Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 23/08/2012; 10:12)

List of processes

File name	PID	Description	Copyright	MD5	Information
c:\program files (x86)\freemake\capturelib\capturelibservice.exe Script: Quarantine, Delete, BC delete, Terminate	1308	CaptureLibService	Copyright © Microsoft 2011	??	8.50 kb, rsAh, created: 10.04.2012 14:08:51, modified: 05.04.2012 20:18:12 Command line: "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe"
FolderSizeSvc.exe Script: Quarantine, Delete, BC delete, Terminate	508			??	error getting file info Command line:
ipoint.exe Script: Quarantine, Delete, BC delete, Terminate	1404			??	error getting file info Command line:
itype.exe Script: Quarantine, Delete, BC delete, Terminate	2572			??	error getting file info Command line:
RAVCpl64.exe Script: Quarantine, Delete, BC delete, Terminate	2472			??	error getting file info Command line:
SASCORE64.EXE Script: Quarantine, Delete, BC delete, Terminate	1860			??	error getting file info Command line:
c:\program files (x86)\screensaver control\screensavercontrol.exe Script: Quarantine, Delete, BC delete, Terminate	1548		(C) 2003-2005 Neuhaus13 Software	??	210.00 kb, rsAh, created: 29.08.2010 17:41:47, modified: 29.08.2010 17:41:47 Command line: "C:\Program Files (x86)\Screensaver Control\ScreensaverControl.exe"
wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate	3580			??	error getting file info Command line:
Detected:67, recognized as trusted 60

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\0a0d6610975706aee94ec9f44191bab8\System.Configuration.Install.ni.dll Script: Quarantine, Delete, BC delete	1910702080	.NET Framework	© Microsoft Corporation. All rights reserved.	--	1308
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4f8ecf03aa4a4165e6850d1d67dc445f\System.ServiceModel.ni.dll Script: Quarantine, Delete, BC delete	1833500672	System.ServiceModel.dll	© Microsoft Corporation. All rights reserved.	--	1308
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9ae3a257c347602d42ab80bb7a5ca3bb\System.ServiceProcess.ni.dll Script: Quarantine, Delete, BC delete	1913389056	.NET Framework	© Microsoft Corporation. All rights reserved.	--	1308
Modules detected:346, recognized as trusted 343

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\Windows\system32\DRIVERS\15766360.sys Script: Quarantine, Delete, BC delete	1016000	75F000 (7729152)
C:\Windows\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, BC delete	57CB000	009000 (36864)
C:\Windows\System32\Drivers\dump_dumpata.sys Script: Quarantine, Delete, BC delete	5A00000	00C000 (49152)
C:\Windows\System32\Drivers\dump_dumpfve.sys Script: Quarantine, Delete, BC delete	57D4000	013000 (77824)
Modules detected - 213, recognized as trusted - 209

Services

Service	Description	Status	File	Group	Dependencies
WatAdminSvc Service: Stop, Delete, Disable, BC delete	WatAdminSvc	Not started	C:\Windows\system32\Wat\WatAdminSvc.exe Script: Quarantine, Delete, BC delete
Detected - 163, recognized as trusted - 162

Drivers

Service	Description	Status	File	Group	Dependencies
catchme Driver: Unload, Delete, Disable, BC delete	catchme	Not started	C:\ComboFix\catchme.sys Script: Quarantine, Delete, BC delete	Base
gdrv Driver: Unload, Delete, Disable, BC delete	gdrv	Not started	C:\Windows\gdrv.sys Script: Quarantine, Delete, BC delete
Lavasoft Kernexplorer Driver: Unload, Delete, Disable, BC delete	Lavasoft helper driver	Not started	C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys Script: Quarantine, Delete, BC delete
StarOpen Driver: Unload, Delete, Disable, BC delete	StarOpen	Not started	C:\Windows\system32\Drivers\StarOpen.sys Script: Quarantine, Delete, BC delete	Extended Base
Synth3dVsc Driver: Unload, Delete, Disable, BC delete	Synth3dVsc	Not started	C:\Windows\system32\drivers\synth3dvsc.sys Script: Quarantine, Delete, BC delete
tsusbhub Driver: Unload, Delete, Disable, BC delete	tsusbhub	Not started	C:\Windows\system32\drivers\tsusbhub.sys Script: Quarantine, Delete, BC delete
VGPU Driver: Unload, Delete, Disable, BC delete	VGPU	Not started	C:\Windows\system32\drivers\rdvgkmd.sys Script: Quarantine, Delete, BC delete
Detected - 276, recognized as trusted - 269

