\MsSip3.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL Delete
F:\WINDOWS\system32\stisvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile
\InCD\InCD.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\InCD, EventMessageFile
\InCD\InCDsrv.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\InCDsrv, EventMessageFile
\InCD\InCDsrv.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\InCDSvrR, EventMessageFile
crypt32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain, DLLName Delete
deskpan.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {42071714-76d4-11d1-8b24-00a0c9068ff3} Delete
kbd101.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN Delete
kbd101a.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Control Panel\IOProcs, MVB Delete
vgafix.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
Autoruns items found - 916, recognized as trusted - 858

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
	BHO			{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} Delete
	BHO			{5C255C8A-E604-49b4-9D64-90988571CECB} Delete
	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
	Extension module			{5067A26B-1337-4436-8AFE-EE169C2DA79F} Delete
Items found - 17, recognized as trusted - 13

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
deskpan.dll Script: Quarantine, Delete, Delete via BC	Display Panning CPL Extension			{42071714-76d4-11d1-8b24-00a0c9068ff3} Delete
	Shell extensions for file compression			{764BF0E1-F219-11ce-972D-00AA00A14F56} Delete
	Encryption Context Menu			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Delete
	Taskbar and Start Menu			{0DF44EAA-FF21-4412-828E-260A8728E7F1} Delete
	User Accounts			{7A9D77BD-5403-11d2-8785-2E0420524153} Delete
	Windows Search Shell Service			{da67b8ad-e81b-4c70-9b91b417b5e33527} Delete
F:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, Delete via BC	WinZip	WinZip Shell Extension DLL	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	{E0D79304-84BE-11CE-9641-444553540000} Delete
F:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, Delete via BC	WinZip	WinZip Shell Extension DLL	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	{E0D79305-84BE-11CE-9641-444553540000} Delete
F:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, Delete via BC	WinZip	WinZip Shell Extension DLL	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	{E0D79306-84BE-11CE-9641-444553540000} Delete
F:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, Delete via BC	WinZip	WinZip Shell Extension DLL	Copyright (c) 1991-2009 WinZip International LLC - All Rights Reserved	{E0D79307-84BE-11CE-9641-444553540000} Delete
Items found - 224, recognized as trusted - 214

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
Items found - 8, recognized as trusted - 8

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
Items found - 3, recognized as trusted - 3

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 4, recognized as trusted - 4

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 19, recognized as trusted - 19
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 41109 [996] f:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 34933 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 2128 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
1090 ESTABLISHED 127.0.0.1 1091 [3596] f:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1091 ESTABLISHED 127.0.0.1 1090 [3596] f:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1093 ESTABLISHED 127.0.0.1 1094 [3596] f:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1094 ESTABLISHED 127.0.0.1 1093 [3596] f:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5354 LISTENING 0.0.0.0 49284 [2192] f:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
27015 LISTENING 0.0.0.0 57494 [2172] f:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate
31000 ESTABLISHED 127.0.0.1 32000 [2980] f:\windows\system32\java.exe
Script: Quarantine, Delete, Delete via BC, Terminate
32000 ESTABLISHED 127.0.0.1 31000 [2700] f:\program files\linksys\linksys updater\bin\linksysupdater.exe
Script: Quarantine, Delete, Delete via BC, Terminate
32000 LISTENING 0.0.0.0 39006 [2700] f:\program files\linksys\linksys updater\bin\linksysupdater.exe
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123 LISTENING -- -- [616] f:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
123 LISTENING -- -- [616] f:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
500 LISTENING -- -- [760] f:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1034 LISTENING -- -- [2192] f:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1083 LISTENING -- -- [684] f:\windows\explorer.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1840] f:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1840] f:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
3776 LISTENING -- -- [3196] f:\windows\ehome\mcrdsvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate
4500 LISTENING -- -- [760] f:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- [2192] f:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
9370 LISTENING -- -- [280] f:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
{166B1BCA-3F9C-11CF-8075-444553540000}
Delete http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Delete http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Items found - 12, recognized as trusted - 10

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 27, recognized as trusted - 27

Active Setup

File name Description Manufacturer CLSID
Items found - 16, recognized as trusted - 16

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
F:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll
Script: Quarantine, Delete, Delete via BC Handler Pure Service Provider DLL (pure-go: Asychronous Pluggable Protocol Handler) Copyright © 2002-2009 Cisco Systems, Inc. All rights reserved. {4746C79A-2042-4332-8650-48966E44ABA8}
Delete
Items found - 37, recognized as trusted - 33

Suspicious objects

File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.34
Scanning started at 7/13/2010 12:27:13 AM
Database loaded: signatures - 275704, NN profile(s) - 2, malware removal microprograms - 56, signature database released 10.07.2010 23:18
Heuristic microprograms loaded: 383
PVS microprograms loaded: 9
Digital signatures of system files loaded: 213742
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=085700)
 Kernel ntkrnlpa.exe found in memory at address 804D7000
   SDT = 8055C700
   KiST = 8050446C (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
 Analyzing CPU 1
 Analyzing CPU 2
CmpCallCallBacks = 00093D84
Disable callback OK
 Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Driver loaded successfully
 Checking - complete
2. Scanning RAM
 Number of processes found: 62
 Number of modules loaded: 455
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Non-standard Shell\Open key for "scrfile": "NOTEPAD.EXE %1"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: TlntSvr (Telnet)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  Abnormal SCR files association
 >>  Abnormal REG files association
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 103003, extracted from archives: 70552, malicious software found 0, suspicions - 0
Scanning finished at 7/13/2010 12:41:45 AM
Time of scanning: 00:14:33
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Terminal Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery Service)
Performance tweaking: disable service TlntSvr (Telnet)
Performance tweaking: disable service Schedule (Task Scheduler)
Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)
Performance tweaking: disable service RDSessMgr (Remote Desktop Help Session Manager)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	41109	[996] f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
139	LISTENING	0.0.0.0	34933	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	2128	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
1090	ESTABLISHED	127.0.0.1	1091	[3596] f:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
1091	ESTABLISHED	127.0.0.1	1090	[3596] f:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
1093	ESTABLISHED	127.0.0.1	1094	[3596] f:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
1094	ESTABLISHED	127.0.0.1	1093	[3596] f:\program files\mozilla firefox\firefox.exe Script: Quarantine, Delete, Delete via BC, Terminate
5354	LISTENING	0.0.0.0	49284	[2192] f:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
27015	LISTENING	0.0.0.0	57494	[2172] f:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate
31000	ESTABLISHED	127.0.0.1	32000	[2980] f:\windows\system32\java.exe Script: Quarantine, Delete, Delete via BC, Terminate
32000	ESTABLISHED	127.0.0.1	31000	[2700] f:\program files\linksys\linksys updater\bin\linksysupdater.exe Script: Quarantine, Delete, Delete via BC, Terminate
32000	LISTENING	0.0.0.0	39006	[2700] f:\program files\linksys\linksys updater\bin\linksysupdater.exe Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123	LISTENING	--	--	[616] f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
123	LISTENING	--	--	[616] f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
500	LISTENING	--	--	[760] f:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate
1034	LISTENING	--	--	[2192] f:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
1083	LISTENING	--	--	[684] f:\windows\explorer.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1840] f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1840] f:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
3776	LISTENING	--	--	[3196] f:\windows\ehome\mcrdsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate
4500	LISTENING	--	--	[760] f:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	[2192] f:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
9370	LISTENING	--	--	[280] f:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe Script: Quarantine, Delete, Delete via BC, Terminate