Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	1184	Apple Mobile Device Service	© 2010 Apple Inc. All rights reserved.	??	141.28 kb, rsAh, created: 19.3.2010 10:49:20, modified: 19.3.2010 10:49:20 Command line: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
c:\program files\sony ericsson\mobile2\application launcher\application launcher.exe Script: Quarantine, Delete, Delete via BC, Terminate	3448	Application Launcher	Copyright (c) 2007 Teleca AB. All rights reserved.	??	516.00 kb, RsAh, created: 13.6.2007 8:16:02, modified: 13.6.2007 8:16:02 Command line: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
c:\program files\alwil software\avast4\ashdisp.exe Script: Quarantine, Delete, Delete via BC, Terminate	3516	avast! service GUI component	Copyright (c) 2009 ALWIL Software	??	79.10 kb, rsAh, created: 13.5.2010 19:53:43, modified: 25.11.2009 0:51:40 Command line: "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
c:\program files\alwil software\avast4\ashserv.exe Script: Quarantine, Delete, Delete via BC, Terminate	1780	avast! antivirus service	Copyright (c) 2009 ALWIL Software	??	135.43 kb, rsAh, created: 13.5.2010 19:53:43, modified: 25.11.2009 0:51:35 Command line: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
c:\program files\alwil software\avast4\aswupdsv.exe Script: Quarantine, Delete, Delete via BC, Terminate	1764	avast! Antivirus updating service	Copyright (c) 2009 ALWIL Software	??	18.31 kb, rsAh, created: 13.5.2010 19:53:43, modified: 25.11.2009 0:43:56 Command line: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
c:\program files\acer arcade live\acer tv share\kernel\dmstv\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate	1072	CLMSServer	Copyright (C) 2004-2006	??	263.11 kb, rsah, created: 19.3.2008 9:17:46, modified: 4.4.2007 20:13:22 Command line: "C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe"
c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate	820	CLMSServer	Copyright (C) 2004-2006	??	260.10 kb, rsAh, created: 10.5.2007 12:44:09, modified: 4.4.2007 18:54:08 Command line: "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
c:\windows\ehome\ehrecvr.exe Script: Quarantine, Delete, Delete via BC, Terminate	4476	Windows Media Center Receiver Service	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	285.50 kb, rsAh, created: 24.6.2008 8:50:05, modified: 19.1.2008 9:33:09 Command line: C:\Windows\ehome\ehRecvr.exe
c:\program files\sony ericsson\mobile2\mobile phone monitor\epmworker.exe Script: Quarantine, Delete, Delete via BC, Terminate	4868	CAPI_Worker Module	Copyright © 2005 Popwire AB. All rights reserved.	??	860.00 kb, RsAh, created: 11.7.2007 15:57:42, modified: 11.7.2007 15:57:42 Command line: "C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe" -Embedding
c:\acer\empowering technology\erecovery\erecoveryservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	2276	eRecoveryService	Copyright © 2006	??	52.00 kb, rsAh, created: 19.3.2008 9:18:34, modified: 31.1.2007 19:18:42 Command line: "C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe"
c:\windows\explorer.exe Script: Quarantine, Delete, Delete via BC, Terminate	1676	Prщzkumnнk Windows	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	2858.00 kb, rsAh, created: 20.10.2009 21:55:50, modified: 11.4.2009 8:27:36 Command line: C:\Windows\Explorer.EXE
c:\windows\system32\macromed\flash\flashutil10e.exe Script: Quarantine, Delete, Delete via BC, Terminate	4836	Adobe Flash Player Helper 10.0 r45	Copyright © 1996-2009 Adobe, Inc.	??	250.27 kb, RsAh, created: 27.1.2010 2:58:38, modified: 27.1.2010 2:58:38 Command line: C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe -Embedding
c:\program files\common files\teleca shared\generic.exe Script: Quarantine, Delete, Delete via BC, Terminate	3360	Generic Device Management Executable.	(c) 2007 Teleca AB. All rights reserved.	??	960.00 kb, RsAh, created: 16.3.2007 3:23:20, modified: 16.3.2007 3:23:20 Command line: "C:\Program Files\Common Files\Teleca Shared\Generic.exe" -Embedding
c:\program files\google\update\1.2.183.23\googlecrashhandler.exe Script: Quarantine, Delete, Delete via BC, Terminate	952	Instalaиnн program Google	Copyright 2007–2009 Google Inc.	??	132.98 kb, rsAh, created: 18.3.2010 15:59:04, modified: 18.3.2010 15:59:03 Command line: "C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe" /crashhandler
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe Script: Quarantine, Delete, Delete via BC, Terminate	3560	GoogleToolbarNotifier	Copyright © 2005-2008	??	38.48 kb, rsAh, created: 15.2.2009 3:55:32, modified: 15.2.2009 3:55:32 Command line: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
c:\program files\ipod\bin\ipodservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	3396	iPodService Module (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	??	532.79 kb, rsAh, created: 26.3.2010 1:09:52, modified: 26.3.2010 1:09:52 Command line: "C:\Program Files\iPod\bin\iPodService.exe"
c:\program files\itunes\ituneshelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	3488	iTunesHelper	© 2003-2010 Apple Inc. All rights reserved.	??	138.79 kb, rsAh, created: 26.3.2010 1:10:02, modified: 26.3.2010 1:10:02 Command line: "C:\Program Files\iTunes\iTunesHelper.exe"
c:\windows\system32\lfxgdipo.exe Script: Quarantine, Delete, Delete via BC, Terminate	3356			??	12.00 kb, rsAh, created: 30.7.2007 7:32:54, modified: 30.7.2007 7:32:54 Command line: "LFXGDIPO.exe"
c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate	1472	Bonjour Service	Copyright (C) 2003-2010 Apple Inc.	??	337.28 kb, rsAh, created: 12.2.2010 11:46:12, modified: 12.2.2010 11:46:12 Command line: "C:\Program Files\Bonjour\mDNSResponder.exe"
c:\program files\cdburnerxp\nmsaccessu.exe Script: Quarantine, Delete, Delete via BC, Terminate	1012			??	69.43 kb, rsAh, created: 3.4.2010 18:33:12, modified: 4.3.2010 23:38:00 Command line: "C:\Program Files\CDBurnerXP\NMSAccessU.exe"
c:\program files\acer arcade live\acer homemedia connect\kernel\dms\pcmmediasharing.exe Script: Quarantine, Delete, Delete via BC, Terminate	3604			??	196.11 kb, rsAh, created: 10.5.2007 12:44:09, modified: 4.4.2007 18:54:58 Command line: "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe"
c:\program files\cyberlink\shared files\richvideo.exe Script: Quarantine, Delete, Delete via BC, Terminate	2072	RichVideo Module	Copyright 2004	??	140.00 kb, rsAh, created: 10.5.2007 12:45:05, modified: 9.4.2007 18:29:18 Command line: "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
c:\windows\system32\searchprotocolhost.exe Script: Quarantine, Delete, Delete via BC, Terminate	5508	Microsoft Windows Search Protocol Host	© Microsoft Corporation. All rights reserved.	??	181.00 kb, rsAh, created: 20.10.2009 21:55:59, modified: 11.4.2009 8:27:59 Command line: "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_s-1-5-21-4035357639-115081457-3791126685-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_s-1-5-21-4035357639-115081457-3791126685-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
c:\windows\system32\spoolsv.exe Script: Quarantine, Delete, Delete via BC, Terminate	2036	Spooler SubSystem App	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	124.50 kb, rsAh, created: 20.10.2009 21:55:27, modified: 11.4.2009 8:28:05 Command line: C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	1204	Host Process for Windows Services	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	21.00 kb, rsAh, created: 24.6.2008 8:48:44, modified: 19.1.2008 9:33:32 Command line: C:\Windows\system32\svchost.exe -k LocalService
c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	872	Host Process for Windows Services	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	21.00 kb, rsAh, created: 24.6.2008 8:48:44, modified: 19.1.2008 9:33:32 Command line: C:\Windows\System32\svchost.exe -k secsvcs
c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	1428	Host Process for Windows Services	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	21.00 kb, rsAh, created: 24.6.2008 8:48:44, modified: 19.1.2008 9:33:32 Command line: C:\Windows\system32\svchost.exe -k NetworkService
c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	2104	Host Process for Windows Services	© Microsoft Corporation. Vљechna prбva vyhrazena.	??	21.00 kb, rsAh, created: 24.6.2008 8:48:44, modified: 19.1.2008 9:33:32 Command line: C:\Windows\system32\svchost.exe -k imgsvc
Detected:75, recognized as trusted 60