Autoruns

File name	Status	Startup method	Description
C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Rob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Rob\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ladbrokes Poker.lnk,
C:\Program Files (x86)\Screensaver Control\ScreensaverControl.exe Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_USERS, S-1-5-21-2469048996-4267459674-1519352151-1001\Software\Microsoft\Windows\CurrentVersion\Run, ScreensaverControl Delete
C:\Program Files\Microsoft Device Center\dw15.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\IntelliType Pro, EventMessageFile
C:\Users\Rob\AppData\Local\temp\_uninst_68645397.bat Script: Quarantine, Delete, BC delete	Active	Shortcut in Autoruns folder	C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_68645397.lnk,
C:\Windows\system32\Wat\WatUX.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies, EventMessageFile
C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA64.SYS Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SymEFA, EventMessageFile
C:\Windows\system32\psxss.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
D:\a399d26981367fbd2c65153a\DW\DW20.exe Script: Quarantine, Delete, BC delete	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
auditcse.dll Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
rdpclip Script: Quarantine, Delete, BC delete	Active	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms Delete
Autoruns items detected - 624, recognized as trusted - 614

Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
Elements detected - 6, recognized as trusted - 6

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	WinRAR shell extension			{B41DB860-8EE4-11D2-9906-E49FADC173CA} Delete
	{4380C993-0C43-4E02-9A7A-0D40B6EA7590}			DefragglerShellExtension Delete
	ColumnHandler			{F9DB5320-233E-11D1-9F84-707F02C10627} Delete
Elements detected - 24, recognized as trusted - 21

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
CNBLM3_2.DLL Script: Quarantine, Delete, BC delete	Monitor	BJ Language Monitor3_2
CNBLM4.DLL Script: Quarantine, Delete, BC delete	Monitor	BJ Language Monitor4
CNMLM7K.DLL Script: Quarantine, Delete, BC delete	Monitor	Canon BJ Language Monitor MP150
localspl.dll Script: Quarantine, Delete, BC delete	Monitor	Local Port
tcpmon.dll Script: Quarantine, Delete, BC delete	Monitor	Standard TCP/IP Port
usbmon.dll Script: Quarantine, Delete, BC delete	Monitor	USB Monitor
WSDMon.dll Script: Quarantine, Delete, BC delete	Monitor	WSD Port
inetpp.dll Script: Quarantine, Delete, BC delete	Provider	HTTP Print Services
Elements detected - 10, recognized as trusted - 2

Task Scheduler jobs

File name	Job name	Job status	Description	Manufacturer
Elements detected - 5, recognized as trusted - 5

SPI/LSP settings

Namespace providers (NSP)

Provider	Status	EXE file	Description	GUID
Detected - 8, recognized as trusted - 8

Transport protocol providers (TSP, LSP)

Provider EXE file Description
Detected - 10, recognized as trusted - 10
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [808] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
554 LISTENING 0.0.0.0 0 [3580] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
2552 LISTENING 0.0.0.0 0 [1096] c:\program files (x86)\wifi protector\wifiprotservice.exe
Script: Quarantine, Delete, BC delete, Terminate
2869 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
10243 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [500] wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [936] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [120] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [1580] spoolsv.exe
Script: Quarantine, Delete, BC delete, Terminate
49156 LISTENING 0.0.0.0 0 [564] services.exe
Script: Quarantine, Delete, BC delete, Terminate
49157 LISTENING 0.0.0.0 0 [572] lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49182 LISTENING 0.0.0.0 0 [1200] c:\program files (x86)\norton internet security\engine\19.8.0.14\ccsvchst.exe
Script: Quarantine, Delete, BC delete, Terminate
50120 TIME_WAIT 88.221.88.10 80 [0]
50131 TIME_WAIT 63.140.61.153 443 [0]
50144 ESTABLISHED 62.254.26.198 443 [2072] c:\users\rob\appdata\local\google\chrome\application\chrome.exe
Script: Quarantine, Delete, BC delete, Terminate
50166 TIME_WAIT 84.53.132.75 80 [0]
50215 TIME_WAIT 192.168.0.1 80 [0]
50216 ESTABLISHED 173.194.34.131 443 [2072] c:\users\rob\appdata\local\google\chrome\application\chrome.exe
Script: Quarantine, Delete, BC delete, Terminate
50221 TIME_WAIT 192.168.0.1 80 [0]
50222 TIME_WAIT 192.168.0.1 80 [0]
50223 TIME_WAIT 192.168.0.1 80 [0]
50224 TIME_WAIT 192.168.0.1 80 [0]
50225 TIME_WAIT 192.168.0.1 80 [0]
50226 TIME_WAIT 192.168.0.1 80 [0]
50227 ESTABLISHED 173.194.34.131 80 [2072] c:\users\rob\appdata\local\google\chrome\application\chrome.exe
Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [120] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1980] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1980] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3544 LISTENING -- -- [120] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1980] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [420] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1980] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [420] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [120] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5004 LISTENING -- -- [3580] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5005 LISTENING -- -- [3580] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1432] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
53839 LISTENING -- -- [1980] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
53840 LISTENING -- -- [1980] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
54880 LISTENING -- -- [420] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
56955 LISTENING -- -- [120] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58337 LISTENING -- -- [420] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
62712 LISTENING -- -- [1980] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Elements detected - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
C:\Windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, BC delete Adobe Flash Player Control Panel Applet Copyright © 1996 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
C:\Windows\system32\PCWizard.cpl
Script: Quarantine, Delete, BC delete PC Wizard Control Panel Applet © 1996-2012 Laurent KUTIL & Franck DELATTRE
Elements detected - 20, recognized as trusted - 18

