Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 02/12/2011; 04:43)

List of processes

File name	PID	Description	Copyright	MD5	Information
c:\documents and settings\johnnie fritz\local settings\temp\5586208\4329223.exe Script: Quarantine, Delete, BC delete, Terminate	1044	Kaspersky Virus Removal Tool	Copyright © Kaspersky Lab 1997-2009.	??	447.01 kb, rsAh, created: 03.12.2011 21:34:01, modified: 02.12.2011 10:20:02 Command line: "C:\Documents and Settings\johnnie fritz\Local Settings\Temp\5586208\4329223.exe"
c:\program files\thinkpad\connectutilities\actray.exe Script: Quarantine, Delete, BC delete, Terminate	3140	ThinkVantage Access Connections Status Icon	(C) Lenovo 2005. All rights reserved. (C) IBM Corporation 2001-2005. All rights reserved.	??	400.00 kb, rsah, created: 30.05.2010 05:16:16, modified: 18.04.2006 04:09:10 Command line: "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
c:\program files\thinkpad\connectutilities\acwlicon.exe Script: Quarantine, Delete, BC delete, Terminate	3196	ThinkVantage Access Connections Wireless Status Icon	(C) Lenovo 2005. All rights reserved. (C) IBM Corporation 2001-2005. All rights reserved.	??	96.00 kb, rsah, created: 30.05.2010 05:16:16, modified: 18.04.2006 03:59:10 Command line: "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
c:\windows\agrsmmsg.exe Script: Quarantine, Delete, BC delete, Terminate	584	SoftModem Messaging Applet	Copyright © Agere Systems 1998-2000	??	56.00 kb, rsAh, created: 24.11.2011 23:09:00, modified: 24.11.2011 23:08:59 Command line: "C:\WINDOWS\AGRSMMSG.exe"
c:\program files\thinkvantage\amsg\amsg.exe Script: Quarantine, Delete, BC delete, Terminate	3024	Message Center	COPYRIGHT IBM 2000-2005, LENOVO 2005 ALL RIGHTS RESERVED	??	496.00 kb, rsah, created: 30.05.2010 05:01:07, modified: 23.11.2005 11:36:32 Command line: "C:\Program Files\ThinkVantage\AMSG\Amsg.exe"
c:\progra~1\avg\avg9\avgtray.exe Script: Quarantine, Delete, BC delete, Terminate	3384	AVG Tray Monitor	Copyright © 2011 AVG Technologies CZ, s.r.o.	??	2029.34 kb, rsAh, created: 30.09.2011 15:55:47, modified: 25.10.2011 01:08:00 Command line: "C:\PROGRA~1\AVG\AVG9\avgtray.exe"
c:\progra~1\lenovo\blueto~1\btstac~1.exe Script: Quarantine, Delete, BC delete, Terminate	372	Bluetooth Stack COM Server	Copyright 2000-2006, Broadcom Corporation.	??	1364.08 kb, rsah, created: 18.01.2006 01:43:58, modified: 18.01.2006 01:43:58 Command line: C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE -Embedding
c:\program files\lenovo\bluetooth software\bttray.exe Script: Quarantine, Delete, BC delete, Terminate	3780	Bluetooth Tray Application	Copyright 2000-2006, Broadcom Corporation.	??	604.06 kb, rsah, created: 18.01.2006 01:45:32, modified: 18.01.2006 01:45:32 Command line: "C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
c:\program files\ibm thinkvantage\client security solution\cssauthe.exe Script: Quarantine, Delete, BC delete, Terminate	3064	cssauthe	Copyright (C) Lenovo Group Ltd. 2005 All Rights Reserved	??	1941.55 kb, rsah, created: 22.12.2005 09:08:06, modified: 22.12.2005 09:08:06 Command line: "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
c:\windows\explorer.exe Script: Quarantine, Delete, BC delete, Terminate	1172	Windows Explorer	© Microsoft Corporation. All rights reserved.	??	1009.50 kb, rsah, created: 01.01.1980 15:00:00, modified: 14.04.2008 08:12:19 Command line: C:\WINDOWS\Explorer.EXE
c:\progra~1\lenovo\lenovo~2\lpmgr.exe Script: Quarantine, Delete, BC delete, Terminate	3052	Lenovo Care Manager	Copyright (C) Lenovo 2005,2006.	??	104.00 kb, rsah, created: 30.05.2010 05:02:59, modified: 07.12.2005 16:00:00 Command line: "C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe"
c:\program files\softex\omnipass\omniserv.exe Script: Quarantine, Delete, BC delete, Terminate	1648	Softex OmniPass Service	(c) Softex Inc. All rights reserved.	??	32.00 kb, rsah, created: 30.05.2010 05:00:18, modified: 28.02.2006 15:18:32 Command line: "C:\Program Files\Softex\OmniPass\Omniserv.exe"
c:\program files\softex\omnipass\opxpapp.exe Script: Quarantine, Delete, BC delete, Terminate	2940			??	13.00 kb, rsah, created: 30.05.2010 05:00:18, modified: 28.02.2006 15:20:02 Command line: "C:\Program Files\Softex\OmniPass\OPXPApp.exe"
c:\windows\system32\pmsveh.exe Script: Quarantine, Delete, BC delete, Terminate	2224	PMSveH	Copyright (C) 2006	??	56.00 kb, rsah, created: 20.05.2006 01:39:16, modified: 20.05.2006 01:39:16 Command line: C:\WINDOWS\system32\PMSveH.exe
c:\program files\softex\omnipass\scureapp.exe Script: Quarantine, Delete, BC delete, Terminate	2964	Softex OmniPass	Copyright (C) 2001 - 2005	??	2028.00 kb, rsah, created: 30.05.2010 05:00:18, modified: 28.02.2006 15:20:44 Command line: "C:\Program Files\Softex\OmniPass\scureapp.exe"
c:\program files\lenovo\hotkey\tpwaudap.exe Script: Quarantine, Delete, BC delete, Terminate	2892			??	123.50 kb, rsAh, created: 30.05.2010 04:05:38, modified: 28.11.2011 13:34:09 Command line: "C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe"
c:\windows\vsnp2std.exe Script: Quarantine, Delete, BC delete, Terminate	724	CameraMonitor Application	Copyright 2002-2005	??	432.00 kb, rsAh, created: 30.05.2010 04:44:48, modified: 21.10.2005 05:18:50 Command line: "C:\WINDOWS\vsnp2std.exe"
c:\windows\system32\winlogon.exe Script: Quarantine, Delete, BC delete, Terminate	996	Windows NT Logon Application	© Microsoft Corporation. All rights reserved.	??	496.00 kb, rsah, created: 01.01.1980 15:00:00, modified: 14.04.2008 08:12:39 Command line: winlogon.exe
c:\program files\windows media player\wmpnscfg.exe Script: Quarantine, Delete, BC delete, Terminate	3640	Windows Media Player Network Sharing Service Configuration Application	© Microsoft Corporation. All rights reserved.	??	199.50 kb, rsah, created: 18.10.2006 20:05:26, modified: 18.10.2006 20:05:26 Command line: "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
c:\windows\system32\wuauclt.exe Script: Quarantine, Delete, BC delete, Terminate	2884	Windows Update	© Microsoft Corporation. All rights reserved.	??	52.22 kb, rsah, created: 10.08.2004 01:52:56, modified: 07.08.2009 10:24:06 Command line: "C:\WINDOWS\system32\wuauclt.exe"
Detected:55, recognized as trusted 46