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe Script: Quarantine, Delete, Delete via BC	2359296	eRecoveryService	Copyright © 2006	??	2276
C:\Acer\Empowering Technology\eRecovery\IERYETF.dll Script: Quarantine, Delete, Delete via BC	1901133824	IERYETF	Copyright © 2006	--	2276
C:\Acer\Empowering Technology\eRecovery\INT15.dll Script: Quarantine, Delete, Delete via BC	268435456			--	2276
C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll Script: Quarantine, Delete, Delete via BC	1901395968	ServiceInterface	Copyright © 2006	--	2276
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLFileIStream.dll Script: Quarantine, Delete, Delete via BC	27787264	CLFileIStream.dll	Copyright (C) 2005	--	820
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMediaFormat.dll Script: Quarantine, Delete, Delete via BC	22544384	CLMediaFormat	Copyright (c) 2004 ~ 2006	--	820
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMediaServer.dll Script: Quarantine, Delete, Delete via BC	27590656	CLMediaServer Module	Copyright (C) 2004-2006	--	820
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMpeg2TransIStream.dll Script: Quarantine, Delete, Delete via BC	27852800			--	820
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSClient.dll Script: Quarantine, Delete, Delete via BC	268435456	CLMSClient	Copyright (C) 2004-2006	--	3604
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe Script: Quarantine, Delete, Delete via BC	4194304	CLMSServer	Copyright (C) 2004-2006	??	820
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll Script: Quarantine, Delete, Delete via BC	1310720			--	820
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaServer.dll Script: Quarantine, Delete, Delete via BC	268435456	PCMMediaServer	Copyright (C) 2004-2006	--	820
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe Script: Quarantine, Delete, Delete via BC	4194304			??	3604
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll Script: Quarantine, Delete, Delete via BC	1620049920			--	820
C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMediaFormat.dll Script: Quarantine, Delete, Delete via BC	9633792	CLMediaFormat	Copyright (c) 2004 ~ 2006	--	1072
C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe Script: Quarantine, Delete, Delete via BC	4194304	CLMSServer	Copyright (C) 2004-2006	??	1072
C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLSchMgr.dll Script: Quarantine, Delete, Delete via BC	44171264	CLSchMgr DLL	Copyright (C) 2004	--	1072
C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLSchRecordMonitor.dll Script: Quarantine, Delete, Delete via BC	2359296			--	1072
C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLTinyDB.dll Script: Quarantine, Delete, Delete via BC	66977792	CLTinyDB Dynamic Link Library	Copyright (C) 2005	--	1072
C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\DHERRec4.dll Script: Quarantine, Delete, Delete via BC	55377920	CLRec4.1	Copyright (c) 2003 CyberLink Corp.	--	1072
C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\PCMMediaServer.dll Script: Quarantine, Delete, Delete via BC	268435456	PCMMediaServer	Copyright (C) 2004-2006	--	1072
C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\sqlite3.dll Script: Quarantine, Delete, Delete via BC	1620049920			--	1072
C:\Program Files\Alwil Software\Avast4\AavmRpch.dll Script: Quarantine, Delete, Delete via BC	1695547392	avast! AAVM Remote Procedure Call Library	Copyright (c) 2009 ALWIL Software	--	3516, 1780
C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll Script: Quarantine, Delete, Delete via BC	1702363136	avast! Script Blocking library for Netscape/Mozilla	Copyright (c) 2009 ALWIL Software	--	1780, 1072, 820, 3356, 2072, 2036
C:\Program Files\Alwil Software\Avast4\AhResJs.dll Script: Quarantine, Delete, Delete via BC	1699217408	avast! Script Blocking AAVM Provider Library	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\AhResMai.dll Script: Quarantine, Delete, Delete via BC	1698168832	avast! e-Mail Scanner AAVM Provider Library	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\ahResMes.dll Script: Quarantine, Delete, Delete via BC	1703411712	avast!4 Messenger scanner AAVM Provider Library	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\AhResNS.dll Script: Quarantine, Delete, Delete via BC	1704460288	avast!4 Network Shield AAVM Provider Library	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\AhResOut.dll Script: Quarantine, Delete, Delete via BC	1697120256	avast! MS Outlook/Exchange AAVM Provider Library	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\ahResP2P.dll Script: Quarantine, Delete, Delete via BC	1703673856	avast!4 P2P Shield AAVM Provider Library	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\AhResStd.dll Script: Quarantine, Delete, Delete via BC	1696071680	avast! Standard Shield AAVM Provider Library	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\AhResWS.dll Script: Quarantine, Delete, Delete via BC	1704984576	avast! HTTP Scanner AAVM Provider Library	Copyright (c) 2009 ALWIL Software	--	1780
c:\program files\alwil software\avast4\ahruijs.dll Script: Quarantine, Delete, Delete via BC	1699741696	avast! Script Blocking AAVM Provider Library GUI Library	Copyright (c) 2009 ALWIL Software	--	3516
c:\program files\alwil software\avast4\ahruimai.dll Script: Quarantine, Delete, Delete via BC	1698693120	avast! e-Mail Scanner provider GUI	Copyright (c) 2009 ALWIL Software	--	3516
c:\program files\alwil software\avast4\ahruimes.dll Script: Quarantine, Delete, Delete via BC	1703936000	avast!4 Messenger scanner AAVM Provider GUI Library	Copyright (c) 2009 ALWIL Software	--	3516
c:\program files\alwil software\avast4\ahruins.dll Script: Quarantine, Delete, Delete via BC	1704722432	avast!4 Network Shield AAVM Provider GUI Library	Copyright (c) 2009 ALWIL Software	--	3516
c:\program files\alwil software\avast4\ahruiout.dll Script: Quarantine, Delete, Delete via BC	1697644544	avast! MS Outlook/Exchange AAVM Provider GUI Library	Copyright (c) 2009 ALWIL Software	--	3516
c:\program files\alwil software\avast4\ahruip2p.dll Script: Quarantine, Delete, Delete via BC	1704198144	avast!4 P2P Shield AAVM Provider GUI Library	Copyright (c) 2009 ALWIL Software	--	3516
c:\program files\alwil software\avast4\ahruistd.dll Script: Quarantine, Delete, Delete via BC	1696595968	avast! Standard Shield AAVM Provider GUI Library	Copyright (c) 2009 ALWIL Software	--	3516
c:\program files\alwil software\avast4\ahruiws.dll Script: Quarantine, Delete, Delete via BC	1705246720	Avast! WWW Scanner AAVM Provider GUI Library	Copyright (c) 2009 ALWIL Software	--	3516
C:\Program Files\Alwil Software\Avast4\ashBase.dll Script: Quarantine, Delete, Delete via BC	1682964480	Basic Functionality Module	Copyright (c) 2009 ALWIL Software	--	3516, 1780
C:\Program Files\Alwil Software\Avast4\ashDisp.exe Script: Quarantine, Delete, Delete via BC	4194304	avast! service GUI component	Copyright (c) 2009 ALWIL Software	??	3516
C:\Program Files\Alwil Software\Avast4\ashServ.exe Script: Quarantine, Delete, Delete via BC	4194304	avast! antivirus service	Copyright (c) 2009 ALWIL Software	??	1780
C:\Program Files\Alwil Software\Avast4\ashShell.dll Script: Quarantine, Delete, Delete via BC	1693450240	avast! Shell Extension	Copyright (c) 2009 ALWIL Software	--	1676
C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll Script: Quarantine, Delete, Delete via BC	1686634496	avast! Sqlt Storage Module	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\ashTask.dll Script: Quarantine, Delete, Delete via BC	1686110208	Task Handling Module	Copyright (c) 2009 ALWIL Software	--	3516, 1780
C:\Program Files\Alwil Software\Avast4\ashUInt.dll Script: Quarantine, Delete, Delete via BC	1689255936	avast! User Interface Common Module	Copyright (c) 2009 ALWIL Software	--	3516
C:\Program Files\Alwil Software\Avast4\aswAux.dll Script: Quarantine, Delete, Delete via BC	1683488768	avast! Auxiliary Library		--	3516, 1780
C:\Program Files\Alwil Software\Avast4\aswCmnB.dll Script: Quarantine, Delete, Delete via BC	1678245888	High level portable functions	Copyright (c) 2009 ALWIL Software	--	3516, 1780, 1764
C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll Script: Quarantine, Delete, Delete via BC	1677721600	Antivirus HW dependent library	Copyright (c) 2009 ALWIL Software	--	3516, 1780, 1764
C:\Program Files\Alwil Software\Avast4\aswCmnS.dll Script: Quarantine, Delete, Delete via BC	1678770176	Common non-portable functions	Copyright (c) 2009 ALWIL Software	--	3516, 1780, 1764
C:\Program Files\Alwil Software\Avast4\aswEngin.dll Script: Quarantine, Delete, Delete via BC	1680343040	High level antivirus engine	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\aswIdle.dll Script: Quarantine, Delete, Delete via BC	1688207360	avast! Idle Hook Library		--	1780
C:\Program Files\Alwil Software\Avast4\aswInteg.dll Script: Quarantine, Delete, Delete via BC	1681915904	Integrity checking implementation	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\aswRes.dll Script: Quarantine, Delete, Delete via BC	1711276032	avast! version 4 resource file	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\aswScan.dll Script: Quarantine, Delete, Delete via BC	1679818752	Low level antivirus engine	Copyright (c) 2009 ALWIL Software	--	1780
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe Script: Quarantine, Delete, Delete via BC	4194304	avast! Antivirus updating service	Copyright (c) 2009 ALWIL Software	??	1764