Active Setup

File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 14, recognized as trusted - 11

Suspicious objects

File Description Type

Main script of analysis
Windows version: Windows 7 Ultimate, Build=7601, SP="Service Pack 1"
System Restore: enabled
>> Services: potentially dangerous service allowed: RemoteRegistry (@regsvc.dll,-1)
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: TlntSvr ()
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
 >>  Disable HDD autorun
 >>  Disable autorun from network drives
 >>  Disable CD/DVD autorun
 >>  Disable removable media autorun
 >>  Windows Explorer - show extensions of known file types
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Registry cleanup after deleting files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:Performance tweaking: disable service RemoteRegistry (@regsvc.dll,-1)
Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
Performance tweaking: disable service TlntSvr ()
Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
135	LISTENING	0.0.0.0	0	[808] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
139	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
445	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
554	LISTENING	0.0.0.0	0	[3580] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
2552	LISTENING	0.0.0.0	0	[1096] c:\program files (x86)\wifi protector\wifiprotservice.exe Script: Quarantine, Delete, BC delete, Terminate
2869	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
5357	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
10243	LISTENING	0.0.0.0	0	[4] System Script: Quarantine, Delete, BC delete, Terminate
49152	LISTENING	0.0.0.0	0	[500] wininit.exe Script: Quarantine, Delete, BC delete, Terminate
49153	LISTENING	0.0.0.0	0	[936] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
49154	LISTENING	0.0.0.0	0	[120] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
49155	LISTENING	0.0.0.0	0	[1580] spoolsv.exe Script: Quarantine, Delete, BC delete, Terminate
49156	LISTENING	0.0.0.0	0	[564] services.exe Script: Quarantine, Delete, BC delete, Terminate
49157	LISTENING	0.0.0.0	0	[572] lsass.exe Script: Quarantine, Delete, BC delete, Terminate
49182	LISTENING	0.0.0.0	0	[1200] c:\program files (x86)\norton internet security\engine\19.8.0.14\ccsvchst.exe Script: Quarantine, Delete, BC delete, Terminate
50120	TIME_WAIT	88.221.88.10	80	[0]
50131	TIME_WAIT	63.140.61.153	443	[0]
50144	ESTABLISHED	62.254.26.198	443	[2072] c:\users\rob\appdata\local\google\chrome\application\chrome.exe Script: Quarantine, Delete, BC delete, Terminate
50166	TIME_WAIT	84.53.132.75	80	[0]
50215	TIME_WAIT	192.168.0.1	80	[0]
50216	ESTABLISHED	173.194.34.131	443	[2072] c:\users\rob\appdata\local\google\chrome\application\chrome.exe Script: Quarantine, Delete, BC delete, Terminate
50221	TIME_WAIT	192.168.0.1	80	[0]
50222	TIME_WAIT	192.168.0.1	80	[0]
50223	TIME_WAIT	192.168.0.1	80	[0]
50224	TIME_WAIT	192.168.0.1	80	[0]
50225	TIME_WAIT	192.168.0.1	80	[0]
50226	TIME_WAIT	192.168.0.1	80	[0]
50227	ESTABLISHED	173.194.34.131	80	[2072] c:\users\rob\appdata\local\google\chrome\application\chrome.exe Script: Quarantine, Delete, BC delete, Terminate
UDP ports
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, BC delete, Terminate
500	LISTENING	--	--	[120] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[1980] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
1900	LISTENING	--	--	[1980] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3544	LISTENING	--	--	[120] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[1980] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[420] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[1980] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
3702	LISTENING	--	--	[420] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
4500	LISTENING	--	--	[120] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
5004	LISTENING	--	--	[3580] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
5005	LISTENING	--	--	[3580] wmpnetwk.exe Script: Quarantine, Delete, BC delete, Terminate
5355	LISTENING	--	--	[1432] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
53839	LISTENING	--	--	[1980] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
53840	LISTENING	--	--	[1980] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
54880	LISTENING	--	--	[420] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
56955	LISTENING	--	--	[120] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
58337	LISTENING	--	--	[420] svchost.exe Script: Quarantine, Delete, BC delete, Terminate
62712	LISTENING	--	--	[1980] svchost.exe Script: Quarantine, Delete, BC delete, Terminate