Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 05/01/2013; 18:47)

List of processes

File name	PID	Description	Copyright	MD5	Information
ATService.exe Script: Quarantine, Delete, BC delete, Terminate	564			??	error getting file info Command line:
avgcsrva.exe Script: Quarantine, Delete, BC delete, Terminate	4476			??	error getting file info Command line:
avgcsrva.exe Script: Quarantine, Delete, BC delete, Terminate	592			??	error getting file info Command line:
avgnsa.exe Script: Quarantine, Delete, BC delete, Terminate	2340			??	error getting file info Command line:
avgrsa.exe Script: Quarantine, Delete, BC delete, Terminate	532			??	error getting file info Command line:
cbVSCService.exe Script: Quarantine, Delete, BC delete, Terminate	2252			??	error getting file info Command line:
CFIWmxSvcs64.exe Script: Quarantine, Delete, BC delete, Terminate	4908			??	error getting file info Command line:
FlashUtil64_11_5_502_135_ActiveX.exe Script: Quarantine, Delete, BC delete, Terminate	4952			??	error getting file info Command line:
iexplore.exe Script: Quarantine, Delete, BC delete, Terminate	5872			??	error getting file info Command line:
mDNSResponder.exe Script: Quarantine, Delete, BC delete, Terminate	2232			??	error getting file info Command line:
RAVCpl64.exe Script: Quarantine, Delete, BC delete, Terminate	4692			??	error getting file info Command line:
TecoService.exe Script: Quarantine, Delete, BC delete, Terminate	3004			??	error getting file info Command line:
TemproSvc.exe Script: Quarantine, Delete, BC delete, Terminate	3028			??	error getting file info Command line:
C:\windows\system32\ThpSrv.exe Script: Quarantine, Delete, BC delete, Terminate	1416			??	error getting file info Command line:
TOPI.exe Script: Quarantine, Delete, BC delete, Terminate	2640			??	error getting file info Command line:
TosCoSrv.exe Script: Quarantine, Delete, BC delete, Terminate	2348			??	error getting file info Command line:
TosSENotify.exe Script: Quarantine, Delete, BC delete, Terminate	4392			??	error getting file info Command line:
TosSmartSrv.exe Script: Quarantine, Delete, BC delete, Terminate	5700			??	error getting file info Command line:
c:\program files (x86)\vodafone\vodafone mobile broadband\bin\vmbservice.exe Script: Quarantine, Delete, BC delete, Terminate	3140	VmbService	Copyright © 2005-2010 Vodafone Group. All rights reserved.	??	9.00 kb, rsAh, created: 25.06.2010 12:57:36, modified: 25.06.2010 12:57:36 Command line: "C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe"
wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate	3772			??	error getting file info Command line:
Detected:86, recognized as trusted 66

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Common.dll Script: Quarantine, Delete, BC delete	1878261760	Vodafone.Common	Copyright © 2005-2010 Vodafone Group. All rights reserved.	--	3140
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.ConflictingApplications.dll Script: Quarantine, Delete, BC delete	1877999616	Vodafone.ConflictingApplicationsManager	Copyright © 2005-2010 Vodafone Group. All rights reserved.	--	3140
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Data.dll Script: Quarantine, Delete, BC delete	1870659584	Vodafone.Data.dll	Copyright © 2005-2010 Vodafone Group. All rights reserved.	--	3140
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.DataAccessor.dll Script: Quarantine, Delete, BC delete	1871446016	Vodafone.DataAccessor	Copyright © 2005-2010 Vodafone Group. All rights reserved.	--	3140
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.LogEngine.dll Script: Quarantine, Delete, BC delete	1871380480	Vodafone.LogEngine	Copyright © 2005-2010 Vodafone Group. All rights reserved.	--	3140
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.NtServiceCore.dll Script: Quarantine, Delete, BC delete	1878130688	Vodafone.NtServiceCore	Copyright © 2005-2010 Vodafone Group. All rights reserved.	--	3140
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.NtServiceMessaging.dll Script: Quarantine, Delete, BC delete	1871577088	Vodafone.NtServiceMessaging	Copyright © 2005-2010 Vodafone Group. All rights reserved.	--	3140
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Platform.dll Script: Quarantine, Delete, BC delete	1870856192	Vodafone.Platform	Copyright © 2005-2010 Vodafone Group. All rights reserved.	--	3140
C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.Win32.dll Script: Quarantine, Delete, BC delete	922746880	Vodafone.Win32	Copyright © 2005-2010 Vodafone Group. All rights reserved.	--	3140
C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll Script: Quarantine, Delete, BC delete	1887043584	Microsoft Common Language Runtime Class Library	© Microsoft Corporation. All rights reserved.	--	3140
C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll Script: Quarantine, Delete, BC delete	1869611008	System.Configuration.dll	© Microsoft Corporation. All rights reserved.	--	3140
C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll Script: Quarantine, Delete, BC delete	1866334208	.NET Framework	© Microsoft Corporation. All rights reserved.	--	3140
C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll Script: Quarantine, Delete, BC delete	1867448320	System.Security.dll	© Microsoft Corporation. All rights reserved.	--	3140
C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll Script: Quarantine, Delete, BC delete	1878720512	.NET Framework	© Microsoft Corporation. All rights reserved.	--	3140
C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll Script: Quarantine, Delete, BC delete	1872494592	.NET Framework	© Microsoft Corporation. All rights reserved.	--	3140
C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll Script: Quarantine, Delete, BC delete	1878982656	.NET Framework	© Microsoft Corporation. All rights reserved.	--	3140
Modules detected:377, recognized as trusted 361