C:\Program Files\Alwil Software\Avast4\Czech\Base.dll Script: Quarantine, Delete, Delete via BC	1711800320	avast! Czech Basic Module	Copyright (c) 2009 ALWIL Software	--	3516, 1780
C:\Program Files\Alwil Software\Avast4\Czech\Lang.dll Script: Quarantine, Delete, Delete via BC	1712324608	avast! Main Czech Module	Copyright (c) 2009 ALWIL Software	--	3516
C:\Program Files\Alwil Software\Avast4\uiAux2.dll Script: Quarantine, Delete, Delete via BC	45088768	uiAux2 DLL	Copyright (c) 2009 ALWIL Software	--	3516
C:\Program Files\Alwil Software\Avast4\XT1922.dll Script: Quarantine, Delete, Delete via BC	1690828800	Xtreme Toolkit Library DLL	©1998-2003 Codejock Software, All Rights Reserved.	--	3516
C:\Program Files\Bonjour\mdnsNSP.dll Script: Quarantine, Delete, Delete via BC	1948450816	Bonjour Namespace Provider	Copyright (C) 2003-2010 Apple Inc.	--	1780, 820, 2036, 1204, 1428, 2104
C:\Program Files\Bonjour\mDNSResponder.exe Script: Quarantine, Delete, Delete via BC	2555904	Bonjour Service	Copyright (C) 2003-2010 Apple Inc.	??	1472
C:\Program Files\CDBurnerXP\NMSAccessU.exe Script: Quarantine, Delete, Delete via BC	4194304			??	1012
C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll Script: Quarantine, Delete, Delete via BC	1788936192	Apple System Log	2009 Apple, Inc.	--	3488
C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL Script: Quarantine, Delete, Delete via BC	1772421120	CFNetwork	Copyright (C) 2007-2010	--	3488
C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll Script: Quarantine, Delete, Delete via BC	1776287744	CoreFoundation	Copyright (C) 2007-2009, Apple Inc.	--	3488
C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll Script: Quarantine, Delete, Delete via BC	1735262208	ICU Data DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	--	3488
C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll Script: Quarantine, Delete, Delete via BC	1775239168	IBM ICU I18N DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	--	3488
C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll Script: Quarantine, Delete, Delete via BC	1774256128	IBM ICU Common DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	--	3488
C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll Script: Quarantine, Delete, Delete via BC	1789853696	Objective-C Runtime Library	Copyright (C) 2007-2009, Apple Inc.	--	3488
C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll Script: Quarantine, Delete, Delete via BC	1818755072	POSIX Threads for Windows32 Library	Copyright (C) Project contributors 1998-2004	--	3488
C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll Script: Quarantine, Delete, Delete via BC	1773797376	SQLite3 Dynamic Link Library	Copyright Apple Inc. 2009	--	3488
C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll Script: Quarantine, Delete, Delete via BC	1784283136	zlib data compression library	(C) 1995-2004 Jean-loup Gailly & Mark Adler	--	3488
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Script: Quarantine, Delete, Delete via BC	11993088	Apple Mobile Device Service	© 2010 Apple Inc. All rights reserved.	??	1184
C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll Script: Quarantine, Delete, Delete via BC	1691418624	iTunesMobileDevice	Copyright (C) 2009	--	3488
C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll Script: Quarantine, Delete, Delete via BC	1636892672	2007 Microsoft Office component	© 2006 Microsoft Corporation. All rights reserved.	--	5508
C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\gtn.dll Script: Quarantine, Delete, Delete via BC	268435456	GoogleToolbarNotifier	Copyright © 2005-2008	--	3560
C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll Script: Quarantine, Delete, Delete via BC	23396352	GoogleToolbarNotifier	Copyright © 2005-2008	--	3560
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe Script: Quarantine, Delete, Delete via BC	4194304	Instalaиnн program Google	Copyright 2007–2009 Google Inc.	??	952
C:\Program Files\Google\Update\1.2.183.23\goopdate.dll Script: Quarantine, Delete, Delete via BC	402653184	Google Update	Copyright 2007-2010 Google Inc.	--	952
C:\Program Files\iPod\bin\iPodService.exe Script: Quarantine, Delete, Delete via BC	17235968	iPodService Module (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	??	3396
C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL Script: Quarantine, Delete, Delete via BC	1789067264	iPodService Resource Library (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	--	3396
C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL Script: Quarantine, Delete, Delete via BC	1789001728	iPodService Resource Library (32-bit)	© 2003-2010 Apple Inc. All rights reserved.	--	3396
C:\Program Files\iTunes\iTunesHelper.dll Script: Quarantine, Delete, Delete via BC	1770717184	iTunesHelper DLL	© 2003-2010 Apple Inc. All rights reserved.	--	3488
C:\Program Files\iTunes\iTunesHelper.exe Script: Quarantine, Delete, Delete via BC	13500416	iTunesHelper	© 2003-2010 Apple Inc. All rights reserved.	??	3488
C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL Script: Quarantine, Delete, Delete via BC	1784217600	iTunesHelper Resource Library	© 2003-2010 Apple Inc. All rights reserved.	--	3488
C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL Script: Quarantine, Delete, Delete via BC	1779367936	iTunesHelper Resource Library	© 2003-2010 Apple Inc. All rights reserved.	--	3488
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll Script: Quarantine, Delete, Delete via BC	268435456	Malwarebytes' Anti-Malware	© Malwarebytes Corporation. All rights reserved.	--	1676
C:\Program Files\Microsoft Office\Office12\1029\mapir.dll Script: Quarantine, Delete, Delete via BC	1730150400	ExOlk Intl Pluggable UI	© 2007 Microsoft Corporation. Vљechna prбva vyhrazena.	--	5508
C:\Program Files\Microsoft Office\Office12\olmapi32.dll Script: Quarantine, Delete, Delete via BC	1723072512	Extended MAPI 1.0 for Windows NT	© 2006 Microsoft Corporation. All rights reserved.	--	5508
C:\Program Files\QuickTime\QTSystem\QTCF.dll Script: Quarantine, Delete, Delete via BC	1765343232	QuickTime CoreFoundation	Copyright Apple Inc. 1989-2010	--	3488
C:\Program Files\QuickTime\QTSystem\QuickTime.qts Script: Quarantine, Delete, Delete via BC	1706622976	QuickTime	Copyright Apple Inc. 1989-2010	--	3488
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll Script: Quarantine, Delete, Delete via BC	11206656	Spouљtмnн aplikacн	Copyright © 2007 Sony Ericsson Mobile Communications AB. All rights reserved	--	3448
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherMainDlg.dll Script: Quarantine, Delete, Delete via BC	11272192	Main dialog layout	Copyright © 2006 Sony Ericsson Mobile Communications AB. All rights reserved.	--	3448
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\Capires0405.DLL Script: Quarantine, Delete, Delete via BC	271581184	capires0809	Copyright © 2005 Popwire AB. Vљechna prбva vyhrazena.	--	4868
C:\Program Files\WinRAR\rarlng.dll Script: Quarantine, Delete, Delete via BC	121962496			--	1676
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42560F18-92E0-4416-8A85-86EFB4BEADB6}\mpengine.dll Script: Quarantine, Delete, Delete via BC	1902903296	Microsoft Malware Protection Engine	© Microsoft Corporation. All rights reserved.	--	872
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.key Script: Quarantine, Delete, Delete via BC	180355072	Individualized Black Box DLL	© Microsoft Corporation. All rights reserved.	--	4476
C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL Script: Quarantine, Delete, Delete via BC	1867186176	Microsoft Office OneNote Filter	© 2006 Microsoft Corporation. All rights reserved.	--	5508
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll Script: Quarantine, Delete, Delete via BC	1838153728	Microsoft Common Language Runtime Class Library	© Microsoft Corporation. All rights reserved.	--	2276
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3554229f9241c34b5acd5061bb7a9b6\System.Management.ni.dll Script: Quarantine, Delete, Delete via BC	1828061184	.NET Framework	© Microsoft Corporation. All rights reserved.	--	2276
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5fada30bf7c201ababed5104184b9754\System.Runtime.Remoting.ni.dll Script: Quarantine, Delete, Delete via BC	1870790656	Microsoft .NET Runtime Object Remoting	© Microsoft Corporation. All rights reserved.	--	2276
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b0d40c6d0fc00ba251010b710ca452a6\System.ServiceProcess.ni.dll Script: Quarantine, Delete, Delete via BC	1892155392	.NET Framework	© Microsoft Corporation. All rights reserved.	--	2276
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll Script: Quarantine, Delete, Delete via BC	1830223872	.NET Framework	© Microsoft Corporation. All rights reserved.	--	2276
C:\Windows\system32\LFXGDIPO.exe Script: Quarantine, Delete, Delete via BC	16777216			??	3356
C:\Windows\System32\LFXPJL2K.DLL Script: Quarantine, Delete, Delete via BC	2949120			--	2036
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe Script: Quarantine, Delete, Delete via BC	4194304	Adobe Flash Player Helper 10.0 r45	Copyright © 1996-2009 Adobe, Inc.	??	4836
C:\Windows\system32\msxml4.dll Script: Quarantine, Delete, Delete via BC	1695481856	MSXML 4.0 SP3	Copyright (C) Microsoft Corporation. 1981-2008	--	4868, 3360
Modules found:633, recognized as trusted 524

