Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 10/04/2013; 23:18)

List of processes

File name	PID	Description	Copyright	MD5	Information
AESTSr64.exe Script: Quarantine, Delete, BC delete, Terminate	1896			??	error getting file info Command line:
c:\program files (x86)\avira\antivir desktop\avguard.exe Script: Quarantine, Delete, BC delete, Terminate	1932	Avira On-Access Service	© 2000 - 2013 Avira Operations GmbH & Co. KG and its Licensors	??	108.22 kb, rsAh, created: 19.10.2012 02:44:32, modified: 27.03.2013 19:20:30 Command line: "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
avshadow.exe Script: Quarantine, Delete, BC delete, Terminate	3012			??	error getting file info Command line:
c:\users\k-ok\appdata\local\google\chrome\application\chrome.exe Script: Quarantine, Delete, BC delete, Terminate	1768	Google Chrome	Copyright 2012 Google Inc. All rights reserved.	??	1281.95 kb, rsAh, created: 17.08.2012 02:13:00, modified: 09.04.2013 04:57:09 Command line: "C:\Users\K-OK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll" --lang=en-US --channel="6576.10.1176184849\469888413" /prefetch:4
c:\users\k-ok\appdata\local\google\chrome\application\chrome.exe Script: Quarantine, Delete, BC delete, Terminate	3008	Google Chrome	Copyright 2012 Google Inc. All rights reserved.	??	1281.95 kb, rsAh, created: 17.08.2012 02:13:00, modified: 09.04.2013 04:57:09 Command line: "C:\Users\K-OK\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll" --lang=en-US --channel="6576.12.1757120987\431915687" /prefetch:4
c:\program files (x86)\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate	4636	Firefox	©Firefox and Mozilla Developers; available under the MPL 2 license.	??	898.90 kb, rsAh, created: 04.04.2013 10:09:02, modified: 04.04.2013 10:09:10 Command line: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
InputPersonalization.exe Script: Quarantine, Delete, BC delete, Terminate	280			??	error getting file info Command line:
iPodService.exe Script: Quarantine, Delete, BC delete, Terminate	388			??	error getting file info Command line:
mDNSResponder.exe Script: Quarantine, Delete, BC delete, Terminate	1072			??	error getting file info Command line:
OSPPSVC.EXE Script: Quarantine, Delete, BC delete, Terminate	4936			??	error getting file info Command line:
peerblock.exe Script: Quarantine, Delete, BC delete, Terminate	3844			??	error getting file info Command line:
Pen_TabletUser.exe Script: Quarantine, Delete, BC delete, Terminate	3912			??	error getting file info Command line:
Pen_TouchService.exe Script: Quarantine, Delete, BC delete, Terminate	1504			??	error getting file info Command line:
Pen_TouchUser.exe Script: Quarantine, Delete, BC delete, Terminate	3660			??	error getting file info Command line:
c:\program files (x86)\mozilla firefox\plugin-container.exe Script: Quarantine, Delete, BC delete, Terminate	3056	Plugin Container for Firefox	License: MPL 2	??	16.90 kb, rsAh, created: 04.04.2013 10:09:02, modified: 04.04.2013 10:09:09 Command line: "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4636.10b2ca00.1137425734 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox" E7CF176E110C211B 4636 "\\.\pipe\gecko-crash-server-pipe.4636" plugin
quickset.exe Script: Quarantine, Delete, BC delete, Terminate	3220			??	error getting file info Command line:
c:\program files (x86)\realnetworks\realdownloader\recordingmanager.exe Script: Quarantine, Delete, BC delete, Terminate	652	RealDownloader	Copyright © RealNetworks, Inc. 1995-2012	??	227.59 kb, rsAh, created: 06.03.2013 02:23:52, modified: 06.03.2013 02:23:52 Command line: "C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe" /bgrecordhelpersvc
SASCORE64.EXE Script: Quarantine, Delete, BC delete, Terminate	1436			??	error getting file info Command line:
SbieCtrl.exe Script: Quarantine, Delete, BC delete, Terminate	3500			??	error getting file info Command line:
SbieSvc.exe Script: Quarantine, Delete, BC delete, Terminate	1412			??	error getting file info Command line:
sidebar.exe Script: Quarantine, Delete, BC delete, Terminate	3028			??	error getting file info Command line:
stacsv64.exe Script: Quarantine, Delete, BC delete, Terminate	400			??	error getting file info Command line:
sttray64.exe Script: Quarantine, Delete, BC delete, Terminate	3832			??	error getting file info Command line:
SUPERANTISPYWARE.EXE Script: Quarantine, Delete, BC delete, Terminate	3348			??	error getting file info Command line:
TabTip.exe Script: Quarantine, Delete, BC delete, Terminate	3616			??	error getting file info Command line:
c:\program files (x86)\aol desktop 9.7\waol.exe Script: Quarantine, Delete, BC delete, Terminate	4412	AOL Software	Copyright (C) AOL Inc. 1999 - 2013	??	69.55 kb, rsAh, created: 22.03.2013 15:40:47, modified: 22.03.2013 15:40:47 Command line: "C:\Program Files (x86)\AOL Desktop 9.7\waol.exe" -b
wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate	3512			??	error getting file info Command line:
Detected:117, recognized as trusted 97