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, BC delete	8C28000	013000 (77824)
C:\windows\System32\Drivers\dump_iaStor.sys Script: Quarantine, Delete, BC delete	36A0000	154000 (1392640)
Modules detected - 194, recognized as trusted - 192

Services

Service	Description	Status	File	Group	Dependencies
Thpsrv Service: Stop, Delete, Disable, BC delete	TOSHIBA HDD Protection	Running	C:\windows\system32\ThpSrv.exe Script: Quarantine, Delete, BC delete
VmbService Service: Stop, Delete, Disable, BC delete	Serviзo Vodafone Mobile Broadband	Running	C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe Script: Quarantine, Delete, BC delete		winmgmt
BrYNSvc Service: Stop, Delete, Disable, BC delete	BrYNSvc	Not started	C:\Program Files (x86)\Browny02\BrYNSvc.exe Script: Quarantine, Delete, BC delete		RPCSS
Detected - 193, recognized as trusted - 190

Drivers

Service	Description	Status	File	Group	Dependencies
catchme Driver: Unload, Delete, Disable, BC delete	catchme	Not started	C:\ComboFix\catchme.sys Script: Quarantine, Delete, BC delete	Base
Tosrfcom Driver: Unload, Delete, Disable, BC delete	Tosrfcom	Not started	Tosrfcom.sys Script: Quarantine, Delete, BC delete
Detected - 300, recognized as trusted - 298

Autoruns

File name	Status	Startup method	Description
C:\Program Files (x86)\Brother\PtAdrBook11\AdrBook.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\P-touch Address Book 1.1.lnk,
C:\Program Files (x86)\Brother\Ptedit50\Ptedit50.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\P-touch Editor 5.0.lnk,
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\MeProv.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\MEProv, EventMessageFile
C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {4B392032-A759-43ED-9469-377C80A4472D} Delete
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5800AD5B-72C1-477B-9A08-CA112DF06D97} Delete
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8A0BC933-7552-42E2-A228-3BE055777227} Delete
C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} Delete
C:\Program Files\Common Files\McAfee\SystemCore\ Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cfwids.sys, EventMessageFile
C:\Program Files\Common Files\McAfee\SystemCore\ Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mfeapfk.sys, EventMessageFile
C:\Program Files\Common Files\McAfee\SystemCore\ Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mfeavfk.sys, EventMessageFile
C:\Program Files\Common Files\McAfee\SystemCore\ Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mfefirek.sys, EventMessageFile
C:\Program Files\Common Files\McAfee\SystemCore\ Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mfenlfk.sys, EventMessageFile
C:\Program Files\Common Files\McAfee\SystemCore\ Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mferkdet.sys, EventMessageFile
C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} Delete
C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {83238FAE-D346-4E12-8734-D42F7554B3E6} Delete
C:\Program Files\Intel\WiFi\bin\iproset.cpl Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, PROSet Tools Delete
C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {F4AE3B49-F019-4C6C-9A1A-3EE75DC83555} Delete
C:\Program Files\TOSHIBA\TPHM\TReport.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\TPHM, EventMessageFile
C:\Users\Pleitao\AppData\Local\Temp\_uninst_53018271.bat Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Pleitao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Pleitao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_53018271.lnk,
C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk Script: Quarantine, Delete, BC delete	Active	File in Autoruns folder	C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk,
C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk Script: Quarantine, Delete, BC delete	Active	File in Autoruns folder	C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Pleitao\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk,
C:\ccf825afacc8aa307202388add\DW\DW20.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\windows\System32\MsSpellCheckingFacility.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spell-Checking, EventMessageFile
C:\windows\System32\MsSpellCheckingFacility.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SpellChecker, EventMessageFile
C:\windows\System32\MsSpellCheckingFacility.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Spell-Checking, EventMessageFile
C:\windows\System32\MsSpellCheckingFacility.dll Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SpellChecker, EventMessageFile
C:\windows\system32\AcSignIcon.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {36A21736-36C2-4C11-8ACB-D4136F2B57BD} Delete
C:\windows\system32\psxss.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\windows\system32\wuaucpl.cpl Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5F327514-6C5E-4d60-8F16-D07FA08A78ED} Delete
auditcse.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
igfxdev.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName Delete
rdpclip Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items detected - 682, recognized as trusted - 650