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\system32\DRIVERS\aswFsBlk.sys Script: Quarantine, Delete, Delete via BC	9BA32000	008000 (32768)	avast! File System Access Blocking Driver	Copyright (c) 1996-2009 ALWIL Software
C:\Windows\system32\DRIVERS\aswMonFlt.sys Script: Quarantine, Delete, Delete via BC	9BA1B000	017000 (94208)	avast! File System Minifilter for Windows 2003/Vista	Copyright (c) 1996-2009 ALWIL Software
C:\Windows\System32\Drivers\aswRdr.SYS Script: Quarantine, Delete, Delete via BC	91251000	004000 (16384)	avast! TDI RDR Driver	Copyright (c) 1996-2009 ALWIL Software
C:\Windows\System32\Drivers\aswSP.SYS Script: Quarantine, Delete, Delete via BC	913A8000	021000 (135168)	avast! self protection module	Copyright (c) 1996-2009 ALWIL Software
C:\Windows\System32\Drivers\aswTdi.SYS Script: Quarantine, Delete, Delete via BC	911F5000	00A000 (40960)	avast! TDI Filter Driver	Copyright (c) 1996-2009 ALWIL Software
C:\Windows\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, Delete via BC	913E1000	008000 (32768)
C:\Windows\System32\Drivers\dump_dumpata.sys Script: Quarantine, Delete, Delete via BC	913D6000	00B000 (45056)
Modules found - 148, recognized as trusted - 141

Services

Service	Description	Status	File	Group	Dependencies
Acer HomeMedia Connect Service Service: Stop, Delete, Disable	Acer HomeMedia Connect Service	Running	C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe Script: Quarantine, Delete, Delete via BC
Acer TV Share Service Service: Stop, Delete, Disable	Acer TV Share Service	Running	C:\Program Files\Acer Arcade Live\Acer TV Share\Kernel\DMSTV\CLMSServer.exe Script: Quarantine, Delete, Delete via BC
Apple Mobile Device Service: Stop, Delete, Disable	Apple Mobile Device	Running	C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Script: Quarantine, Delete, Delete via BC		Tcpip
aswUpdSv Service: Stop, Delete, Disable	avast! iAVS4 Control Service	Running	C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup
avast! Antivirus Service: Stop, Delete, Disable	avast! Antivirus	Running	C:\Program Files\Alwil Software\Avast4\ashServ.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup	aswMonFlt
Bonjour Service Service: Stop, Delete, Disable	Bonjour Service	Running	C:\Program Files\Bonjour\mDNSResponder.exe Script: Quarantine, Delete, Delete via BC		Tcpip
eRecoveryService Service: Stop, Delete, Disable	eRecovery Service	Running	C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe Script: Quarantine, Delete, Delete via BC		winmgmt
iPod Service Service: Stop, Delete, Disable	iPod Service	Running	C:\Program Files\iPod\bin\iPodService.exe Script: Quarantine, Delete, Delete via BC		RpcSs
NMSAccess Service: Stop, Delete, Disable	NMSAccess	Running	C:\Program Files\CDBurnerXP\NMSAccessU.exe Script: Quarantine, Delete, Delete via BC
avast! Mail Scanner Service: Stop, Delete, Disable	avast! Mail Scanner	Not started	C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup	avast! Antivirus
avast! Web Scanner Service: Stop, Delete, Disable	avast! Web Scanner	Not started	C:\Program Files\Alwil Software\Avast4\ashWebSv.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup	avast! Antivirus
CLTNetCnService Service: Stop, Delete, Disable	Symantec Lic NetConnect service	Not started	c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe Script: Quarantine, Delete, Delete via BC
Microsoft Office Groove Audit Service Service: Stop, Delete, Disable	Microsoft Office Groove Audit Service	Not started	C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe Script: Quarantine, Delete, Delete via BC
odserv Service: Stop, Delete, Disable	Microsoft Office Diagnostics Service	Not started	C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE Script: Quarantine, Delete, Delete via BC
vsmon Service: Stop, Delete, Disable	TrueVector Internet Monitor	Not started	C:\Windows\System32\ZoneLabs\vsmon.exe Script: Quarantine, Delete, Delete via BC	TDI	Afd
Detected - 150, recognized as trusted - 135

Drivers

Service	Description	Status	File	Group	Dependencies
aswFsBlk Driver: Unload, Delete, Disable	aswFsBlk	Running	C:\Windows\system32\DRIVERS\aswFsBlk.sys Script: Quarantine, Delete, Delete via BC	FSFilter Activity Monitor	FltMgr
aswMonFlt Driver: Unload, Delete, Disable	aswMonFlt	Running	C:\Windows\system32\DRIVERS\aswMonFlt.sys Script: Quarantine, Delete, Delete via BC	FSFilter Anti-Virus	FltMgr
aswRdr Driver: Unload, Delete, Disable	aswRdr	Running	C:\Windows\system32\Drivers\aswRdr.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	tcpip
aswSP Driver: Unload, Delete, Disable	avast! Self Protection	Running	C:\Windows\system32\Drivers\aswSP.sys Script: Quarantine, Delete, Delete via BC
aswTdi Driver: Unload, Delete, Disable	avast! Network Shield Support	Running	C:\Windows\system32\Drivers\aswTdi.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI	tcpip
blbdrive Driver: Unload, Delete, Disable	blbdrive	Not started	C:\Windows\system32\drivers\blbdrive.sys Script: Quarantine, Delete, Delete via BC
catchme Driver: Unload, Delete, Disable	catchme	Not started	C:\Users\black\AppData\Local\Temp\catchme.sys Script: Quarantine, Delete, Delete via BC	Base
GMSIPCI Driver: Unload, Delete, Disable	GMSIPCI	Not started	E:\INSTALL\GMSIPCI.SYS Script: Quarantine, Delete, Delete via BC
IntcAzAudAddService Driver: Unload, Delete, Disable	Service for Realtek HD Audio (WDM)	Not started	C:\Windows\system32\drivers\RTKVHDA.sys Script: Quarantine, Delete, Delete via BC
IpInIp Driver: Unload, Delete, Disable	IP in IP Tunnel Driver	Not started	C:\Windows\system32\DRIVERS\ipinip.sys Script: Quarantine, Delete, Delete via BC		Tcpip
NwlnkFlt Driver: Unload, Delete, Disable	IPX Traffic Filter Driver	Not started	C:\Windows\system32\DRIVERS\nwlnkflt.sys Script: Quarantine, Delete, Delete via BC		NwlnkFwd
NwlnkFwd Driver: Unload, Delete, Disable	IPX Traffic Forwarder Driver	Not started	C:\Windows\system32\DRIVERS\nwlnkfwd.sys Script: Quarantine, Delete, Delete via BC
StarOpen Driver: Unload, Delete, Disable	StarOpen	Not started	C:\Windows\system32\Drivers\StarOpen.sys Script: Quarantine, Delete, Delete via BC	Extended Base
vsdatant7 Driver: Unload, Delete, Disable	vsdatant7	Not started	C:\Windows\system32\drivers\vsdatant.win7.sys Script: Quarantine, Delete, Delete via BC
Detected - 263, recognized as trusted - 249

Autoruns

File name	Status	Startup method	Description
C:\Acer\AcerTour\Reminder.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Acer Tour Reminder Delete
C:\Acer\AcerTour\Reminder.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, Acer Tour Reminder Delete
C:\Acer\AcerTour\Reminder.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run, Acer Tour Reminder Delete
C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.mkdmp3enc Delete
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, avast! Delete
C:\PROGRA~1\MICROS~2\Office12\1029\MAPIR.DLL Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Outlook, EventMessageFile Delete
C:\PROGRA~1\MICROS~2\Office12\OLMAPI32.DLL Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Outlook\Performance, Library Delete
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PCM Media Sharing.lnk,
C:\Program Files\Alwil Software\Avast4\aswRes.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Antivirus\avast!, EventMessageFile Delete
C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 FREE\burningstudio.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ashampoo Burning Studio 6 FREE.lnk,
C:\Program Files\Bonjour\mDNSResponder.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service, EventMessageFile Delete
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AppleSyncNotifier Delete
C:\Program Files\Google\Chrome\Application\chrome.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk,
C:\Program Files\ICQ7.0\ICQ.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.lnk,
C:\Program Files\Logitech\QuickCam\eReg.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\black\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk,
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk,
C:\Program Files\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk,
C:\Program Files\QuickTime\QTSystem\QuickTime.cpl Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, QuickTime Delete
C:\Program Files\QuickTime\QTTask.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, QuickTime Task Delete
C:\Program Files\Skype\Phone\Skype.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Skype Delete
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, ECSEPM Delete
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, ZoneAlarm Client Delete
C:\Program Files\iTunes\iTunesHelper.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, iTunesHelper Delete
C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk Script: Quarantine, Delete, Delete via BC	Active	File in Startup folder	C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk,
C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk Script: Quarantine, Delete, Delete via BC	Active	File in Startup folder	C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\black\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk,
C:\WindowsSystem32\IoLogMsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vsmraid, EventMessageFile Delete
C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ASP.NET_1.1.4322\Performance, Library Delete
C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\ASP.NET\1.1.4322.0, DllFullPath Delete
C:\Windows\SoftwareDistribution\Download\Install\WGAER_M.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WGA Scanner, EventMessageFile Delete
C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\RunOnce, Shockwave Updater Delete
C:\Windows\System32\appmgmts.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll Delete
C:\Windows\System32\igmpv2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile Delete
C:\Windows\System32\ipbootp.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile Delete
C:\Windows\System32\iprip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile Delete
C:\Windows\System\LVMaLogD.DLL Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\LOGITECH, EventMessageFile Delete
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\Windows\system32\xvidvfw.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, vidc.XVID Delete
E:\MSVBVM50.DLL Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VBRuntime, EventMessageFile Delete
SDEvents.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2, EventMessageFile Delete
progman.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, shell Delete
rdpclip Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
vgafix.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
Autoruns items found - 483, recognized as trusted - 439

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
C:\Program Files\Java\jre6\bin\ssv.dll Script: Quarantine, Delete, Delete via BC	BHO	Java(TM) Platform SE binary	Copyright © 2004	{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Delete
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll Script: Quarantine, Delete, Delete via BC	BHO	Google Toolbar	Copyright © 2000-2008	{AA58ED58-01DD-4d91-8333-CF10577473F7} Delete
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Script: Quarantine, Delete, Delete via BC	BHO	Skype add-on for IE	(c) Skype Technologies S.A.	{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Delete
C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll Script: Quarantine, Delete, Delete via BC	BHO	GoogleToolbarNotifier	Copyright © 2005-2008	{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} Delete
C:\Program Files\Java\jre6\bin\jp2ssv.dll Script: Quarantine, Delete, Delete via BC	BHO	Java(TM) Platform SE binary	Copyright © 2004	{DBC80044-A445-435b-BC74-9C25C1C588A9} Delete
	Toolbar			{B71B15CF-3093-459C-B764-AEB2486F2273} Delete
C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll Script: Quarantine, Delete, Delete via BC	Toolbar	Google Toolbar	Copyright © 2000-2008	{2318C2B1-4965-11d4-9B18-009027A5CD4F} Delete
	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
C:\Program Files\ICQ7.0\ICQ.exe Script: Quarantine, Delete, Delete via BC	Extension module	ICQ	Copyright (c) 1998-2010 ICQ, LLC.	{88EB38EF-4D2C-436D-ABD3-56B232674062} Delete
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Script: Quarantine, Delete, Delete via BC	Extension module	Skype add-on for IE	(c) Skype Technologies S.A.	{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Delete
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Script: Quarantine, Delete, Delete via BC	Extension module	Skype add-on for IE	(c) Skype Technologies S.A.	{92780B25-18CC-41C8-B9BE-3C9C571A8263} Delete
	URLSearchHook			{855F3B16-6D32-4fe6-8A56-BBB695989046} Delete
Items found - 16, recognized as trusted - 4

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	IE User Assist			{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} Delete
	Color Control Panel Applet			{b2c761c6-29bc-4f19-9251-e6195265baf1} Delete
	Add New Hardware			{7A979262-40CE-46ff-AEEE-7884AC3B6136} Delete
	Get Programs Online			{3e7efb4c-faf1-453d-89eb-56026875ef90} Delete
	Taskbar and Start Menu			{0DF44EAA-FF21-4412-828E-260A8728E7F1} Delete
	ActiveDirectory Folder			{1b24a030-9b20-49bc-97ac-1be4426f9e59} Delete
	ActiveDirectory Folder			{34449847-FD14-4fc8-A75A-7432F5181EFB} Delete
	Sam Account Folder			{C8494E42-ACDD-4739-B0FB-217361E4894F} Delete
	Sam Account Folder			{E29F9716-5C08-4FCD-955A-119FDB5A522D} Delete
	Control Panel command object for Start menu			{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} Delete
	Default Programs command object for Start menu			{E44E5D18-0652-4508-A4E2-8A090067BCB0} Delete
	Folder Options			{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} Delete
	Explorer Query Band			{2C2577C2-63A7-40e3-9B7F-586602617ECB} Delete
	View Available Networks			{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} Delete
	Contacts folder			{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} Delete
	Windows Firewall			{4026492f-2f69-46b8-b9bf-5654fc07e423} Delete
	Problem Reports and Solutions			{fcfeecae-ee1b-4849-ae50-685dcf7717ec} Delete
	iSCSI Initiator			{a304259d-52b8-4526-8b1a-a1d6cecc8243} Delete
	.cab or .zip files			{911051fa-c21c-4246-b470-070cd8df6dc4} Delete
	Windows Search Shell Service			{da67b8ad-e81b-4c70-9b91b417b5e33527} Delete
	Microsoft.ScannersAndCameras			{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} Delete
"C:\Windows\System32\rundll32.exe" "C:\Program Files\\Windows Photo Gallery\PhotoViewer.dll",ImageView_COMServer {9D687A4C-1404-41ef-A089-883B6FBECDE6} Script: Quarantine, Delete, Delete via BC	Windows Photo Gallery Viewer Autoplay Handler			{9D687A4C-1404-41ef-A089-883B6FBECDE6} Delete
	Windows Sidebar Properties			{37efd44d-ef8d-41b1-940d-96973a50e9e0} Delete
	Windows Features			{67718415-c450-4f3c-bf8a-b487642dc39b} Delete
	Windows Defender			{d8559eb9-20c0-410e-beda-7ed416aecc2a} Delete
	Mobility Center Control Panel			{5ea4f148-308c-46d7-98a9-49041b1dd468} Delete
"C:\Program Files\\Windows Media Player\wmprph.exe" Script: Quarantine, Delete, Delete via BC	Windows Media Player Rich Preview Handler			{031EE060-67BC-460d-8847-E4A7C5E45A27} Delete
	User Accounts			{7A9D77BD-5403-11d2-8785-2E0420524153} Delete
C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll Script: Quarantine, Delete, Delete via BC	Sprбvce souborщ Sony Ericsson	Explorer browser application for mobile devices.	Copyright (c) Popwire AB. All rights reserved.	{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} Delete
C:\Program Files\Sony Ericsson\Mobile2\File Manager\FM.dll Script: Quarantine, Delete, Delete via BC	Sprбvce souborщ Sony Ericsson	Explorer browser application for mobile devices.	Copyright (c) Popwire AB. All rights reserved.	{738D66C6-0149-4D40-84E4-A7BB2D0CE949} Delete
C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL Script: Quarantine, Delete, Delete via BC	Microsoft Office OneNote Namespace Extension for Windows Desktop Search	Microsoft Office OneNote Filter	© 2006 Microsoft Corporation. All rights reserved.	{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} Delete
	SPTHandler			{BD88A479-9623-4897-8546-BC62B9628F44} Delete
C:\Program Files\iTunes\iTunesMiniPlayer.dll Script: Quarantine, Delete, Delete via BC	iTunes	iTunes Mini Player DLL	© 2003-2010 Apple Inc. All rights reserved.	{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} Delete
C:\Program Files\Alwil Software\Avast4\ashShell.dll Script: Quarantine, Delete, Delete via BC	avast	avast! Shell Extension	Copyright (c) 2009 ALWIL Software	{472083B0-C522-11CF-8763-00608CC02F24} Delete
Items found - 300, recognized as trusted - 266

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
C:\Windows\system32\LFXPJL2K.DLL Script: Quarantine, Delete, Delete via BC	Monitor	LFXPJL2K
Items found - 10, recognized as trusted - 9

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe Script: Quarantine, Delete, Delete via BC	DriverCure.job	The task is ready to run at its next scheduled time.	DriverCure	(c) ParetoLogic. All rights reserved.
Items found - 7, recognized as trusted - 6

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
mdnsNSP		C:\Program Files\Bonjour\mdnsNSP.dll Script: Quarantine, Delete, Delete via BC	Copyright (C) 2003-2010 Apple Inc.	{B600E6E9-553B-4A19-8696-335E5C896153}
Detected - 7, recognized as trusted - 6

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 20, recognized as trusted - 20
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [832] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
5354 LISTENING 0.0.0.0 0 [1472] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
22346 ESTABLISHED 127.0.0.1 49161 [820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe
Script: Quarantine, Delete, Delete via BC, Terminate
22346 LISTENING 0.0.0.0 0 [820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe
Script: Quarantine, Delete, Delete via BC, Terminate
22348 LISTENING 0.0.0.0 0 [1072] c:\program files\acer arcade live\acer tv share\kernel\dmstv\clmsserver.exe
Script: Quarantine, Delete, Delete via BC, Terminate
27015 ESTABLISHED 127.0.0.1 49162 [1184] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate
27015 LISTENING 0.0.0.0 0 [1184] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49152 LISTENING 0.0.0.0 0 [480] c:\windows\system32\wininit.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49153 LISTENING 0.0.0.0 0 [1000] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49154 LISTENING 0.0.0.0 0 [600] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49155 LISTENING 0.0.0.0 0 [1048] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49156 LISTENING 0.0.0.0 0 [436] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49157 LISTENING 0.0.0.0 0 [552] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49161 ESTABLISHED 127.0.0.1 22346 [3604] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\pcmmediasharing.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49162 ESTABLISHED 127.0.0.1 27015 [3488] c:\program files\itunes\ituneshelper.exe
Script: Quarantine, Delete, Delete via BC, Terminate
50171 TIME_WAIT 192.168.1.135 2869 [0]
50459 TIME_WAIT 192.168.1.135 2869 [0]
50873 TIME_WAIT 192.168.1.135 2869 [0]
58720 TIME_WAIT 192.168.1.135 2869 [0]
60198 LISTENING 0.0.0.0 0 [820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123 LISTENING -- -- [1204] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
500 LISTENING -- -- [1048] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1204] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1204] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe
Script: Quarantine, Delete, Delete via BC, Terminate
3702 LISTENING -- -- [1204] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
3702 LISTENING -- -- [1204] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
4500 LISTENING -- -- [1048] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5353 LISTENING -- -- [1472] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
5355 LISTENING -- -- [1428] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
49232 LISTENING -- -- [820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe
Script: Quarantine, Delete, Delete via BC, Terminate
58643 LISTENING -- -- [1072] c:\program files\acer arcade live\acer tv share\kernel\dmstv\clmsserver.exe
Script: Quarantine, Delete, Delete via BC, Terminate
61990 LISTENING -- -- [4476] c:\windows\ehome\ehrecvr.exe
Script: Quarantine, Delete, Delete via BC, Terminate
64811 LISTENING -- -- [820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe
Script: Quarantine, Delete, Delete via BC, Terminate
64812 LISTENING -- -- [1472] c:\program files\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, Delete via BC, Terminate
64814 LISTENING -- -- [1204] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
64817 LISTENING -- -- [1204] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
64818 LISTENING -- -- [1204] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
C:\Program Files\Java\jre6\bin\npjpi160_17.dll
Script: Quarantine, Delete, Delete via BC Classic Java Plug-in 1.6.0_17 for Netscape and Mozilla Copyright © 2004 {8AD9C840-044E-11D1-B3E9-00805F499D93}
Delete http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Delete http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
C:\Program Files\Java\jre6\bin\npjpi160_17.dll
Script: Quarantine, Delete, Delete via BC Classic Java Plug-in 1.6.0_17 for Netscape and Mozilla Copyright © 2004 {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Delete http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
C:\Program Files\Java\jre6\bin\npjpi160_17.dll
Script: Quarantine, Delete, Delete via BC Classic Java Plug-in 1.6.0_17 for Netscape and Mozilla Copyright © 2004 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Delete http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Delete http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Items found - 5, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 21, recognized as trusted - 21

Active Setup

File name Description Manufacturer CLSID
Items found - 10, recognized as trusted - 10

HOSTS file

Hosts file record
127.0.0.1 localhost

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Script: Quarantine, Delete, Delete via BC Handler Skype add-on for IE (skype-ie-addon-data: pluggable protocol) (c) Skype Technologies S.A. {91774881-D725-4E58-B298-07617B9B86A8}
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
Script: Quarantine, Delete, Delete via BC Handler Skype for COM API (Skype4COM Pluggable Protocol) (c) Skype Technologies. All rights reserved. {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
Items found - 21, recognized as trusted - 16

Suspicious objects

File Description Type

Attention !!! Database was last updated 21.8.2009 it is necessary to update the database (via File - Database update) AVZ Antiviral Toolkit log; AVZ version is 4.32 Scanning started at 15.5.2010 21:43:40 Database loaded: signatures - 237871, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.08.2009 14:23 Heuristic microprograms loaded: 374 PVS microprograms loaded: 9 Digital signatures of system files loaded: 135524 Heuristic analyzer mode: Medium heuristics mode Malware removal mode: disabled Windows version is: 6.0.6002, Service Pack 2 ; AVZ is run with administrator rights System Restore: enabled 1. Searching for Rootkits and other software intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=137B00) Kernel ntkrnlpa.exe found in memory at address 8204F000 SDT = 82186B00 KiST = 820FB84C (391) Functions checked: 391, intercepted: 0, restored: 0 1.3 Checking IDT and SYSENTER Analyzing CPU 1 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed Driver loaded successfully 1.5 Checking IRP handlers Checking - complete 2. Scanning RAM Number of processes found: 70 Number of modules loaded: 569 Scanning RAM - complete 3. Scanning disks 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious software Checking - disabled by user 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268) >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard >> HDD autorun is allowed >> Network drives autorun is allowed >> Removable media autorun is allowed Checking - complete Files scanned: 639, extracted from archives: 0, malicious software found 0, suspicions - 0 Scanning finished at 15.5.2010 21:43:58 Time of scanning: 00:00:19 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference Creating archive of files from Quarantine Creating archive of files from Quarantine - complete System Analysis in progress
Script commands

Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
Remove traces of deleted files
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:
Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries
File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	0	[832] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
139	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
5354	LISTENING	0.0.0.0	0	[1472] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
5357	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
22346	ESTABLISHED	127.0.0.1	49161	[820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate
22346	LISTENING	0.0.0.0	0	[820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate
22348	LISTENING	0.0.0.0	0	[1072] c:\program files\acer arcade live\acer tv share\kernel\dmstv\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate
27015	ESTABLISHED	127.0.0.1	49162	[1184] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate
27015	LISTENING	0.0.0.0	0	[1184] c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, Delete via BC, Terminate
49152	LISTENING	0.0.0.0	0	[480] c:\windows\system32\wininit.exe Script: Quarantine, Delete, Delete via BC, Terminate
49153	LISTENING	0.0.0.0	0	[1000] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
49154	LISTENING	0.0.0.0	0	[600] c:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate
49155	LISTENING	0.0.0.0	0	[1048] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
49156	LISTENING	0.0.0.0	0	[436] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
49157	LISTENING	0.0.0.0	0	[552] c:\windows\system32\services.exe Script: Quarantine, Delete, Delete via BC, Terminate
49161	ESTABLISHED	127.0.0.1	22346	[3604] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\pcmmediasharing.exe Script: Quarantine, Delete, Delete via BC, Terminate
49162	ESTABLISHED	127.0.0.1	27015	[3488] c:\program files\itunes\ituneshelper.exe Script: Quarantine, Delete, Delete via BC, Terminate
50171	TIME_WAIT	192.168.1.135	2869	[0]
50459	TIME_WAIT	192.168.1.135	2869	[0]
50873	TIME_WAIT	192.168.1.135	2869	[0]
58720	TIME_WAIT	192.168.1.135	2869	[0]
60198	LISTENING	0.0.0.0	0	[820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123	LISTENING	--	--	[1204] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
500	LISTENING	--	--	[1048] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1204] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1204] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate
3702	LISTENING	--	--	[1204] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
3702	LISTENING	--	--	[1204] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
4500	LISTENING	--	--	[1048] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
5353	LISTENING	--	--	[1472] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
5355	LISTENING	--	--	[1428] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
49232	LISTENING	--	--	[820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate
58643	LISTENING	--	--	[1072] c:\program files\acer arcade live\acer tv share\kernel\dmstv\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate
61990	LISTENING	--	--	[4476] c:\windows\ehome\ehrecvr.exe Script: Quarantine, Delete, Delete via BC, Terminate
64811	LISTENING	--	--	[820] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe Script: Quarantine, Delete, Delete via BC, Terminate
64812	LISTENING	--	--	[1472] c:\program files\bonjour\mdnsresponder.exe Script: Quarantine, Delete, Delete via BC, Terminate
64814	LISTENING	--	--	[1204] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
64817	LISTENING	--	--	[1204] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
64818	LISTENING	--	--	[1204] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate