Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 18/03/2012; 16:10)

List of processes

File name	PID	Description	Copyright	MD5	Information
c:\program files\avast software\avast\avastsvc.exe Script: Quarantine, Delete, BC delete, Terminate	1196	avast! Service	Copyright (c) 2011 AVAST Software	??	41.20 kb, rsAh, created: 24.02.2012 18:10:30, modified: 23.02.2011 11:04:19 Command line: "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
c:\program files (x86)\x-rite\devices\services\colormunki\colormunkideviceservice.exe Script: Quarantine, Delete, BC delete, Terminate	2184	ColorMun Application	Copyright (C) 2009	??	144.50 kb, rsAh, created: 14.02.2012 20:14:10, modified: 21.10.2009 16:14:50 Command line: "C:\Program Files (x86)\X-Rite\Devices\Services\ColorMunki\ColorMunkiDeviceService.exe"
c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe Script: Quarantine, Delete, BC delete, Terminate	1596	IAStorDataSvc	Copyright ЁП Intel Corporation 2009-2010	??	13.02 kb, rsAh, created: 12.02.2012 18:33:18, modified: 03.03.2010 21:16:06 Command line: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
iexplore.exe Script: Quarantine, Delete, BC delete, Terminate	3256			??	error getting file info Command line:
iexplore.exe Script: Quarantine, Delete, BC delete, Terminate	1216			??	error getting file info Command line:
nvxdsync.exe Script: Quarantine, Delete, BC delete, Terminate	1232			??	error getting file info Command line:
sidebar.exe Script: Quarantine, Delete, BC delete, Terminate	1936			??	error getting file info Command line:
TuneUpUtilitiesApp64.exe Script: Quarantine, Delete, BC delete, Terminate	2548			??	error getting file info Command line:
TuneUpUtilitiesService64.exe Script: Quarantine, Delete, BC delete, Terminate	2088			??	error getting file info Command line:
wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate	3716			??	error getting file info Command line:
Detected:59, recognized as trusted 52

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files (x86)\X-Rite\Devices\Lib\XRiteDevice.dll Script: Quarantine, Delete, BC delete	1895890944	XRiteDevice Service Library	Copyright (C) 2009	--	2184
C:\Program Files\AVAST Software\Avast\defs\12031900\algo.dll Script: Quarantine, Delete, BC delete	1805058048			--	1196
C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f987739a1f8f64f164966e7107bccec8\IAStorUtil.ni.dll Script: Quarantine, Delete, BC delete	1888419840	IAStorUtil	Copyright ЁП Intel Corporation 2009-2010	--	1596
Modules detected:361, recognized as trusted 358

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, BC delete	7436000	013000 (77824)
C:\Windows\System32\Drivers\dump_iaStor.sys Script: Quarantine, Delete, BC delete	423F000	20A000 (2138112)
Modules detected - 188, recognized as trusted - 186

Services

Service	Description	Status	File	Group	Dependencies
Detected - 161, recognized as trusted - 161

Drivers

Service	Description	Status	File	Group	Dependencies
catchme Driver: Unload, Delete, Disable, BC delete	catchme	Not started	C:\ComboFix\catchme.sys Script: Quarantine, Delete, BC delete	Base
VGPU Driver: Unload, Delete, Disable, BC delete	VGPU	Not started	C:\Windows\system32\drivers\rdvgkmd.sys Script: Quarantine, Delete, BC delete
Detected - 276, recognized as trusted - 274

Autoruns

File name	Status	Startup method	Description
C:\Users\dust\AppData\Local\Temp\_uninst_61892759.bat Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\dust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_61892759.lnk,
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
ac3filter64.acm Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, msacm.ac3filter Delete
auditcse.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
rdpclip Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items detected - 600, recognized as trusted - 595

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
Elements detected - 3, recognized as trusted - 3

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	ColumnHandler			{F9DB5320-233E-11D1-9F84-707F02C10627} Delete
Elements detected - 13, recognized as trusted - 12

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
AdobePDF.dll Script: Quarantine, Delete, BC delete	Monitor	Adobe PDF Port Monitor
CNMLMA9.DLL Script: Quarantine, Delete, BC delete	Monitor	Canon BJ Language Monitor MP495 series
CNMN6PPM.DLL Script: Quarantine, Delete, BC delete	Monitor	Canon BJNP Port
localspl.dll Script: Quarantine, Delete, BC delete	Monitor	Local Port
FXSMON.DLL Script: Quarantine, Delete, BC delete	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll Script: Quarantine, Delete, BC delete	Monitor	Standard TCP/IP Port
usbmon.dll Script: Quarantine, Delete, BC delete	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, BC delete	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, BC delete	Provider	HTTP Print Services
Elements detected - 10, recognized as trusted - 1

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 0, recognized as trusted - 0

SPI/LSP settings

Namespace providers (NSP)

Provider	Status	EXE file	Description	GUID
Detected - 6, recognized as trusted - 6

Transport protocol providers (TSP, LSP)

Provider EXE file Description
Detected - 10, recognized as trusted - 10
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [876] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
554 LISTENING 0.0.0.0 0 [3716] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
623 LISTENING 0.0.0.0 0 [1972] c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
Script: Quarantine, Delete, BC delete, Terminate
2559 LISTENING 0.0.0.0 0 [3672] c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe
Script: Quarantine, Delete, BC delete, Terminate
2869 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1279 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1286 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1288 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1293 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1356 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1360 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1362 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1368 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1729 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1734 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1735 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 1739 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 2488 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 2497 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 2499 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 2520 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 2659 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 2703 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 2704 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 2705 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 3445 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 3447 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 3450 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 3524 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 3529 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 3530 [4] System
Script: Quarantine, Delete, BC delete, Terminate
2869 CLOSE_WAIT 192.168.1.44 3531 [4] System
Script: Quarantine, Delete, BC delete, Terminate
4573 LISTENING 0.0.0.0 0 [2004] c:\program files (x86)\motorola\motohelper\motohelperservice.exe
Script: Quarantine, Delete, BC delete, Terminate
4573 ESTABLISHED 127.0.0.1 49181 [2004] c:\program files (x86)\motorola\motohelper\motohelperservice.exe
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5454 LISTENING 0.0.0.0 0 [2152] c:\program files (x86)\x-rite\devices\services\xritedeviced.exe
Script: Quarantine, Delete, BC delete, Terminate
5454 ESTABLISHED 127.0.0.1 49160 [2152] c:\program files (x86)\x-rite\devices\services\xritedeviced.exe
Script: Quarantine, Delete, BC delete, Terminate
10243 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
12025 LISTENING 0.0.0.0 0 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 LISTENING 0.0.0.0 0 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 TIME_WAIT 127.0.0.1 50301 [0]
12080 TIME_WAIT 127.0.0.1 50310 [0]
12080 TIME_WAIT 127.0.0.1 50313 [0]
12080 TIME_WAIT 127.0.0.1 50315 [0]
12080 ESTABLISHED 127.0.0.1 50333 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 ESTABLISHED 127.0.0.1 50404 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 TIME_WAIT 127.0.0.1 50434 [0]
12080 TIME_WAIT 127.0.0.1 50444 [0]
12080 TIME_WAIT 127.0.0.1 50479 [0]
12080 ESTABLISHED 127.0.0.1 50489 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 ESTABLISHED 127.0.0.1 50491 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 TIME_WAIT 127.0.0.1 50505 [0]
12080 TIME_WAIT 127.0.0.1 50506 [0]
12080 ESTABLISHED 127.0.0.1 50549 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 ESTABLISHED 127.0.0.1 50551 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 ESTABLISHED 127.0.0.1 50553 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 ESTABLISHED 127.0.0.1 50561 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 TIME_WAIT 127.0.0.1 50576 [0]
12080 TIME_WAIT 127.0.0.1 50578 [0]
12080 TIME_WAIT 127.0.0.1 50602 [0]
12080 TIME_WAIT 127.0.0.1 50619 [0]
12080 ESTABLISHED 127.0.0.1 50641 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 ESTABLISHED 127.0.0.1 50644 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 ESTABLISHED 127.0.0.1 50649 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 ESTABLISHED 127.0.0.1 50653 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 TIME_WAIT 127.0.0.1 50654 [0]
12080 ESTABLISHED 127.0.0.1 50665 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12110 LISTENING 0.0.0.0 0 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12119 LISTENING 0.0.0.0 0 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12143 LISTENING 0.0.0.0 0 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12465 LISTENING 0.0.0.0 0 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12563 LISTENING 0.0.0.0 0 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12993 LISTENING 0.0.0.0 0 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12995 LISTENING 0.0.0.0 0 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
16992 LISTENING 0.0.0.0 0 [1972] c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [524] wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [940] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [376] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49159 LISTENING 0.0.0.0 0 [612] lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49160 ESTABLISHED 127.0.0.1 5454 [2184] c:\program files (x86)\x-rite\devices\services\colormunki\colormunkideviceservice.exe
Script: Quarantine, Delete, BC delete, Terminate
49161 LISTENING 0.0.0.0 0 [592] services.exe
Script: Quarantine, Delete, BC delete, Terminate
49181 ESTABLISHED 127.0.0.1 4573 [3064] c:\program files (x86)\motorola\motohelper\motohelperagent.exe
Script: Quarantine, Delete, BC delete, Terminate
49187 LISTENING 0.0.0.0 0 [1668] c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
Script: Quarantine, Delete, BC delete, Terminate
50149 ESTABLISHED 127.0.0.1 50150 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50150 ESTABLISHED 127.0.0.1 50149 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50273 CLOSE_WAIT 23.20.61.125 443 [2968] c:\program files (x86)\acd systems\acdsee pro\5.0\acdseeprointouch2.exe
Script: Quarantine, Delete, BC delete, Terminate
50319 TIME_WAIT 72.14.204.95 80 [0]
50320 TIME_WAIT 72.14.204.95 80 [0]
50321 TIME_WAIT 127.0.0.1 12080 [0]
50324 TIME_WAIT 72.14.204.95 80 [0]
50326 TIME_WAIT 127.0.0.1 12080 [0]
50327 TIME_WAIT 127.0.0.1 12080 [0]
50328 TIME_WAIT 204.246.169.188 80 [0]
50329 TIME_WAIT 127.0.0.1 12080 [0]
50330 TIME_WAIT 204.246.169.188 80 [0]
50332 TIME_WAIT 204.246.169.188 80 [0]
50333 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50334 TIME_WAIT 204.246.169.188 80 [0]
50336 TIME_WAIT 72.21.91.19 80 [0]
50338 CLOSE_WAIT 72.21.91.19 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50339 TIME_WAIT 72.21.91.19 80 [0]
50340 TIME_WAIT 72.21.91.19 80 [0]
50342 TIME_WAIT 127.0.0.1 12080 [0]
50343 TIME_WAIT 204.145.81.68 80 [0]
50344 TIME_WAIT 127.0.0.1 12080 [0]
50350 TIME_WAIT 204.145.81.68 80 [0]
50352 TIME_WAIT 127.0.0.1 12080 [0]
50353 TIME_WAIT 204.145.81.68 80 [0]
50354 TIME_WAIT 72.21.91.19 80 [0]
50355 TIME_WAIT 72.21.91.19 80 [0]
50356 TIME_WAIT 72.21.91.19 80 [0]
50357 TIME_WAIT 72.21.91.19 80 [0]
50360 TIME_WAIT 204.246.169.188 80 [0]
50362 TIME_WAIT 204.246.169.188 80 [0]
50363 TIME_WAIT 127.0.0.1 12080 [0]
50366 TIME_WAIT 204.246.169.188 80 [0]
50367 TIME_WAIT 127.0.0.1 12080 [0]
50368 TIME_WAIT 204.246.169.188 80 [0]
50369 TIME_WAIT 127.0.0.1 12080 [0]
50370 TIME_WAIT 69.171.234.32 80 [0]
50372 TIME_WAIT 69.171.234.32 80 [0]
50374 TIME_WAIT 69.171.234.32 80 [0]
50376 TIME_WAIT 69.171.234.32 80 [0]
50377 TIME_WAIT 127.0.0.1 12080 [0]
50379 TIME_WAIT 184.28.235.55 80 [0]
50381 TIME_WAIT 184.28.235.55 80 [0]
50383 TIME_WAIT 184.28.235.55 80 [0]
50384 TIME_WAIT 184.28.235.55 80 [0]
50385 TIME_WAIT 127.0.0.1 12080 [0]
50387 TIME_WAIT 209.17.74.144 80 [0]
50388 TIME_WAIT 74.125.226.236 80 [0]
50389 TIME_WAIT 127.0.0.1 12080 [0]
50390 TIME_WAIT 69.171.229.13 80 [0]
50392 TIME_WAIT 69.171.229.13 80 [0]
50393 TIME_WAIT 127.0.0.1 12080 [0]
50394 TIME_WAIT 69.171.229.13 80 [0]
50396 TIME_WAIT 184.28.235.55 80 [0]
50398 TIME_WAIT 184.28.235.55 80 [0]
50400 TIME_WAIT 184.28.235.55 80 [0]
50402 TIME_WAIT 63.116.246.18 80 [0]
50404 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50405 TIME_WAIT 127.0.0.1 12080 [0]
50406 TIME_WAIT 184.28.235.55 80 [0]
50407 CLOSE_WAIT 184.28.235.55 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50408 TIME_WAIT 184.28.235.55 80 [0]
50409 TIME_WAIT 127.0.0.1 12080 [0]
50410 TIME_WAIT 69.171.229.13 80 [0]
50411 TIME_WAIT 127.0.0.1 12080 [0]
50412 TIME_WAIT 69.171.229.13 80 [0]
50414 TIME_WAIT 69.171.229.13 80 [0]
50416 TIME_WAIT 184.28.235.55 80 [0]
50417 TIME_WAIT 127.0.0.1 12080 [0]
50418 TIME_WAIT 63.116.246.18 80 [0]
50420 TIME_WAIT 184.28.235.55 80 [0]
50422 TIME_WAIT 204.246.169.188 80 [0]
50423 TIME_WAIT 127.0.0.1 12080 [0]
50424 TIME_WAIT 69.171.229.13 80 [0]
50428 TIME_WAIT 69.171.229.13 80 [0]
50429 TIME_WAIT 127.0.0.1 12080 [0]
50430 TIME_WAIT 69.171.229.13 80 [0]
50433 TIME_WAIT 204.246.169.188 80 [0]
50437 TIME_WAIT 184.28.235.55 80 [0]
50438 TIME_WAIT 127.0.0.1 12080 [0]
50439 TIME_WAIT 69.171.229.13 80 [0]
50441 TIME_WAIT 184.28.235.55 80 [0]
50443 TIME_WAIT 184.28.235.55 80 [0]
50447 TIME_WAIT 76.74.255.117 80 [0]
50448 TIME_WAIT 127.0.0.1 12080 [0]
50451 TIME_WAIT 72.21.91.19 80 [0]
50454 TIME_WAIT 72.21.91.19 80 [0]
50455 TIME_WAIT 74.125.226.192 80 [0]
50456 TIME_WAIT 127.0.0.1 12080 [0]
50457 TIME_WAIT 204.246.169.188 80 [0]
50461 TIME_WAIT 184.28.235.55 80 [0]
50463 TIME_WAIT 204.246.169.188 80 [0]
50465 TIME_WAIT 204.246.169.188 80 [0]
50467 TIME_WAIT 127.0.0.1 12080 [0]
50468 TIME_WAIT 69.171.229.13 80 [0]
50470 TIME_WAIT 69.171.229.13 80 [0]
50471 TIME_WAIT 127.0.0.1 12080 [0]
50472 TIME_WAIT 63.116.246.18 80 [0]
50474 TIME_WAIT 204.246.169.188 80 [0]
50476 TIME_WAIT 204.246.169.188 80 [0]
50477 TIME_WAIT 127.0.0.1 12080 [0]
50478 TIME_WAIT 204.246.169.188 80 [0]
50482 TIME_WAIT 184.28.235.55 80 [0]
50484 TIME_WAIT 204.246.169.188 80 [0]
50486 TIME_WAIT 184.28.235.55 80 [0]
50488 TIME_WAIT 184.28.235.55 80 [0]
50489 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50490 CLOSE_WAIT 184.28.235.55 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50491 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50492 ESTABLISHED 63.116.246.80 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50494 TIME_WAIT 204.246.169.188 80 [0]
50496 TIME_WAIT 204.246.169.188 80 [0]
50498 TIME_WAIT 173.194.43.1 80 [0]
50500 TIME_WAIT 184.28.235.55 80 [0]
50502 TIME_WAIT 204.246.169.188 80 [0]
50503 TIME_WAIT 127.0.0.1 12080 [0]
50504 TIME_WAIT 184.28.235.55 80 [0]
50509 TIME_WAIT 127.0.0.1 12080 [0]
50510 TIME_WAIT 184.28.235.55 80 [0]
50512 TIME_WAIT 204.246.169.188 80 [0]
50514 TIME_WAIT 184.28.235.55 80 [0]
50516 TIME_WAIT 184.28.235.55 80 [0]
50518 TIME_WAIT 204.246.169.188 80 [0]
50520 TIME_WAIT 184.28.235.55 80 [0]
50521 TIME_WAIT 127.0.0.1 12080 [0]
50522 TIME_WAIT 204.246.169.188 80 [0]
50524 TIME_WAIT 204.246.169.188 80 [0]
50526 TIME_WAIT 204.246.169.188 80 [0]
50528 TIME_WAIT 184.28.235.55 80 [0]
50530 TIME_WAIT 184.28.235.55 80 [0]
50531 CLOSE_WAIT 23.20.61.125 443 [2968] c:\program files (x86)\acd systems\acdsee pro\5.0\acdseeprointouch2.exe
Script: Quarantine, Delete, BC delete, Terminate
50533 TIME_WAIT 204.246.169.188 80 [0]
50536 TIME_WAIT 184.28.235.55 80 [0]
50539 TIME_WAIT 127.0.0.1 12080 [0]
50541 ESTABLISHED 69.171.229.26 443 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50547 ESTABLISHED 69.171.229.13 443 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50548 TIME_WAIT 66.220.149.67 443 [0]
50549 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50550 ESTABLISHED 199.7.51.72 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50551 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50552 ESTABLISHED 199.7.51.72 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50553 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50554 ESTABLISHED 173.194.43.6 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50557 ESTABLISHED 96.6.178.110 443 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50561 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50562 ESTABLISHED 74.125.226.232 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50567 ESTABLISHED 96.6.178.110 443 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50568 ESTABLISHED 96.6.178.110 443 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50574 TIME_WAIT 127.0.0.1 12080 [0]
50583 TIME_WAIT 204.145.81.68 80 [0]
50584 TIME_WAIT 127.0.0.1 12080 [0]
50585 TIME_WAIT 204.145.81.68 80 [0]
50587 TIME_WAIT 127.0.0.1 12080 [0]
50589 TIME_WAIT 127.0.0.1 12080 [0]
50590 TIME_WAIT 127.0.0.1 12080 [0]
50591 TIME_WAIT 204.145.81.68 80 [0]
50592 TIME_WAIT 72.21.91.19 80 [0]
50596 TIME_WAIT 63.116.246.42 80 [0]
50598 TIME_WAIT 127.0.0.1 12080 [0]
50599 TIME_WAIT 204.145.81.68 80 [0]
50600 TIME_WAIT 127.0.0.1 12080 [0]
50601 TIME_WAIT 204.145.81.68 80 [0]
50605 TIME_WAIT 204.145.81.68 80 [0]
50606 TIME_WAIT 127.0.0.1 12080 [0]
50607 TIME_WAIT 204.145.81.68 80 [0]
50608 TIME_WAIT 127.0.0.1 12080 [0]
50609 TIME_WAIT 204.145.81.68 80 [0]
50611 TIME_WAIT 204.145.81.68 80 [0]
50612 TIME_WAIT 127.0.0.1 12080 [0]
50613 TIME_WAIT 204.145.81.68 80 [0]
50615 TIME_WAIT 204.145.81.68 80 [0]
50623 TIME_WAIT 204.145.81.68 80 [0]
50626 TIME_WAIT 72.21.91.19 80 [0]
50628 TIME_WAIT 72.21.91.19 80 [0]
50629 TIME_WAIT 127.0.0.1 12080 [0]
50634 TIME_WAIT 127.0.0.1 12080 [0]
50635 TIME_WAIT 127.0.0.1 12080 [0]
50636 TIME_WAIT 204.145.81.68 80 [0]
50637 TIME_WAIT 204.145.81.68 80 [0]
50639 TIME_WAIT 127.0.0.1 12080 [0]
50640 TIME_WAIT 204.145.81.68 80 [0]
50641 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50642 ESTABLISHED 204.145.81.68 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50644 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50645 TIME_WAIT 204.145.81.68 80 [0]
50646 ESTABLISHED 204.145.81.68 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50648 TIME_WAIT 207.123.45.126 80 [0]
50649 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50650 ESTABLISHED 204.145.81.68 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50652 TIME_WAIT 204.145.81.68 80 [0]
50653 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50655 ESTABLISHED 63.116.246.42 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
50657 TIME_WAIT 173.194.43.33 443 [0]
50659 TIME_WAIT 204.145.81.68 80 [0]
50660 TIME_WAIT 127.0.0.1 12080 [0]
50661 TIME_WAIT 204.145.81.68 80 [0]
50662 TIME_WAIT 127.0.0.1 12080 [0]
50663 TIME_WAIT 204.145.81.68 80 [0]
50664 ESTABLISHED 74.125.226.198 443 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50665 ESTABLISHED 127.0.0.1 12080 [3988] c:\program files (x86)\mozilla firefox\firefox.exe
Script: Quarantine, Delete, BC delete, Terminate
50666 ESTABLISHED 204.145.81.68 80 [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
57841 CLOSE_WAIT 23.32.176.60 443 [1360] c:\program files (x86)\common files\java\java update\jusched.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1940] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1940] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1940] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [380] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [380] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1940] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5004 LISTENING -- -- [3716] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5005 LISTENING -- -- [3716] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1132] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
48000 LISTENING -- -- [3672] c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe
Script: Quarantine, Delete, BC delete, Terminate
51244 LISTENING -- -- [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
51245 LISTENING -- -- [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
51246 LISTENING -- -- [1940] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
54858 LISTENING -- -- [380] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
54862 LISTENING -- -- [1940] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
54863 LISTENING -- -- [1940] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
54864 LISTENING -- -- [380] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
57608 LISTENING -- -- [1936] sidebar.exe
Script: Quarantine, Delete, BC delete, Terminate
58058 LISTENING -- -- [3256] iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate
62157 LISTENING -- -- [1196] c:\program files\avast software\avast\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
64225 LISTENING -- -- [1216] iexplore.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Elements detected - 1, recognized as trusted - 1

Control Panel Applets (CPL)

File name Description Manufacturer
Elements detected - 19, recognized as trusted - 19

Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9

HOSTS file

Hosts file record
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () ЁП Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () ЁП Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () ЁП Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 16, recognized as trusted - 13

Suspicious objects

File Description Type

Main script of analysis
Windows version: Windows 7 Ultimate, Build=7601, SP="Service Pack 1"
System Restore: enabled
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
 >>  Process termination timeout is out of admissible values
 >>  Service termination timeout is out of admissible values
 >>  Disable HDD autorun
 >>  Disable autorun from network drives
 >>  Disable CD/DVD autorun
 >>  Disable removable media autorun
 >>  Windows Explorer - show extensions of known file types
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list