Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 07/01/2012; 16:40)

List of processes

File name	PID	Description	Copyright	MD5	Information
agr64svc.exe Script: Quarantine, Delete, BC delete, Terminate	1476			??	error getting file info Command line:
BJMYPRT.EXE Script: Quarantine, Delete, BC delete, Terminate	3852			??	error getting file info Command line:
c:\program files (x86)\hewlett-packard\media\dvd\dvdagent.exe Script: Quarantine, Delete, BC delete, Terminate	4032	HP DVDSmart Resident Program	Copyright (C) 2005-2006 CyberLink Corp.	??	125.29 kb, rsah, created: 23.07.2009 22:45:52, modified: 23.07.2009 22:45:52 Command line: "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
HPHC_Service.exe Script: Quarantine, Delete, BC delete, Terminate	672			??	error getting file info Command line:
iPodService.exe Script: Quarantine, Delete, BC delete, Terminate	4128			??	error getting file info Command line:
NTRTScan.exe Script: Quarantine, Delete, BC delete, Terminate	1776			??	error getting file info Command line:
PresentationFontCache.exe Script: Quarantine, Delete, BC delete, Terminate	2544			??	error getting file info Command line:
SmartMenu.exe Script: Quarantine, Delete, BC delete, Terminate	4052			??	error getting file info Command line:
TmListen.exe Script: Quarantine, Delete, BC delete, Terminate	1904			??	error getting file info Command line:
TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate	2948			??	error getting file info Command line:
wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate	2864			??	error getting file info Command line:
ZuneLauncher.exe Script: Quarantine, Delete, BC delete, Terminate	3840			??	error getting file info Command line:
Detected:69, recognized as trusted 58

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Windows\system32\MFC71ENU.DLL Script: Quarantine, Delete, BC delete	1563820032	MFC Language Specific Resources	© Microsoft Corporation. All rights reserved.	--	4032
Modules detected:387, recognized as trusted 386

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Users\Mike\AppData\Local\Temp\aswMBR.sys Script: Quarantine, Delete, BC delete	6ED1000	00E000 (57344)
C:\Windows\System32\Drivers\dump_diskdump.sys Script: Quarantine, Delete, BC delete	4830000	00A000 (40960)
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, BC delete	4878000	013000 (77824)
C:\Windows\System32\Drivers\dump_nvstor64.sys Script: Quarantine, Delete, BC delete	483A000	03E000 (253952)
Modules detected - 194, recognized as trusted - 190

Services

Service	Description	Status	File	Group	Dependencies
Detected - 161, recognized as trusted - 161

Drivers

Service	Description	Status	File	Group	Dependencies
catchme Driver: Unload, Delete, Disable, BC delete	catchme	Not started	C:\ComboFix\catchme.sys Script: Quarantine, Delete, BC delete	Base
Detected - 253, recognized as trusted - 252

Autoruns

File name	Status	Startup method	Description
C:\Users\Mike\AppData\Local\Temp\_uninst_15059840.bat Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_15059840.lnk,
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
auditcse.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
rdpclip Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items detected - 602, recognized as trusted - 598

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
Elements detected - 2, recognized as trusted - 2

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	ColumnHandler			{F9DB5320-233E-11D1-9F84-707F02C10627} Delete
Elements detected - 13, recognized as trusted - 12

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
AdobePDF.dll Script: Quarantine, Delete, BC delete	Monitor	Adobe PDF Port Monitor
CNBLM3_2.DLL Script: Quarantine, Delete, BC delete	Monitor	BJ Language Monitor3_2
CNMLM9O.DLL Script: Quarantine, Delete, BC delete	Monitor	Canon BJ Language Monitor MX320 series
CNCF2Lh.DLL Script: Quarantine, Delete, BC delete	Monitor	Canon MP FAX Language Monitor MX320 series
localspl.dll Script: Quarantine, Delete, BC delete	Monitor	Local Port
FXSMON.DLL Script: Quarantine, Delete, BC delete	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll Script: Quarantine, Delete, BC delete	Monitor	Standard TCP/IP Port
usbmon.dll Script: Quarantine, Delete, BC delete	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, BC delete	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, BC delete	Provider	HTTP Print Services
Elements detected - 11, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 1, recognized as trusted - 1

SPI/LSP settings

Namespace providers (NSP)

Provider	Status	EXE file	Description	GUID
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol		C:\Windows\System32\nwprovau.dll Script: Quarantine, Delete, BC delete		{E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B}
Detected - 7, recognized as trusted - 6

Transport protocol providers (TSP, LSP)

Provider EXE file Description
RSVP UDP Service Provider C:\Windows\system32\rsvpsp.dll
Script: Quarantine, Delete, BC delete
RSVP TCP Service Provider C:\Windows\system32\rsvpsp.dll
Script: Quarantine, Delete, BC delete
Detected - 29, recognized as trusted - 27
Results of automatic SPI settings check
LSP NameSpace error: Number of namespaces 4 doesn't correspond to real 7 LSP NameSpace error: "NWLink IPX/SPX/NetBIOS Compatible Transport Protocol" --> file is missing C:\Windows\System32\nwprovau.dll LSP Protocol error = "RSVP UDP Service Provider" --> file is missing C:\Windows\system32\rsvpsp.dll LSP Protocol error = "RSVP TCP Service Provider" --> file is missing C:\Windows\system32\rsvpsp.dll Attention ! LSP errors detected. Number of errors - 4 Problems with Internet connection are possible

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [872] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
554 LISTENING 0.0.0.0 0 [2864] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
2869 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
4573 ESTABLISHED 127.0.0.1 49715 [1700] c:\program files (x86)\motorola\motohelper\motohelperservice.exe
Script: Quarantine, Delete, BC delete, Terminate
4573 LISTENING 0.0.0.0 0 [1700] c:\program files (x86)\motorola\motohelper\motohelperservice.exe
Script: Quarantine, Delete, BC delete, Terminate
5354 LISTENING 0.0.0.0 0 [1580] c:\program files (x86)\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
6999 ESTABLISHED 127.0.0.1 53438 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
6999 ESTABLISHED 127.0.0.1 53665 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
6999 ESTABLISHED 127.0.0.1 53667 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
6999 ESTABLISHED 127.0.0.1 53673 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
6999 ESTABLISHED 127.0.0.1 53675 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
6999 ESTABLISHED 127.0.0.1 53679 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
6999 ESTABLISHED 127.0.0.1 53683 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
6999 LISTENING 0.0.0.0 0 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
9421 LISTENING 0.0.0.0 0 [1668] c:\users\mike\appdata\local\akamai\netsession_win.exe
Script: Quarantine, Delete, BC delete, Terminate
9422 LISTENING 0.0.0.0 0 [1668] c:\users\mike\appdata\local\akamai\netsession_win.exe
Script: Quarantine, Delete, BC delete, Terminate
9423 LISTENING 0.0.0.0 0 [1668] c:\users\mike\appdata\local\akamai\netsession_win.exe
Script: Quarantine, Delete, BC delete, Terminate
10243 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
21264 LISTENING 0.0.0.0 0 [1904] TmListen.exe
Script: Quarantine, Delete, BC delete, Terminate
27015 ESTABLISHED 127.0.0.1 49745 [1556] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, BC delete, Terminate
27015 LISTENING 0.0.0.0 0 [1556] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [492] wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [944] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [1020] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [568] lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49157 LISTENING 0.0.0.0 0 [552] services.exe
Script: Quarantine, Delete, BC delete, Terminate
49715 ESTABLISHED 127.0.0.1 4573 [3328] c:\program files (x86)\motorola\motohelper\motohelperagent.exe
Script: Quarantine, Delete, BC delete, Terminate
49745 ESTABLISHED 127.0.0.1 27015 [2740] c:\program files (x86)\itunes\ituneshelper.exe
Script: Quarantine, Delete, BC delete, Terminate
53438 ESTABLISHED 127.0.0.1 6999 [3628] c:\program files (x86)\common files\java\java update\jusched.exe
Script: Quarantine, Delete, BC delete, Terminate
53439 ESTABLISHED 24.143.206.42 80 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
53495 ESTABLISHED 23.1.201.83 443 [1776] NTRTScan.exe
Script: Quarantine, Delete, BC delete, Terminate
53630 TIME_WAIT 74.125.47.95 80 [0]
53631 TIME_WAIT 74.125.47.95 80 [0]
53638 TIME_WAIT 74.125.45.102 80 [0]
53665 ESTABLISHED 127.0.0.1 6999 [2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe
Script: Quarantine, Delete, BC delete, Terminate
53666 ESTABLISHED 24.143.200.43 80 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
53667 ESTABLISHED 127.0.0.1 6999 [2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe
Script: Quarantine, Delete, BC delete, Terminate
53668 ESTABLISHED 24.143.200.43 80 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
53673 ESTABLISHED 127.0.0.1 6999 [2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe
Script: Quarantine, Delete, BC delete, Terminate
53674 ESTABLISHED 70.37.131.153 80 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
53675 ESTABLISHED 127.0.0.1 6999 [2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe
Script: Quarantine, Delete, BC delete, Terminate
53676 ESTABLISHED 65.55.206.206 80 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
53679 ESTABLISHED 127.0.0.1 6999 [2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe
Script: Quarantine, Delete, BC delete, Terminate
53680 ESTABLISHED 65.55.206.197 80 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
53683 ESTABLISHED 127.0.0.1 6999 [2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe
Script: Quarantine, Delete, BC delete, Terminate
53684 ESTABLISHED 65.55.206.198 80 [2948] TmProxy.exe
Script: Quarantine, Delete, BC delete, Terminate
53685 ESTABLISHED 184.50.217.83 443 [1776] NTRTScan.exe
Script: Quarantine, Delete, BC delete, Terminate
53687 ESTABLISHED 184.50.217.83 443 [1776] NTRTScan.exe
Script: Quarantine, Delete, BC delete, Terminate
53688 ESTABLISHED 184.50.217.83 443 [1776] NTRTScan.exe
Script: Quarantine, Delete, BC delete, Terminate
53689 ESTABLISHED 184.50.217.83 443 [1776] NTRTScan.exe
Script: Quarantine, Delete, BC delete, Terminate
53690 ESTABLISHED 184.50.217.83 443 [1776] NTRTScan.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [2792] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [2792] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [2792] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [2792] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5004 LISTENING -- -- [2864] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5005 LISTENING -- -- [2864] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5353 LISTENING -- -- [1580] c:\program files (x86)\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1108] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
50754 LISTENING -- -- [2792] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
50755 LISTENING -- -- [2792] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
51557 LISTENING -- -- [1668] c:\users\mike\appdata\local\akamai\netsession_win.exe
Script: Quarantine, Delete, BC delete, Terminate
51558 LISTENING -- -- [2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe
Script: Quarantine, Delete, BC delete, Terminate
53209 LISTENING -- -- [440] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
54748 LISTENING -- -- [2792] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
60969 LISTENING -- -- [1580] c:\program files (x86)\bonjour\mdnsresponder.exe
Script: Quarantine, Delete, BC delete, Terminate
62413 LISTENING -- -- [1668] c:\users\mike\appdata\local\akamai\netsession_win.exe
Script: Quarantine, Delete, BC delete, Terminate
62414 LISTENING -- -- [3752] c:\program files (x86)\internet explorer\iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
C:\Program Files\Java\jre6\bin\npjpi160_22.dll
Script: Quarantine, Delete, BC delete {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Delete http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Elements detected - 3, recognized as trusted - 2

Control Panel Applets (CPL)

File name Description Manufacturer
Elements detected - 20, recognized as trusted - 20

Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 16, recognized as trusted - 13

Suspicious objects

File Description Type

Main script of analysis
Windows version: Windows 7 Professional, Build=7601, SP="Service Pack 1"
System Restore: enabled
LSP NameSpace error: Number of namespaces 4 doesn't correspond to real 7
LSP NameSpace error: "NWLink IPX/SPX/NetBIOS Compatible Transport Protocol" --> file is missing C:\Windows\System32\nwprovau.dll
LSP Protocol error = "RSVP UDP Service Provider" --> file is missing C:\Windows\system32\rsvpsp.dll
LSP Protocol error = "RSVP TCP Service Provider" --> file is missing C:\Windows\system32\rsvpsp.dll
>> Services: potentially dangerous service allowed: RemoteRegistry (@regsvc.dll,-1)
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
 >>  Disable HDD autorun
 >>  Disable autorun from network drives
 >>  Disable CD/DVD autorun
 >>  Disable removable media autorun
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:Performance tweaking: disable service RemoteRegistry (@regsvc.dll,-1)
Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	0	[872] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
139	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
445	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
554	LISTENING	0.0.0.0	0	[2864] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
2869	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
4573	ESTABLISHED	127.0.0.1	49715	[1700] c:\program files (x86)\motorola\motohelper\motohelperservice.exe Script: Quarantine, Delete, BC delete, Terminate
4573	LISTENING	0.0.0.0	0	[1700] c:\program files (x86)\motorola\motohelper\motohelperservice.exe Script: Quarantine, Delete, BC delete, Terminate
5354	LISTENING	0.0.0.0	0	[1580] c:\program files (x86)\bonjour\mdnsresponder.exe Script: Quarantine, Delete, BC delete, Terminate
5357	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
6999	ESTABLISHED	127.0.0.1	53438	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
6999	ESTABLISHED	127.0.0.1	53665	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
6999	ESTABLISHED	127.0.0.1	53667	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
6999	ESTABLISHED	127.0.0.1	53673	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
6999	ESTABLISHED	127.0.0.1	53675	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
6999	ESTABLISHED	127.0.0.1	53679	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
6999	ESTABLISHED	127.0.0.1	53683	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
6999	LISTENING	0.0.0.0	0	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
9421	LISTENING	0.0.0.0	0	[1668] c:\users\mike\appdata\local\akamai\netsession_win.exe Script: Quarantine, Delete, BC delete, Terminate
9422	LISTENING	0.0.0.0	0	[1668] c:\users\mike\appdata\local\akamai\netsession_win.exe Script: Quarantine, Delete, BC delete, Terminate
9423	LISTENING	0.0.0.0	0	[1668] c:\users\mike\appdata\local\akamai\netsession_win.exe Script: Quarantine, Delete, BC delete, Terminate
10243	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
21264	LISTENING	0.0.0.0	0	[1904] TmListen.exe Script: Quarantine, Delete, BC delete, Terminate
27015	ESTABLISHED	127.0.0.1	49745	[1556] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, BC delete, Terminate
27015	LISTENING	0.0.0.0	0	[1556] c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe Script: Quarantine, Delete, BC delete, Terminate
49152	LISTENING	0.0.0.0	0	[492] wininit.exe Script: Quarantine, Delete, BC delete, Terminate
49153	LISTENING	0.0.0.0	0	[944] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
49154	LISTENING	0.0.0.0	0	[1020] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
49155	LISTENING	0.0.0.0	0	[568] lsass.exe Script: Quarantine, Delete, BC delete, Terminate
49157	LISTENING	0.0.0.0	0	[552] services.exe Script: Quarantine, Delete, BC delete, Terminate
49715	ESTABLISHED	127.0.0.1	4573	[3328] c:\program files (x86)\motorola\motohelper\motohelperagent.exe Script: Quarantine, Delete, BC delete, Terminate
49745	ESTABLISHED	127.0.0.1	27015	[2740] c:\program files (x86)\itunes\ituneshelper.exe Script: Quarantine, Delete, BC delete, Terminate
53438	ESTABLISHED	127.0.0.1	6999	[3628] c:\program files (x86)\common files\java\java update\jusched.exe Script: Quarantine, Delete, BC delete, Terminate
53439	ESTABLISHED	24.143.206.42	80	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
53495	ESTABLISHED	23.1.201.83	443	[1776] NTRTScan.exe Script: Quarantine, Delete, BC delete, Terminate
53630	TIME_WAIT	74.125.47.95	80	[0]
53631	TIME_WAIT	74.125.47.95	80	[0]
53638	TIME_WAIT	74.125.45.102	80	[0]
53665	ESTABLISHED	127.0.0.1	6999	[2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe Script: Quarantine, Delete, BC delete, Terminate
53666	ESTABLISHED	24.143.200.43	80	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
53667	ESTABLISHED	127.0.0.1	6999	[2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe Script: Quarantine, Delete, BC delete, Terminate
53668	ESTABLISHED	24.143.200.43	80	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
53673	ESTABLISHED	127.0.0.1	6999	[2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe Script: Quarantine, Delete, BC delete, Terminate
53674	ESTABLISHED	70.37.131.153	80	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
53675	ESTABLISHED	127.0.0.1	6999	[2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe Script: Quarantine, Delete, BC delete, Terminate
53676	ESTABLISHED	65.55.206.206	80	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
53679	ESTABLISHED	127.0.0.1	6999	[2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe Script: Quarantine, Delete, BC delete, Terminate
53680	ESTABLISHED	65.55.206.197	80	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
53683	ESTABLISHED	127.0.0.1	6999	[2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe Script: Quarantine, Delete, BC delete, Terminate
53684	ESTABLISHED	65.55.206.198	80	[2948] TmProxy.exe Script: Quarantine, Delete, BC delete, Terminate
53685	ESTABLISHED	184.50.217.83	443	[1776] NTRTScan.exe Script: Quarantine, Delete, BC delete, Terminate
53687	ESTABLISHED	184.50.217.83	443	[1776] NTRTScan.exe Script: Quarantine, Delete, BC delete, Terminate
53688	ESTABLISHED	184.50.217.83	443	[1776] NTRTScan.exe Script: Quarantine, Delete, BC delete, Terminate
53689	ESTABLISHED	184.50.217.83	443	[1776] NTRTScan.exe Script: Quarantine, Delete, BC delete, Terminate
53690	ESTABLISHED	184.50.217.83	443	[1776] NTRTScan.exe Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[2792] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[2792] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[2792] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[2792] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
5004	LISTENING	--	--	[2864] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
5005	LISTENING	--	--	[2864] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
5353	LISTENING	--	--	[1580] c:\program files (x86)\bonjour\mdnsresponder.exe Script: Quarantine, Delete, BC delete, Terminate
5355	LISTENING	--	--	[1108] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
50754	LISTENING	--	--	[2792] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
50755	LISTENING	--	--	[2792] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
51557	LISTENING	--	--	[1668] c:\users\mike\appdata\local\akamai\netsession_win.exe Script: Quarantine, Delete, BC delete, Terminate
51558	LISTENING	--	--	[2772] c:\program files (x86)\msn\toolbar\3.0.0560.0\msntask.exe Script: Quarantine, Delete, BC delete, Terminate
53209	LISTENING	--	--	[440] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
54748	LISTENING	--	--	[2792] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
60969	LISTENING	--	--	[1580] c:\program files (x86)\bonjour\mdnsresponder.exe Script: Quarantine, Delete, BC delete, Terminate
62413	LISTENING	--	--	[1668] c:\users\mike\appdata\local\akamai\netsession_win.exe Script: Quarantine, Delete, BC delete, Terminate
62414	LISTENING	--	--	[3752] c:\program files (x86)\internet explorer\iexplore.exe Script: Quarantine, Delete, BC delete, Terminate