Results of system analysis

List of processes

File name	PID	Description	Copyright	MD5	Information
aawservice.exe Script: Quarantine, Delete, BC delete, Terminate	1568			??	error getting file info Command line:
c:\program files\aim6\aim6.exe Script: Quarantine, Delete, BC delete, Terminate	3616	AIM	© 2007 AOL LLC.	??	49.34 kb, rsAh, created: 6/19/2008 12:51:30 PM, modified: 6/19/2008 12:51:30 PM Command line: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
AluSchedulerSvc.exe Script: Quarantine, Delete, BC delete, Terminate	2532			??	error getting file info Command line:
c:\program files\aim6\anotify.exe Script: Quarantine, Delete, BC delete, Terminate	1360	AOL	Copyright (c) 2007 AOL LLC	??	41.05 kb, rsAh, created: 3/13/2007 9:41:02 AM, modified: 3/13/2007 9:41:02 AM Command line: "C:\Program Files\AIM6\anotify.exe" /d clientMoniker="ee://aol/toaster" /d packageMoniker="ee://aol/toaster" /d resourceSearchPath="en-US-aol:en-US" ee://aol/toaster
c:\program files\aim6\aolsoftware.exe Script: Quarantine, Delete, BC delete, Terminate	4184	AOL	Copyright (c) 2007 AOL LLC	??	40.84 kb, rsAh, created: 10/8/2007 4:50:56 PM, modified: 10/8/2007 4:50:56 PM Command line: "C:\Program Files\AIM6\aolsoftware.exe" /h servicehost.defaultGrp
c:\program files\common files\aol\1158549145\ee\aolsoftware.exe Script: Quarantine, Delete, BC delete, Terminate	2344	AOL	© 2006 America Online, Inc.	??	49.60 kb, rsAh, created: 4/20/2006 12:10:13 PM, modified: 4/20/2006 12:10:13 PM Command line: "C:\Program Files\Common Files\AOL\1158549145\ee\aolsoftware.exe" /Embedding /c defaultCfg
AppleMobileDeviceService.exe Script: Quarantine, Delete, BC delete, Terminate	792			??	error getting file info Command line:
c:\users\jordan\desktop\avz4\avz4\avz.exe Script: Quarantine, Delete, BC delete, Terminate	5140	???????????? ??????? AVZ	???????????? ??????? AVZ	??	716.50 kb, rsAh, created: 7/23/2008 7:37:03 PM, modified: 4/6/2008 5:22:50 PM Command line: "C:\Users\Jordan\Desktop\avz4\avz4\avz.exe"
c:\program files\common files\symantec shared\ccsvchst.exe Script: Quarantine, Delete, BC delete, Terminate	3504	Symantec Service Framework	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	??	145.85 kb, rsAh, created: 2/18/2008 2:37:20 PM, modified: 2/18/2008 2:37:20 PM Command line: /a /h ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccSvcHst.exe Script: Quarantine, Delete, BC delete, Terminate	1724			??	error getting file info Command line:
cvpnd.exe Script: Quarantine, Delete, BC delete, Terminate	932			??	error getting file info Command line:
dsNcService.exe Script: Quarantine, Delete, BC delete, Terminate	2008			??	error getting file info Command line:
c:\windows\explorer.exe Script: Quarantine, Delete, BC delete, Terminate	2912	Windows Explorer	© Microsoft Corporation. All rights reserved.	??	2855.00 kb, rsAh, created: 11/14/2007 4:05:15 AM, modified: 11/14/2007 4:05:15 AM Command line: C:\Windows\Explorer.EXE
c:\progra~1\mozill~1\firefox.exe Script: Quarantine, Delete, BC delete, Terminate	3236	Firefox	Mozilla Corporation	??	7487.61 kb, rsAh, created: 2/17/2008 3:59:03 PM, modified: 7/16/2008 5:45:04 PM Command line: "C:\PROGRA~1\MOZILL~1\FIREFOX.EXE" -requestPending -osint -url "http://www.geekstogo.com/forum/Vista-Problems-Help-t205801.html&gopid=1289422"
c:\program files\microsoft office\office12\groovemonitor.exe Script: Quarantine, Delete, BC delete, Terminate	3220	GrooveMonitor Utility	© 2006 Microsoft Corporation. All rights reserved.	??	32.86 kb, rsAh, created: 8/24/2007 7:00:48 AM, modified: 8/24/2007 7:00:48 AM Command line: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
c:\program files\hewlett-packard\digital imaging\bin\hpoevm08.exe Script: Quarantine, Delete, BC delete, Terminate	3936	HP OfficeJet COM Event Manager	Copyright (C) Hewlett-Packard Co. 1995-2001	??	280.00 kb, rsAh, created: 4/6/2003 12:45:10 AM, modified: 4/6/2003 12:45:10 AM Command line: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe Script: Quarantine, Delete, BC delete, Terminate	3640	HP OfficeJet COM Device Objects	Copyright (C) Hewlett-Packard Co. 1995-2001	??	144.00 kb, rsAh, created: 4/6/2003 1:17:18 AM, modified: 4/6/2003 1:17:18 AM Command line: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe"
c:\program files\hewlett-packard\digital imaging\bin\hposts08.exe Script: Quarantine, Delete, BC delete, Terminate	3048	HP OfficeJet Status	Copyright (C) Hewlett-Packard Co. 1995-2001	??	304.00 kb, rsAh, created: 4/6/2003 12:55:04 AM, modified: 4/6/2003 12:55:04 AM Command line: "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 1200 series#1161198188" /Startup
c:\program files\internet explorer\iexplore.exe Script: Quarantine, Delete, BC delete, Terminate	3632	Internet Explorer	© Microsoft Corporation. All rights reserved.	??	611.00 kb, rsAh, created: 6/11/2008 5:15:55 PM, modified: 4/24/2008 11:22:36 PM Command line: "C:\Program Files\Internet Explorer\iexplore.exe"
iPodService.exe Script: Quarantine, Delete, BC delete, Terminate	3024			??	error getting file info Command line:
c:\program files\itunes\ituneshelper.exe Script: Quarantine, Delete, BC delete, Terminate	3528	iTunesHelper Module	© 2003-2008 Apple Inc. All Rights Reserved.	??	282.29 kb, rsAh, created: 7/10/2008 10:51:32 AM, modified: 7/10/2008 10:51:32 AM Command line: "C:\Program Files\iTunes\iTunesHelper.exe"
mDNSResponder.exe Script: Quarantine, Delete, BC delete, Terminate	772			??	error getting file info Command line:
f:\programs\poweriso\pwrisovm.exe Script: Quarantine, Delete, BC delete, Terminate	3200	PowerISO Virtual Drive Manager	Copyright (C) 2004-2007	??	196.00 kb, rsAh, created: 4/9/2007 7:23:11 AM, modified: 4/9/2007 7:23:11 AM Command line: "F:\Programs\PowerISO\PWRISOVM.EXE"
c:\program files\windows sidebar\sidebar.exe Script: Quarantine, Delete, BC delete, Terminate	3152	Windows Sidebar	© Microsoft Corporation. All rights reserved.	??	1204.00 kb, rsAh, created: 1/9/2008 4:01:34 AM, modified: 1/9/2008 4:01:34 AM Command line: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
symlcsvc.exe Script: Quarantine, Delete, BC delete, Terminate	4780			??	error getting file info Command line:
usnsvc.exe Script: Quarantine, Delete, BC delete, Terminate	4416			??	error getting file info Command line:
ViewMgr.exe Script: Quarantine, Delete, BC delete, Terminate	3776			??	error getting file info Command line:
ViewpointService.exe Script: Quarantine, Delete, BC delete, Terminate	2188			??	error getting file info Command line:
wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate	1132			??	error getting file info Command line:
c:\program files\winzip\wzqkpick.exe Script: Quarantine, Delete, BC delete, Terminate	3704	WinZip Executable	Copyright (c) WinZip International LLC 1991-2008 - All Rights Reserved	??	405.34 kb, RsAh, created: 4/28/2008 11:20:00 AM, modified: 4/28/2008 11:20:00 AM Command line: "C:\Program Files\WinZip\WZQKPICK.EXE"
Detected:71, recognized as trusted 45

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files\AIM6\aim6.exe Script: Quarantine, Delete, BC delete	4194304	AIM	© 2007 AOL LLC.	??	3616
C:\Program Files\AIM6\anotify.exe Script: Quarantine, Delete, BC delete	4194304	AOL	Copyright (c) 2007 AOL LLC	??	1360
C:\Program Files\AIM6\aolsoftware.exe Script: Quarantine, Delete, BC delete	4194304	AOL	Copyright (c) 2007 AOL LLC	??	4184
C:\Program Files\AIM6\AOLSvcMgr.dll Script: Quarantine, Delete, BC delete	1811939328	AOLSvcMgr	Copyright (c) 2007 AOL LLC	--	3616, 1360, 4184
C:\Program Files\AIM6\coolcore52.dll Script: Quarantine, Delete, BC delete	1074790400	COOL Core Component Library	Copyright (C) 1998-2008 AOL LLC	--	3616
c:\program files\aim6\services\boxelyrenderer\ver3_1_3_4\boxelyRenderer.dll Script: Quarantine, Delete, BC delete	1739456512	boxelyRenderer AOL Application Service Library	© 2007 AOL LLC	--	3616, 1360
c:\program files\aim6\services\imApp\ver6_8_10_1\imAppService.dll Script: Quarantine, Delete, BC delete	31784960	imAppService EE Application Service	Copyright (c) 2007 AOL LLC.	--	3616
c:\program files\aim6\services\localStorage\ver7_3_2_1\clsSvc.dll Script: Quarantine, Delete, BC delete	1732837376	clssvc EE Service	Copyright (c) 2007 AOL LLC	--	3616, 1360, 4184
c:\program files\aim6\services\miniXML\ver1_6_1_2\XMLMini.dll Script: Quarantine, Delete, BC delete	1734148096	Mini XML Parser	Copyright (c) 2007 AOL LLC	--	1360
c:\program files\aim6\services\notification\ver6_4_1_1\Notify.dll Script: Quarantine, Delete, BC delete	1733230592	Notification Service	Copyright (c) 2007 AOL LLC	--	3616, 1360, 4184
c:\program files\aim6\services\os\ver5_2_1_1\AOLIdleMon.dll Script: Quarantine, Delete, BC delete	268435456	AolIdleMon EE Service	Copyright (c) 2006 AOL LLC	--	4184
c:\program files\aim6\services\os\ver5_2_1_1\OS.dll Script: Quarantine, Delete, BC delete	1733492736	os EE Service	Copyright (c) 2006 AOL LLC	--	4184
c:\program files\aim6\services\preferences\ver5_2_1_1\preferences.dll Script: Quarantine, Delete, BC delete	1733754880	Preferences Service	Copyright (c) 2007 AOL LLC	--	3616, 1360
c:\program files\aim6\services\toaster\ver4_3_1_1\toaster.dll Script: Quarantine, Delete, BC delete	1738801152	Toaster Notification Service	Copyright (c) 2007 AOL, LLC.	--	1360
C:\Program Files\AIM6\xprt5.dll Script: Quarantine, Delete, BC delete	1073741824	XPRT Runtime Library	Copyright 1998-2007 AOL LLC	--	3616, 4184
C:\Program Files\AIM6\xprt6.dll Script: Quarantine, Delete, BC delete	3604480	XPRT Runtime Library	Copyright (C) 1998-2008 AOL LLC	--	3616, 1360, 4184
C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll Script: Quarantine, Delete, BC delete	105381888	AOL IE Toolbar Dynamic Link Library	© 2007 AOL LLC. All rights reserved.	--	3632
C:\Program Files\Common Files\AOL\1158549145\ee\AOLHostMgr.dll Script: Quarantine, Delete, BC delete	1812594688	AOLHostManager	© 2006 America Online, Inc.	--	2344
C:\Program Files\Common Files\AOL\1158549145\ee\aolsoftware.exe Script: Quarantine, Delete, BC delete	4194304	AOL	© 2006 America Online, Inc.	??	2344
C:\Program Files\Common Files\AOL\1158549145\ee\AOLSvcMgr.dll Script: Quarantine, Delete, BC delete	1811939328	AOLSvcMgr	© 2006 America Online, Inc.	--	2344
C:\Program Files\Common Files\AOL\1158549145\ee\coolcore45.dll Script: Quarantine, Delete, BC delete	1074790400	COOL Core Component Library	Copyright (c) 1998-2005 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\aolsystrayservice\ver3_0_3_1\AOLSysTrayService.dll Script: Quarantine, Delete, BC delete	1742995456	aolsystrayservice EE Service	Copyright (c) 2005 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\authentication\ver4_0_0_24\authenticationshadow.dll Script: Quarantine, Delete, BC delete	1728512000	AAM	Copyright (c) 2005 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\bfts\ver2_13_3_3\bfts.dll Script: Quarantine, Delete, BC delete	1729822720	BFTS EE Service	Copyright (C) 1999-2005 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\http\ver1_17_2_1\http.dll Script: Quarantine, Delete, BC delete	14614528	HTTP Connection Service	Copyright (c) 2005 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\localStorage\ver4_7_2_1\clsSvc.dll Script: Quarantine, Delete, BC delete	1732837376	clssvc EE Service	Copyright (c) 2005 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\metrics\ver3_6_13_2\cmls.dll Script: Quarantine, Delete, BC delete	1729495040	Client Metrics Service	Copyright (c) 2005 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\miniXML\ver1_4_4_1\XMLMini.dll Script: Quarantine, Delete, BC delete	1734148096	Mini XML Parser	Copyright (c) 2005 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\notification\ver3_12_4_5\Notify.dll Script: Quarantine, Delete, BC delete	1733230592	Notification Service	Copyright (c) 2006 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\os\ver4_2_7_1\AOLIdleMon.dll Script: Quarantine, Delete, BC delete	1746731008	AolIdleMon EE Service	Copyright (c) 2006 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\os\ver4_2_7_1\OS.dll Script: Quarantine, Delete, BC delete	1746468864	os EE Service	Copyright (c) 2006 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\softwareUpdate\ver1_14_4_2\stic.dll Script: Quarantine, Delete, BC delete	1730543616	Active Update AOL EE Service - stic.dll	Copyright (C) 1999-2005 America Online, Inc.	--	2344
c:\program files\common files\aol\1158549145\ee\services\suiteframework\ver2_30_12_1\suiteFramework.dll Script: Quarantine, Delete, BC delete	1735917568	SuiteFramework Service	Copyright (c) 2004 America Online, Inc.	--	2344
C:\Program Files\Common Files\AOL\1158549145\ee\xprt5.dll Script: Quarantine, Delete, BC delete	1073741824	XPRT Runtime Library	Copyright (c) 1998-2006 America Online, Inc.	--	2344
C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll Script: Quarantine, Delete, BC delete	1811546112	AOL Diagnostics	Copyright © 1998-2006 - SupportSoft Software, Inc. All Rights Reserved.	--	3616, 1360, 4184, 2344
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll Script: Quarantine, Delete, BC delete	268435456	iTunesMobileDevice	Copyright (C) 2007	--	3528
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll Script: Quarantine, Delete, BC delete	1876951040	Symantec AntiVirus Interface	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVMail.dll Script: Quarantine, Delete, BC delete	1876623360	Symantec AntiVirus Email Filter	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\Program Files\Common Files\Symantec Shared\AppCore\AppJMS32.dll Script: Quarantine, Delete, BC delete	1873936384	Symantec Application Core Module	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll Script: Quarantine, Delete, BC delete	1874198528	Symantec Application Core Manager	Copyright (c) 1997-2008 Symantec Corporation	--	5140, 3504, 2912, 3236, 3632
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll Script: Quarantine, Delete, BC delete	1874919424	Symantec Application Core ccSetting	Copyright (c) 1997-2008 Symantec Corporation	--	3236, 3632
C:\Program Files\Common Files\Symantec Shared\auCOLPwd.dll Script: Quarantine, Delete, BC delete	268435456	Norton Confidential (CoLite) v2007.1 NT5 Build (2007.1.1.1009)	Copyright (c) 2001-2007 Symantec Corporation. All rights reserved.	--	3504
C:\Program Files\Common Files\Symantec Shared\Backup\buDataCl.dll Script: Quarantine, Delete, BC delete	1857028096	Backup DataCL	Copyright (c) 1997-2008 Symantec Corporation	--	3504, 3152
C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll Script: Quarantine, Delete, BC delete	1859715072	Backup Shell	Copyright (c) 1997-2008 Symantec Corporation	--	5140, 2912, 3236, 3632
C:\Program Files\Common Files\Symantec Shared\ccIPC.dll Script: Quarantine, Delete, BC delete	1795817472	Symantec ccIPC Engine	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	5140, 3504, 2912, 3236, 3632, 3152
C:\Program Files\Common Files\Symantec Shared\ccL70U.dll Script: Quarantine, Delete, BC delete	1796669440	Symantec Library	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	5140, 3504, 2912, 3236, 3632, 3152
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll Script: Quarantine, Delete, BC delete	1801256960	Symantec Proxy Factory	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	3504
C:\Program Files\Common Files\Symantec Shared\ccSet.dll Script: Quarantine, Delete, BC delete	1805647872	Symantec Settings Manager Engine	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	5140, 3504, 2912, 3236, 3632, 3152
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll Script: Quarantine, Delete, BC delete	1805778944	Symantec Settings Manager Event Factory	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	3504
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll Script: Quarantine, Delete, BC delete	1806499840	Symantec ccService Engine	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	3504
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe Script: Quarantine, Delete, BC delete	4194304	Symantec Service Framework	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	??	3504
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll Script: Quarantine, Delete, BC delete	1807941632	Symantec Trust Validation Engine	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	5140, 3504, 2912, 3236, 3632, 3152
C:\Program Files\Common Files\Symantec Shared\CF\PEP2.dll Script: Quarantine, Delete, BC delete	1838284800	Component Framework PEP2	Copyright (c) 1997-2007 Symantec Corporation	--	3504
C:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll Script: Quarantine, Delete, BC delete	1850212352	SONAR Component	Copyright (c) 2001-2008 Symantec Corporation. All rights reserved.	--	3504
C:\Program Files\Common Files\Symantec Shared\COH\sH0003.dll Script: Quarantine, Delete, BC delete	89653248	SONAR Component	Copyright (c) 2001-2008 Symantec Corporation. All rights reserved.	--	3504
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coCoreFw.dll Script: Quarantine, Delete, BC delete	1724186624	coCoreFramework	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3236, 3632
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll Script: Quarantine, Delete, BC delete	1725431808	coIEPlugIn	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3632
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coUICtlr.dll Script: Quarantine, Delete, BC delete	1726152704	CoUIController	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3236, 3632
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.6\coParse.dll Script: Quarantine, Delete, BC delete	1733492736	expatw Dynamic Link Library	Copyright (C) 2007	--	3504, 3236, 3632
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.6\DSMigrat.dll Script: Quarantine, Delete, BC delete	1727594496	DSMigrate	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3504
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.6\IVPlugin.dll Script: Quarantine, Delete, BC delete	1727987712	IVPlugin	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3236, 3632
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.6\rf.dll Script: Quarantine, Delete, BC delete	1731919872	RoboformSDK Main Module	Copyright (C) 1999-2008 Siber Systems Inc.	--	3236, 3632
C:\Program Files\Common Files\Symantec Shared\coShared\CIM\2.6\rfpxy.dll Script: Quarantine, Delete, BC delete	42926080	RoboForm Adapter module for Gecko	Copyright 2000-2007 Siber Systems Inc.	--	3236
C:\Program Files\Common Files\Symantec Shared\coShared\WA\2.6\coWbAuth.dll Script: Quarantine, Delete, BC delete	1726480384	coWebAuthPlugIn	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3236, 3632
C:\Program Files\Common Files\Symantec Shared\coShared\WP\2.6\coWCID.dll Script: Quarantine, Delete, BC delete	1726742528	coWCIDPlugIn	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3236, 3632
C:\Program Files\Common Files\Symantec Shared\coShared\WP\2.6\nppw.dll Script: Quarantine, Delete, BC delete	1825570816	Norton Confidential (WCID) NT5 Build v2008.2.0.5013	Copyright (c) 2001-2007 Symantec Corporation. All rights reserved.	--	3632
C:\Program Files\Common Files\Symantec Shared\coShared\WP\2.6\nppwff.dll Script: Quarantine, Delete, BC delete	268435456	Norton Confidential (WCID) NT5 Build v2008.2.0.5013	Copyright (c) 2001-2007 Symantec Corporation. All rights reserved.	--	3236
C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiDataCl.dll Script: Quarantine, Delete, BC delete	1876099072	Norton Protection Center UI Data Client	Copyright (c) 1997-2008 Symantec Corporation	--	3504, 3152
C:\Program Files\Common Files\Symantec Shared\NPC\2.0\uiLicPlg.dll Script: Quarantine, Delete, BC delete	92536832	Norton Protection Center UI Licensing Plugin	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\Program Files\Common Files\Symantec Shared\NPC\DataPvdr.dll Script: Quarantine, Delete, BC delete	1870266368	Norton Protection Center UI Data Provider	Copyright (c) 1997-2008 Symantec Corporation	--	3504, 3152
C:\Program Files\Common Files\Symantec Shared\NPC\PEPEvnt.dll Script: Quarantine, Delete, BC delete	1873281024	Norton Protection Center UI Eventing DLL	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\AlertEng.dll Script: Quarantine, Delete, BC delete	1836056576	Alert Engine	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3504
C:\Program Files\Common Files\Symantec Shared\SymHTML\2.0\SymHTML.DLL Script: Quarantine, Delete, BC delete	1822425088	SymHTML	Copyright (c) 1997-2008 Symantec Corporation	--	3504, 3632
C:\Program Files\Common Files\Symantec Shared\SymNeti.dll Script: Quarantine, Delete, BC delete	91553792	Symantec Network Driver Interface	Copyright 2002 - 2007 Symantec Corporation	--	3504
C:\Program Files\Common Files\Symantec Shared\SymRedir.dll Script: Quarantine, Delete, BC delete	1870594048	Redirector Interface DLL	Copyright 2002 - 2007 Symantec Corporation	--	3504
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll Script: Quarantine, Delete, BC delete	337641472	HP CUE/AiO Context Information Objects	Copyright (C) Hewlett-Packard Co. 1995-2001	--	3936, 3640, 3048
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll Script: Quarantine, Delete, BC delete	339738624	HP OfficeJet COM Device IO Objects (CUE)	Copyright (C) Hewlett-Packard Co. 1995-2001	--	3640, 3048
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll Script: Quarantine, Delete, BC delete	13041664	HP OfficeJet COM Base Device Objects	Copyright (C) Hewlett-Packard Co. 1995-2001	--	3640
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe Script: Quarantine, Delete, BC delete	4194304	HP OfficeJet COM Event Manager	Copyright (C) Hewlett-Packard Co. 1995-2001	??	3936
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe Script: Quarantine, Delete, BC delete	4194304	HP OfficeJet COM Device Objects	Copyright (C) Hewlett-Packard Co. 1995-2001	??	3640
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe Script: Quarantine, Delete, BC delete	4194304	HP OfficeJet Status	Copyright (C) Hewlett-Packard Co. 1995-2001	??	3048
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.rsc Script: Quarantine, Delete, BC delete	3932160	Combined resource DLL	Copyright (C) Hewlett-Packard Co. 1995-2001	--	3048
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll Script: Quarantine, Delete, BC delete	340262912	HP OfficeJet COM Common Objects	Copyright (C) Hewlett-Packard Co. 1995-2001	--	3936, 3640, 3048
C:\Program Files\iTunes\iTunesHelper.exe Script: Quarantine, Delete, BC delete	14286848	iTunesHelper Module	© 2003-2008 Apple Inc. All Rights Reserved.	??	3528
C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL Script: Quarantine, Delete, BC delete	1856569344	iTunesHelper Resource Library	© 2003-2008 Apple Inc. All Rights Reserved.	--	3528
C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL Script: Quarantine, Delete, BC delete	1853161472	iTunesHelper Resource Library	© 2003-2008 Apple Inc. All Rights Reserved.	--	3528
C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll Script: Quarantine, Delete, BC delete	1806172160	GrooveIntlResource Module	© 2006 Microsoft Corporation. All rights reserved.	--	2912
C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll Script: Quarantine, Delete, BC delete	76939264	GrooveMisc Module	© 2006 Microsoft Corporation. All rights reserved.	--	2912
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe Script: Quarantine, Delete, BC delete	4194304	GrooveMonitor Utility	© 2006 Microsoft Corporation. All rights reserved.	??	3220
C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL Script: Quarantine, Delete, BC delete	1927741440	GrooveNew Module	© 2006 Microsoft Corporation. All rights reserved.	--	5140, 2912, 3236, 3220, 3632
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	1884487680	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	--	5140, 2912, 3236, 3220, 3632
C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll Script: Quarantine, Delete, BC delete	1893269504	GrooveSystemServices Module	© 2006 Microsoft Corporation. All rights reserved.	--	2912, 3236, 3220
C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL Script: Quarantine, Delete, BC delete	1883439104	GrooveUtil Module	© 2006 Microsoft Corporation. All rights reserved.	--	5140, 2912, 3236, 3220, 3632
C:\Program Files\Mozilla Firefox\nssckbi.dll Script: Quarantine, Delete, BC delete	1612906496	NSS Builtin Trusted Root CAs		--	3236
C:\Program Files\Norton 360\09\01\coDataPr.loc Script: Quarantine, Delete, BC delete	75890688	coDataProviderRes	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3504, 3152
C:\Program Files\Norton 360\coDataPr.dll Script: Quarantine, Delete, BC delete	1724514304	coDataProvider	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3504, 3152
C:\Program Files\Norton 360\SetEvtHp.dll Script: Quarantine, Delete, BC delete	1751121920	Settings Event Helper	Copyright © 2006 Symantec Corporation. All rights reserved.	--	3504
C:\Program Files\Norton 360\tpAlert.dll Script: Quarantine, Delete, BC delete	1779367936	Norton360 Alert Plugin	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\Program Files\Norton 360\tpCED.dll Script: Quarantine, Delete, BC delete	67371008	N360 Common Error Description Component	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\PROGRAM FILES\NORTON 360\TPCNTNR.DLL Script: Quarantine, Delete, BC delete	1781268480	TP Container	Copyright (c) 1997-2008 Symantec Corporation	--	3504, 3152
C:\Program Files\Norton 360\tpDataCl.dll Script: Quarantine, Delete, BC delete	1782972416	TP Data Cl	Copyright (c) 1997-2008 Symantec Corporation	--	3504, 3152
C:\PROGRAM FILES\NORTON 360\TPMAINUI.DLL Script: Quarantine, Delete, BC delete	1785135104	TP Main UI	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\Program Files\QuickTime\QTSystem\QuickTime.qts Script: Quarantine, Delete, BC delete	1776943104	QuickTime	Copyright Apple Inc. 1989-2008	--	3528
C:\Program Files\SmartFTP Client\SmartHook.dll Script: Quarantine, Delete, BC delete	268435456	SmartFTP Client CopyHook	Copyright © 2007 by SmartSoft Ltd.	--	2912
C:\Program Files\WinZip\WZQKPICK.EXE Script: Quarantine, Delete, BC delete	4194304	WinZip Executable	Copyright (c) WinZip International LLC 1991-2008 - All Rights Reserved	??	3704
C:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, BC delete	371195904	WinZip Shell Extension DLL	Copyright (c) WinZip International LLC 1991-2008 - All Rights Reserved	--	3236
C:\PROGRA~1\COMMON~1\SYMANT~1\APPCORE\APPPLG32.DLL Script: Quarantine, Delete, BC delete	1874657280	Symantec Application Core Plugin	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL Script: Quarantine, Delete, BC delete	1790967808	Symantec Alert and Notification	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	3504
C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPPPLG.DLL Script: Quarantine, Delete, BC delete	1791426560	Symantec Service Debug Plugin	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	3504
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL Script: Quarantine, Delete, BC delete	1794048000	Symantec Email Proxy	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	3504
C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll Script: Quarantine, Delete, BC delete	1794572288	Symantec Event Manager Client Side Interface	Copyright (c) 2000-2007 Symantec Corporation. All rights reserved.	--	3504
C:\PROGRA~1\COMMON~1\SYMANT~1\COL\SESHLP.DLL Script: Quarantine, Delete, BC delete	1847590912	SONAR Component	Copyright (c) 2001-2007 Symantec Corporation. All rights reserved.	--	3504
C:\PROGRA~1\COMMON~1\SYMANT~1\coShared\FF\2.5\FFPrefs.dll Script: Quarantine, Delete, BC delete	1774845952	N360 FireFox Preferences Component	Copyright (c) 1997-2008 Symantec Corporation	--	3236, 3632
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll Script: Quarantine, Delete, BC delete	80871424	IPS Browser Helper DLL	Copyright (c) 2006-2008 Symantec Corporation	--	3632
C:\PROGRA~1\COMMON~1\SYMANT~1\NPC\2.0\Gadget.dll Script: Quarantine, Delete, BC delete	1870331904	Norton Protection Center Gadget Engine	Copyright (c) 1997-2008 Symantec Corporation	--	3152
C:\PROGRA~1\COMMON~1\SYMANT~1\NPC\2.0\UIALERT.DLL Script: Quarantine, Delete, BC delete	37748736	Norton Protection Center Alert Provider	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\PROGRA~1\COMMON~1\SYMANT~1\NPC\2.0\UIHOST.DLL Script: Quarantine, Delete, BC delete	1876361216	Norton Protection Center UI Host	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\PROGRA~1\COMMON~1\SYMANT~1\NPC\NPCLU.DLL Script: Quarantine, Delete, BC delete	1871577088	Norton Protection Center LiveUpdate Plugin	Copyright (c) 1997-2008 Symantec Corporation	--	3504
C:\PROGRA~1\COMMON~1\SYMANT~1\PIF\{96E26~1\AlertUi.dll Script: Quarantine, Delete, BC delete	1836515328	Alert UI	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3504
C:\PROGRA~1\MOZILL~1\components\coFFPlgn.dll Script: Quarantine, Delete, BC delete	1724907520	coFirefoxPlugIn	Copyright (c) 2008 Symantec Corporation. All rights reserved.	--	3236
C:\PROGRA~1\MOZILL~1\components\jar50.dll Script: Quarantine, Delete, BC delete	1610678272		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3236
C:\PROGRA~1\MOZILL~1\components\myspell.dll Script: Quarantine, Delete, BC delete	1610874880		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3236
C:\PROGRA~1\MOZILL~1\components\spellchk.dll Script: Quarantine, Delete, BC delete	1610940416		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3236
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE Script: Quarantine, Delete, BC delete	4194304	Firefox	Mozilla Corporation	??	3236
C:\PROGRA~1\MOZILL~1\freebl3.dll Script: Quarantine, Delete, BC delete	1611202560	NSS freebl Library		--	3236
C:\PROGRA~1\MOZILL~1\js3250.dll Script: Quarantine, Delete, BC delete	1611464704	Netscape 32-bit JavaScript Module	Copyright Netscape Communications. 1994-96	--	3236
C:\PROGRA~1\MOZILL~1\nspr4.dll Script: Quarantine, Delete, BC delete	1612316672	NSPR Library	Copyright © 1996-2000 Netscape Communications Corporation	--	3236
C:\PROGRA~1\MOZILL~1\nss3.dll Script: Quarantine, Delete, BC delete	1612513280	NSS Base Library		--	3236
C:\PROGRA~1\MOZILL~1\plc4.dll Script: Quarantine, Delete, BC delete	1613234176	PLC Library	Copyright © 1996-2000 Netscape Communications Corporation	--	3236
C:\PROGRA~1\MOZILL~1\plds4.dll Script: Quarantine, Delete, BC delete	1613299712	PLDS Library	Copyright © 1996-2000 Netscape Communications Corporation	--	3236
C:\PROGRA~1\MOZILL~1\smime3.dll Script: Quarantine, Delete, BC delete	1613430784	NSS S/MIME Library		--	3236
C:\PROGRA~1\MOZILL~1\softokn3.dll Script: Quarantine, Delete, BC delete	1613561856	NSS PKCS #11 Library		--	3236
C:\PROGRA~1\MOZILL~1\ssl3.dll Script: Quarantine, Delete, BC delete	1613824000	NSS SSL Library		--	3236
C:\PROGRA~1\MOZILL~1\xpcom.dll Script: Quarantine, Delete, BC delete	1614020608		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3236
C:\PROGRA~1\MOZILL~1\xpcom_compat.dll Script: Quarantine, Delete, BC delete	1614086144		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3236
C:\PROGRA~1\MOZILL~1\xpcom_core.dll Script: Quarantine, Delete, BC delete	1614217216		License: MPL 1.1/GPL 2.0/LGPL 2.1	--	3236
C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080722.002\Scxpx86.dll Script: Quarantine, Delete, BC delete	82378752	IPS Script Engine DLL	Copyright (c) 2006-2008 Symantec Corporation	--	3632
F:\Programs\PowerISO\PWRISOVM.EXE Script: Quarantine, Delete, BC delete	4194304	PowerISO Virtual Drive Manager	Copyright (C) 2004-2007	??	3200
Modules detected:412, recognized as trusted 274

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\System32\34971.sys Script: Quarantine, Delete, BC delete	888F4000	006000 (24576)
C:\Windows\System32\Drivers\AFS2K.SYS Script: Quarantine, Delete, BC delete	8BB7A000	009000 (36864)	Audio File System	Copyright (C) Oak Technology Inc.
C:\Windows\system32\Drivers\CVPNDRVA.sys Script: Quarantine, Delete, BC delete	AF370000	090000 (589824)	Cisco Systems VPN Client IPSec Driver	Copyright © 1998-2006 Cisco Systems, Inc.
C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080722.002\IDSvix86.sys Script: Quarantine, Delete, BC delete	8BD81000	044000 (278528)	IDS Core Driver	Copyright (c) 2006-2008 Symantec Corporation
C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080723.009\NAVENG.SYS Script: Quarantine, Delete, BC delete	8BCE2000	015000 (86016)	AV Engine	Copyright (C) 1991-2008 Symantec Corporation.
C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080723.009\NAVEX15.SYS Script: Quarantine, Delete, BC delete	92C19000	0D0000 (851968)	AV Engine	Copyright (C) 1991-2008 Symantec Corporation.
C:\Windows\system32\drivers\pavboot.sys Script: Quarantine, Delete, BC delete	877FA000	006000 (24576)	Panda Boot Driver	© Panda Security 2008
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys Script: Quarantine, Delete, BC delete	8CCE7000	070000 (458752)	SPBBC Driver	Copyright (C) 2004, 2005, 2006, 2007 Symantec Corporation. All rights reserved.
C:\Windows\System32\Drivers\SRTSP.SYS Script: Quarantine, Delete, BC delete	B4A93000	049000 (299008)	Symantec AutoProtect	Copyright (c) 2006 - 2007 Symantec Corporation
C:\Windows\System32\Drivers\SRTSPX.SYS Script: Quarantine, Delete, BC delete	8BAF1000	00A000 (40960)	Symantec AutoProtect	Copyright (c) 2006 - 2007 Symantec Corporation
C:\Windows\System32\Drivers\SYMDNS.SYS Script: Quarantine, Delete, BC delete	88A96000	002000 (8192)	DNS Filter Driver	Copyright 2002 - 2007 Symantec Corporation
C:\Windows\system32\Drivers\SYMEVENT.SYS Script: Quarantine, Delete, BC delete	8CEDE000	025000 (151552)	Symantec Event Library	Copyright (C) Symantec Corporation 1992-2007
C:\Windows\System32\Drivers\SYMFW.SYS Script: Quarantine, Delete, BC delete	8CEBD000	016000 (90112)	Firewall Filter Driver	Copyright 2002 - 2007 Symantec Corporation
C:\Windows\system32\drivers\symlcbrd.sys Script: Quarantine, Delete, BC delete	87433000	006000 (24576)	Symantec Core Component	Copyright (C) 2003
C:\Windows\System32\Drivers\SYMNDISV.SYS Script: Quarantine, Delete, BC delete	8CA7F000	00D000 (53248)	NDIS Filter Driver	Copyright 2002 - 2007 Symantec Corporation
C:\Windows\System32\Drivers\SYMREDRV.SYS Script: Quarantine, Delete, BC delete	888B2000	004000 (16384)	Redirector Filter Driver	Copyright 2002 - 2007 Symantec Corporation
C:\Windows\System32\Drivers\SYMTDI.SYS Script: Quarantine, Delete, BC delete	8CF03000	02C000 (180224)	Network Dispatch Driver	Copyright 2002 - 2007 Symantec Corporation
Modules detected - 169, recognized as trusted - 152

Services

Service	Description	Status	File	Group	Dependencies
aawservice Service: Stop, Delete, Disable	Ad-Aware 2007 Service	Running	C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe Script: Quarantine, Delete, BC delete	ShellSvcGroup	RpcSS
Apple Mobile Device Service: Stop, Delete, Disable	Apple Mobile Device	Running	C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe Script: Quarantine, Delete, BC delete		Tcpip
Automatic LiveUpdate Scheduler Service: Stop, Delete, Disable	Automatic LiveUpdate Scheduler	Running	C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe Script: Quarantine, Delete, BC delete
ccEvtMgr Service: Stop, Delete, Disable	Symantec Event Manager	Running	C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe Script: Quarantine, Delete, BC delete	Symantec Core Services	RPCSS
ccSetMgr Service: Stop, Delete, Disable	Symantec Settings Manager	Running	C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe Script: Quarantine, Delete, BC delete	Symantec Core Services	RPCSS
CLTNetCnService Service: Stop, Delete, Disable	Symantec Lic NetConnect service	Running	C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe Script: Quarantine, Delete, BC delete
CVPND Service: Stop, Delete, Disable	Cisco Systems, Inc. VPN Service	Running	C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe Script: Quarantine, Delete, BC delete		TCPIP
dsNcService Service: Stop, Delete, Disable	Juniper Network Connect Service	Running	C:\Program Files\Juniper Networks\Common Files\dsNcService.exe Script: Quarantine, Delete, BC delete		RPCSS
iPod Service Service: Stop, Delete, Disable	iPod Service	Running	C:\Program Files\iPod\bin\iPodService.exe Script: Quarantine, Delete, BC delete		RpcSs
LiveUpdate Notice Service: Stop, Delete, Disable	LiveUpdate Notice	Running	C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe Script: Quarantine, Delete, BC delete	Symantec Services
Symantec Core LC Service: Stop, Delete, Disable	Symantec Core LC	Running	C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe Script: Quarantine, Delete, BC delete	Symantec Services	RPCSS
Viewpoint Manager Service Service: Stop, Delete, Disable	Viewpoint Manager Service	Running	C:\Program Files\Viewpoint\Common\ViewpointService.exe Script: Quarantine, Delete, BC delete		RPCSS
comHost Service: Stop, Delete, Disable	COM Host	Not started	C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe Script: Quarantine, Delete, BC delete	Symantec Services	RpcSs
gusvc Service: Stop, Delete, Disable	Google Updater Service	Not started	C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Script: Quarantine, Delete, BC delete		RPCSS
LiveUpdate Service: Stop, Delete, Disable	LiveUpdate	Not started	C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE Script: Quarantine, Delete, BC delete
Microsoft Office Groove Audit Service Service: Stop, Delete, Disable	Microsoft Office Groove Audit Service	Not started	C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe Script: Quarantine, Delete, BC delete
msiserver Service: Stop, Delete, Disable	Windows Installer	Not started	C:\Windows\system32\msiexec Script: Quarantine, Delete, BC delete		rpcss
odserv Service: Stop, Delete, Disable	Microsoft Office Diagnostics Service	Not started	C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE Script: Quarantine, Delete, BC delete
ose Service: Stop, Delete, Disable	Office Source Engine	Not started	C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE Script: Quarantine, Delete, BC delete
Detected - 150, recognized as trusted - 131

Drivers

Service	Description	Status	File	Group	Dependencies
34971 Driver: Unload, Delete, Disable	34971	Running	C:\Windows\System32\34971.sys Script: Quarantine, Delete, BC delete
AFS2K Driver: Unload, Delete, Disable	AFS2K	Running	C:\Windows\system32\Drivers\AFS2K.sys Script: Quarantine, Delete, BC delete	SCSI CDROM Class
CVPNDRVA Driver: Unload, Delete, Disable	Cisco Systems Inc. IPSec Driver	Running	C:\Windows\system32\Drivers\CVPNDRVA.sys Script: Quarantine, Delete, BC delete		DNE
IDSvix86 Driver: Unload, Delete, Disable	Symantec Intrusion Prevention Driver	Running	C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080722.002\IDSvix86.sys Script: Quarantine, Delete, BC delete		SymTDI
NAVENG Driver: Unload, Delete, Disable	NAVENG	Running	C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080723.009\NAVENG.SYS Script: Quarantine, Delete, BC delete
NAVEX15 Driver: Unload, Delete, Disable	NAVEX15	Running	C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080723.009\NAVEX15.SYS Script: Quarantine, Delete, BC delete
pavboot Driver: Unload, Delete, Disable	pavboot	Running	C:\Windows\system32\drivers\pavboot.sys Script: Quarantine, Delete, BC delete	System Bus Extender
SPBBCDrv Driver: Unload, Delete, Disable	SPBBCDrv	Running	C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys Script: Quarantine, Delete, BC delete
SRTSP Driver: Unload, Delete, Disable	SRTSP	Running	C:\Windows\system32\Drivers\SRTSP.SYS Script: Quarantine, Delete, BC delete	FSFilter Anti-Virus	SRTSPX
SRTSPX Driver: Unload, Delete, Disable	SRTSPX	Running	C:\Windows\system32\Drivers\SRTSPX.SYS Script: Quarantine, Delete, BC delete
SYMDNS Driver: Unload, Delete, Disable	SYMDNS	Running	C:\Windows\System32\Drivers\SYMDNS.SYS Script: Quarantine, Delete, BC delete
SymEvent Driver: Unload, Delete, Disable	SymEvent	Running	C:\Windows\system32\Drivers\SYMEVENT.SYS Script: Quarantine, Delete, BC delete
SYMFW Driver: Unload, Delete, Disable	SYMFW	Running	C:\Windows\System32\Drivers\SYMFW.SYS Script: Quarantine, Delete, BC delete
symlcbrd Driver: Unload, Delete, Disable	symlcbrd	Running	C:\Windows\system32\drivers\symlcbrd.sys Script: Quarantine, Delete, BC delete
SYMNDISV Driver: Unload, Delete, Disable	SYMNDISV	Running	C:\Windows\System32\Drivers\SYMNDISV.SYS Script: Quarantine, Delete, BC delete
SYMREDRV Driver: Unload, Delete, Disable	SYMREDRV	Running	C:\Windows\System32\Drivers\SYMREDRV.SYS Script: Quarantine, Delete, BC delete
SYMTDI Driver: Unload, Delete, Disable	SYMTDI	Running	C:\Windows\System32\Drivers\SYMTDI.SYS Script: Quarantine, Delete, BC delete	PNP_TDI	TDX
blbdrive Driver: Unload, Delete, Disable	blbdrive	Not started	C:\Windows\system32\drivers\blbdrive.sys Script: Quarantine, Delete, BC delete
IpInIp Driver: Unload, Delete, Disable	IP in IP Tunnel Driver	Not started	C:\Windows\system32\DRIVERS\ipinip.sys Script: Quarantine, Delete, BC delete		Tcpip
NwlnkFlt Driver: Unload, Delete, Disable	IPX Traffic Filter Driver	Not started	C:\Windows\system32\DRIVERS\nwlnkflt.sys Script: Quarantine, Delete, BC delete		NwlnkFwd
NwlnkFwd Driver: Unload, Delete, Disable	IPX Traffic Forwarder Driver	Not started	C:\Windows\system32\DRIVERS\nwlnkfwd.sys Script: Quarantine, Delete, BC delete
purendis Driver: Unload, Delete, Disable	Network Magic Wireless Driver	Not started	C:\Windows\system32\DRIVERS\purendis.sys Script: Quarantine, Delete, BC delete	NDIS
RimUsb Driver: Unload, Delete, Disable	BlackBerry Device	Not started	C:\Windows\system32\Drivers\RimUsb.sys Script: Quarantine, Delete, BC delete	Base
SRTSPL Driver: Unload, Delete, Disable	SRTSPL	Not started	C:\Windows\system32\Drivers\SRTSPL.SYS Script: Quarantine, Delete, BC delete	FSFilter Anti-Virus	SRTSPX
WEBNTACCESS Driver: Unload, Delete, Disable	WEBNTACCESS	Not started	C:\WINDOWS\System32\NTACCESS.SYS Script: Quarantine, Delete, BC delete
Detected - 250, recognized as trusted - 225

Autoruns

File name	Status	Startup method	Description
C:\Program Files\AIM6\aim6.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Aim6
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, IPHSend
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AppleSyncNotifier
C:\Program Files\Common Files\Symantec Shared\ccApp.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, ccApp
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hp psc 1000 series.lnk,
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk,
C:\Program Files\MSN Messenger\MsnMsgr.Exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, MsnMsgr
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, GrooveMonitor
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
C:\Program Files\Norton 360\osCheck.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, osCheck
C:\Program Files\QuickTime\QTTask.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, QuickTime Task
C:\Program Files\WinZip\WZQKPICK.EXE Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk,
C:\Program Files\iTunes\iTunesHelper.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, iTunesHelper
C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk,
F:\Programs\PowerISO\PWRISOVM.EXE Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, PWRISOVM.EXE
WgaLogon.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon, DLLName
autocheck autochk *lsdelete Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager, BootExecute
Autoruns items detected - 53, recognized as trusted - 36

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
	BHO			{02478D38-C3F9-4efb-9B51-7695ECA05670} Delete
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll Script: Quarantine, Delete, BC delete	BHO	coIEPlugIn	Copyright (c) 2008 Symantec Corporation. All rights reserved.	{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Delete
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll Script: Quarantine, Delete, BC delete	BHO	IPS Browser Helper DLL	Copyright (c) 2006-2008 Symantec Corporation	{6D53EC84-6AAE-4787-AEEE-F4628F01010C} Delete
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	BHO	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{72853161-30C5-4D22-B7F9-0BBC1D38A37E} Delete
C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll Script: Quarantine, Delete, BC delete	BHO	AOL IE Toolbar Dynamic Link Library	© 2007 AOL LLC. All rights reserved.	{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} Delete
	BHO			{7E853D72-626A-48EC-A868-BA8D5E23E045} Delete
C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll Script: Quarantine, Delete, BC delete	Toolbar	AOL IE Toolbar Dynamic Link Library	© 2007 AOL LLC. All rights reserved.	{DE9C389F-3316-41A7-809B-AA305ED9D922} Delete
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll Script: Quarantine, Delete, BC delete	Toolbar	coIEPlugIn	Copyright (c) 2008 Symantec Corporation. All rights reserved.	{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Delete
	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
	Extension module			{3369AF0D-62E9-4bda-8103-B4C75499B578} Delete
	Extension module			{92780B25-18CC-41C8-B9BE-3C9C571A8263} Delete
C:\Program Files\AIM\aim.exe Script: Quarantine, Delete, BC delete	Extension module	AOL Instant Messenger	Copyright © 1996-2006 America Online, Inc.	{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} Delete
C:\Program Files\AIM\aim.exe Script: Quarantine, Delete, BC delete	Extension module	AOL Instant Messenger	Copyright © 1996-2006 America Online, Inc.	{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} Delete
C:\Program Files\AIM\aim.exe Script: Quarantine, Delete, BC delete	Extension module	AOL Instant Messenger	Copyright © 1996-2006 America Online, Inc.	{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} Delete
Elements detected - 18, recognized as trusted - 4

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
%CommonProgramFiles%\System\Ole DB\oledb32.dll Script: Quarantine, Delete, BC delete	Microsoft Data Link			{2206CDB2-19C1-11D1-89E0-00C04FD7A829}
	Color Control Panel Applet			{b2c761c6-29bc-4f19-9251-e6195265baf1}
	Add New Hardware			{7A979262-40CE-46ff-AEEE-7884AC3B6136}
	Get Programs Online			{3e7efb4c-faf1-453d-89eb-56026875ef90}
	Taskbar and Start Menu			{0DF44EAA-FF21-4412-828E-260A8728E7F1}
	ActiveDirectory Folder			{1b24a030-9b20-49bc-97ac-1be4426f9e59}
	ActiveDirectory Folder			{34449847-FD14-4fc8-A75A-7432F5181EFB}
	Sam Account Folder			{C8494E42-ACDD-4739-B0FB-217361E4894F}
	Sam Account Folder			{E29F9716-5C08-4FCD-955A-119FDB5A522D}
	Control Panel command object for Start menu			{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}
	Default Programs command object for Start menu			{E44E5D18-0652-4508-A4E2-8A090067BCB0}
	Folder Options			{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}
	Explorer Query Band			{2C2577C2-63A7-40e3-9B7F-586602617ECB}
	View Available Networks			{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}
%CommonProgramFiles%\System\wab32.dll Script: Quarantine, Delete, BC delete	Windows Contact Preview Handler			{13D3C4B8-B179-4ebb-BF62-F704173E7448}
	Contacts folder			{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
%CommonProgramFiles%\System\wab32.dll Script: Quarantine, Delete, BC delete	.group shell extension handler			{4F58F63F-244B-4c07-B29F-210BE59BE9B4}
%CommonProgramFiles%\System\wab32.dll Script: Quarantine, Delete, BC delete	.contact shell extension handler			{8082C5E6-4C27-48ec-A809-B8E1122E8F97}
%CommonProgramFiles%\System\wab32.dll Script: Quarantine, Delete, BC delete	group_wab_auto_file			{16C2C29D-0E5F-45f3-A445-03E03F587B7D}
%CommonProgramFiles%\System\wab32.dll Script: Quarantine, Delete, BC delete	contact_wab_auto_file			{CF67796C-F57F-45F8-92FB-AD698826C602}
	Windows Firewall			{4026492f-2f69-46b8-b9bf-5654fc07e423}
	Problem Reports and Solutions			{fcfeecae-ee1b-4849-ae50-685dcf7717ec}
	iSCSI Initiator			{a304259d-52b8-4526-8b1a-a1d6cecc8243}
	.cab or .zip files			{911051fa-c21c-4246-b470-070cd8df6dc4}
	Windows Search Shell Service			{da67b8ad-e81b-4c70-9b91b417b5e33527}
	Microsoft.ScannersAndCameras			{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}
"C:\Windows\System32\rundll32.exe" "C:\Program Files\\Windows Photo Gallery\PhotoViewer.dll",ImageView_COMServer {9D687A4C-1404-41ef-A089-883B6FBECDE6} Script: Quarantine, Delete, BC delete	Windows Photo Gallery Viewer Autoplay Handler			{9D687A4C-1404-41ef-A089-883B6FBECDE6}
	Windows Sidebar Properties			{37efd44d-ef8d-41b1-940d-96973a50e9e0}
	Windows Features			{67718415-c450-4f3c-bf8a-b487642dc39b}
	Windows Defender			{d8559eb9-20c0-410e-beda-7ed416aecc2a}
	Mobility Center Control Panel			{5ea4f148-308c-46d7-98a9-49041b1dd468}
%CommonProgramFiles%\microsoft shared\ink\TipBand.dll Script: Quarantine, Delete, BC delete	Tablet PC Input Panel			{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}
"C:\Program Files\\Windows Media Player\wmprph.exe" Script: Quarantine, Delete, BC delete	Windows Media Player Rich Preview Handler			{031EE060-67BC-460d-8847-E4A7C5E45A27}
	User Accounts			{7A9D77BD-5403-11d2-8785-2E0420524153}
deskpan.dll Script: Quarantine, Delete, BC delete	Display Panning CPL Extension			{42071714-76d4-11d1-8b24-00a0c9068ff3}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove GFS Browser Helper	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove GFS Explorer Bar	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove GFS Stub Icon Handler	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{A449600E-1DC6-4232-B948-9BD794D62056}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove GFS Stub Execution Hook	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{B5A7F190-DDA6-4420-B3BA-52453494E6CD}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove GFS Context Menu Handler	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{6C467336-8281-4E60-8204-430CED96822D}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove XML Icon Handler	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{387E725D-DC16-4D76-B310-2C93ED4752A0}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove Explorer Icon Overlay 3 (GFS Folder)	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{16F3DD56-1AF5-4347-846D-7C10C4192619}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove Explorer Icon Overlay 2 (GFS Stub)	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove Explorer Icon Overlay 4 (GFS Unread Mark)	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove Explorer Icon Overlay 1 (GFS Unread Stub)	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{99FD978C-D287-4F50-827F-B2C658EDA8E7}
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Script: Quarantine, Delete, BC delete	Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)	GrooveShellExtensions Module	© 2006 Microsoft Corporation. All rights reserved.	{920E6DB1-9907-4370-B3A0-BAFC03D81399}
C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL Script: Quarantine, Delete, BC delete	Microsoft Office OneNote Namespace Extension for Windows Desktop Search	Microsoft Office OneNote Filter	© 2006 Microsoft Corporation. All rights reserved.	{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll Script: Quarantine, Delete, BC delete	Microsoft Office Metadata Handler	Microsoft Office Shell Extension Handlers	© 2006 Microsoft Corporation. All rights reserved.	{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll Script: Quarantine, Delete, BC delete	Microsoft Office Thumbnail Handler	Microsoft Office Shell Extension Handlers	© 2006 Microsoft Corporation. All rights reserved.	{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}
C:\Program Files\SmartFTP Client\SmartHook.dll Script: Quarantine, Delete, BC delete	SmartFTP Copy Hook	SmartFTP Client CopyHook	Copyright © 2007 by SmartSoft Ltd.	{B8323370-FF27-11D2-97B6-204C4F4F5020}
C:\Program Files\SmartFTP Client\sfFavorites.dll Script: Quarantine, Delete, BC delete	SmartFTP Favorites Namespace	SmartFTP Favorites	Copyright © 2007 by SmartSoft Ltd.	{39DD67E0-73B6-4a11-AF55-49E1EBBF72BE}
C:\PROGRA~1\ANYCOU~1.0\ACMenu.dll Script: Quarantine, Delete, BC delete	Add to AnyCount	AnyCount Library	Advanced International Translations	{1E15FD41-28D0-4AE0-902F-292FA537F6D5}
C:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, BC delete	WinZip	WinZip Shell Extension DLL	Copyright (c) WinZip International LLC 1991-2008 - All Rights Reserved	{E0D79304-84BE-11CE-9641-444553540000}
C:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, BC delete	WinZip	WinZip Shell Extension DLL	Copyright (c) WinZip International LLC 1991-2008 - All Rights Reserved	{E0D79305-84BE-11CE-9641-444553540000}
C:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, BC delete	WinZip	WinZip Shell Extension DLL	Copyright (c) WinZip International LLC 1991-2008 - All Rights Reserved	{E0D79306-84BE-11CE-9641-444553540000}
C:\Program Files\WinZip\wzshlstb.dll Script: Quarantine, Delete, BC delete	WinZip	WinZip Shell Extension DLL	Copyright (c) WinZip International LLC 1991-2008 - All Rights Reserved	{E0D79307-84BE-11CE-9641-444553540000}
C:\PROGRA~1\NORTON~2\tpShell.dll Script: Quarantine, Delete, BC delete	Shell extension for NTP	TP Shell Extension	Copyright (c) 1997-2008 Symantec Corporation	{A40526DD-F152-4C1D-844C-CE668D29B77E}
C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll Script: Quarantine, Delete, BC delete	Shell extension for Norton backup	Backup Shell	Copyright (c) 1997-2008 Symantec Corporation	{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
C:\Program Files\iTunes\iTunesMiniPlayer.dll Script: Quarantine, Delete, BC delete	iTunes	iTunes Mini Player DLL	© 2003-2008 Apple Inc. All Rights Reserved.	{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}
Elements detected - 321, recognized as trusted - 262

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
Elements detected - 0, recognized as trusted - 0

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 0, recognized as trusted - 0

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 0, recognized as trusted - 0

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 0, recognized as trusted - 0
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [0]
139 LISTENING 0.0.0.0 0 [0]
4242 LISTENING 0.0.0.0 0 [0]
5354 LISTENING 0.0.0.0 0 [0]
27015 LISTENING 0.0.0.0 0 [0]
49152 LISTENING 0.0.0.0 0 [0]
49153 LISTENING 0.0.0.0 0 [0]
49154 LISTENING 0.0.0.0 0 [0]
49155 LISTENING 0.0.0.0 0 [0]
49156 LISTENING 0.0.0.0 0 [0]
49157 LISTENING 0.0.0.0 0 [0]
49164 LISTENING 0.0.0.0 0 [0]
49171 ESTABLISHED 127.0.0.1 27015 [0]
50479 ESTABLISHED 127.0.0.1 50480 [0]
50480 ESTABLISHED 127.0.0.1 50479 [0]
50481 ESTABLISHED 127.0.0.1 50482 [0]
50482 ESTABLISHED 127.0.0.1 50481 [0]
50742 CLOSE_WAIT 209.85.133.100 80 [0]
50746 ESTABLISHED 216.239.51.125 5222 [0]
51029 CLOSE_WAIT 216.246.90.119 80 [0]
62514 LISTENING 0.0.0.0 0 [0]
UDP ports
123 LISTENING -- -- [0]
137 LISTENING -- -- [0]
138 LISTENING -- -- [0]
500 LISTENING -- -- [0]
1900 LISTENING -- -- [0]
1900 LISTENING -- -- [0]
3702 LISTENING -- -- [0]
3702 LISTENING -- -- [0]
4500 LISTENING -- -- [0]
5353 LISTENING -- -- [0]
5355 LISTENING -- -- [0]
49273 LISTENING -- -- [0]
51507 LISTENING -- -- [0]
53474 LISTENING -- -- [0]
59324 LISTENING -- -- [0]
59326 LISTENING -- -- [0]
60258 LISTENING -- -- [0]
62383 LISTENING -- -- [0]
62514 LISTENING -- -- [0]
63797 LISTENING -- -- [0]
65214 LISTENING -- -- [0]
65215 LISTENING -- -- [0]

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
{6414512B-B978-451D-A0D8-FCFDF33E833C}
Delete http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158335228702
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Delete http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Elements detected - 2, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
Elements detected - 23, recognized as trusted - 23

Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9

HOSTS file

Hosts file record
127.0.0.1 localhost
::1 localhost

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
Script: Quarantine, Delete, BC delete Handler GrooveSystemServices Module () © 2006 Microsoft Corporation. All rights reserved. {88FED34C-F0CA-4636-A375-3CB6248B04CD}
Elements detected - 20, recognized as trusted - 16

Suspicious objects

File Description Type
C:\327882R2FWJFW\nircmd.com
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\Program Files\DivX\DivX Converter\dpil100.dll
Script: Quarantine, Delete, BC delete Suspicion by File scanner Suspicion for AdvWare.Win32.NewWeb.i ( 00707F72 00000000 001AEEF2 001AFFE8 61440)
C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CUTEFTPPRO.BAK
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with non-standard extension(dangerousness level is 5%)
C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe.BAK
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with non-standard extension(dangerousness level is 5%)
C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe.bak
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with non-standard extension(dangerousness level is 5%)
C:\Program Files\MSI\Live Update 2\msi.files\FreeDOS\COMMAND.COM
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\Users\Jordan\AppData\Local\VirtualStore\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CUTEFTPPRO.BAK
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with non-standard extension(dangerousness level is 5%)
C:\Users\Jordan\AppData\Local\VirtualStore\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe.BAK
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with non-standard extension(dangerousness level is 5%)
C:\Users\Jordan\AppData\Local\VirtualStore\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe.bak
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with non-standard extension(dangerousness level is 5%)
C:\Users\Jordan\AppData\Roaming\Azureus\plugins\azemp\azmplay.exe.bak
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with non-standard extension(dangerousness level is 5%)
C:\Users\Jordan\Desktop\Download_mbam-setup.exe
Script: Quarantine, Delete, BC delete Suspicion by File scanner Suspicion for Downloader.Win32.WinFixer.fs ( 00642D0A 0A48F021 001A73AC 002536FE 128368)
C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED8.html
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis PE file with non-standard extension(dangerousness level is 5%)
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL
C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL
C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL
C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL
C:\Program Files\Common Files\Symantec Shared\ccL70U.dll
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL
C:\Program Files\Common Files\Symantec Shared\ccIPC.dll
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for Keylogger or Trojan DLL

AVZ Antiviral Toolkit log; AVZ version is 4.30 Scanning started at 7/23/2008 7:40:13 PM Database loaded: signatures - 177692, NN profile(s) - 2, microprograms of healing - 56, signature database released 23.07.2008 22:19 Heuristic microprograms loaded: 370 SPV microprograms loaded: 9 Digital signatures of system files loaded: 71511 Heuristic analyzer mode: Maximum heuristics level Healing mode: enabled Windows version: 6.0.6000, ; AVZ is launched with administrator rights System Restore: enabled 1. Searching for Rootkits and programs intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Error loading driver - checking interrupted [C0000061] 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed Error loading driver - checking interrupted [C0000061] 2. Scanning memory Number of processes found: 31 Analyzer: process under analysis is 3200 F:\Programs\PowerISO\PWRISOVM.EXE [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer: process under analysis is 3220 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer: process under analysis is 3504 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer: process under analysis is 3528 C:\Program Files\iTunes\iTunesHelper.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer: process under analysis is 3616 C:\Program Files\AIM6\aim6.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Registered in autoruns !! [ES]:Loads RASAPI DLL - may use dialing ? Analyzer: process under analysis is 3640 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer: process under analysis is 3704 C:\Program Files\WinZip\WZQKPICK.EXE [ES]:Application has no visible windows [ES]:Registered in autoruns !! Analyzer: process under analysis is 2344 C:\Program Files\Common Files\AOL\1158549145\ee\aolsoftware.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer: process under analysis is 3936 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe [ES]:Application has no visible windows Analyzer: process under analysis is 3048 C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer: process under analysis is 4184 C:\Program Files\AIM6\aolsoftware.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer: process under analysis is 1360 C:\Program Files\AIM6\anotify.exe [ES]:Contains network functionality [ES]:Loads RASAPI DLL - may use dialing ? Number of modules loaded: 385 Scanning memory - complete 3. Scanning disks C:\327882R2FWJFW\nircmd.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%) File quarantined succesfully (C:\327882R2FWJFW\nircmd.com) C:\Program Files\DivX\DivX Converter\dpil100.dll >>> suspicion for AdvWare.Win32.NewWeb.i ( 00707F72 00000000 001AEEF2 001AFFE8 61440) File quarantined succesfully (C:\Program Files\DivX\DivX Converter\dpil100.dll) C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CUTEFTPPRO.BAK - PE file with non-standard extension(dangerousness level is 5%) File quarantined succesfully (C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CUTEFTPPRO.BAK) C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe.BAK - PE file with non-standard extension(dangerousness level is 5%) File quarantined succesfully (C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe.BAK) C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe.bak - PE file with non-standard extension(dangerousness level is 5%) File quarantined succesfully (C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe.bak) File quarantined succesfully (C:\Program Files\Morpheus\morpheustoolbar.exe) >>>To delete the file C:\Program Files\Morpheus\morpheustoolbar.exe reboot is required C:\Program Files\Morpheus\morpheustoolbar.exe >>>>> AdvWare.Win32.MyWebSearch error deleting C:\Program Files\MSI\Live Update 2\msi.files\FreeDOS\COMMAND.COM - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%) File quarantined succesfully (C:\Program Files\MSI\Live Update 2\msi.files\FreeDOS\COMMAND.COM) C:\Users\Jordan\AppData\Local\VirtualStore\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CUTEFTPPRO.BAK - PE file with non-standard extension(dangerousness level is 5%) File quarantined succesfully (C:\Users\Jordan\AppData\Local\VirtualStore\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CUTEFTPPRO.BAK) C:\Users\Jordan\AppData\Local\VirtualStore\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe.BAK - PE file with non-standard extension(dangerousness level is 5%) File quarantined succesfully (C:\Users\Jordan\AppData\Local\VirtualStore\Program Files\GlobalSCAPE\CuteFTP 8 Professional\cuteftppro.exe.BAK) C:\Users\Jordan\AppData\Local\VirtualStore\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe.bak - PE file with non-standard extension(dangerousness level is 5%) File quarantined succesfully (C:\Users\Jordan\AppData\Local\VirtualStore\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe.bak) C:\Users\Jordan\AppData\Roaming\Azureus\plugins\azemp\azmplay.exe.bak - PE file with non-standard extension(dangerousness level is 5%) File quarantined succesfully (C:\Users\Jordan\AppData\Roaming\Azureus\plugins\azemp\azmplay.exe.bak) C:\Users\Jordan\Desktop\Download_mbam-setup.exe >>> suspicion for Downloader.Win32.WinFixer.fs ( 00642D0A 0A48F021 001A73AC 002536FE 128368) File quarantined succesfully (C:\Users\Jordan\Desktop\Download_mbam-setup.exe) C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED8.html - PE file with non-standard extension(dangerousness level is 5%) File quarantined succesfully (C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED8.html) Removing traces of deleted files... 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll --> Suspicion for Keylogger or Trojan DLL C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll>>> Behavioural analysis Behaviour typical for keyloggers not detected File quarantined succesfully (C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll) C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL --> Suspicion for Keylogger or Trojan DLL C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL>>> Behavioural analysis Behaviour typical for keyloggers not detected File quarantined succesfully (C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL) C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL --> Suspicion for Keylogger or Trojan DLL C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL>>> Behavioural analysis Behaviour typical for keyloggers not detected File quarantined succesfully (C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL) C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll --> Suspicion for Keylogger or Trojan DLL C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll>>> Behavioural analysis Behaviour typical for keyloggers not detected File quarantined succesfully (C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll) C:\Program Files\Common Files\Symantec Shared\ccL70U.dll --> Suspicion for Keylogger or Trojan DLL C:\Program Files\Common Files\Symantec Shared\ccL70U.dll>>> Behavioural analysis Behaviour typical for keyloggers not detected File quarantined succesfully (C:\Program Files\Common Files\Symantec Shared\ccL70U.dll) C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll --> Suspicion for Keylogger or Trojan DLL C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll>>> Behavioural analysis Behaviour typical for keyloggers not detected File quarantined succesfully (C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll) C:\Program Files\Common Files\Symantec Shared\ccSet.dll --> Suspicion for Keylogger or Trojan DLL C:\Program Files\Common Files\Symantec Shared\ccSet.dll>>> Behavioural analysis Behaviour typical for keyloggers not detected File quarantined succesfully (C:\Program Files\Common Files\Symantec Shared\ccSet.dll) C:\Program Files\Common Files\Symantec Shared\ccIPC.dll --> Suspicion for Keylogger or Trojan DLL C:\Program Files\Common Files\Symantec Shared\ccIPC.dll>>> Behavioural analysis Behaviour typical for keyloggers not detected File quarantined succesfully (C:\Program Files\Common Files\Symantec Shared\ccIPC.dll) C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll --> Suspicion for Keylogger or Trojan DLL C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll>>> Behavioural analysis Behaviour typical for keyloggers not detected File quarantined succesfully (C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll) Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs 6. Searching for opened TCP/UDP ports used by malicious programs Checking disabled by user 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard >> Abnormal SCR files association >> Abnormal REG files association >> HDD autorun are allowed >> Autorun from network drives are allowed >> Removable media autorun are allowed Checking - complete Files scanned: 100513, extracted from archives: 63557, malicious software found 1, suspicions - 2 Scanning finished at 7/23/2008 7:53:49 PM Attention !!! Reboot is required to complete healing Time of scanning: 00:13:37 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference Creating archive of files from Quarantine Creating archive of files from Quarantine - complete System Analysis in progress
Script commands

Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
BootCleaner - import list of deleted files
Registry cleanup after deleting files
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries
File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	0	[0]
139	LISTENING	0.0.0.0	0	[0]
4242	LISTENING	0.0.0.0	0	[0]
5354	LISTENING	0.0.0.0	0	[0]
27015	LISTENING	0.0.0.0	0	[0]
49152	LISTENING	0.0.0.0	0	[0]
49153	LISTENING	0.0.0.0	0	[0]
49154	LISTENING	0.0.0.0	0	[0]
49155	LISTENING	0.0.0.0	0	[0]
49156	LISTENING	0.0.0.0	0	[0]
49157	LISTENING	0.0.0.0	0	[0]
49164	LISTENING	0.0.0.0	0	[0]
49171	ESTABLISHED	127.0.0.1	27015	[0]
50479	ESTABLISHED	127.0.0.1	50480	[0]
50480	ESTABLISHED	127.0.0.1	50479	[0]
50481	ESTABLISHED	127.0.0.1	50482	[0]
50482	ESTABLISHED	127.0.0.1	50481	[0]
50742	CLOSE_WAIT	209.85.133.100	80	[0]
50746	ESTABLISHED	216.239.51.125	5222	[0]
51029	CLOSE_WAIT	216.246.90.119	80	[0]
62514	LISTENING	0.0.0.0	0	[0]
UDP ports
123	LISTENING	--	--	[0]
137	LISTENING	--	--	[0]
138	LISTENING	--	--	[0]
500	LISTENING	--	--	[0]
1900	LISTENING	--	--	[0]
1900	LISTENING	--	--	[0]
3702	LISTENING	--	--	[0]
3702	LISTENING	--	--	[0]
4500	LISTENING	--	--	[0]
5353	LISTENING	--	--	[0]
5355	LISTENING	--	--	[0]
49273	LISTENING	--	--	[0]
51507	LISTENING	--	--	[0]
53474	LISTENING	--	--	[0]
59324	LISTENING	--	--	[0]
59326	LISTENING	--	--	[0]
60258	LISTENING	--	--	[0]
62383	LISTENING	--	--	[0]
62514	LISTENING	--	--	[0]
63797	LISTENING	--	--	[0]
65214	LISTENING	--	--	[0]
65215	LISTENING	--	--	[0]