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
	Extension module			{97F922BD-8563-4184-87EE-8C4ACA438823} Delete
Elements detected - 8, recognized as trusted - 7

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	WebCheck			{E6FB5E20-DE35-11CF-9C87-00AA005127ED} Delete
C:\Program Files\TOSHIBA\TFPU\TFPUFileShellExt.dll Script: Quarantine, Delete, BC delete	TFPU file icon extension	TOSHIBA TFPUFileShellExt	2008 (c) TOSHIBA. All rights reserved.	{F4AE3B49-F019-4C6C-9A1A-3EE75DC83555} Delete
C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll Script: Quarantine, Delete, BC delete	Autodesk Dgn File Preview	AcDgnCOM Module	Copyright (c) 1982-2009 by Autodesk, Inc.	{4B392032-A759-43ED-9469-377C80A4472D} Delete
C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll Script: Quarantine, Delete, BC delete	Autodesk Drawing Preview	AutoCAD component	Copyright (c) 1982-2009 by Autodesk, Inc.	{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} Delete
C:\windows\system32\AcSignIcon.dll Script: Quarantine, Delete, BC delete	AutoCAD Digital Signatures Icon Overlay Handler			{36A21736-36C2-4C11-8ACB-D4136F2B57BD} Delete
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll Script: Quarantine, Delete, BC delete	AutoCAD DWG InfoTip Handler	AutoCAD Dwg common shell extension handler	Copyright (c) 1982-2009 by Autodesk, Inc.	{5800AD5B-72C1-477B-9A08-CA112DF06D97} Delete
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll Script: Quarantine, Delete, BC delete	AutoCAD DWG Column Handler	AutoCAD Dwg common shell extension handler	Copyright (c) 1982-2009 by Autodesk, Inc.	{8A0BC933-7552-42E2-A228-3BE055777227} Delete
	WinRAR shell extension			{B41DB860-8EE4-11D2-9906-E49FADC173CA} Delete
C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll Script: Quarantine, Delete, BC delete	DivX Thumbnail Provider	DivX MKV/AVI Thumbnail Provider	© Copyright 2009 DivX, Inc.	{83238FAE-D346-4E12-8734-D42F7554B3E6} Delete
C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll Script: Quarantine, Delete, BC delete	DivX Property Handler	DivX MKV/AVI Property Handler	© Copyright 2009 DivX, Inc.	{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} Delete
C:\windows\system32\wuaucpl.cpl Script: Quarantine, Delete, BC delete	Auto Update Property Sheet Extension			{5F327514-6C5E-4d60-8F16-D07FA08A78ED} Delete
	AVG Find Extension			{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Delete
C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll Script: Quarantine, Delete, BC delete	ColumnHandler	AutoCAD Dwg common shell extension handler	Copyright (c) 1982-2009 by Autodesk, Inc.	{8A0BC933-7552-42E2-A228-3BE055777227} Delete
	ColumnHandler			{F9DB5320-233E-11D1-9F84-707F02C10627} Delete
Elements detected - 31, recognized as trusted - 17

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
AdobePDF.dll Script: Quarantine, Delete, BC delete	Monitor	Adobe PDF Port Monitor
QL56L.DLL Script: Quarantine, Delete, BC delete	Monitor	Brother QL-560 Monitor
localspl.dll Script: Quarantine, Delete, BC delete	Monitor	Local Port
FXSMON.DLL Script: Quarantine, Delete, BC delete	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll Script: Quarantine, Delete, BC delete	Monitor	Standard TCP/IP Port
tbtmon.dll Script: Quarantine, Delete, BC delete	Monitor	Toshiba Bluetooth Monitor
usbmon.dll Script: Quarantine, Delete, BC delete	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, BC delete	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, BC delete	Provider	HTTP Print Services
Elements detected - 10, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 4, recognized as trusted - 4

SPI/LSP settings

Namespace providers (NSP)

Provider	Status	EXE file	Description	GUID
Detected - 9, recognized as trusted - 9

Transport protocol providers (TSP, LSP)

Provider EXE file Description
Detected - 10, recognized as trusted - 10
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
UDP ports

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Elements detected - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
C:\windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, BC delete Adobe Flash Player Control Panel Applet Copyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Elements detected - 20, recognized as trusted - 19

Active Setup

File name Description Manufacturer CLSID
Elements detected - 7, recognized as trusted - 7

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 15, recognized as trusted - 12

Suspicious objects

File Description Type

Main script of analysis
Windows version: Windows 7 Professional, Build=7601, SP="Service Pack 1"
System Restore: enabled
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
 >>  Abnormal SCR files association
 >>  Disable HDD autorun
 >>  Disable autorun from network drives
 >>  Disable CD/DVD autorun
 >>  Disable removable media autorun
 >>  Windows Explorer - show extensions of known file types
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
UDP ports