Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 08/01/2012; 11:48)

List of processes

File name	PID	Description	Copyright	MD5	Information
E_S40RPB.EXE Script: Quarantine, Delete, BC delete, Terminate	1800			??	error getting file info Command line:
nvPDsvc.exe Script: Quarantine, Delete, BC delete, Terminate	2076			??	error getting file info Command line:
c:\quickenw\qwdlls.exe Script: Quarantine, Delete, BC delete, Terminate	3760	Quicken Load DLLs	Copyright © 1998, 1999, 2000 by Intuit	??	36.00 kb, rsAh, created: 07.09.2009 09:43:29, modified: 08.08.2000 12:38:18 Command line: "C:\QUICKENW\QWDLLS.EXE"
sidebar.exe Script: Quarantine, Delete, BC delete, Terminate	3600			??	error getting file info Command line:
Smc.exe Script: Quarantine, Delete, BC delete, Terminate	1080			??	error getting file info Command line:
SmcGui.exe Script: Quarantine, Delete, BC delete, Terminate	3272			??	error getting file info Command line:
TrustedInstaller.exe Script: Quarantine, Delete, BC delete, Terminate	3456			??	error getting file info Command line:
wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate	880			??	error getting file info Command line:
Detected:60, recognized as trusted 53

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\QUICKENW\CHANNEL.dll Script: Quarantine, Delete, BC delete	33423360	Quicken IPA DLL	Copyright © 1999 by Intuit	--	3760
C:\QUICKENW\CUSTPROF.dll Script: Quarantine, Delete, BC delete	54132736	Customer Profile Interface DLL	Copyright © 1999 by Intuit	--	3760
C:\QUICKENW\decApi.dll Script: Quarantine, Delete, BC delete	53084160	decEng DLL	Copyright (C) 1998	--	3760
C:\QUICKENW\GRAPHS6.dll Script: Quarantine, Delete, BC delete	47775744	Quicken Graphing DLL	Copyright © 1998 by Intuit	--	3760
C:\QUICKENW\LFCMP70N.DLL Script: Quarantine, Delete, BC delete	46006272	LEADTOOLS® DLL for Win32	Copyright © LEAD Technologies, Inc. 1996	--	3760
C:\QUICKENW\LTFIL70N.DLL Script: Quarantine, Delete, BC delete	43253760	LEADTOOLS® DLL for Win32	Copyright © LEAD Technologies, Inc. 1996	--	3760
C:\QUICKENW\LTKRN70N.dll Script: Quarantine, Delete, BC delete	43384832	LEADTOOLS® DLL for Win32	Copyright © LEAD Technologies, Inc. 1996	--	3760
C:\QUICKENW\ONLNCALL.dll Script: Quarantine, Delete, BC delete	3866624	Library Interface	Copyright © 1998 by Intuit	--	3760
C:\QUICKENW\QACCES32.DLL Script: Quarantine, Delete, BC delete	268435456	Quicken Convertor DLL	Copyright © 1998 by Intuit	--	3760
C:\QUICKENW\QCOMUTIL.dll Script: Quarantine, Delete, BC delete	3735552	QCOMUTIL DLL	Copyright © 1998	--	3760
C:\QUICKENW\QDB.dll Script: Quarantine, Delete, BC delete	3014656	Quicken Database DLL	Copyright © 1998, 1999, 2000 by Intuit	--	3760
C:\QUICKENW\qdbbase.dll Script: Quarantine, Delete, BC delete	3473408	Quicken Database Engine Library	Copyright © 1998 by Intuit	--	3760
C:\QUICKENW\QREP.dll Script: Quarantine, Delete, BC delete	47906816	Quicken Convertor DLL	Copyright © 1998 by Intuit	--	3760
C:\QUICKENW\QSAPI.DLL Script: Quarantine, Delete, BC delete	48103424	Quicken Semantic API Library	Copyright © 1999 by Intuit	--	3760
C:\QUICKENW\QSAPIENG.DLL Script: Quarantine, Delete, BC delete	48037888	Quicken Semantic API Library	Copyright © 1999 by Intuit	--	3760
C:\QUICKENW\QSNAPENG.DLL Script: Quarantine, Delete, BC delete	47644672	Quicken Snapshot Library	Copyright © 1999, 2000, 2001 by Intuit	--	3760
C:\QUICKENW\QTAXUTIL.DLL Script: Quarantine, Delete, BC delete	53936128	Quicken QTaxutil DLL	Copyright © 2000 by Intuit	--	3760
C:\QUICKENW\QWENC.dll Script: Quarantine, Delete, BC delete	2228224	Quicken Utility Library Enc	Copyright © 1998 by Intuit	--	3760
C:\QUICKENW\QWINET.dll Script: Quarantine, Delete, BC delete	33095680	Internet utility DLL	Copyright © 2000 by Intuit	--	3760
C:\QUICKENW\QWPLAN.DLL Script: Quarantine, Delete, BC delete	48300032	Quicken Life-Plan DLL	Copyright © 1999, 2000, 2001 by Intuit	--	3760
C:\QUICKENW\QWRMND.DLL Script: Quarantine, Delete, BC delete	4849664	Quicken Reminders Library	Copyright © 1998 by Intuit	--	3760
C:\QUICKENW\QWUTIL7.dll Script: Quarantine, Delete, BC delete	31326208	Quicken Utility Library	Copyright © 1998 by Intuit	--	3760
C:\QUICKENW\QWWIN.DLL Script: Quarantine, Delete, BC delete	32833536	Quicken Window Library	Copyright © 1998 by Intuit	--	3760
C:\QUICKENW\TAXPROF.dll Script: Quarantine, Delete, BC delete	48168960	Tax Profile Interface DLL	Copyright © 1999, 2000, 2001 by Intuit	--	3760
C:\Windows\system32\IPROF32.dll Script: Quarantine, Delete, BC delete	2359296	Intuit UserProfile DLL	Copyright © 1995 by Intuit	--	3760
C:\Windows\system32\Q_ENCLIB.DLL Script: Quarantine, Delete, BC delete	47382528	RSA Encryption Interface	Copyright Intuit 1996	--	3760
C:\Windows\system32\Q_ENCUTL.DLL Script: Quarantine, Delete, BC delete	47513600	RSA Encryption Utilities	Copyright Intuit 1996	--	3760
Modules detected:366, recognized as trusted 339

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, BC delete	65AA000	009000 (36864)
C:\Windows\System32\Drivers\dump_dumpata.sys Script: Quarantine, Delete, BC delete	64CF000	00C000 (49152)
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, BC delete	65B3000	013000 (77824)
C:\Windows\System32\Drivers\spiq.sys Script: Quarantine, Delete, BC delete	101A000	134000 (1261568)
Modules detected - 210, recognized as trusted - 206

Services

Service	Description	Status	File	Group	Dependencies
Detected - 167, recognized as trusted - 167

Drivers

Service	Description	Status	File	Group	Dependencies
sptd Driver: Unload, Delete, Disable, BC delete	sptd	Running	C:\Windows\System32\Drivers\sptd.sys Script: Quarantine, Delete, BC delete	Boot Bus Extender
catchme Driver: Unload, Delete, Disable, BC delete	catchme	Not started	C:\ComboFix\catchme.sys Script: Quarantine, Delete, BC delete	Base
mrtRate Driver: Unload, Delete, Disable, BC delete	mrtRate	Not started	C:\Windows\system32\Drivers\mrtRate.sys Script: Quarantine, Delete, BC delete
Synth3dVsc Driver: Unload, Delete, Disable, BC delete	Synth3dVsc	Not started	C:\Windows\system32\drivers\synth3dvsc.sys Script: Quarantine, Delete, BC delete
tsusbhub Driver: Unload, Delete, Disable, BC delete	tsusbhub	Not started	C:\Windows\system32\drivers\tsusbhub.sys Script: Quarantine, Delete, BC delete
utexotqy Driver: Unload, Delete, Disable, BC delete	AVZ Kernel Driver	Not started	C:\Windows\system32\Drivers\utexotqy.sys Script: Quarantine, Delete, BC delete
uzexotqy Driver: Unload, Delete, Disable, BC delete	AVZ-RK Kernel Driver	Not started	C:\Windows\system32\Drivers\uzexotqy.sys Script: Quarantine, Delete, BC delete	EMS
vdexotqy Driver: Unload, Delete, Disable, BC delete	AVZ-BC Kernel Driver	Not started	C:\Windows\system32\Drivers\vdexotqy.sys Script: Quarantine, Delete, BC delete	EMS
VGPU Driver: Unload, Delete, Disable, BC delete	VGPU	Not started	C:\Windows\system32\drivers\rdvgkmd.sys Script: Quarantine, Delete, BC delete
Detected - 268, recognized as trusted - 259

Autoruns

File name	Status	Startup method	Description
C:\Program Files (x86)\Bonjour\mDNSResponder.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service, EventMessageFile
C:\Users\KRU\AppData\Local\Temp\_uninst_39427412.bat Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\KRU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\KRU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_39427412.lnk,
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
ResLuComServer_3_3.DLL Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\LiveUpdate, EventMessageFile
auditcse.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
rdpclip Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items detected - 623, recognized as trusted - 617

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
Elements detected - 1, recognized as trusted - 1

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	ColumnHandler			{F9DB5320-233E-11D1-9F84-707F02C10627} Delete
Elements detected - 20, recognized as trusted - 19

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
AdobePDF.dll Script: Quarantine, Delete, BC delete	Monitor	Adobe PDF Port Monitor
EP0SLM01.DLL Script: Quarantine, Delete, BC delete	Monitor	Epson Inbox Language Monitor01
E_ILMBUA.DLL Script: Quarantine, Delete, BC delete	Monitor	EPSON Stylus Photo 1400 Series 64MonitorBA
localspl.dll Script: Quarantine, Delete, BC delete	Monitor	Local Port
FXSMON.DLL Script: Quarantine, Delete, BC delete	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll Script: Quarantine, Delete, BC delete	Monitor	Standard TCP/IP Port
usbmon.dll Script: Quarantine, Delete, BC delete	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, BC delete	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, BC delete	Provider	HTTP Print Services
Elements detected - 10, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 4, recognized as trusted - 4

SPI/LSP settings

Namespace providers (NSP)

Provider	Status	EXE file	Description	GUID
Detected - 6, recognized as trusted - 6

Transport protocol providers (TSP, LSP)

Provider EXE file Description
Detected - 10, recognized as trusted - 10
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [792] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
554 LISTENING 0.0.0.0 0 [880] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
2869 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5357 TIME_WAIT 127.0.0.1 49266 [0]
5357 TIME_WAIT 127.0.0.1 49270 [0]
10243 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
27001 LISTENING 0.0.0.0 0 [2064] c:\program files (x86)\esri\license\arcgis9x\lmgrd.exe
Script: Quarantine, Delete, BC delete, Terminate
27001 ESTABLISHED 127.0.0.1 49159 [2064] c:\program files (x86)\esri\license\arcgis9x\lmgrd.exe
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [452] wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [888] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [956] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [2292] c:\program files (x86)\esri\license\arcgis9x\arcgis.exe
Script: Quarantine, Delete, BC delete, Terminate
49157 ESTABLISHED 127.0.0.1 49158 [2292] c:\program files (x86)\esri\license\arcgis9x\arcgis.exe
Script: Quarantine, Delete, BC delete, Terminate
49158 ESTABLISHED 127.0.0.1 49157 [2292] c:\program files (x86)\esri\license\arcgis9x\arcgis.exe
Script: Quarantine, Delete, BC delete, Terminate
49159 ESTABLISHED 127.0.0.1 27001 [2292] c:\program files (x86)\esri\license\arcgis9x\arcgis.exe
Script: Quarantine, Delete, BC delete, Terminate
49160 LISTENING 0.0.0.0 0 [528] lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49161 LISTENING 0.0.0.0 0 [512] services.exe
Script: Quarantine, Delete, BC delete, Terminate
49162 LISTENING 0.0.0.0 0 [1556] spoolsv.exe
Script: Quarantine, Delete, BC delete, Terminate
49163 LISTENING 0.0.0.0 0 [2956] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49176 ESTABLISHED 127.0.0.1 49177 [308] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
49177 ESTABLISHED 127.0.0.1 49176 [308] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
49178 ESTABLISHED 127.0.0.1 49179 [308] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
49179 ESTABLISHED 127.0.0.1 49178 [308] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
49181 TIME_WAIT 74.125.227.146 80 [0]
49182 TIME_WAIT 173.194.64.132 80 [0]
49183 TIME_WAIT 173.194.64.132 80 [0]
49184 TIME_WAIT 74.125.227.159 80 [0]
49186 TIME_WAIT 173.194.64.132 80 [0]
49187 TIME_WAIT 74.125.227.146 80 [0]
49188 TIME_WAIT 173.194.64.132 80 [0]
49190 TIME_WAIT 173.194.64.132 80 [0]
49193 TIME_WAIT 173.194.64.132 80 [0]
49196 TIME_WAIT 74.125.227.63 80 [0]
49197 TIME_WAIT 173.194.64.82 80 [0]
49198 TIME_WAIT 74.125.227.63 80 [0]
49200 TIME_WAIT 173.194.66.120 80 [0]
49203 TIME_WAIT 74.125.81.132 443 [0]
49206 TIME_WAIT 173.194.66.120 80 [0]
49207 TIME_WAIT 74.125.227.36 80 [0]
49223 TIME_WAIT 74.125.227.135 80 [0]
49224 TIME_WAIT 74.125.227.108 443 [0]
49261 TIME_WAIT 74.125.227.128 443 [0]
49262 TIME_WAIT 74.125.227.128 443 [0]
49263 TIME_WAIT 74.125.227.95 443 [0]
49267 ESTABLISHED 74.125.227.68 80 [308] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
49268 TIME_WAIT 74.125.227.68 80 [0]
49269 ESTABLISHED 173.194.64.113 80 [308] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
49279 ESTABLISHED 74.125.227.135 80 [308] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [956] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1952] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1952] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3544 LISTENING -- -- [956] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [500] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [500] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1952] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1952] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [956] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5004 LISTENING -- -- [880] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5005 LISTENING -- -- [880] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1288] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
51581 LISTENING -- -- [500] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
52369 LISTENING -- -- [956] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
57027 LISTENING -- -- [1952] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
57028 LISTENING -- -- [1952] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58636 LISTENING -- -- [500] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
61102 LISTENING -- -- [1952] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Elements detected - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
C:\Windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, BC delete Adobe Flash Player Control Panel Applet Copyright © 1996-2010 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Elements detected - 19, recognized as trusted - 18

Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 16, recognized as trusted - 13

Suspicious objects

File Description Type

Main script of analysis
Windows version: Windows 7 Enterprise, Build=7601, SP="Service Pack 1"
System Restore: enabled
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
 >>  Abnormal SCR files association
 >>  Disable HDD autorun
 >>  Disable autorun from network drives
 >>  Disable CD/DVD autorun
 >>  Disable removable media autorun
 >>  Windows Explorer - show extensions of known file types
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	0	[792] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
139	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
445	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
554	LISTENING	0.0.0.0	0	[880] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
2869	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
5357	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
5357	TIME_WAIT	127.0.0.1	49266	[0]
5357	TIME_WAIT	127.0.0.1	49270	[0]
10243	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
27001	LISTENING	0.0.0.0	0	[2064] c:\program files (x86)\esri\license\arcgis9x\lmgrd.exe Script: Quarantine, Delete, BC delete, Terminate
27001	ESTABLISHED	127.0.0.1	49159	[2064] c:\program files (x86)\esri\license\arcgis9x\lmgrd.exe Script: Quarantine, Delete, BC delete, Terminate
49152	LISTENING	0.0.0.0	0	[452] wininit.exe Script: Quarantine, Delete, BC delete, Terminate
49153	LISTENING	0.0.0.0	0	[888] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
49154	LISTENING	0.0.0.0	0	[956] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
49155	LISTENING	0.0.0.0	0	[2292] c:\program files (x86)\esri\license\arcgis9x\arcgis.exe Script: Quarantine, Delete, BC delete, Terminate
49157	ESTABLISHED	127.0.0.1	49158	[2292] c:\program files (x86)\esri\license\arcgis9x\arcgis.exe Script: Quarantine, Delete, BC delete, Terminate
49158	ESTABLISHED	127.0.0.1	49157	[2292] c:\program files (x86)\esri\license\arcgis9x\arcgis.exe Script: Quarantine, Delete, BC delete, Terminate
49159	ESTABLISHED	127.0.0.1	27001	[2292] c:\program files (x86)\esri\license\arcgis9x\arcgis.exe Script: Quarantine, Delete, BC delete, Terminate
49160	LISTENING	0.0.0.0	0	[528] lsass.exe Script: Quarantine, Delete, BC delete, Terminate
49161	LISTENING	0.0.0.0	0	[512] services.exe Script: Quarantine, Delete, BC delete, Terminate
49162	LISTENING	0.0.0.0	0	[1556] spoolsv.exe Script: Quarantine, Delete, BC delete, Terminate
49163	LISTENING	0.0.0.0	0	[2956] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
49176	ESTABLISHED	127.0.0.1	49177	[308] c:\program files (x86)\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
49177	ESTABLISHED	127.0.0.1	49176	[308] c:\program files (x86)\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
49178	ESTABLISHED	127.0.0.1	49179	[308] c:\program files (x86)\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
49179	ESTABLISHED	127.0.0.1	49178	[308] c:\program files (x86)\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
49181	TIME_WAIT	74.125.227.146	80	[0]
49182	TIME_WAIT	173.194.64.132	80	[0]
49183	TIME_WAIT	173.194.64.132	80	[0]
49184	TIME_WAIT	74.125.227.159	80	[0]
49186	TIME_WAIT	173.194.64.132	80	[0]
49187	TIME_WAIT	74.125.227.146	80	[0]
49188	TIME_WAIT	173.194.64.132	80	[0]
49190	TIME_WAIT	173.194.64.132	80	[0]
49193	TIME_WAIT	173.194.64.132	80	[0]
49196	TIME_WAIT	74.125.227.63	80	[0]
49197	TIME_WAIT	173.194.64.82	80	[0]
49198	TIME_WAIT	74.125.227.63	80	[0]
49200	TIME_WAIT	173.194.66.120	80	[0]
49203	TIME_WAIT	74.125.81.132	443	[0]
49206	TIME_WAIT	173.194.66.120	80	[0]
49207	TIME_WAIT	74.125.227.36	80	[0]
49223	TIME_WAIT	74.125.227.135	80	[0]
49224	TIME_WAIT	74.125.227.108	443	[0]
49261	TIME_WAIT	74.125.227.128	443	[0]
49262	TIME_WAIT	74.125.227.128	443	[0]
49263	TIME_WAIT	74.125.227.95	443	[0]
49267	ESTABLISHED	74.125.227.68	80	[308] c:\program files (x86)\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
49268	TIME_WAIT	74.125.227.68	80	[0]
49269	ESTABLISHED	173.194.64.113	80	[308] c:\program files (x86)\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
49279	ESTABLISHED	74.125.227.135	80	[308] c:\program files (x86)\mozilla firefox\firefox.exe Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
500	LISTENING	--	--	[956] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[1952] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[1952] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3544	LISTENING	--	--	[956] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[500] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[500] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[1952] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[1952] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
4500	LISTENING	--	--	[956] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
5004	LISTENING	--	--	[880] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
5005	LISTENING	--	--	[880] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
5355	LISTENING	--	--	[1288] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
51581	LISTENING	--	--	[500] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
52369	LISTENING	--	--	[956] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
57027	LISTENING	--	--	[1952] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
57028	LISTENING	--	--	[1952] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
58636	LISTENING	--	--	[500] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
61102	LISTENING	--	--	[1952] svchost.exe Script: Quarantine, Delete, BC delete, Terminate