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files\Lenovo\HOTKEY\TpWAudHk.dll Script: Quarantine, Delete, BC delete	268435456			--	2892
C:\Program Files\Softex\OmniPass\autheng.dll Script: Quarantine, Delete, BC delete	4259840	autheng DLL	Copyright (C) 2003-2005 Softex, Inc.	--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\authntec.dll Script: Quarantine, Delete, BC delete	26083328	Authentec Fingerprint DLL	Copyright (C) 2003-2005 Softex, Inc.	--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\cachedrv.dll Script: Quarantine, Delete, BC delete	21364736	Cachedrv DLL	Softex Incorporated. Copyright (C) 2003	--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\cryptodll.dll Script: Quarantine, Delete, BC delete	3801088			--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\explorer.ocx Script: Quarantine, Delete, BC delete	285212672			--	2964
C:\Program Files\Softex\OmniPass\ginastub.dll Script: Quarantine, Delete, BC delete	268435456			--	2940
C:\Program Files\Softex\OmniPass\hdddrv.dll Script: Quarantine, Delete, BC delete	21102592	hdddrv DLL	Copyright (C) 2003	--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\ldapdrv.dll Script: Quarantine, Delete, BC delete	21168128	OmniPass LDAP Component Storage Driver	Copyright (C) 2004 All rights reserved.	--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\mstrpwd.dll Script: Quarantine, Delete, BC delete	25952256	Master Password Auth DLL	Copyright (C) 2003-2005 Softex, Inc.	--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\opxpgina.dll Script: Quarantine, Delete, BC delete	268435456			--	996
C:\Program Files\Softex\OmniPass\SCUREDLL.dll Script: Quarantine, Delete, BC delete	268435456			--	1044, 3140, 3196, 584, 3024, 3384, 372, 3780, 3064, 1172, 3052, 2964, 2892, 724, 3640, 2884
C:\Program Files\Softex\OmniPass\sftxtgp.dll Script: Quarantine, Delete, BC delete	23592960			--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\ssplogon.dll Script: Quarantine, Delete, BC delete	3342336			--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\storeng.dll Script: Quarantine, Delete, BC delete	268435456	storeng DLL	Copyright (C) 2003-2005 Softex, Inc.	--	1648, 2940, 2964
C:\Program Files\Softex\OmniPass\userdata.dll Script: Quarantine, Delete, BC delete	3407872	userdata DLL	Copyright (C) 2003-2005 Softex, Inc.	--	1648, 2940, 2964
C:\Program Files\ThinkVantage\AMSG\AHLPRUNL.dll Script: Quarantine, Delete, BC delete	268435456			--	3024
C:\PROGRA~1\Lenovo\LENOVO~2\US\LPRESMGR.DLL Script: Quarantine, Delete, BC delete	268435456			--	3052
C:\PROGRA~1\THINKV~1\AMSG\AcpPollingEngine.dll Script: Quarantine, Delete, BC delete	16515072	AcpPollingEngine Module	© IBM Corporation 2003, © Lenovo 2005	--	3024
C:\WINDOWS\system32\ATSC63.DLL Script: Quarantine, Delete, BC delete	26673152	AuthenTec AT DLL	Copyright © 1999 - 2005 AuthenTec, Inc. All rights reserved.	--	1648, 2940, 2964
C:\WINDOWS\system32\btrez.dll Script: Quarantine, Delete, BC delete	14155776	btrez DLL	Copyright 2000-2006, Broadcom Corporation.	--	372, 3780
C:\WINDOWS\system32\tphklock.dll Script: Quarantine, Delete, BC delete	18087936			--	996
Modules detected:481, recognized as trusted 459

