Results of system analysis

List of processes

File name	PID	Description	Copyright	MD5	Information
c:\program files\thinkpad\connectutilities\acprfmgrsvc.exe Script: Quarantine, Delete, BC delete, Terminate	656	Access Connections Profile Manager Service	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	??	64.00 kb, rsAh, created: 11/13/2007 11:23:58 PM, modified: 7/5/2007 3:05:04 PM Command line: "C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe"
c:\windows\system32\cusrvc.exe Script: Quarantine, Delete, BC delete, Terminate	784	Novell Client Update Service	Copyright © 2003, by Novell, Inc. All rights reserved.	??	32.00 kb, rsAh, created: 5/6/2004 1:59:18 PM, modified: 11/24/2003 1:17:52 PM Command line: C:\WINDOWS\System32\cusrvc.exe
c:\program files\cisco systems\vpn client\cvpnd.exe Script: Quarantine, Delete, BC delete, Terminate	800	Cisco Systems VPN Client	Copyright © 1998-2005 Cisco Systems, Inc.	??	1389.00 kb, rsAh, created: 6/10/2005 6:59:56 PM, modified: 6/10/2005 6:59:56 PM Command line: "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
c:\windows\explorer.exe Script: Quarantine, Delete, BC delete, Terminate	2920	Windows Explorer	© Microsoft Corporation. All rights reserved.	??	1009.00 kb, rsAh, created: 1/1/1980 2:00:00 AM, modified: 6/13/2007 5:23:07 AM Command line: C:\WINDOWS\Explorer.EXE
c:\program files\ipod\bin\ipodservice.exe Script: Quarantine, Delete, BC delete, Terminate	2000	iPodService Module	© 2003-2008 Apple Inc. All Rights Reserved.	??	519.79 kb, rsAh, created: 7/10/2008 9:51:22 AM, modified: 7/10/2008 9:51:22 AM Command line: "C:\Program Files\iPod\bin\iPodService.exe"
c:\program files\itunes\ituneshelper.exe Script: Quarantine, Delete, BC delete, Terminate	3544	iTunesHelper Module	© 2003-2008 Apple Inc. All Rights Reserved.	??	282.29 kb, rsAh, created: 7/10/2008 9:51:32 AM, modified: 7/10/2008 9:51:32 AM Command line: "C:\Program Files\iTunes\iTunesHelper.exe"
c:\windows\system32\lsass.exe Script: Quarantine, Delete, BC delete, Terminate	1248	LSA Shell (Export Version)	© Microsoft Corporation. All rights reserved.	??	13.00 kb, rsAh, created: 1/1/1980 2:00:00 AM, modified: 8/4/2004 2:56:50 AM Command line: C:\WINDOWS\system32\lsass.exe
c:\program files\microsoft windows onecare live\firewall\msfwsvc.exe Script: Quarantine, Delete, BC delete, Terminate	832	OneCare Firewall service	Copyright (C) 1995-2007 Microsoft Corp.	??	737.56 kb, rsAh, created: 11/27/2007 10:56:32 PM, modified: 11/27/2007 10:56:32 PM Command line: "C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
c:\program files\microsoft windows onecare live\antivirus\msmpeng.exe Script: Quarantine, Delete, BC delete, Terminate	1652	Service Executable	© Microsoft Corporation. All rights reserved.	??	18.27 kb, rsAh, created: 7/9/2008 5:05:22 PM, modified: 7/9/2008 5:05:22 PM Command line: "C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
c:\program files\microsoft windows onecare live\ochealthmon.exe Script: Quarantine, Delete, BC delete, Terminate	980	Windows Live OneCare Health Monitor Service	Copyright (c) Microsoft Corporation. All rights reserved.	??	27.54 kb, rsAh, created: 8/8/2008 3:23:34 PM, modified: 8/8/2008 3:23:34 PM Command line: "C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe"
c:\windows\system32\regsrvc.exe Script: Quarantine, Delete, BC delete, Terminate	1036	RegSrvc Module	Copyright © 2002 - 2003 Intel Corporation	??	120.00 kb, rsAh, created: 2/9/2004 8:38:44 AM, modified: 2/9/2004 8:38:44 AM Command line: C:\WINDOWS\System32\RegSrvc.exe
c:\windows\system32\s24evmon.exe Script: Quarantine, Delete, BC delete, Terminate	1920	Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.	Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT	??	304.07 kb, rsAh, created: 2/9/2004 8:39:16 AM, modified: 2/9/2004 8:39:16 AM Command line: C:\WINDOWS\System32\S24EvMon.exe
c:\windows\system32\spoolsv.exe Script: Quarantine, Delete, BC delete, Terminate	672	Spooler SubSystem App	© Microsoft Corporation. All rights reserved.	??	56.50 kb, rsAh, created: 1/1/1980 2:00:00 AM, modified: 6/10/2005 6:53:32 PM Command line: C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate	1596	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 1/1/1980 2:00:00 AM, modified: 8/4/2004 2:56:57 AM Command line: C:\WINDOWS\system32\svchost -k rpcss
c:\windows\system32\svchost.exe Script: Quarantine, Delete, BC delete, Terminate	1744	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 1/1/1980 2:00:00 AM, modified: 8/4/2004 2:56:57 AM Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\windows\system32\tpkmpsvc.exe Script: Quarantine, Delete, BC delete, Terminate	872			??	32.00 kb, rsAh, created: 5/6/2004 2:44:08 PM, modified: 7/11/2003 5:19:22 PM Command line: C:\WINDOWS\system32\TpKmpSVC.exe
c:\windows\system32\winlogon.exe Script: Quarantine, Delete, BC delete, Terminate	1188	Windows NT Logon Application	© Microsoft Corporation. All rights reserved.	??	490.50 kb, rsAh, created: 1/1/1980 2:00:00 AM, modified: 8/4/2004 2:56:57 AM Command line: winlogon.exe
c:\program files\microsoft windows onecare live\winss.exe Script: Quarantine, Delete, BC delete, Terminate	1780	Windows Live OneCare Service	Copyright (c) Microsoft Corporation. All rights reserved.	??	1100.54 kb, rsAh, created: 8/8/2008 3:25:26 PM, modified: 8/8/2008 3:25:26 PM Command line: "C:\Program Files\Microsoft Windows OneCare Live\winss.exe"
c:\program files\microsoft windows onecare live\winssnotify.exe Script: Quarantine, Delete, BC delete, Terminate	2696	Windows Live OneCare Tray Notification	Copyright (c) Microsoft Corporation. All rights reserved.	??	65.54 kb, rsAh, created: 8/8/2008 3:24:58 PM, modified: 8/8/2008 3:24:58 PM Command line: "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
c:\program files\webroot\spy sweeper\wrsssdk.exe Script: Quarantine, Delete, BC delete, Terminate	1852	Spy Sweeper SDK	Copyright (C) 2002 - 2005, All Rights Reserved.	??	2108.50 kb, rsAh, created: 11/9/2008 9:23:34 PM, modified: 12/14/2005 7:23:22 PM Command line: "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe"
Detected:37, recognized as trusted 25

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Definition Updates\{D80C1530-48E9-43D8-9A11-79DE82A770F9}\mpengine.dll Script: Quarantine, Delete, BC delete	1510998016	Microsoft Malware Protection Engine	© Microsoft Corporation. All rights reserved.	--	1652
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe Script: Quarantine, Delete, BC delete	4194304	Cisco Systems VPN Client	Copyright © 1998-2005 Cisco Systems, Inc.	??	800
C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll Script: Quarantine, Delete, BC delete	14352384			--	2920
C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll Script: Quarantine, Delete, BC delete	14221312			--	2920
C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL Script: Quarantine, Delete, BC delete	13041664	iPodService Resource Library	© 2003-2008 Apple Inc. All Rights Reserved.	--	2000
C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL Script: Quarantine, Delete, BC delete	15400960	iTunesHelper Resource Library	© 2003-2008 Apple Inc. All Rights Reserved.	--	3544
C:\Program Files\MATLAB714\bin\win32\MFC71ENU.DLL Script: Quarantine, Delete, BC delete	2083520512	MFC Language Specific Resources	© Microsoft Corporation. All rights reserved.	--	2920
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\mpavrtm.dll Script: Quarantine, Delete, BC delete	1585446912	AntiVirus Realtime Monitor	© Microsoft Corporation. All rights reserved.	--	1652
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpClient.dll Script: Quarantine, Delete, BC delete	1535115264	Client Interface	© Microsoft Corporation. All rights reserved.	--	1652, 1780
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpSvc.dll Script: Quarantine, Delete, BC delete	1551892480	Service Module	© Microsoft Corporation. All rights reserved.	--	1652
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe Script: Quarantine, Delete, BC delete	16777216	Service Executable	© Microsoft Corporation. All rights reserved.	??	1652
C:\Program Files\Microsoft Windows OneCare Live\Cert.dll Script: Quarantine, Delete, BC delete	2752512	Windows Live OneCare Platform	Copyright (c) Microsoft Corporation. All rights reserved.	--	980, 1780, 2696
C:\Program Files\Microsoft Windows OneCare Live\ConflictingAppModule.dll Script: Quarantine, Delete, BC delete	2883584	Conflicting Applications Module	Copyright (c) Microsoft Corporation. All rights reserved.	--	1780
C:\Program Files\Microsoft Windows OneCare Live\Firewall\MpsCatApi.DLL Script: Quarantine, Delete, BC delete	58064896	MPS Catalog API library	Copyright (C) 1995-2007 Microsoft Corp.	--	1780
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwapi.dll Script: Quarantine, Delete, BC delete	57671680	OneCare Firewall RPC API Implementation	Copyright (C) 1995-2007 Microsoft Corp.	--	1780
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe Script: Quarantine, Delete, BC delete	16777216	OneCare Firewall service	Copyright (C) 1995-2007 Microsoft Corp.	??	832
C:\Program Files\Microsoft Windows OneCare Live\msidcrl40.dll Script: Quarantine, Delete, BC delete	659554304	IDCRL Dynamic Link Library	Copyright © 1995-2006 Microsoft Corporation.	--	1780
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe Script: Quarantine, Delete, BC delete	822083584	Windows Live OneCare Health Monitor Service	Copyright (c) Microsoft Corporation. All rights reserved.	??	980
C:\Program Files\Microsoft Windows OneCare Live\OCHelpAgent.dll Script: Quarantine, Delete, BC delete	2883584	OCHelpAgent	Copyright (c) Microsoft Corporation. All rights reserved.	--	980
C:\Program Files\Microsoft Windows OneCare Live\providers.dll Script: Quarantine, Delete, BC delete	889192448	Providers	Copyright (c) Microsoft Corporation. All rights reserved.	--	1780, 2696
C:\Program Files\Microsoft Windows OneCare Live\ProvidersClient.DLL Script: Quarantine, Delete, BC delete	895483904	Providers Client	Copyright (c) Microsoft Corporation. All rights reserved.	--	2696
C:\Program Files\Microsoft Windows OneCare Live\winss.exe Script: Quarantine, Delete, BC delete	822083584	Windows Live OneCare Service	Copyright (c) Microsoft Corporation. All rights reserved.	??	1780
C:\Program Files\Microsoft Windows OneCare Live\WINSSCOMMON.dll Script: Quarantine, Delete, BC delete	824180736	Windows Live OneCare Common	Copyright (c) Microsoft Corporation. All rights reserved.	--	980, 1780, 2696
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe Script: Quarantine, Delete, BC delete	822083584	Windows Live OneCare Tray Notification	Copyright (c) Microsoft Corporation. All rights reserved.	??	2696
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyLib.dll Script: Quarantine, Delete, BC delete	939524096	Windows Live OneCare Tray Notification	Copyright (c) Microsoft Corporation. All rights reserved.	--	2696
C:\Program Files\Microsoft Windows OneCare Live\WinSSPlatform.dll Script: Quarantine, Delete, BC delete	922746880	Windows Live OneCare Platform	Copyright (c) Microsoft Corporation. All rights reserved.	--	980, 1780, 2696
C:\Program Files\Qualcomm\Eudora\EuShlExt.dll Script: Quarantine, Delete, BC delete	18087936	Eudora's Shell Extension	Copyright © 2000-2002	--	2920, 2696
C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll Script: Quarantine, Delete, BC delete	268435456	Access Connections Crypt Helper Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	656, 1248
C:\Program Files\ThinkPad\ConnectUtilities\ACGina.dll Script: Quarantine, Delete, BC delete	14352384	Access Connections Gina Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	1248
C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll Script: Quarantine, Delete, BC delete	3407872	Access Connections Helper Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	656, 1248
C:\Program Files\ThinkPad\ConnectUtilities\AcLocMigrator.dll Script: Quarantine, Delete, BC delete	11075584	Access Connections Location Migration Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	656
C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll Script: Quarantine, Delete, BC delete	167772160	Access Connections Location Settings Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	656, 1248, 1188
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll Script: Quarantine, Delete, BC delete	12517376	Access Connections Notify Support Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	1188
C:\Program Files\ThinkPad\ConnectUtilities\ACON.dll Script: Quarantine, Delete, BC delete	150994944	Access Connections ACON Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	656, 1248
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll Script: Quarantine, Delete, BC delete	134217728	Access Connections Profile Manager Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	656, 1248
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe Script: Quarantine, Delete, BC delete	4194304	Access Connections Profile Manager Service	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	??	656
C:\Program Files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll Script: Quarantine, Delete, BC delete	3670016	ThinkVantage Access Connections SMBIOS Helper Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	656, 1248
C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll Script: Quarantine, Delete, BC delete	14745600	Access Connections Main Service Stub Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	1248, 1188
C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll Script: Quarantine, Delete, BC delete	3604480	Access Connections Turin Support Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	656, 1248
C:\Program Files\ThinkPad\ConnectUtilities\ThinQCon.dll Script: Quarantine, Delete, BC delete	11206656	Access Connections Thin QCon Module	(C) Lenovo 2006-2007. All rights reserved. (C) IBM Corporation 2001-2006. All rights reserved.	--	656
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Script: Quarantine, Delete, BC delete	4194304	Spy Sweeper SDK	Copyright (C) 2002 - 2005, All Rights Reserved.	??	1852
C:\WINDOWS\System32\AXNMAS~1.OCX Script: Quarantine, Delete, BC delete	30015488	NMAS Tab ActiveX Control Module	Copyright (C) 2002	--	1188
C:\WINDOWS\System32\AXNMAS~2.OCX Script: Quarantine, Delete, BC delete	14221312	Credentials ActiveX Control	© 1996-2002, Novell, Inc. All rights reserved.	--	1188
C:\WINDOWS\System32\cusrvc.exe Script: Quarantine, Delete, BC delete	4194304	Novell Client Update Service	Copyright © 2003, by Novell, Inc. All rights reserved.	??	784
C:\WINDOWS\system32\DPAWIN32.dll Script: Quarantine, Delete, BC delete	1577254912	DPAWIN32.DLL	CoPyRiGhT=(c) Copyright 1995-2003 Novell, Inc. All rights reserved.	--	672
C:\WINDOWS\system32\DPLWIN32.dll Script: Quarantine, Delete, BC delete	1577058304	DPLWIN32.DLL	CoPyRiGhT=(c) Copyright 1995-2003 Novell, Inc. All rights reserved.	--	672
C:\WINDOWS\system32\DPPWIN32.dll Script: Quarantine, Delete, BC delete	1577385984	DPPWIN32.DLL	CoPyRiGhT=(c) Copyright 1995-2003 Novell, Inc. All rights reserved.	--	672
C:\WINDOWS\system32\DPSWIN32.dll Script: Quarantine, Delete, BC delete	1577582592	DPSWIN32.DLL	CoPyRiGhT=(c) Copyright 1995-2003 Novell, Inc. All rights reserved.	--	672
C:\WINDOWS\system32\ndppnt.dll Script: Quarantine, Delete, BC delete	1477443584	NDPS Print Provider for Windows	Copyright © 1992-2003 Novell, Inc.	--	672
C:\WINDOWS\System32\NETWIN32.DLL Script: Quarantine, Delete, BC delete	1356136448	NetWare® Net Library	Copyright © 1995-2000 Novell, Inc.	--	784, 2920, 672, 1188
C:\WINDOWS\system32\NLS\ENGLISH\NDPPNTR.DLL Script: Quarantine, Delete, BC delete	1782579200	Novell NDPS Print Provider For Windows NT/2000	Copyright © Novell, Inc. 1998	--	672
C:\WINDOWS\system32\NLS\ENGLISH\NWGINAR.DLL Script: Quarantine, Delete, BC delete	1782579200	ZEN for Desktops GINA Resources	Copyright © 1992-2003 Novell, INC.	--	1188
C:\WINDOWS\system32\NWGINA.DLL Script: Quarantine, Delete, BC delete	1780482048	ZEN For Desktops GINA	Copyright © 1992-2003 Novell, INC.	--	1188
C:\WINDOWS\system32\NWSHLXNT.dll Script: Quarantine, Delete, BC delete	1480065024			--	2920, 1188
C:\WINDOWS\system32\nwspool.dll Script: Quarantine, Delete, BC delete	1476395008	Novell Client Print Provider for Windows	Copyright © 1992-2003 Novell, Inc.	--	672
C:\WINDOWS\system32\NWSRVLOC.dll Script: Quarantine, Delete, BC delete	469762048	Novell SLP API	Copyright © 1998 - 2003 Novell, Inc.	--	800, 672, 1596, 1744, 1780
c:\windows\system32\rasmans.dll Script: Quarantine, Delete, BC delete	2113077248	Remote Access Connection Manager	© Microsoft Corporation. All rights reserved.	--	1744
C:\WINDOWS\System32\RegSrvc.exe Script: Quarantine, Delete, BC delete	4194304	RegSrvc Module	Copyright © 2002 - 2003 Intel Corporation	??	1036
C:\WINDOWS\System32\S24EvMon.exe Script: Quarantine, Delete, BC delete	4194304	Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.	Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT	??	1920
C:\WINDOWS\system32\TpKmpSVC.exe Script: Quarantine, Delete, BC delete	4194304			??	872
C:\WINDOWS\system32\VSINIT.dll Script: Quarantine, Delete, BC delete	30146560	TrueVector Service	Copyright © 1998-2005, Zone Labs LLC	--	800
C:\WINDOWS\system32\WRLogonNTF.dll Script: Quarantine, Delete, BC delete	22937600	Spy Sweeper SDK	Copyright (C) 2002 - 2005, All Rights Reserved.	--	1188
Modules detected:387, recognized as trusted 325