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files (x86)\Avira\AntiVir Desktop\aeexp.dll Script: Quarantine, Delete, BC delete	1933836288	Avira Engine Module for Windows	Copyright © 2013 Avira Operations GmbH & Co. KG. All rights reserved.	--	1932
C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll Script: Quarantine, Delete, BC delete	1934491648	Avira Engine Module for Windows	Copyright © 2013 Avira Operations GmbH & Co. KG. All rights reserved.	--	1932
C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll Script: Quarantine, Delete, BC delete	1941700608	Avira Engine Module for Windows	Copyright © 2013 Avira Operations GmbH & Co. KG. All rights reserved.	--	1932
C:\Program Files (x86)\RealNetworks\RealDownloader\common\hxmedpltfm.dll Script: Quarantine, Delete, BC delete	1689059328	Helix® Media Platform	Copyright(c) RealNetworks, Inc. 1995-2009. All rights reserved. Source code for this program is available under the RealNetworks Public Source License. (http://www.helixcommunity.org)	--	652
C:\Program Files (x86)\RealNetworks\RealDownloader\RCAPlugins\rpbgrecorderapp.dll Script: Quarantine, Delete, BC delete	1713045504	Downloader Application	Copyright © RealNetworks, Inc. 1995-2012	--	652
C:\Program Files (x86)\RealNetworks\RealDownloader\RCAPlugins\rpsharedcomponents.dll Script: Quarantine, Delete, BC delete	1687683072	RealDownloader Application	Copyright © RealNetworks, Inc. 1995-2012	--	652
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Components\nprndlffbrowserrecordext.dll Script: Quarantine, Delete, BC delete	1736507392	RealDownloader Firefox Extension	Copyright © RealNetworks, Inc. 1995-2012	--	4636
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll Script: Quarantine, Delete, BC delete	1496055808	RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In	Copyright © RealNetworks, Inc. 1995-2012	--	1768
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll Script: Quarantine, Delete, BC delete	1531510784	RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In	Copyright © RealNetworks, Inc. 1995-2012	--	3008
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\ThinShims\rndlnpshimswf.dll Script: Quarantine, Delete, BC delete	1679687680	RealDownloader Firefox Thin Shim	Copyright © RealNetworks, Inc. 1995-2012	--	3056
C:\Windows\system32\jgdw400.dll Script: Quarantine, Delete, BC delete	236453888	JG ART DLL	Copyright © 1997 America Online, Inc.	--	4412
C:\Windows\system32\jgpl400.dll Script: Quarantine, Delete, BC delete	236388352	JG ART Player DLL	(c)1996 AOL/Johnson-Grace Company	--	4412
Modules detected:644, recognized as trusted 632

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, BC delete	5E00000	013000 (77824)
C:\Windows\System32\Drivers\dump_iaStor.sys Script: Quarantine, Delete, BC delete	2C45000	11C000 (1163264)
Modules detected - 212, recognized as trusted - 210

Services

Service	Description	Status	File	Group	Dependencies
SessionLauncher Service: Stop, Delete, Disable, BC delete	SessionLauncher	Not started	c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe Script: Quarantine, Delete, BC delete
Detected - 184, recognized as trusted - 183

Drivers

Service	Description	Status	File	Group	Dependencies
NANMp50 Driver: Unload, Delete, Disable, BC delete	NANMp50 NDIS Protocol Driver	Not started	C:\Windows\system32\Drivers\NANMp50.sys Script: Quarantine, Delete, BC delete	PNP_TDI
NANSp50 Driver: Unload, Delete, Disable, BC delete	NANSp50 NDIS Protocol Driver	Not started	C:\Windows\system32\Drivers\NANSp50.sys Script: Quarantine, Delete, BC delete	PNP_TDI
RxFilter Driver: Unload, Delete, Disable, BC delete	RxFilter	Not started	C:\Windows\system32\DRIVERS\RxFilter.sys Script: Quarantine, Delete, BC delete	FSFilter Encryption	FltMgr
vmci Driver: Unload, Delete, Disable, BC delete	VMware VMCI Bus Driver	Not started	C:\Windows\system32\DRIVERS\vmci.sys Script: Quarantine, Delete, BC delete	System Bus Extender
VMnetAdapter Driver: Unload, Delete, Disable, BC delete	VMware Virtual Ethernet Adapter Driver	Not started	C:\Windows\system32\DRIVERS\vmnetadapter.sys Script: Quarantine, Delete, BC delete	NDIS
Detected - 279, recognized as trusted - 274

Autoruns

File name	Status	Startup method	Description
C:\Program Files (x86)\Dell\DellDock\DellDock.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\K-OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\K-OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk,
C:\Program Files (x86)\Dell\DellDock\DellDock.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk,
C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk,
C:\Program Files (x86)\Xirrus\Xirrus Wi-Fi Inspector\Xirrus Wi-Fi Inspector.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\K-OK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\K-OK\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk,
C:\Program Files\Common Files\McAfee\SystemCore\mfehidk_messages.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mfehidk, EventMessageFile
C:\Users\K-OK\AppData\Local\Temp\_uninst_03724753.bat Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\K-OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\K-OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_03724753.lnk,
C:\Windows\System32\drivers\vmci.sys Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vmci, EventMessageFile
C:\Windows\system32\PenTablet.cpl Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, Pen Tablet Delete
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\Windows\system32\wuaucpl.cpl Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5F327514-6C5E-4d60-8F16-D07FA08A78ED} Delete
acaptuser64.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs
auditcse.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
c:\Program Files (x86)\Common Files\Microsoft Shared\DW\DW.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Visual Studio Tools for Applications, EventMessageFile
rdpclip Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items detected - 694, recognized as trusted - 680

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
	Extension module			{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} Delete
Elements detected - 7, recognized as trusted - 5

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	CDR Icon Handler			{DE902992-61FC-4A01-8091-53E1895C9775} Delete
	CPT Icon Handler			{DE902993-61FC-4A01-8091-53E1895C9775} Delete
	CMX Icon Handler			{DE902994-61FC-4A01-8091-53E1895C9775} Delete
	CDR Thumbnail Provider			{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} Delete
	CPT Thumbnail Provider			{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} Delete
	CMX Thumbnail Provider			{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} Delete
	CDR Property Handler			{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} Delete
	CPT Property Handler			{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} Delete
	Corel Draw Cdr Preview Handler			{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} Delete
	WebCheck			{E6FB5E20-DE35-11CF-9C87-00AA005127ED} Delete
C:\Windows\system32\wuaucpl.cpl Script: Quarantine, Delete, BC delete	Auto Update Property Sheet Extension			{5F327514-6C5E-4d60-8F16-D07FA08A78ED} Delete
	ColumnHandler			{F9DB5320-233E-11D1-9F84-707F02C10627} Delete
Elements detected - 39, recognized as trusted - 27

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
AdobePDF.dll Script: Quarantine, Delete, BC delete	Monitor	Adobe PDF Port Monitor
localspl.dll Script: Quarantine, Delete, BC delete	Monitor	Local Port
FXSMON.DLL Script: Quarantine, Delete, BC delete	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll Script: Quarantine, Delete, BC delete	Monitor	Standard TCP/IP Port
usbmon.dll Script: Quarantine, Delete, BC delete	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, BC delete	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, BC delete	Provider	HTTP Print Services
Elements detected - 8, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 2, recognized as trusted - 2

SPI/LSP settings

Namespace providers (NSP)

Provider	Status	EXE file	Description	GUID
Detected - 10, recognized as trusted - 10

Transport protocol providers (TSP, LSP)

Provider EXE file Description
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
UDP ports

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Elements detected - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
C:\Windows\system32\DivXControlPanelApplet.cpl
Script: Quarantine, Delete, BC delete DivX Control Panel © Copyright 2000 - 2009 DivX, Inc.
C:\Windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, BC delete Adobe Flash Player Control Panel Applet Copyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Elements detected - 20, recognized as trusted - 18

Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9

HOSTS file

Hosts file record
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 14, recognized as trusted - 11

Suspicious objects

File Description Type

Main script of analysis
Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
System Restore: enabled
Latent loading of libraries through AppInit_DLLs suspected: "acaptuser64.dll"
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Security: automatic logon is enabled
 >>  Disable HDD autorun
 >>  Disable autorun from network drives
 >>  Disable CD/DVD autorun
 >>  Disable removable media autorun
 >>  Windows Explorer - show extensions of known file types
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries
Security tweaking: disable automatic logon

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
UDP ports