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\System32\Drivers\axenlixi.SYS Script: Quarantine, Delete, BC delete	F54FF000	044000 (278528)	FarStone SCSI Miniport	Copyright (C) FarStone, Inc. 2003-2004
C:\WINDOWS\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, BC delete	F1F53000	018000 (98304)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, BC delete	F7BA6000	002000 (8192)
C:\WINDOWS\System32\drivers\DVDRC.sys Script: Quarantine, Delete, BC delete	F794E000	006000 (24576)
C:\WINDOWS\system32\Drivers\FsUdf.sys Script: Quarantine, Delete, BC delete	F72EF000	022000 (139264)	CD-ROM or DVD-ROM File System Driver	Copyright (C) Farstone Corp.
C:\WINDOWS\system32\DRIVERS\fvdscsi.sys Script: Quarantine, Delete, BC delete	F5B47000	010000 (65536)	FarStone SCSI Miniport	Copyright (C) FarStone, Inc. 2003-2004
C:\WINDOWS\system32\Drivers\IBMBLDID.sys Script: Quarantine, Delete, BC delete	F7B48000	002000 (8192)
C:\WINDOWS\system32\drivers\ibmfilter.sys Script: Quarantine, Delete, BC delete	BA097000	004000 (16384)	IBM Rescue and Recovery filter driver	Copyright (C) IBM2003
C:\WINDOWS\system32\Drivers\sptd.sys Script: Quarantine, Delete, BC delete	F73FD000	110000 (1114112)
C:\WINDOWS\System32\Drivers\TPHKDRV.SYS Script: Quarantine, Delete, BC delete	F791E000	005000 (20480)	Lenovo Hotkey Driver	Copyright (C) Lenovo 2005.
Modules detected - 162, recognized as trusted - 152