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
.sys Script: Quarantine, Delete, BC delete	F85F8000	016000 (90112)
C:\WINDOWS\System32\drivers\ANC.SYS Script: Quarantine, Delete, BC delete	F7BE6000	003000 (12288)	IBM Access Connections - ANC	Copyright (C) IBM Corp. 2003, 2004
C:\WINDOWS\System32\Drivers\AnyDVD.sys Script: Quarantine, Delete, BC delete	F802A000	017000 (94208)	AnyDVD Filter Driver	Copyright 2002 - 2008 SlySoft, Inc.
C:\WINDOWS\system32\Drivers\axwhisky.sys Script: Quarantine, Delete, BC delete	F8C3C000	002000 (8192)	SCSI miniport	Copyright (C) 2002-2003
C:\WINDOWS\system32\Drivers\axwskbus.sys Script: Quarantine, Delete, BC delete	F8690000	01F000 (126976)	Plug and Play BIOS Extension	Copyright (C) 2002-2003
C:\WINDOWS\system32\Drivers\CVPNDRVA.sys Script: Quarantine, Delete, BC delete	B8007000	084000 (540672)	Cisco Systems VPN Client IPSec Driver	Copyright © 1998-2005 Cisco Systems, Inc.
C:\WINDOWS\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, BC delete	BACD8000	016000 (90112)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, BC delete	F8C6A000	002000 (8192)
C:\WINDOWS\System32\Drivers\ElbyCDIO.sys Script: Quarantine, Delete, BC delete	F8A26000	005000 (20480)	ElbyCD Windows NT/2000/XP I/O driver	Copyright (C) 2000 - 2008 Elaborate Bytes AG
C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys Script: Quarantine, Delete, BC delete	F8476000	003000 (12288)	CD DVD Filter	Copyright (C) GEAR Software Inc. 1997-2008
C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS Script: Quarantine, Delete, BC delete	F8C92000	002000 (8192)
C:\WINDOWS\system32\Drivers\IBMBLDID.sys Script: Quarantine, Delete, BC delete	F8C60000	002000 (8192)
C:\WINDOWS\system32\DRIVERS\msfwdrv.sys Script: Quarantine, Delete, BC delete	B85B3000	015000 (86016)	OneCare Firewall Driver	Copyright (C) 1995-2007 Microsoft Corp.
C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys Script: Quarantine, Delete, BC delete	BAF91000	01B000 (110592)	OneCare Firewall Helper Driver	Copyright (C) 1995-2007 Microsoft Corp.
C:\WINDOWS\System32\NetWare\nwdns.sys Script: Quarantine, Delete, BC delete	B886E000	009000 (36864)
nwfilter.sys Script: Quarantine, Delete, BC delete	F8B56000	004000 (16384)
C:\WINDOWS\System32\NetWare\nwfs.sys Script: Quarantine, Delete, BC delete	B8666000	074000 (475136)	Novell NetWare Redirector	Copyright © 1992-2003 Novell, Inc.
C:\WINDOWS\System32\NetWare\nwslp.sys Script: Quarantine, Delete, BC delete	BAC4C000	005000 (20480)
C:\WINDOWS\System32\PCANDIS5.SYS Script: Quarantine, Delete, BC delete	B89B8000	004000 (16384)	PCAUSA NDIS 5.0 Protocol Driver	Copyright © 1995-2002 Printing Communications Assoc., Inc. (PCAUSA)
C:\WINDOWS\system32\drivers\PMEMNT.SYS Script: Quarantine, Delete, BC delete	F8C86000	002000 (8192)	Physical Memory Driver	Copyright (C) Microsoft Corp. 1981-1996
C:\WINDOWS\System32\Drivers\ShockMgr.SYS Script: Quarantine, Delete, BC delete	F8D7E000	001000 (4096)	ShockMgr Device Driver	Copyright (C) IBM Corporation 2002, 2003
C:\WINDOWS\system32\Drivers\Shockprf.sys Script: Quarantine, Delete, BC delete	F8756000	00E000 (57344)	Shockproof Disk Driver	Copyright (C) IBM Corp. 2002, 2003
C:\WINDOWS\System32\drivers\Smapint.sys Script: Quarantine, Delete, BC delete	F8B36000	008000 (32768)	SMAPI I/O	Copyright (C) Microsoft Corp. 1981-1996
C:\WINDOWS\System32\NetWare\srvloc.sys Script: Quarantine, Delete, BC delete	B8618000	026000 (155648)	Novell SLP Driver	Copyright © 1998 - 2003 Novell, Inc.
C:\WINDOWS\system32\drivers\SSHDRV65.sys Script: Quarantine, Delete, BC delete	BAFDE000	022000 (139264)
C:\WINDOWS\system32\Drivers\SSI.SYS Script: Quarantine, Delete, BC delete	F863B000	018000 (98304)	SpySweeper SSI Driver	Copyright (C) 2005 Webroot Software
C:\WINDOWS\System32\drivers\TDSMAPI.SYS Script: Quarantine, Delete, BC delete	F8B2E000	006000 (24576)
C:\WINDOWS\System32\drivers\totalio.sys Script: Quarantine, Delete, BC delete	F8E6D000	001000 (4096)
C:\WINDOWS\System32\Drivers\TPHKDRV.SYS Script: Quarantine, Delete, BC delete	F8462000	004000 (16384)	ThinkPad Hotkey Driver	Copyright (C) 1999,2002, IBM Corporation
C:\WINDOWS\System32\drivers\Tppwr.sys Script: Quarantine, Delete, BC delete	F8B26000	008000 (32768)	IBM ThinkPad Power Management Device Driver	Copyright (C) IBM Corp. 1997,2004.
C:\WINDOWS\System32\drivers\TSMAPIP.SYS Script: Quarantine, Delete, BC delete	F8B1E000	006000 (24576)
Modules detected - 178, recognized as trusted - 147

