Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 04/09/2011; 18:08)

List of processes

File name	PID	Description	Copyright	MD5	Information
c:\program files (x86)\3 mobile broadband\3connect\bechelperservice.exe Script: Quarantine, Delete, BC delete, Terminate	2920			??	1699.90 kb, rsAh, created: 23.08.2011 19:41:26, modified: 23.03.2011 16:32:20 Command line: "C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe"
c:\program files (x86)\t-mobile\internetmanager_h\bmsdk.exe Script: Quarantine, Delete, BC delete, Terminate	6332			??	189.13 kb, rsAh, created: 03.09.2011 16:34:59, modified: 15.12.2009 10:46:32 Command line: "C:\Program Files (x86)\T-Mobile\InternetManager_H\bmsdk.exe" --initializeblock "C:\Program Files (x86)\T-Mobile\InternetManager_H\boc.ini"
CFIWmxSvcs64.exe Script: Quarantine, Delete, BC delete, Terminate	4940			??	error getting file info Command line:
HWDeviceService64.exe Script: Quarantine, Delete, BC delete, Terminate	3084			??	error getting file info Command line:
NitroPDFReaderDriverServicex64.exe Script: Quarantine, Delete, BC delete, Terminate	2404			??	error getting file info Command line:
RAVCpl64.exe Script: Quarantine, Delete, BC delete, Terminate	1932			??	error getting file info Command line:
SmoothView.exe Script: Quarantine, Delete, BC delete, Terminate	1908			??	error getting file info Command line:
c:\program files (x86)\openoffice.org 3\program\soffice.bin Script: Quarantine, Delete, BC delete, Terminate	2532	OpenOffice.org 3.3	Copyright © 2000-2010 by Oracle, Inc.	??	11049.50 kb, rsAh, created: 17.01.2011 19:08:58, modified: 17.01.2011 19:08:58 Command line: "C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
SynTPEnh.exe Script: Quarantine, Delete, BC delete, Terminate	1940			??	error getting file info Command line:
SynTPHelper.exe Script: Quarantine, Delete, BC delete, Terminate	5060			??	error getting file info Command line:
TCrdMain.exe Script: Quarantine, Delete, BC delete, Terminate	1924			??	error getting file info Command line:
TemproSvc.exe Script: Quarantine, Delete, BC delete, Terminate	3700			??	error getting file info Command line:
TosCoSrv.exe Script: Quarantine, Delete, BC delete, Terminate	3824			??	error getting file info Command line:
ToshibaReminder.exe Script: Quarantine, Delete, BC delete, Terminate	1956			??	error getting file info Command line:
TosNcCore.exe Script: Quarantine, Delete, BC delete, Terminate	1868			??	error getting file info Command line:
TosReelTimeMonitor.exe Script: Quarantine, Delete, BC delete, Terminate	1876			??	error getting file info Command line:
TosSENotify.exe Script: Quarantine, Delete, BC delete, Terminate	4972			??	error getting file info Command line:
TosSmartSrv.exe Script: Quarantine, Delete, BC delete, Terminate	4596			??	error getting file info Command line:
TPwrMain.exe Script: Quarantine, Delete, BC delete, Terminate	1916			??	error getting file info Command line:
wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate	3336			??	error getting file info Command line:
Detected:102, recognized as trusted 85