Services

Service	Description	Status	File	Group	Dependencies
omniserv Service: Stop, Delete, Disable, BC delete	Softex OmniPass Service	Running	C:\Program Files\Softex\OmniPass\Omniserv.exe Script: Quarantine, Delete, BC delete
PMSveH Service: Stop, Delete, Disable, BC delete	PMSveH	Running	C:\WINDOWS\system32\PMSveH.exe Script: Quarantine, Delete, BC delete
AVG Security Toolbar Service Service: Stop, Delete, Disable, BC delete	AVG Security Toolbar Service	Not started	C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe Script: Quarantine, Delete, BC delete
PsaSrv Service: Stop, Delete, Disable, BC delete	IBM PSA Access Driver Control	Not started	C:\WINDOWS\system32\PsaSrv.exe Script: Quarantine, Delete, BC delete
VMCService Service: Stop, Delete, Disable, BC delete	Vodafone Mobile Connect Service	Not started	C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe Script: Quarantine, Delete, BC delete		winmgmt
WDDMService Service: Stop, Delete, Disable, BC delete	WD SmartWare Drive Manager	Not started	C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe Script: Quarantine, Delete, BC delete
WDFME Service: Stop, Delete, Disable, BC delete	WD File Management Engine	Not started	C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe Script: Quarantine, Delete, BC delete
WDSC Service: Stop, Delete, Disable, BC delete	WD File Management Shadow Engine	Not started	C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe Script: Quarantine, Delete, BC delete
Detected - 121, recognized as trusted - 113

Drivers

Service	Description	Status	File	Group	Dependencies
DVDRC Driver: Unload, Delete, Disable, BC delete	DVDRC	Running	C:\WINDOWS\system32\drivers\DVDRC.sys Script: Quarantine, Delete, BC delete
FsUdf Driver: Unload, Delete, Disable, BC delete	FsUdf	Running	C:\WINDOWS\system32\Drivers\FsUdf.sys Script: Quarantine, Delete, BC delete	Filter
fvdscsi Driver: Unload, Delete, Disable, BC delete	fvdscsi	Running	C:\WINDOWS\system32\DRIVERS\fvdscsi.sys Script: Quarantine, Delete, BC delete	SCSI Miniport
ibmfilter Driver: Unload, Delete, Disable, BC delete	ibmfilter	Running	C:\WINDOWS\system32\drivers\ibmfilter.sys Script: Quarantine, Delete, BC delete
IBMTPCHK Driver: Unload, Delete, Disable, BC delete	IBMTPCHK	Running	C:\WINDOWS\system32\Drivers\IBMBLDID.sys Script: Quarantine, Delete, BC delete
sptd Driver: Unload, Delete, Disable, BC delete	sptd	Running	C:\WINDOWS\System32\Drivers\sptd.sys Script: Quarantine, Delete, BC delete	Boot Bus Extender
TPHKDRV Driver: Unload, Delete, Disable, BC delete	TPHKDRV	Running	C:\WINDOWS\system32\Drivers\TPHKDRV.sys Script: Quarantine, Delete, BC delete
Abiosdsk Driver: Unload, Delete, Disable, BC delete	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, BC delete	Primary disk
ANCSQ Driver: Unload, Delete, Disable, BC delete	ANCSQ	Not started	C:\WINDOWS\System32\drivers\ANCSQ.sys Script: Quarantine, Delete, BC delete	Streams Drivers
Atdisk Driver: Unload, Delete, Disable, BC delete	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, BC delete	Primary disk
catchme Driver: Unload, Delete, Disable, BC delete	catchme	Not started	C:\ComboFix\catchme.sys Script: Quarantine, Delete, BC delete	Base
Changer Driver: Unload, Delete, Disable, BC delete	Changer	Not started	Changer.sys Script: Quarantine, Delete, BC delete	Filter
dac970nt Driver: Unload, Delete, Disable, BC delete	dac970nt	Not started	C:\WINDOWS\system32\drivers\gmdnlj.sys Script: Quarantine, Delete, BC delete
hwusbdev Driver: Unload, Delete, Disable, BC delete	Huawei DataCard USB PNP Device	Not started	C:\WINDOWS\system32\DRIVERS\ewusbdev.sys Script: Quarantine, Delete, BC delete
lbrtfdc Driver: Unload, Delete, Disable, BC delete	lbrtfdc	Not started	lbrtfdc.sys Script: Quarantine, Delete, BC delete	System Bus Extender
NSNDIS5 Driver: Unload, Delete, Disable, BC delete	NSNDIS5 NDIS Protocol Driver	Not started	C:\WINDOWS\system32\NSNDIS5.SYS Script: Quarantine, Delete, BC delete	PNP_TDI
PCIDump Driver: Unload, Delete, Disable, BC delete	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, BC delete	PCI Configuration
PDCOMP Driver: Unload, Delete, Disable, BC delete	PDCOMP	Not started	PDCOMP.sys Script: Quarantine, Delete, BC delete
PDFRAME Driver: Unload, Delete, Disable, BC delete	PDFRAME	Not started	PDFRAME.sys Script: Quarantine, Delete, BC delete
PDRELI Driver: Unload, Delete, Disable, BC delete	PDRELI	Not started	PDRELI.sys Script: Quarantine, Delete, BC delete
PDRFRAME Driver: Unload, Delete, Disable, BC delete	PDRFRAME	Not started	PDRFRAME.sys Script: Quarantine, Delete, BC delete
PEEK5 Driver: Unload, Delete, Disable, BC delete	PEEK5 Protocol Driver	Not started	C:\DOCUME~1\gerald\MYDOCU~1\GERALD~1\HONGME~1\sid\internet\network\AIRCRA~2.1\PEEK5.SYS Script: Quarantine, Delete, BC delete
psadd Driver: Unload, Delete, Disable, BC delete	IBM PSA Access Driver	Not started	C:\WINDOWS\system32\Drivers\psadd.sys Script: Quarantine, Delete, BC delete
Simbad Driver: Unload, Delete, Disable, BC delete	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, BC delete	Filter
WDICA Driver: Unload, Delete, Disable, BC delete	WDICA	Not started	WDICA.sys Script: Quarantine, Delete, BC delete
Detected - 248, recognized as trusted - 223