Services

Service	Description	Status	File	Group	Dependencies
AcPrfMgrSvc Service: Stop, Delete, Disable	Ac Profile Manager Service	Running	C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe Script: Quarantine, Delete, BC delete		RPCSS
cusrvc Service: Stop, Delete, Disable	Client Update Service for Novell	Running	C:\WINDOWS\System32\cusrvc.exe Script: Quarantine, Delete, BC delete
CVPND Service: Stop, Delete, Disable	Cisco Systems, Inc. VPN Service	Running	C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe Script: Quarantine, Delete, BC delete		TCPIP
msfwsvc Service: Stop, Delete, Disable	OneCare Firewall	Running	C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe Script: Quarantine, Delete, BC delete		msfwdrv
OcHealthMon Service: Stop, Delete, Disable	Windows Live OneCare Health Monitor	Running	C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe Script: Quarantine, Delete, BC delete
OneCareMP Service: Stop, Delete, Disable	OneCare AntiSpyware and AntiVirus	Running	C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe Script: Quarantine, Delete, BC delete	COM Infrastructure	RpcSs
RegSrvc Service: Stop, Delete, Disable	RegSrvc	Running	C:\WINDOWS\System32\RegSrvc.exe Script: Quarantine, Delete, BC delete		RPCSS
S24EventMonitor Service: Stop, Delete, Disable	Spectrum24 Event Monitor	Running	C:\WINDOWS\System32\S24EvMon.exe Script: Quarantine, Delete, BC delete	PNP_TDI	s24trans
svcWRSSSDK Service: Stop, Delete, Disable	Webroot Spy Sweeper Engine	Running	C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Script: Quarantine, Delete, BC delete		RpcSs
TpKmpSVC Service: Stop, Delete, Disable	IBM KCU Service	Running	C:\WINDOWS\system32\TpKmpSVC.exe Script: Quarantine, Delete, BC delete
winss Service: Stop, Delete, Disable	Windows Live OneCare	Running	C:\Program Files\Microsoft Windows OneCare Live\winss.exe Script: Quarantine, Delete, BC delete		rpcss
AcSvc Service: Stop, Delete, Disable	Access Connections Main Service	Not started	C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe Script: Quarantine, Delete, BC delete		RPCSS
gusvc Service: Stop, Delete, Disable	Google Updater Service	Not started	C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe Script: Quarantine, Delete, BC delete		RPCSS
IDriverT Service: Stop, Delete, Disable	InstallDriver Table Manager	Not started	C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Script: Quarantine, Delete, BC delete
matlabserver Service: Stop, Delete, Disable	MATLAB Server	Not started	C:\Program Files\MATLAB714\webserver\bin\win32\matlabserver.exe Script: Quarantine, Delete, BC delete
McAfeeFramework Service: Stop, Delete, Disable	McAfee Framework Service	Not started	C:\Program Files\Network Associates\Common Framework\FrameworkService.exe Script: Quarantine, Delete, BC delete		RPCSS
NetSvc Service: Stop, Delete, Disable	Intel NCS NetService	Not started	C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe Script: Quarantine, Delete, BC delete		RPCSS
Detected - 108, recognized as trusted - 91

Drivers

Service	Description	Status	File	Group	Dependencies
ANC Driver: Unload, Delete, Disable	ANC	Running	C:\WINDOWS\system32\drivers\ANC.SYS Script: Quarantine, Delete, BC delete
AnyDVD Driver: Unload, Delete, Disable	AnyDVD	Running	C:\WINDOWS\system32\Drivers\AnyDVD.sys Script: Quarantine, Delete, BC delete
atapi Driver: Unload, Delete, Disable	Standard IDE/ESDI Hard Disk Controller	Running	C:\WINDOWS\System32\DRIVERS\atapi.sys Script: Quarantine, Delete, BC delete	SCSI miniport
axwhisky Driver: Unload, Delete, Disable	axwhisky	Running	C:\WINDOWS\System32\DRIVERS\axwhisky.sys Script: Quarantine, Delete, BC delete	SCSI Miniport
axwskbus Driver: Unload, Delete, Disable	axwskbus	Running	C:\WINDOWS\System32\DRIVERS\axwskbus.sys Script: Quarantine, Delete, BC delete	System Bus Extender
CVPNDRVA Driver: Unload, Delete, Disable	Cisco Systems Inc. IPSec Driver	Running	C:\WINDOWS\system32\Drivers\CVPNDRVA.sys Script: Quarantine, Delete, BC delete
ElbyCDIO Driver: Unload, Delete, Disable	ElbyCDIO Driver	Running	C:\WINDOWS\system32\Drivers\ElbyCDIO.sys Script: Quarantine, Delete, BC delete
GEARAspiWDM Driver: Unload, Delete, Disable	GEAR CDRom Filter	Running	C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys Script: Quarantine, Delete, BC delete	filter
IBMTPCHK Driver: Unload, Delete, Disable	IBMTPCHK	Running	C:\WINDOWS\system32\Drivers\IBMBLDID.sys Script: Quarantine, Delete, BC delete
MSFWDrv Driver: Unload, Delete, Disable	MSFWDrv	Running	C:\WINDOWS\system32\DRIVERS\msfwdrv.sys Script: Quarantine, Delete, BC delete		msfwhlpr
MSFWHLPR Driver: Unload, Delete, Disable	MSFWHLPR	Running	C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys Script: Quarantine, Delete, BC delete	PNP_TDI
NetwareWorkstation Driver: Unload, Delete, Disable	Novell Client for Windows	Running	C:\WINDOWS\system32\NetWare\nwfs.sys Script: Quarantine, Delete, BC delete	NetworkProvider	+TDI
NWDNS Driver: Unload, Delete, Disable	Novell DNS Name Space Service Provider	Running	C:\WINDOWS\system32\NetWare\nwdns.sys Script: Quarantine, Delete, BC delete
NWFILTER Driver: Unload, Delete, Disable	Novell UNC Path Filter	Running	C:\WINDOWS\System32\NetWare\nwfilter.sys Script: Quarantine, Delete, BC delete	Filter
NWSLP Driver: Unload, Delete, Disable	Novell SLP Name Space Service Provider	Running	C:\WINDOWS\system32\NetWare\nwslp.sys Script: Quarantine, Delete, BC delete
PCANDIS5 Driver: Unload, Delete, Disable	PCANDIS5 NDIS Protocol Driver	Running	C:\WINDOWS\System32\PCANDIS5.SYS Script: Quarantine, Delete, BC delete	PNP_TDI
PMEM Driver: Unload, Delete, Disable	PMEM	Running	C:\WINDOWS\system32\drivers\PMEMNT.SYS Script: Quarantine, Delete, BC delete
ShockMgr Driver: Unload, Delete, Disable	ShockMgr	Running	C:\WINDOWS\system32\Drivers\ShockMgr.sys Script: Quarantine, Delete, BC delete
Shockprf Driver: Unload, Delete, Disable	Shockprf	Running	C:\WINDOWS\system32\Drivers\Shockprf.sys Script: Quarantine, Delete, BC delete	System Bus Extender
Smapint Driver: Unload, Delete, Disable	Smapint	Running	C:\WINDOWS\system32\drivers\Smapint.sys Script: Quarantine, Delete, BC delete
SRVLOC Driver: Unload, Delete, Disable	Novell Service Location	Running	C:\WINDOWS\system32\NetWare\srvloc.sys Script: Quarantine, Delete, BC delete
SSHDRV65 Driver: Unload, Delete, Disable	SSHDRV65	Running	C:\WINDOWS\system32\drivers\SSHDRV65.sys Script: Quarantine, Delete, BC delete	Filter
SSI Driver: Unload, Delete, Disable	SSI	Running	C:\WINDOWS\system32\Drivers\SSI.SYS Script: Quarantine, Delete, BC delete	System Bus Extender
TDSMAPI Driver: Unload, Delete, Disable	TDSMAPI	Running	C:\WINDOWS\system32\drivers\TDSMAPI.SYS Script: Quarantine, Delete, BC delete
totalio Driver: Unload, Delete, Disable	totalio	Running	C:\WINDOWS\System32\drivers\totalio.sys Script: Quarantine, Delete, BC delete
TPHKDRV Driver: Unload, Delete, Disable	TPHKDRV	Running	C:\WINDOWS\system32\Drivers\TPHKDRV.sys Script: Quarantine, Delete, BC delete
TPPWR Driver: Unload, Delete, Disable	TPPWR	Running	C:\WINDOWS\system32\drivers\Tppwr.sys Script: Quarantine, Delete, BC delete
TSMAPIP Driver: Unload, Delete, Disable	TSMAPIP	Running	C:\WINDOWS\system32\drivers\TSMAPIP.SYS Script: Quarantine, Delete, BC delete
Abiosdsk Driver: Unload, Delete, Disable	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, BC delete	Primary disk
AR5211 Driver: Unload, Delete, Disable	Dual-band Wi-Fi Wireless Mini PCI Adapter	Not started	C:\WINDOWS\system32\DRIVERS\ar5211.sys Script: Quarantine, Delete, BC delete	NDIS
Atdisk Driver: Unload, Delete, Disable	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, BC delete	Primary disk
Beep Driver: Unload, Delete, Disable	Beep	Not started	Beep.sys Script: Quarantine, Delete, BC delete	Base
catchme Driver: Unload, Delete, Disable	catchme	Not started	C:\DOCUME~1\Student\LOCALS~1\Temp\catchme.sys Script: Quarantine, Delete, BC delete	Base
Changer Driver: Unload, Delete, Disable	Changer	Not started	Changer.sys Script: Quarantine, Delete, BC delete	Filter
hamachi Driver: Unload, Delete, Disable	Hamachi Network Interface	Not started	C:\WINDOWS\system32\DRIVERS\hamachi.sys Script: Quarantine, Delete, BC delete	NDIS
InCDFs Driver: Unload, Delete, Disable	InCD File System	Not started	C:\WINDOWS\system32\drivers\InCDFs.sys Script: Quarantine, Delete, BC delete	File system
InCDPass Driver: Unload, Delete, Disable	InCDPass	Not started	C:\WINDOWS\system32\drivers\InCDPass.sys Script: Quarantine, Delete, BC delete	PNP Filter
InCDRm Driver: Unload, Delete, Disable	InCD Reader	Not started	C:\WINDOWS\system32\drivers\InCDRm.sys Script: Quarantine, Delete, BC delete	PnP Filter
jgameenp Driver: Unload, Delete, Disable	jgameenp	Not started	C:\DOCUME~1\Student\LOCALS~1\Temp\jgameenp.sys Script: Quarantine, Delete, BC delete
lbrtfdc Driver: Unload, Delete, Disable	lbrtfdc	Not started	lbrtfdc.sys Script: Quarantine, Delete, BC delete	System Bus Extender
mcdbus Driver: Unload, Delete, Disable	Driver for MagicISO SCSI Host Controller	Not started	C:\WINDOWS\system32\DRIVERS\mcdbus.sys Script: Quarantine, Delete, BC delete	Extended Base
mferkdk Driver: Unload, Delete, Disable	VSCore mferkdk	Not started	C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys Script: Quarantine, Delete, BC delete
npkcrypt Driver: Unload, Delete, Disable	npkcrypt	Not started	D:\Program Files\Lineage\npkcrypt.sys Script: Quarantine, Delete, BC delete	Keyboard
PCAMPR5 Driver: Unload, Delete, Disable	PCAMPR5 NDIS Protocol Driver	Not started	C:\WINDOWS\System32\PCAMPR5.SYS Script: Quarantine, Delete, BC delete	PNP_TDI
PCIDump Driver: Unload, Delete, Disable	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, BC delete	PCI Configuration
PDCOMP Driver: Unload, Delete, Disable	PDCOMP	Not started	PDCOMP.sys Script: Quarantine, Delete, BC delete
PDFRAME Driver: Unload, Delete, Disable	PDFRAME	Not started	PDFRAME.sys Script: Quarantine, Delete, BC delete
PDRELI Driver: Unload, Delete, Disable	PDRELI	Not started	PDRELI.sys Script: Quarantine, Delete, BC delete
PDRFRAME Driver: Unload, Delete, Disable	PDRFRAME	Not started	PDRFRAME.sys Script: Quarantine, Delete, BC delete
Simbad Driver: Unload, Delete, Disable	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, BC delete	Filter
SUSTUCAM Driver: Unload, Delete, Disable	Susteen USB Cable Modem Driver	Not started	C:\WINDOWS\system32\DRIVERS\sustucam.sys Script: Quarantine, Delete, BC delete
SUSTUCAP Driver: Unload, Delete, Disable	Susteen USB Cable Port Driver	Not started	C:\WINDOWS\system32\DRIVERS\sustucap.sys Script: Quarantine, Delete, BC delete
SUSTUCAU Driver: Unload, Delete, Disable	Susteen USB Cable USB Driver	Not started	C:\WINDOWS\system32\DRIVERS\sustucau.sys Script: Quarantine, Delete, BC delete
WDICA Driver: Unload, Delete, Disable	WDICA	Not started	WDICA.sys Script: Quarantine, Delete, BC delete
Detected - 268, recognized as trusted - 214

Autoruns

File name	Status	Startup method	Description
ACNotify.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify, DLLName
C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_USERS, .DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, DWQueuedReporting
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, OneCareUI
C:\Program Files\Qualcomm\Eudora\EuShlExt.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {EDB0E980-90BD-11D4-8599-0008C7D3B6F8}
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, AnyDVD
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SpySweeper
NWGINA.DLL Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon, GinaDLL
NWTRAY.EXE Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, NWTRAY
WRLogonNTF.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier, DLLName
autocheck autochk *SsiEfr.e Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager, BootExecute
Autoruns items detected - 67, recognized as trusted - 57

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
	Toolbar			{BA52B914-B692-46c4-B683-905236F6F655} Delete
C:\Program Files\AIM\aim.exe Script: Quarantine, Delete, BC delete	Extension module	AOL Instant Messenger	Copyright © 1996-2005 America Online, Inc.	{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} Delete
	Extension module			{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} Delete
Elements detected - 6, recognized as trusted - 3

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
deskpan.dll Script: Quarantine, Delete, BC delete	Display Panning CPL Extension			{42071714-76d4-11d1-8b24-00a0c9068ff3}
	Shell extensions for file compression			{764BF0E1-F219-11ce-972D-00AA00A14F56}
	Encryption Context Menu			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
	Taskbar and Start Menu			{0DF44EAA-FF21-4412-828E-260A8728E7F1}
	Media Band			{32683183-48a0-441b-a342-7c2a440a9478}
	User Accounts			{7A9D77BD-5403-11d2-8785-2E0420524153}
c:\WINDOWS\system32\mscoree.dll Script: Quarantine, Delete, BC delete	Fusion Cache	Microsoft .NET Runtime Execution Engine	© Microsoft Corporation. All rights reserved.	{1D2680C9-0E2A-469d-B787-065558BC7D43}
c:\Program Files\IBM RecordNow!\shlext.dll Script: Quarantine, Delete, BC delete	RecordNow! SendToExt	Shell Extensions	(c) Sonic Solutions. All rights reserved.	{DEE12703-6333-4D4E-8F34-738C4DCC2E04}
C:\WINDOWS\System32\nwshlxnt.dll Script: Quarantine, Delete, BC delete	Novell Connections			{AF8DE18D-9065-4102-BC40-EB294A95BB07}
C:\Program Files\Qualcomm\Eudora\EuShlExt.dll Script: Quarantine, Delete, BC delete	Eudora's Shell Extension	Eudora's Shell Extension	Copyright © 2000-2002	{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}
C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll Script: Quarantine, Delete, BC delete	Haali Column Provider			{0561EC90-CE54-4f0c-9C55-E226110A740C}
	Haali Matroska Thumbnail Exctractor			{E4D8441D-F89C-4b5c-90AC-A857E1768F1F}
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll Script: Quarantine, Delete, BC delete	Microsoft Office Metadata Handler	Microsoft Office Shell Extension Handlers	© 2006 Microsoft Corporation. All rights reserved.	{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll Script: Quarantine, Delete, BC delete	Microsoft Office Thumbnail Handler	Microsoft Office Shell Extension Handlers	© 2006 Microsoft Corporation. All rights reserved.	{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}
C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll Script: Quarantine, Delete, BC delete	Webroot Spy Sweeper Context Menu Integration	Spy Sweeper Client Executable	Copyright (C) 2002 - 2005, All Rights Reserved.	{7C9D5882-CB4A-4090-96C8-430BFE8B795B}
rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Script: Quarantine, Delete, BC delete	Autoplay for SlideShow			{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}
Elements detected - 215, recognized as trusted - 199

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
C:\WINDOWS\system32\nwspool.dll Script: Quarantine, Delete, BC delete	Provider	Netware Print Services	Novell Client Print Provider for Windows	Copyright © 1992-2003 Novell, Inc.
C:\WINDOWS\system32\ndppnt.dll Script: Quarantine, Delete, BC delete	Provider	Novell Distributed Print Services	NDPS Print Provider for Windows	Copyright © 1992-2003 Novell, Inc.
Elements detected - 10, recognized as trusted - 8

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE Script: Quarantine, Delete, BC delete	BMMTask.job	The task will not run at the scheduled times because it has been disabled.
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe Script: Quarantine, Delete, BC delete	Uniblue SpeedUpMyPC Nag.job	The task has not yet run.
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe Script: Quarantine, Delete, BC delete	Uniblue SpeedUpMyPC.job	One or more of the properties that are needed to run this task on a schedule have not been set.
Elements detected - 4, recognized as trusted - 1

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 5, recognized as trusted - 5

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 22, recognized as trusted - 22
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 6347 [1596] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 51368 [4] System
Script: Quarantine, Delete, BC delete, Terminate
427 LISTENING 0.0.0.0 35031 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 32778 [4] System
Script: Quarantine, Delete, BC delete, Terminate
1027 LISTENING 0.0.0.0 40994 [3424] c:\windows\system32\alg.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1055 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1057 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1060 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1064 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1067 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1069 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1073 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1075 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1078 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1080 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1083 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1087 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1090 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1092 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1095 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1098 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1101 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1103 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1107 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1110 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1113 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1115 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1118 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1120 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1123 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1126 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1130 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1132 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1135 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1139 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1142 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1144 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1147 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1151 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1153 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1156 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1159 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1162 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1165 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1168 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1171 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1174 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1178 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1181 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1183 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1185 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1188 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1192 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1194 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1196 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1204 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1207 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1209 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1213 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1215 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1217 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1220 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1222 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1224 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1226 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1229 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1231 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1234 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1236 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1239 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1242 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1246 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1248 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1251 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1254 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1258 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1260 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1263 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1266 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1268 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1271 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1274 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1277 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1280 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1284 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1289 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1292 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1294 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1297 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1300 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1303 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1306 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1309 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1312 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1315 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1318 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1321 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1325 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1327 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1330 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1333 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1336 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1340 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1342 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1346 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1349 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1352 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1354 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1358 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1360 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1363 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1367 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1369 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1372 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1375 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1380 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1383 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1385 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1389 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1395 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1398 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1402 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1405 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1408 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1411 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1414 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1417 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1419 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1422 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1426 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1428 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1432 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1434 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1436 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1441 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1443 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1446 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1450 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1453 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1455 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1459 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1462 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1465 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1468 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1471 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1474 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1476 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1479 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1482 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1485 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1489 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1492 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1495 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1497 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1500 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1502 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1505 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1508 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1511 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1514 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1518 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1521 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1524 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1528 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1530 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1533 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1536 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1540 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1543 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1545 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1547 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1551 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1553 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1555 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1557 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1561 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1563 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1565 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1567 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1570 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1579 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1583 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1586 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1589 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1591 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1593 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1595 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1597 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1599 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1601 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1604 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1606 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1608 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1610 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1612 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1614 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1617 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1620 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1623 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1626 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1628 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1629 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1630 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1633 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1635 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1638 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1643 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1645 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1647 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1650 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1652 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1657 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1661 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1663 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1665 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1668 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1670 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1673 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1675 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1678 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1681 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1686 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1689 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1693 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1696 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1699 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1702 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1704 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1710 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1713 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1715 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1719 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1721 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1724 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1727 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1730 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1734 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1737 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1740 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1743 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1746 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1748 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1752 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1755 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1757 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1760 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1764 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1766 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1768 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1771 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1774 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1777 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1782 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1785 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1788 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1791 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1794 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1797 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1799 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1802 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1805 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1809 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1811 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1815 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1817 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1820 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1822 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1826 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1830 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1833 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1835 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1839 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1842 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1845 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1847 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1850 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1854 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1857 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1859 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1863 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1866 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1869 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1872 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1875 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1878 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1881 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1884 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1887 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1890 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1893 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1896 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1899 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1902 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1905 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1908 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1911 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1914 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1917 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1920 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1923 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1926 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1929 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1932 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1935 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1938 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1941 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1944 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1947 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1950 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1953 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1956 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1959 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1962 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1965 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1968 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1971 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1974 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1977 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1980 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1983 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1986 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1989 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1992 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1995 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1998 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2001 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2003 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2006 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2010 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2013 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2015 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2018 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2021 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2023 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2027 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2030 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2032 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2035 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2038 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2042 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2045 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2047 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2050 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2052 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2055 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2057 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2060 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2062 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2065 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2071 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2075 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2078 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2080 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2082 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2087 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2090 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2093 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2096 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2099 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2102 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2105 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2108 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2111 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2114 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2117 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2120 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2123 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2126 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2129 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2133 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2136 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2139 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2142 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2145 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2148 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2152 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2155 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2158 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2161 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2164 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2167 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2170 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2173 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2176 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2179 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2182 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2185 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2188 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2191 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2194 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2197 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2200 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2203 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2206 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2209 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2212 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2215 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2218 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2221 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2224 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2227 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2229 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2232 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2234 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2236 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2238 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2241 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2244 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2247 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2250 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2254 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2257 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2259 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2262 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2266 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2268 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2270 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2274 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2277 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2279 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2282 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2285 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2289 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2291 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2294 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2297 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2301 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2303 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2306 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2309 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2312 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2316 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2318 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2321 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2324 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2327 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2330 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2333 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2337 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2340 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2343 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2345 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2348 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2351 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2354 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2357 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2360 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2364 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2366 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2370 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2373 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2376 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2378 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2381 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2384 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2388 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2390 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2394 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2396 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2399 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2402 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2406 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2409 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2412 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2415 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2418 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2420 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2423 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2427 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2429 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2433 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2436 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2438 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2440 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2444 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2448 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2451 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2453 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2457 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2460 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2462 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2466 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2468 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2472 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2475 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2477 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2481 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2483 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2487 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2490 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2493 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2496 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2499 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2502 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2504 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2507 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2511 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2514 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2517 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2520 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2523 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2525 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2527 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2530 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2533 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2536 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2539 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2542 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2545 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2548 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2551 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2554 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2557 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2559 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2561 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2564 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2567 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2570 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2573 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2576 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2579 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2582 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2585 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2588 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2591 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2594 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2596 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2598 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2602 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2605 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2608 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2611 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2614 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2617 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2620 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2623 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2626 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2629 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2632 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2634 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2636 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2641 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2644 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2647 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2650 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2653 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2656 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2659 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2662 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2665 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2668 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2671 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2673 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2676 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2678 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2680 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2685 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2687 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2690 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2693 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2696 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2699 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2701 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2703 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2706 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2712 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2715 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2718 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2720 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2722 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2727 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2732 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2736 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2739 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2743 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2746 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2749 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2752 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2755 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2758 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2761 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2763 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2766 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2768 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2771 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2774 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2777 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2780 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2783 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2785 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2788 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2790 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2793 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2796 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2799 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2801 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2804 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2808 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2812 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2815 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2818 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2820 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2823 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2827 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2829 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2831 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2835 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2837 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2840 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2843 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2845 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2848 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2850 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2852 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2855 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2857 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2859 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2862 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2865 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2868 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2871 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2873 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2875 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2878 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2881 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2884 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2888 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2891 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2896 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2900 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2908 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2911 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2914 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2916 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2920 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2923 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2926 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2928 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2931 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2935 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2938 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2940 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2942 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2945 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2949 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2952 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2954 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2956 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2960 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2965 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2968 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2971 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2974 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2976 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2979 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2983 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2986 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2989 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2992 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2995 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2997 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 2999 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3002 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3004 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3007 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3012 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3015 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3019 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3022 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3025 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3027 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3031 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3033 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3036 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3038 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3042 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3046 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3049 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3051 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3055 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3058 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3060 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3062 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3067 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3069 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3072 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3075 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3078 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3080 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3083 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3085 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3089 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3091 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3093 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3097 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3099 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3102 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3105 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3108 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3114 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3117 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3120 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3123 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3126 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3128 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3131 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3133 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3136 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3138 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3143 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3145 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3149 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3151 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3155 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3158 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3161 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3163 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3166 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3169 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3171 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3175 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3178 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3180 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3182 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3184 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3186 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3188 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3191 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3199 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3202 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3205 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3207 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3209 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3214 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3216 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3220 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3223 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3225 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3229 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3232 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3234 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3237 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3241 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3243 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3246 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3250 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3253 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3256 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3259 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3261 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3265 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3268 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3271 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3274 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3277 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3280 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3283 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3285 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3289 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3292 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3295 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3298 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3301 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3304 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3307 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3310 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3313 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3316 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3319 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3321 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3325 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3327 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3330 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3333 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3337 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3339 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3342 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3345 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3348 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3352 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3354 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3357 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3360 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3363 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3366 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3369 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3372 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3375 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3379 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3382 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3384 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3388 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3391 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3394 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3396 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3399 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3401 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3406 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3409 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3412 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3414 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3416 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3419 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3423 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3427 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3429 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3433 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3436 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3438 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3442 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3444 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3446 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3450 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3454 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3457 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3460 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3462 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3464 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3469 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3472 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3474 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3477 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3479 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3483 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3485 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3487 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3489 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3491 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3493 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3495 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3501 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3503 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3508 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3512 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3515 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3519 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3522 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3525 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3528 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3531 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3534 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3537 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3540 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3543 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3545 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3549 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3552 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3555 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3559 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3562 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3565 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3567 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3569 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3574 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3577 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3579 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3582 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3584 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3587 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3590 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3593 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3596 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3599 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3602 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3605 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3609 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3611 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3614 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3619 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3622 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3625 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3627 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3631 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3634 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3637 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3639 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3642 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3646 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3649 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3652 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3655 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3657 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3659 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3661 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3663 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3665 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3668 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3671 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3674 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3677 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3680 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3683 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3686 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3689 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3692 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3696 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3698 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3701 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3704 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3707 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3710 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3713 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3716 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3719 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3722 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3726 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3728 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3732 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3734 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3738 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3741 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3744 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3746 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3748 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3752 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3756 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3759 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3762 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3765 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3767 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3770 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3773 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3775 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3778 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3780 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3783 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3785 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3787 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3789 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3792 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3796 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3803 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3806 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3808 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3812 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3814 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3817 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3820 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3823 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3826 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3828 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3831 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3833 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3836 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3838 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3840 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3842 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3844 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3846 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3848 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3851 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3853 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3855 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3858 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3860 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3863 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3866 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3869 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3871 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3875 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3878 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3881 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3884 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3887 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3890 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3893 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3896 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3899 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3901 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3903 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3905 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3909 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3912 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3915 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3918 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3920 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3922 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3924 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3926 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3929 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3933 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3935 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3939 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3942 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3945 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3948 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3951 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3954 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3957 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3959 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3963 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3965 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3969 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3971 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3975 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3980 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3982 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3985 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3988 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3992 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3995 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 3998 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4001 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4021 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4024 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4027 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4030 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4032 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4036 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4038 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4040 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4042 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4045 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4047 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4051 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4053 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4057 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4062 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4065 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4175 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4177 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4180 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4183 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4186 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4189 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4192 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4195 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4197 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4199 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4202 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4205 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4207 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4209 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4214 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4216 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4219 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4221 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4224 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4226 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4229 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4231 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4234 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4236 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4242 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4246 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4248 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4251 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4254 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4257 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4261 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4263 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4265 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4268 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4271 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4274 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4279 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4282 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4285 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4288 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4291 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4294 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4297 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4299 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4303 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4306 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4309 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4311 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4314 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4318 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4321 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4324 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4327 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4330 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4332 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4335 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4337 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4339 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4342 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4346 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4348 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4351 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4354 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4360 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4363 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4366 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4369 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4372 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4374 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4376 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4380 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4383 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4385 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4388 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4391 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4394 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4397 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4399 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4402 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4405 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4409 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4412 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4415 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4418 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4426 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4429 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4432 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4435 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4438 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4441 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4460 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4462 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4465 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4467 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4469 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4472 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4491 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4493 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4496 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4499 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4502 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4506 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4508 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4510 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4513 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4515 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 4517 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 LISTENING 0.0.0.0 8298 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1516 CLOSE_WAIT 127.0.0.1 1053 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4179 CLOSE_WAIT 209.85.165.99 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4182 CLOSE_WAIT 74.125.45.103 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4185 CLOSE_WAIT 72.233.114.126 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4188 CLOSE_WAIT 209.51.143.170 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4191 CLOSE_WAIT 66.97.180.226 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4194 CLOSE_WAIT 66.97.180.226 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4201 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4204 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4211 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4212 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4213 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4218 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4223 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4228 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4233 CLOSE_WAIT 4.71.209.1 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4238 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4239 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4240 CLOSE_WAIT 66.97.180.239 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4241 CLOSE_WAIT 66.114.53.56 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4244 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4245 CLOSE_WAIT 70.85.91.34 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4250 CLOSE_WAIT 209.85.133.127 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4253 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4256 CLOSE_WAIT 209.85.133.127 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4259 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4260 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4270 CLOSE_WAIT 209.62.185.17 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4273 CLOSE_WAIT 4.71.209.1 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4276 CLOSE_WAIT 74.205.28.143 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4278 CLOSE_WAIT 209.62.185.17 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4287 CLOSE_WAIT 143.215.203.16 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4290 CLOSE_WAIT 74.205.28.143 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4293 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4296 CLOSE_WAIT 208.111.161.254 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4301 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4302 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4305 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4308 CLOSE_WAIT 74.205.28.143 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4313 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4316 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4320 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4323 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4326 CLOSE_WAIT 66.97.180.226 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4329 CLOSE_WAIT 66.97.180.226 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4334 CLOSE_WAIT 4.71.209.1 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4341 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4344 CLOSE_WAIT 67.19.36.18 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4350 CLOSE_WAIT 74.205.28.143 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4353 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4356 ESTABLISHED 74.220.207.181 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4357 CLOSE_WAIT 209.85.133.127 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4358 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4359 CLOSE_WAIT 74.205.28.140 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4362 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4365 CLOSE_WAIT 74.205.28.135 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4368 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4371 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4378 CLOSE_WAIT 4.71.209.1 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4387 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4390 CLOSE_WAIT 65.49.37.165 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4404 CLOSE_WAIT 209.62.185.9 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4407 CLOSE_WAIT 4.71.209.1 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4408 CLOSE_WAIT 216.150.25.35 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4414 CLOSE_WAIT 74.125.45.166 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4417 CLOSE_WAIT 74.205.28.140 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4420 CLOSE_WAIT 74.220.207.181 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4434 CLOSE_WAIT 212.58.226.8 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4437 CLOSE_WAIT 74.125.45.103 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4440 CLOSE_WAIT 72.233.114.126 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4443 CLOSE_WAIT 209.51.143.170 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4471 CLOSE_WAIT 74.125.45.104 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4474 CLOSE_WAIT 72.233.114.126 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4475 CLOSE_WAIT 209.85.165.147 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4485 CLOSE_WAIT 192.221.110.124 80 [1780] c:\program files\microsoft windows onecare live\winss.exe
Script: Quarantine, Delete, BC delete, Terminate
4504 CLOSE_WAIT 212.58.226.8 80 [1444] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4512 CLOSE_WAIT 4.23.58.126 80 [980] c:\program files\microsoft windows onecare live\ochealthmon.exe
Script: Quarantine, Delete, BC delete, Terminate
62514 LISTENING 0.0.0.0 57413 [800] c:\program files\cisco systems\vpn client\cvpnd.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
123 LISTENING -- -- [1744] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
123 LISTENING -- -- [1744] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
427 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
4069 LISTENING -- -- [1744] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4071 LISTENING -- -- [1780] c:\program files\microsoft windows onecare live\winss.exe
Script: Quarantine, Delete, BC delete, Terminate
4158 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
62514 LISTENING -- -- [800] c:\program files\cisco systems\vpn client\cvpnd.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Delete http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
C:\WINDOWS\Downloaded Program Files\wlscBase.dll
Script: Quarantine, Delete, BC delete Windows Live OneCare Safety Scanner Base Module © Microsoft Corporation. All rights reserved {5ED80217-570B-4DA9-BF44-BE107C0EC166}
Delete http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FacebookPhotoUploader.ocx
Script: Quarantine, Delete, BC delete Facebook Photo Uploader Control Library Copyright © 2005 The Facebook {5F8469B4-B055-49DD-83F7-62B522420ECC}
Delete http://upload.facebook.com/controls/FacebookPhotoUploader.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F}
Delete http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38113.4954976852
C:\WINDOWS\Downloaded Program Files\HGPlugin7USA.dll
Script: Quarantine, Delete, BC delete HGPlugin Dynamic Link Library Copyright (C) 2006 {A2E05F45-F127-4092-B9F7-9A02C3E04C77}
Delete http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab
C:\WINDOWS\Downloaded Program Files\HGPlugin8USA.dll
Script: Quarantine, Delete, BC delete NHN USA GameLauncherDll (c) NHN USA All rights reserved. {BC5E698E-77CF-45EF-80A3-090A4B6AAF83}
Delete http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin8USA.cab
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
Delete http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
C:\WINDOWS\Downloaded Program Files\HGPlugin9USA.dll
Script: Quarantine, Delete, BC delete HGPlugin Dynamic Link Library Copyright (C) 2006 {CD995117-98E5-4169-9920-6C12D4C0B548}
Delete http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
{D27CDB6E-AE6D-11CF-96B8-444553540001}
Delete http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Script: Quarantine, Delete, BC delete PopCapLoader Module Copyright 2003 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Delete http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
Elements detected - 23, recognized as trusted - 13

Control Panel Applets (CPL)

File name Description Manufacturer
C:\WINDOWS\system32\IBMJavaPlugin141.cpl
Script: Quarantine, Delete, BC delete JavaPlugin Copyright © 2001
C:\WINDOWS\system32\PRApplet.cpl
Script: Quarantine, Delete, BC delete PROSetApplet Module Copyright(C) 2001-2002 Intel Corporation
C:\WINDOWS\system32\tp4ex.cpl
Script: Quarantine, Delete, BC delete IBM TrackPoint Accessibility Features Copyright (C) IBM Corporation 2001-2002
C:\WINDOWS\system32\TP98.CPL
Script: Quarantine, Delete, BC delete IBM ThinkPad Control Panel Applet Copyright (C) IBM Corp. 1998,2003.
C:\WINDOWS\system32\TpShCPL.cpl
Script: Quarantine, Delete, BC delete IBM Active Protection System Copyright (C) IBM Corp. 2003-2004
C:\WINDOWS\system32\Tweak-XP Pro.cpl
Script: Quarantine, Delete, BC delete
Elements detected - 31, recognized as trusted - 25

Active Setup

File name Description Manufacturer CLSID
Elements detected - 15, recognized as trusted - 15

HOSTS file

Hosts file record
127.0.0.1 localhost

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Elements detected - 32, recognized as trusted - 29

Suspicious objects

File Description Type
C:\WINDOWS\system32\Drivers\d346bus.sys
Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook
C:\WINDOWS\system32\Drivers\SSI.SYS
Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis HSC: suspicion for Downloader.PopCapLoader (high degree of probability)

AVZ Antiviral Toolkit log; AVZ version is 4.30 Scanning started at 11/14/2008 2:21:21 PM Database loaded: signatures - 195940, NN profile(s) - 2, microprograms of healing - 56, signature database released 13.11.2008 21:55 Heuristic microprograms loaded: 370 SPV microprograms loaded: 9 Digital signatures of system files loaded: 74240 Heuristic analyzer mode: Maximum heuristics level Healing mode: disabled Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights System Restore: enabled 1. Searching for Rootkits and programs intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=082700) Kernel ntoskrnl.exe found in memory at address 804D7000 SDT = 80559700 KiST = 804E26A8 (284) Function NtClose (19) intercepted (80566DC9->F86FBD08), hook C:\WINDOWS\system32\Drivers\d346bus.sys, driver recognized as trusted Function NtCreateKey (29) intercepted (8056E829->F8641C74), hook C:\WINDOWS\system32\Drivers\SSI.SYS Function NtCreatePagingFile (2D) intercepted (805BAFD8->F86EFA20), hook C:\WINDOWS\system32\Drivers\d346bus.sys, driver recognized as trusted Function NtCreateProcess (2F) intercepted (805B0B34->F86433CE), hook C:\WINDOWS\system32\Drivers\SSI.SYS Function NtCreateProcessEx (30) intercepted (80581F0E->F864356E), hook C:\WINDOWS\system32\Drivers\SSI.SYS Function NtDeleteKey (3F) intercepted (805951C2->F8641E94), hook C:\WINDOWS\system32\Drivers\SSI.SYS Function NtDeleteValueKey (41) intercepted (80593B38->F86424E2), hook C:\WINDOWS\system32\Drivers\SSI.SYS Function NtEnumerateKey (47) intercepted (8056EF30->F86F04FC), hook C:\WINDOWS\system32\Drivers\d346bus.sys, driver recognized as trusted Function NtEnumerateValueKey (49) intercepted (8057FC04->F86FBE00), hook C:\WINDOWS\system32\Drivers\d346bus.sys, driver recognized as trusted Function NtFlushInstructionCache (4E) - machine code modification Method of JmpTo. jmp E1F9C3E4 Function NtOpenFile (74) intercepted (8056FC13->F86EFA60), hook C:\WINDOWS\system32\Drivers\d346bus.sys, driver recognized as trusted Function NtOpenKey (77) intercepted (80567D7B->F86FBC84), hook C:\WINDOWS\system32\Drivers\d346bus.sys, driver recognized as trusted Function NtQueryKey (A0) intercepted (8056EC39->F86F051C), hook C:\WINDOWS\system32\Drivers\d346bus.sys, driver recognized as trusted Function NtQueryValueKey (B1) intercepted (8056B183->F86FBD56), hook C:\WINDOWS\system32\Drivers\d346bus.sys, driver recognized as trusted Function NtRenameKey (C0) intercepted (8064D0B9->F864200A), hook C:\WINDOWS\system32\Drivers\SSI.SYS Function NtSetInformationKey (E2) intercepted (8064C7D7->F86421DA), hook C:\WINDOWS\system32\Drivers\SSI.SYS Function NtSetSystemPowerState (F1) intercepted (806658A7->F86FB230), hook C:\WINDOWS\system32\Drivers\d346bus.sys, driver recognized as trusted Function NtSetValueKey (F7) intercepted (80573D0D->F8642270), hook C:\WINDOWS\system32\Drivers\SSI.SYS Functions checked: 284, intercepted: 17, restored: 0 1.3 Checking IDT and SYSENTER Analysis for CPU 1 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed Driver loaded successfully 1.5 Checking of IRP handlers \driver\tcpip[IRP_MJ_CREATE] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_CREATE_NAMED_PIPE] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_CLOSE] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_READ] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_WRITE] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_QUERY_INFORMATION] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_SET_INFORMATION] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_QUERY_EA] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_SET_EA] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_FLUSH_BUFFERS] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_QUERY_VOLUME_INFORMATION] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_SET_VOLUME_INFORMATION] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_DIRECTORY_CONTROL] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_FILE_SYSTEM_CONTROL] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_DEVICE_CONTROL] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_INTERNAL_DEVICE_CONTROL] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_SHUTDOWN] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_LOCK_CONTROL] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_CLEANUP] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_CREATE_MAILSLOT] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_QUERY_SECURITY] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_SET_SECURITY] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_POWER] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_SYSTEM_CONTROL] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_DEVICE_CHANGE] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_QUERY_QUOTA] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_SET_QUOTA] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS \driver\tcpip[IRP_MJ_PNP] = F864720C -> C:\WINDOWS\system32\Drivers\SSI.SYS Checking - complete 2. Scanning memory Number of processes found: 36 Analyzer: process under analysis is 1652 C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [ES]:Contains network functionality [ES]:Application has no visible windows Analyzer: process under analysis is 1920 C:\WINDOWS\System32\S24EvMon.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Located in system folder Analyzer: process under analysis is 656 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer: process under analysis is 784 C:\WINDOWS\System32\cusrvc.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Located in system folder Analyzer: process under analysis is 980 C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [ES]:Contains network functionality [ES]:Listens on HTTP ports ! [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer: process under analysis is 1036 C:\WINDOWS\System32\RegSrvc.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Located in system folder Analyzer: process under analysis is 872 C:\WINDOWS\system32\TpKmpSVC.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Located in system folder Analyzer: process under analysis is 832 C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Analyzer: process under analysis is 2696 C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [ES]:Contains network functionality [ES]:Application has no visible windows [ES]:Registered in autoruns !! Number of modules loaded: 360 Scanning memory - complete 3. Scanning disks 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious programs Checking disabled by user 7. Heuristic system check >>> C:\WINDOWS\Downloaded Program Files\popcaploader.dll HSC: suspicion for Downloader.PopCapLoader (high degree of probability) Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: TermService (Terminal Services) >> Services: potentially dangerous service allowed: Schedule (Task Scheduler) >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing) >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard >> HDD autorun are allowed >> Autorun from network drives are allowed >> Removable media autorun are allowed Checking - complete Files scanned: 396, extracted from archives: 0, malicious software found 0, suspicions - 0 Scanning finished at 11/14/2008 2:21:48 PM Time of scanning: 00:00:28 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference System Analysis in progress
Script commands

Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
BootCleaner - import list of deleted files
Registry cleanup after deleting files
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:
Performance tweaking: disable service TermService (Terminal Services)
Performance tweaking: disable service Schedule (Task Scheduler)
Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)
Performance tweaking: disable service RDSessMgr (Remote Desktop Help Session Manager)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries
File list