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files (x86)\3 Mobile Broadband\3Connect\Logger.dll Script: Quarantine, Delete, BC delete	268435456	3Connect	Copyright Birdstep 2009	--	2920
C:\Program Files (x86)\OpenOffice.org 3\program\aggmi.dll Script: Quarantine, Delete, BC delete	1838678016		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\avmediami.dll Script: Quarantine, Delete, BC delete	1838874624		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\basegfxmi.dll Script: Quarantine, Delete, BC delete	1886126080		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\canvastoolsmi.dll Script: Quarantine, Delete, BC delete	1831796736		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\comphelp4MSC.dll Script: Quarantine, Delete, BC delete	1890844672		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\configmgr.uno.dll Script: Quarantine, Delete, BC delete	1943928832		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\cppcanvasmi.dll Script: Quarantine, Delete, BC delete	1835335680		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmi.uno.dll Script: Quarantine, Delete, BC delete	1760624640		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\deploymentmiscmi.dll Script: Quarantine, Delete, BC delete	1889665024		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\dnd.dll Script: Quarantine, Delete, BC delete	1840185344		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\drawinglayermi.dll Script: Quarantine, Delete, BC delete	1836580864		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\dtrans.dll Script: Quarantine, Delete, BC delete	1790115840		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\editengmi.dll Script: Quarantine, Delete, BC delete	1774518272		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll Script: Quarantine, Delete, BC delete	1806172160		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\fileacc.dll Script: Quarantine, Delete, BC delete	1872887808		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\filterconfig1.dll Script: Quarantine, Delete, BC delete	1840447488		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\fsstorage.uno.dll Script: Quarantine, Delete, BC delete	1793720320		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\ftransl.dll Script: Quarantine, Delete, BC delete	1835270144		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll Script: Quarantine, Delete, BC delete	1858732032		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\fwimi.dll Script: Quarantine, Delete, BC delete	1858404352		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll Script: Quarantine, Delete, BC delete	1817051136		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\fwlmi.dll Script: Quarantine, Delete, BC delete	1778647040		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\helplinkermi.dll Script: Quarantine, Delete, BC delete	1790181376		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\hyphenmi.dll Script: Quarantine, Delete, BC delete	1773862912		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll Script: Quarantine, Delete, BC delete	1886060544		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll Script: Quarantine, Delete, BC delete	1851719680		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\i18npool.uno.dll Script: Quarantine, Delete, BC delete	1812987904		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll Script: Quarantine, Delete, BC delete	1851588608		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll Script: Quarantine, Delete, BC delete	30408704	ICU Data DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\icuin40.dll Script: Quarantine, Delete, BC delete	120258560	IBM ICU I18N DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll Script: Quarantine, Delete, BC delete	14417920	IBM ICU Common DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\libcurl.dll Script: Quarantine, Delete, BC delete	126681088	libcurl Shared Library	© 1996 - 2009 Daniel Stenberg, .	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\libdb47.dll Script: Quarantine, Delete, BC delete	1888813056	Berkeley DB 4.7 DLL	Copyright © Oracle 1997,2008	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\LIBEAY32.dll Script: Quarantine, Delete, BC delete	204472320	OpenSSL Shared Library	Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll Script: Quarantine, Delete, BC delete	15663104			--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll Script: Quarantine, Delete, BC delete	131727360			--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\lngmi.dll Script: Quarantine, Delete, BC delete	1839136768		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\lnthmi.dll Script: Quarantine, Delete, BC delete	1760296960		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll Script: Quarantine, Delete, BC delete	1920532480		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\localedata_en.dll Script: Quarantine, Delete, BC delete	1835925504		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\mcnttype.dll Script: Quarantine, Delete, BC delete	1831272448		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\msfiltermi.dll Script: Quarantine, Delete, BC delete	1793851392		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\mswordmi.DLL Script: Quarantine, Delete, BC delete	1800142848		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\neon.dll Script: Quarantine, Delete, BC delete	1759838208		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll Script: Quarantine, Delete, BC delete	1806761984		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\onlinecheck.DLL Script: Quarantine, Delete, BC delete	1806368768		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll Script: Quarantine, Delete, BC delete	1807089664		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\package2.dll Script: Quarantine, Delete, BC delete	1761214464		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\passwordcontainer.uno.dll Script: Quarantine, Delete, BC delete	1759379456		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\sax.uno.dll Script: Quarantine, Delete, BC delete	1799946240		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll Script: Quarantine, Delete, BC delete	1951465472		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\sfxmi.dll Script: Quarantine, Delete, BC delete	1868234752		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll Script: Quarantine, Delete, BC delete	1891958784		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll Script: Quarantine, Delete, BC delete	1851785216		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\spellmi.dll Script: Quarantine, Delete, BC delete	1760428032		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\SSLEAY32.dll Script: Quarantine, Delete, BC delete	147914752	OpenSSL Shared Library	Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll Script: Quarantine, Delete, BC delete	1955266560		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\svtmi.dll Script: Quarantine, Delete, BC delete	1854930944		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\svxcoremi.dll Script: Quarantine, Delete, BC delete	1703477248		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\svxmi.dll Script: Quarantine, Delete, BC delete	1746927616		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\swdmi.dll Script: Quarantine, Delete, BC delete	1840316416		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\swmi.dll Script: Quarantine, Delete, BC delete	1708982272		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\sysdtrans.dll Script: Quarantine, Delete, BC delete	1816264704		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\tkmi.dll Script: Quarantine, Delete, BC delete	1852702720		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll Script: Quarantine, Delete, BC delete	1888223232		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll Script: Quarantine, Delete, BC delete	1818755072		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll Script: Quarantine, Delete, BC delete	1889992704		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\ucpchelp1.dll Script: Quarantine, Delete, BC delete	1759051776		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\ucpdav1.dll Script: Quarantine, Delete, BC delete	1759969280		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\ucpexpand1.uno.dll Script: Quarantine, Delete, BC delete	1835859968		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\ucpfile1.dll Script: Quarantine, Delete, BC delete	1815478272		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\unoxmlmi.dll Script: Quarantine, Delete, BC delete	1831469056		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\updatefeed.uno.dll Script: Quarantine, Delete, BC delete	1825177600		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\updchk.uno.dll Script: Quarantine, Delete, BC delete	1815281664		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll Script: Quarantine, Delete, BC delete	1879113728		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\uuimi.dll Script: Quarantine, Delete, BC delete	1840709632		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\vclmi.dll Script: Quarantine, Delete, BC delete	1844707328		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll Script: Quarantine, Delete, BC delete	1889861632		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\wininetbe1.uno.dll Script: Quarantine, Delete, BC delete	1874395136		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll Script: Quarantine, Delete, BC delete	1878523904		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\xomi.dll Script: Quarantine, Delete, BC delete	1755512832		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\program\xstor.dll Script: Quarantine, Delete, BC delete	1774125056		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll Script: Quarantine, Delete, BC delete	1945698304		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll Script: Quarantine, Delete, BC delete	1893007360		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll Script: Quarantine, Delete, BC delete	1890385920		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\introspection.uno.dll Script: Quarantine, Delete, BC delete	1773993984		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll Script: Quarantine, Delete, BC delete	1955135488		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll Script: Quarantine, Delete, BC delete	1948909568		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reflection.uno.dll Script: Quarantine, Delete, BC delete	1838546944		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll Script: Quarantine, Delete, BC delete	1945567232		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll Script: Quarantine, Delete, BC delete	1893400576		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll Script: Quarantine, Delete, BC delete	1893203968		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll Script: Quarantine, Delete, BC delete	268435456	STLport	Copyright (C) Boris Fomitchev	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll Script: Quarantine, Delete, BC delete	1920401408		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll Script: Quarantine, Delete, BC delete	1945501696		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll Script: Quarantine, Delete, BC delete	1893269504		Copyright © 2010 by Oracle, Inc.	--	2532
C:\Windows\system32\bminstall.dll Script: Quarantine, Delete, BC delete	268435456	Bytemobile Installation Library	Copyright (C) 2000-2009 Bytemobile, Inc.	--	6332
Modules detected:659, recognized as trusted 561

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, BC delete	4200000	013000 (77824)
C:\Windows\System32\Drivers\dump_iaStor.sys Script: Quarantine, Delete, BC delete	36DB000	11C000 (1163264)
Modules detected - 208, recognized as trusted - 206

Services

Service	Description	Status	File	Group	Dependencies
Detected - 176, recognized as trusted - 176

Drivers

Service	Description	Status	File	Group	Dependencies
msahci Driver: Unload, Delete, Disable, BC delete	msahci	Running	C:\Windows\SystemRoot\system32\DRIVERS\msahci.sys Script: Quarantine, Delete, BC delete	SCSI Miniport
catchme Driver: Unload, Delete, Disable, BC delete	catchme	Not started	C:\ComboFix\catchme.sys Script: Quarantine, Delete, BC delete	Base
hwusbdev Driver: Unload, Delete, Disable, BC delete	Huawei DataCard USB PNP Device	Not started	C:\Windows\system32\DRIVERS\ewusbdev.sys Script: Quarantine, Delete, BC delete
hwusbfake Driver: Unload, Delete, Disable, BC delete	Huawei DataCard USB Fake	Not started	C:\Windows\system32\DRIVERS\ewusbfake.sys Script: Quarantine, Delete, BC delete
massfilter Driver: Unload, Delete, Disable, BC delete	ZTE Mass Storage Filter Driver	Not started	C:\Windows\system32\drivers\massfilter.sys Script: Quarantine, Delete, BC delete	PnP Filter
mdvrmng Driver: Unload, Delete, Disable, BC delete	Mobile IP Route Manager	Not started	C:\Windows\system32\drivers\mdvrmng.sys Script: Quarantine, Delete, BC delete	PNP_TDI
RSUSBSTOR Driver: Unload, Delete, Disable, BC delete	RtsUStor.Sys Realtek USB Card Reader	Not started	C:\Windows\system32\Drivers\RtsUStor.sys Script: Quarantine, Delete, BC delete	Base
RtsUIR Driver: Unload, Delete, Disable, BC delete	Realtek IR Driver	Not started	C:\Windows\system32\DRIVERS\Rts516xIR.sys Script: Quarantine, Delete, BC delete
USBCCID Driver: Unload, Delete, Disable, BC delete	Realtek Smartcard Reader Driver	Not started	C:\Windows\system32\DRIVERS\RtsUCcid.sys Script: Quarantine, Delete, BC delete
ZTEusbmdm6k Driver: Unload, Delete, Disable, BC delete	ZTE Proprietary USB Driver	Not started	C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys Script: Quarantine, Delete, BC delete
ZTEusbnmea Driver: Unload, Delete, Disable, BC delete	ZTE NMEA Port	Not started	C:\Windows\system32\DRIVERS\ZTEusbnmea.sys Script: Quarantine, Delete, BC delete
ZTEusbser6k Driver: Unload, Delete, Disable, BC delete	ZTE Diagnostic Port	Not started	C:\Windows\system32\DRIVERS\ZTEusbser6k.sys Script: Quarantine, Delete, BC delete
Detected - 291, recognized as trusted - 279

Autoruns

File name	Status	Startup method	Description
C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk,
C:\Program Files (x86)\McAfee\VirusScan\NAIEvent.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\McLogEvent, EventMessageFile
C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_USERS, S-1-5-21-1092992991-1029331785-2248815135-1000\Software\Microsoft\Windows\CurrentVersion\Run, HW_OPENEYE_OUC_T-Mobile Internet Manager Delete
C:\Users\Zoe\AppData\Local\Temp\_uninst_12558588.bat Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_12558588.lnk,
C:\Windows\System32\appmgmts.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll Delete
C:\Windows\system32\PCImsg.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\PCIapp, EventMessageFile
C:\Windows\system32\PCImsg.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PCIsys, EventMessageFile
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
auditcse.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
igfxdev.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName Delete
rdpclip Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items detected - 631, recognized as trusted - 620

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
Elements detected - 5, recognized as trusted - 5

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	WinZip			{E0D79304-84BE-11CE-9641-444553540000} Delete
	WinZip			{E0D79305-84BE-11CE-9641-444553540000} Delete
	WinZip			{E0D79306-84BE-11CE-9641-444553540000} Delete
	WinZip			{E0D79307-84BE-11CE-9641-444553540000} Delete
	ColumnHandler			{F9DB5320-233E-11D1-9F84-707F02C10627} Delete
Elements detected - 17, recognized as trusted - 12

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
localspl.dll Script: Quarantine, Delete, BC delete	Monitor	Local Port
FXSMON.DLL Script: Quarantine, Delete, BC delete	Monitor	Microsoft Shared Fax Monitor
nitrolocalmon.dll Script: Quarantine, Delete, BC delete	Monitor	Nitro PDF Port Monitor
Primomonnt.dll Script: Quarantine, Delete, BC delete	Monitor	PrimoMon
tcpmon.dll Script: Quarantine, Delete, BC delete	Monitor	Standard TCP/IP Port
usbmon.dll Script: Quarantine, Delete, BC delete	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, BC delete	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, BC delete	Provider	HTTP Print Services
Elements detected - 9, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 4, recognized as trusted - 4

SPI/LSP settings

Namespace providers (NSP)

Provider	Status	EXE file	Description	GUID
Detected - 9, recognized as trusted - 9

Transport protocol providers (TSP, LSP)

Provider EXE file Description
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
UDP ports

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Elements detected - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
Elements detected - 18, recognized as trusted - 18

Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 13, recognized as trusted - 10

Suspicious objects

File Description Type

Main script of analysis
Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
System Restore: enabled
Latent loading of libraries through AppInit_DLLs suspected: "C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll"
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
 >>  Disable HDD autorun
 >>  Disable autorun from network drives
 >>  Disable CD/DVD autorun
 >>  Disable removable media autorun
 >>  Windows Explorer - show extensions of known file types
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
UDP ports