Autoruns

File name	Status	Startup method	Description
C:\Documents and Settings\johnnie fritz\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk,
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\HotFixInstaller, EventMessageFile
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Office 12, EventMessageFile
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\MPSampleSubmission, EventMessageFile
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\NDP1.1sp1-KB2416447-X86, EventMessageFile
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\NDP1.1sp1-KB979906-X86, EventMessageFile
C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, LPManager Delete
C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\NDP1.1sp1-KB2572067-X86, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\DW\dw20.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime 4.0 Error Reporting, EventMessageFile
C:\Program Files\Google\Picasa3\Picasa3.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Picasa3, EventMessageFile
C:\Program Files\ImgBurn\ImgBurn.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk,
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, TPWAUDAP Delete
C:\Program Files\Softex\OmniPass\omnicsp.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Softex OmniPass CSP, Image Path Delete
C:\Program Files\Softex\OmniPass\opfolderext.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D0CE97A0-415B-42E9-B251-34393AF2D5F6} Delete
C:\Program Files\Softex\OmniPass\opfolderext.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D5B1944E-DB4E-482E-B3F1-DB05827F0978} Delete
C:\Program Files\Softex\OmniPass\opxpgina.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina, DLLName Delete
C:\Program Files\Softex\OmniPass\scureapp.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, OmniPass Delete
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SynTPEnh Delete
C:\Program Files\ThinkVantage\AMSG\Amsg.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AMSG Delete
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, suScheduler Delete
C:\Program Files\VideoLAN\VLC\vlc.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\johnnie fritz\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk,
C:\WINDOWS\AGRSMMSG.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AGRSMMSG Delete
C:\WINDOWS\System32\Drivers\lbrtfdc.sys Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc, EventMessageFile
C:\WINDOWS\System32\PrintFilterPipelineSvc.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile
C:\WINDOWS\System32\igmpv2.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
C:\WINDOWS\System32\ipbootp.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
C:\WINDOWS\System32\iprip2.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
C:\WINDOWS\System32\ospf.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile
C:\WINDOWS\System32\ospfmib.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile
C:\WINDOWS\System32\polagent.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile
C:\WINDOWS\System32\tssdis.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile
C:\WINDOWS\system32\AC3ACM.acm Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.ac3acm Delete
C:\WINDOWS\system32\AegisE5.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\AegisP, EventMessageFile
C:\WINDOWS\system32\KB905474\wgasetup.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WgaSetup, EventMessageFile
C:\WINDOWS\system32\MsSip1.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL Delete
C:\WINDOWS\system32\MsSip2.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL Delete
C:\WINDOWS\system32\MsSip3.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL Delete
C:\WINDOWS\system32\mpg4c32.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.mpg4 Delete
C:\WINDOWS\system32\mpg4c32.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.mp42 Delete
C:\WINDOWS\system32\mpg4c32.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.mp43 Delete
C:\WINDOWS\system32\psxss.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\WINDOWS\system32\stisvc.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile
C:\WINDOWS\vsnp2std.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, snp2std Delete
SDEvents.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2, EventMessageFile
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, ISUSPM Startup Delete
c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\.NET Runtime 2.0 Error Reporting, EventMessageFile
c:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft (R) Visual C# 2005 Compiler, EventMessageFile
kbd101.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN Delete
kbd101a.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR Delete
mvfs32.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_USERS, S-1-5-21-1379659331-1222129270-24395848-1005\Control Panel\IOProcs, MVB Delete
tphklock.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey, DLLName Delete
vgafix.fon Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
Autoruns items detected - 951, recognized as trusted - 892

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
C:\Documents and Settings\johnnie fritz\Application Data\Complitly\Complitly.dll Script: Quarantine, Delete, BC delete	BHO			{0FB6A909-6086-458F-BD92-1F8EE10042A0} Delete
	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
	Extension module			{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} Delete
C:\Program Files\Messenger\msmsgs.exe Script: Quarantine, Delete, BC delete	Extension module			{FB5F1910-F110-11d2-BB9E-00C04F795683} Delete
Elements detected - 25, recognized as trusted - 21

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	Display Panning CPL Extension			{42071714-76d4-11d1-8b24-00a0c9068ff3} Delete
	Shell extensions for file compression			{764BF0E1-F219-11ce-972D-00AA00A14F56} Delete
	Encryption Context Menu			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Delete
	Taskbar and Start Menu			{0DF44EAA-FF21-4412-828E-260A8728E7F1} Delete
	User Accounts			{7A9D77BD-5403-11d2-8785-2E0420524153} Delete
	OmniPass Shell Extension			{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} Delete
C:\Program Files\Softex\OmniPass\opfolderext.dll Script: Quarantine, Delete, BC delete	OmniPass Shell Extension	OpFolderExt	(c) Softex Inc. All rights reserved.	{D0CE97A0-415B-42E9-B251-34393AF2D5F6} Delete
C:\Program Files\Softex\OmniPass\opfolderext.dll Script: Quarantine, Delete, BC delete	OmniPass ShellNameSpace Extension	OpFolderExt	(c) Softex Inc. All rights reserved.	{D5B1944E-DB4E-482E-B3F1-DB05827F0978} Delete
	AVG Find Extension			{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Delete
				{1984DD45-52CF-49cd-AB77-18F378FEA264} {000214e8-0000-0000-c000-000000000046} 0x401 Delete
	PowerISO			{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} Delete
Elements detected - 239, recognized as trusted - 228

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
Elements detected - 12, recognized as trusted - 12

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 1, recognized as trusted - 1

SPI/LSP settings

Namespace providers (NSP)

Provider	Status	EXE file	Description	GUID
Detected - 4, recognized as trusted - 4

Transport protocol providers (TSP, LSP)

Provider EXE file Description
Detected - 25, recognized as trusted - 25
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 24758 [1268] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 20568 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5152 LISTENING 0.0.0.0 41111 [952] c:\program files\java\jre6\bin\jqs.exe
Script: Quarantine, Delete, BC delete, Terminate
27015 LISTENING 0.0.0.0 41111 [384] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, BC delete, Terminate
31038 LISTENING 0.0.0.0 26777 [704] c:\program files\diskeeper corporation\diskeeper\dkservice.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
123 LISTENING -- -- [1308] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [1052] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1560] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [1052] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Delete http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Elements detected - 4, recognized as trusted - 3

Control Panel Applets (CPL)

File name Description Manufacturer
C:\WINDOWS\system32\scurecpl.cpl
Script: Quarantine, Delete, BC delete Softex OmniPass CPL file Copyright (C) 2001 - 2005
Elements detected - 31, recognized as trusted - 30

Active Setup

File name Description Manufacturer CLSID
Elements detected - 14, recognized as trusted - 14

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 35, recognized as trusted - 32

Suspicious objects

File Description Type
C:\WINDOWS\system32\Drivers\sptd.sys
Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook
C:\Program Files\Softex\OmniPass\SCUREDLL.dll
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL

Main script of analysis
Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 3"
System Restore: enabled
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
IAT modification detected: CreateProcessA - 00B50010<>7C80236B
IAT modification detected: GetModuleFileNameA - 00B50080<>7C80B56F
IAT modification detected: FreeLibrary - 00B500F0<>7C80AC7E
IAT modification detected: GetModuleFileNameW - 00B50160<>7C80B475
IAT modification detected: CreateProcessW - 00B501D0<>7C802336
IAT modification detected: LoadLibraryW - 00B502B0<>7C80AEEB
IAT modification detected: LoadLibraryA - 00B50320<>7C801D7B
IAT modification detected: GetProcAddress - 00B50390<>7C80AE40
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=085700)
 Kernel ntkrnlpa.exe found in memory at address 804D7000
   SDT = 8055C700
   KiST = 80504480 (284)
Function NtCreateKey (29) intercepted (806240F0->F743AFA0), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateKey (47) intercepted (8062493C->F746E698), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtEnumerateValueKey (49) intercepted (80624BA6->F746EA26), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtOpenKey (77) intercepted (806254CE->F743AF80), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryKey (A0) intercepted (80625810->F746EAFE), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtQueryValueKey (B1) intercepted (80622314->F746E97E), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Function NtSetValueKey (F7) intercepted (80622662->F746EB90), hook C:\WINDOWS\system32\Drivers\sptd.sys
>>> Function restored successfully !
>>> Hook code blocked
Functions checked: 284, intercepted: 7, restored: 7
1.3 Checking IDT and SYSENTER
 Analysis for CPU 1
 Analysis for CPU 2
CmpCallCallBacks = 00093D84
Disable callback OK
 Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking of IRP handlers
 Driver loaded successfully
\FileSystem\ntfs[IRP_MJ_CREATE] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_CLOSE] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_WRITE] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_EA] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_EA] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 87B971E8 -> hook not defined
\FileSystem\ntfs[IRP_MJ_PNP] = 87B971E8 -> hook not defined
 Checking - complete
C:\Program Files\Softex\OmniPass\SCUREDLL.dll --> Suspicion for Keylogger or Trojan DLL
C:\Program Files\Softex\OmniPass\SCUREDLL.dll>>> Behavioral analysis 
  1. Reacts to events: keyboard, mouse
C:\Program Files\Softex\OmniPass\SCUREDLL.dll>>> Neural net: file with probability 0.00% like a typical keyboard/mouse events interceptor
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: TlntSvr (Telnet)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
 >>  Process termination timeout is out of admissible values
 >>  Service termination timeout is out of admissible values
 >>  Disable HDD autorun
 >>  Disable autorun from network drives
 >>  Disable CD/DVD autorun
 >>  Disable removable media autorun
 >>  Windows Explorer - show extensions of known file types
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:Performance tweaking: disable service RemoteRegistry (Remote Registry)
Performance tweaking: disable service TermService (Terminal Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery Service)
Performance tweaking: disable service TlntSvr (Telnet)
Performance tweaking: disable service Schedule (Task Scheduler)
Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)
Performance tweaking: disable service RDSessMgr (Remote Desktop Help Session Manager)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	24758	[1268] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
445	LISTENING	0.0.0.0	20568	[4] System Script: Quarantine, Delete, BC delete, Terminate
5152	LISTENING	0.0.0.0	41111	[952] c:\program files\java\jre6\bin\jqs.exe Script: Quarantine, Delete, BC delete, Terminate
27015	LISTENING	0.0.0.0	41111	[384] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, BC delete, Terminate
31038	LISTENING	0.0.0.0	26777	[704] c:\program files\diskeeper corporation\diskeeper\dkservice.exe Script: Quarantine, Delete, BC delete, Terminate
UDP ports
123	LISTENING	--	--	[1308] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
445	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
500	LISTENING	--	--	[1052] c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[1560] c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate
4500	LISTENING	--	--	[1052] c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate