Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\acer\empowering technology\acer.empowering.framework.launcher.exe Script: Quarantine, Delete, Delete via BC, Terminate	3524	Acer Empowering Techonology Framework Launcher		??	44.00 kb, rsah, created: 27.3.2006 11:37:58, modified: 29.6.2006 10:45:00 Command line: "C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe"
c:\program files\alwil software\avast5\avastsvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	1656	avast! Service	Copyright (c) 2010 ALWIL Software	??	39.44 kb, rsAh, created: 14.2.2010 23:44:35, modified: 11.2.2010 19:53:40 Command line: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
c:\program files\alwil software\avast5\avastui.exe Script: Quarantine, Delete, Delete via BC, Terminate	980	avast! Antivirus	Copyright (c) 2010 ALWIL Software	??	2691.88 kb, rsAh, created: 14.2.2010 23:44:35, modified: 11.2.2010 19:53:42 Command line: "C:\Program Files\Alwil Software\Avast5\AvastUI.exe"
c:\program files\ati technologies\ati.ace\cli.exe Script: Quarantine, Delete, Delete via BC, Terminate	3204	CLI Application (Command Line Interface)	2002-2005	??	44.00 kb, rsAh, created: 2.1.2006 17:41:22, modified: 2.1.2006 17:41:22 Command line: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE" Runtime
c:\program files\ati technologies\ati.ace\cli.exe Script: Quarantine, Delete, Delete via BC, Terminate	132	CLI Application (Command Line Interface)	2002-2005	??	44.00 kb, rsAh, created: 2.1.2006 17:41:22, modified: 2.1.2006 17:41:22 Command line: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide SystemTray
c:\program files\ati technologies\ati.ace\cli.exe Script: Quarantine, Delete, Delete via BC, Terminate	204	CLI Application (Command Line Interface)	2002-2005	??	44.00 kb, rsAh, created: 2.1.2006 17:41:22, modified: 2.1.2006 17:41:22 Command line: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" -hide Dashboard
c:\acer\empowering technology\epower\epower_dmc.exe Script: Quarantine, Delete, Delete via BC, Terminate	3004	Acer ePower Management DMC	Copyright (C) 2005 Acer Incorporated	??	412.00 kb, rsAh, created: 14.2.2010 21:36:37, modified: 30.5.2006 12:11:56 Command line: "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
c:\windows\explorer.exe Script: Quarantine, Delete, Delete via BC, Terminate	1460	Windows Explorer	© Microsoft Corporation. All rights reserved.	??	1009.50 kb, rsAh, created: 10.8.2004 20:00:00, modified: 14.4.2008 1:12:20 Command line: C:\WINDOWS\Explorer.EXE
c:\program files\internet explorer\iexplore.exe Script: Quarantine, Delete, Delete via BC, Terminate	1076	Internet Explorer	© Microsoft Corporation. All rights reserved.	??	623.84 kb, rsAh, created: 10.8.2004 20:00:00, modified: 8.3.2009 14:09:26 Command line: "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2708 CREDAT:14337
c:\acer\empowering technology\eperformance\memcheck.exe Script: Quarantine, Delete, Delete via BC, Terminate	436			??	28.00 kb, rsah, created: 29.3.2006 20:53:34, modified: 29.3.2006 20:53:34 Command line: "C:\Acer\Empowering Technology\ePerformance\MemCheck.exe"
c:\program files\companion suite pro ll\mfprintserver.exe Script: Quarantine, Delete, Delete via BC, Terminate	3180	Application MFC MFPrintServer	Copyright (C) 2003	??	72.00 kb, rsAh, created: 15.2.2010 19:19:21, modified: 10.5.2007 9:55:08 Command line: "C:\Program Files\Companion Suite Pro LL\MFPrintServer.exe"
c:\program files\companion suite pro ll\mfservices.exe Script: Quarantine, Delete, Delete via BC, Terminate	3212	Application MFC MFServices	Copyright (C) 2002	??	344.00 kb, rsAh, created: 15.2.2010 19:19:22, modified: 10.5.2007 9:47:26 Command line: "C:\Program Files\Companion Suite Pro LL\MFServices.exe" -n
c:\program files\scansoft\paperport\pptd40nt.exe Script: Quarantine, Delete, Delete via BC, Terminate	3252	PaperPort Print to Desktop for NT	Copyright © 1993-2007 Nuance Communications, Inc.	??	29.54 kb, rsAh, created: 14.5.2007 12:38:02, modified: 14.5.2007 12:38:02 Command line: "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
c:\windows\rthdcpl.exe Script: Quarantine, Delete, Delete via BC, Terminate	2932	Realtek HD Audio Control Panel	Copyright (c) 2004 Realtek Semiconductor Corp.	??	15867.50 kb, rsAh, created: 14.3.2006 17:01:40, modified: 27.6.2006 23:54:52 Command line: "C:\WINDOWS\RTHDCPL.EXE"
c:\windows\system32\spoolsv.exe Script: Quarantine, Delete, Delete via BC, Terminate	1956	Spooler SubSystem App	© Microsoft Corporation. All rights reserved.	??	56.50 kb, rsAh, created: 10.8.2004 20:00:00, modified: 14.4.2008 1:12:36 Command line: C:\WINDOWS\system32\spoolsv.exe
Detected:54, recognized as trusted 49

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Program Files\Alwil Software\Avast5\1029\Base.dll Script: Quarantine, Delete, Delete via BC	1711800320	avast! Czech Basic Module	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\1029\UILangRes.dll Script: Quarantine, Delete, Delete via BC	1712062464	UILangRes	Copyright (c) 2010 ALWIL Software	--	980
C:\Program Files\Alwil Software\Avast5\AavmRpch.dll Script: Quarantine, Delete, Delete via BC	1698693120	avast! AAVM Remote Procedure Call Library	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\AhResBhv.dll Script: Quarantine, Delete, Delete via BC	1704067072	avast! Behavior Shield AAVM Provider Library	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\AhResMai.dll Script: Quarantine, Delete, Delete via BC	1703149568	avast! e-Mail Scanner AAVM Provider Library	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\ahResMes.dll Script: Quarantine, Delete, Delete via BC	1703411712	avast! Messenger scanner AAVM Provider Library	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\AhResNS.dll Script: Quarantine, Delete, Delete via BC	1703673856	avast! Network Shield AAVM Provider Library	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\ahResP2P.dll Script: Quarantine, Delete, Delete via BC	1703542784	avast! P2P Shield AAVM Provider Library	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\AhResStd.dll Script: Quarantine, Delete, Delete via BC	1702887424	avast! Standard Shield AAVM Provider Library	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\AhResWS.dll Script: Quarantine, Delete, Delete via BC	1703804928	avast! HTTP Scanner AAVM Provider Library	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\ashBase.dll Script: Quarantine, Delete, Delete via BC	1682964480	Basic Functionality Module	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\ashServ.dll Script: Quarantine, Delete, Delete via BC	1695023104	avast! antivirus service	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\ashShell.dll Script: Quarantine, Delete, Delete via BC	1692663808	avast! Shell Extension	Copyright (c) 2010 ALWIL Software	--	1460
C:\Program Files\Alwil Software\Avast5\ashTask.dll Script: Quarantine, Delete, Delete via BC	1686110208	Task Handling Module	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll Script: Quarantine, Delete, Delete via BC	1685848064	avast! TaskEx library	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\aswAux.dll Script: Quarantine, Delete, Delete via BC	1683488768	avast! Auxiliary Library		--	1656, 980
C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll Script: Quarantine, Delete, Delete via BC	1690828800	Common functions	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll Script: Quarantine, Delete, Delete via BC	1690566656	Antivirus independent functions	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll Script: Quarantine, Delete, Delete via BC	1690304512	Antivirus HW dependent library	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\aswData.dll Script: Quarantine, Delete, Delete via BC	1684537344	avast! UI Layer library	Copyright (c) 2010 ALWIL Software	--	980
C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll Script: Quarantine, Delete, Delete via BC	1690042368	Antivirus engine loader	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\aswIdle.dll Script: Quarantine, Delete, Delete via BC	1688207360	avast! Idle Hook Library		--	1656
C:\Program Files\Alwil Software\Avast5\aswLog.dll Script: Quarantine, Delete, Delete via BC	1685061632	avast! Log library	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\aswProperty.dll Script: Quarantine, Delete, Delete via BC	1685323776	avast! Property Storage library	Copyright (c) 2010 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\aswSqLt.dll Script: Quarantine, Delete, Delete via BC	1686372352	avast! SQLite library	Copyright (c) 2009 ALWIL Software	--	1656, 980
C:\Program Files\Alwil Software\Avast5\aswUtil.dll Script: Quarantine, Delete, Delete via BC	1685585920	avast! Utility library	Copyright (c) 2010 ALWIL Software	--	980
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe Script: Quarantine, Delete, Delete via BC	4194304	avast! Service	Copyright (c) 2010 ALWIL Software	??	1656
C:\Program Files\Alwil Software\Avast5\AvastUI.exe Script: Quarantine, Delete, Delete via BC	4194304	avast! Antivirus	Copyright (c) 2010 ALWIL Software	??	980
C:\Program Files\Alwil Software\Avast5\CommonRes.dll Script: Quarantine, Delete, Delete via BC	1712324608	Common UI resources	Copyright (c) 2010 ALWIL Software	--	980
C:\Program Files\Alwil Software\Avast5\defs\10031600\algo.dll Script: Quarantine, Delete, Delete via BC	1665138688			--	1656
C:\Program Files\Alwil Software\Avast5\defs\10031600\aswCleanerDLL.dll Script: Quarantine, Delete, Delete via BC	1673527296	Virus/Worm Cleaner Application for avast!	Copyright (c) 2007 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\defs\10031600\aswCmnBS.dll Script: Quarantine, Delete, Delete via BC	1678245888	Common functions	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\defs\10031600\aswCmnIS.dll Script: Quarantine, Delete, Delete via BC	1678770176	Antivirus independent functions	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\defs\10031600\aswCmnOS.dll Script: Quarantine, Delete, Delete via BC	1677721600	Antivirus HW dependent library	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\defs\10031600\aswEngin.dll Script: Quarantine, Delete, Delete via BC	1680080896	High level antivirus engine	Copyright (c) 2010 ALWIL Software	--	1656
C:\Program Files\Alwil Software\Avast5\defs\10031600\aswScan.dll Script: Quarantine, Delete, Delete via BC	1679818752	Low level antivirus engine	Copyright (c) 2010 ALWIL Software	--	1656
c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	65798144	Dashboard Graphics Caste CRT Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	88211456	Runtime Graphics Caste CRT Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	66453504	Dashboard Graphics Caste CRT 2 Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	88473600	Runtime Graphics Caste CRT 2 Aspect	2002-2005	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	67960832	Dashboard Graphics Caste CV Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	89063424	Runtime Graphics Caste CV Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	68878336	Dashboard Graphics Caste CV 2 Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	89325568	Runtime Graphics Caste CV Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	72286208	Dashboard Graphics Caste DFP Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	89849856	Runtime Graphics Caste DFP Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	72810496	Dashboard Graphics Caste DFP 2 Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	89980928	Runtime Graphics Caste DFP 2 Aspect	2002-2005	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	67043328	Dashboard Graphics Caste LCD Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	88670208	Runtime Graphics Caste LCD Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	67502080	Dashboard Graphics Caste LCD 2 Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	88801280	Runtime Graphics Caste LCD 2 Aspect	2002-2005	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	70975488	Dashboard Graphics Caste TV Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	89718784	Runtime Graphics Caste CRT Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	69664768	Dashboard Graphics Caste TV Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	89587712	Runtime Graphics Caste CRT Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	75759616	Dashboard Graphics Display Colour Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	85327872	Runtime Graphics Caste Display Colour	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	74907648	Dashboard Graphics Display Colour 2 Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	80805888	Runtime Graphics Caste Display Colour 2	2002-2005	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	64225280	Dashboard Graphics Caste Display Manager Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	65601536	Dashboard Graphics Caste Display Options Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	90636288	Runtime Graphics Caste Display Option Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	90898432	Runtime Graphics Caste HotkeysHandling Aspect	2002-2005	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	63832064	Dashboard Graphics Caste InfoCentre Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	90767360	Runtime Graphics Caste InfoCentre Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	83623936	Dashboard Graphics Caste Integrated UMA Frame Buffer Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	90701824	Runtime Graphics Caste Integrated UMA Frame Buffer Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	76742656	Dashboard Graphics Caste MM Video Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	85458944	Runtime Graphics Caste MM Video Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	85065728	Dashboard Graphics Caste MultiVPU Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	80347136	Runtime Graphics Caste MultiVPU Aspect	2002-2005	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	84475904	Dashboard Graphics Caste MultiVPU2 Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	80216064	Runtime Graphics Caste MultiVPU2 Aspect	2002-2005	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.multivpu3.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	83951616	Dashboard Graphics Caste MultiVPU3 Aspect	2002-2006	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.multivpu3.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	80084992	Runtime Graphics Caste MultiVPU3 Aspect	2002-2006	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	82903040	Dashboard Graphics Caste OverDrive2 Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	90374144	Runtime Graphics Caste OverDrive2 Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	81985536	Dashboard Graphics Caste OverDrive3 Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	90177536	Runtime Graphics Caste OverDrive3 Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	80805888	Dashboard Graphics Caste PowerPlay3 Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	90439680	Runtime Graphics Caste PowerPlay3 Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	73334784	Dashboard Graphics Caste R300/R400 Radeon3D Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	80674816	Runtime Graphics Caste R300/R400 Radeon3D Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	74448896	Dashboard Graphics Caste R100/R200 Radeon3D Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	80740352	Runtime Graphics Caste R100/R200 Radeon3D Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	81133568	Dashboard Graphics Caste SMARTGART Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	87949312	Runtime Graphics Caste SMARTGART Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	65208320	Dashboard Graphics Caste VeryLargeDesktop Aspect	2002-2005	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	80543744	Runtime Graphics Caste VeryLargeDesktop Aspect	2002-2005	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	77987840	Dashboard Graphics Caste VideoOverlay Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	87687168	Runtime Graphics Caste VideoOverlay Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	81526784	Dashboard Graphics Caste VPU Recover Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	88014848	Runtime Graphics Caste VPU Recover Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.aspect.welcome.local.dashboard.dll Script: Quarantine, Delete, Delete via BC	63700992	Dashboard Local Caste Welcome Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	81788928	Dashboard Graphics Caste WorkstationConfig Aspect	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	88145920	Runtime Graphics Caste WorkstationConfig Aspect	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.caste.graphics.dashboard.dll Script: Quarantine, Delete, Delete via BC	62390272	Dashboard Graphics Caste	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.caste.graphics.runtime.dll Script: Quarantine, Delete, Delete via BC	59834368	Runtime Graphics Caste	2002-2004	--	3204
c:\program files\ati technologies\ati.ace\cli.caste.local.dashboard.dll Script: Quarantine, Delete, Delete via BC	62324736	Dashboard Local Caste	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.component.dashboard.dll Script: Quarantine, Delete, Delete via BC	58195968	Dashboard Component	2002-2004	--	204
c:\program files\ati technologies\ati.ace\cli.component.runtime.dll Script: Quarantine, Delete, Delete via BC	58458112	Runtime Component	2002-2004	--	3204, 132, 204
c:\program files\ati technologies\ati.ace\cli.component.systemtray.dll Script: Quarantine, Delete, Delete via BC	58195968	SystemTray Component	2002-2004	--	132
c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll Script: Quarantine, Delete, Delete via BC	56164352	CLI Foundation for XML	2002-2004	--	3204, 132, 204
c:\program files\ati technologies\ati.ace\cli.implementation.dll Script: Quarantine, Delete, Delete via BC	285212672	CLI Application Implementation (Command Line Interface)	2002-2005	--	3204, 132, 204
c:\program files\ati technologies\ati.ace\cs\cli.component.systemtray.resources.dll Script: Quarantine, Delete, Delete via BC	61865984	SystemTray Component	2002-2004	--	132
c:\program files\ati technologies\ati.ace\log.foundation.service.dll Script: Quarantine, Delete, Delete via BC	18350080	LOG Foundation Service	2002-2004	--	3204, 132, 204
C:\Program Files\Companion Suite Pro LL\AdvancedU.dll Script: Quarantine, Delete, Delete via BC	3801088			--	3180, 3212
C:\Program Files\Companion Suite Pro LL\ComponentsU.dll Script: Quarantine, Delete, Delete via BC	25296896	Components DLL	Copyright (C) 2003	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\ControlsU.dll Script: Quarantine, Delete, Delete via BC	5111808	Controls DLL	Copyright (C) 2002	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\DeviceU.dll Script: Quarantine, Delete, Delete via BC	5701632	Device DLL	Copyright (C) 2003	--	3212
C:\Program Files\Companion Suite Pro LL\DigitalizerU.dll Script: Quarantine, Delete, Delete via BC	20774912	Digitalizer DLL	Copyright (C) 2003	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\FAXU.dll Script: Quarantine, Delete, Delete via BC	20447232	Application MFC MFFAX	Copyright (C) 2003	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\GraphicsU.dll Script: Quarantine, Delete, Delete via BC	5570560	Graphics DLL	Copyright (C) 2002	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\Hal\XMLDIUSBU.dll Script: Quarantine, Delete, Delete via BC	61734912	XMLDIUSB DLL	Copyright (C) 2003 SAGEM SA	--	3212
C:\Program Files\Companion Suite Pro LL\IM31bmp.dil Script: Quarantine, Delete, Delete via BC	25624576	ImageMan BMP File Reader	Copyright © Data Techniques, Inc. 1992-2000	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\IM31jpg.dil Script: Quarantine, Delete, Delete via BC	25755648	ImageMan JPEG/JFIF File Reader	Copyright © Data Techniques, Inc. 1992-2000	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\IM31tif.dil Script: Quarantine, Delete, Delete via BC	26148864	ImageMan TIFF Reader	Copyright © Data Techniques, Inc. 1992-2000	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\MFPrintServer.exe Script: Quarantine, Delete, Delete via BC	4194304	Application MFC MFPrintServer	Copyright (C) 2003	??	3180
C:\Program Files\Companion Suite Pro LL\MFServiceAPIU.dll Script: Quarantine, Delete, Delete via BC	5636096	MFServiceAPI DLL	Copyright (C) 2003	--	3212
C:\Program Files\Companion Suite Pro LL\MFServiceFOLDERU.dll Script: Quarantine, Delete, Delete via BC	51838976			--	3212
C:\Program Files\Companion Suite Pro LL\MFServiceHTTPU.dll Script: Quarantine, Delete, Delete via BC	45416448			--	3212
C:\Program Files\Companion Suite Pro LL\MFServiceMONU.dll Script: Quarantine, Delete, Delete via BC	43122688			--	3212
C:\Program Files\Companion Suite Pro LL\MFServices.exe Script: Quarantine, Delete, Delete via BC	4194304	Application MFC MFServices	Copyright (C) 2002	??	3212
C:\Program Files\Companion Suite Pro LL\MFServiceTR29U.dll Script: Quarantine, Delete, Delete via BC	25493504	MFServiceTR29U DLL	Copyright (C) 2004	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\MFServiceTSU.dll Script: Quarantine, Delete, Delete via BC	22544384			--	3212
C:\Program Files\Companion Suite Pro LL\Pdg32U.dll Script: Quarantine, Delete, Delete via BC	15335424	DLL de Pdg32	Copyright (C) 1997	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\PlugInU.dll Script: Quarantine, Delete, Delete via BC	268435456	PlugIn DLL	Copyright (C) 2003	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\PrintFaxU.dll Script: Quarantine, Delete, Delete via BC	20840448	PrintFax DLL	Copyright (C) 2003	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\ProtocolU.dll Script: Quarantine, Delete, Delete via BC	5767168	Protocol DLL	Copyright (C) 2003	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\QTrace.dll Script: Quarantine, Delete, Delete via BC	3670016	Bibliotheque de liaison dynamique QTrace	Copyright (C) 2004	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\RouterU.dll Script: Quarantine, Delete, Delete via BC	6029312	Router DLL	Copyright (C) 2003	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\SMSU.dll Script: Quarantine, Delete, Delete via BC	27394048	Application MFC MFSms	Copyright (C) 2003	--	3180, 3212
C:\Program Files\Companion Suite Pro LL\SuStringU.dll Script: Quarantine, Delete, Delete via BC	4063232			--	3180, 3212
C:\Program Files\Companion Suite Pro LL\TiffU.dll Script: Quarantine, Delete, Delete via BC	24117248			--	3180, 3212
C:\Program Files\Companion Suite Pro LL\Utility32U.dll Script: Quarantine, Delete, Delete via BC	4325376	Utility32 DLL	Copyright (C) 2002	--	3180, 3212
C:\Program Files\Internet Explorer\mui\0405\browselc.dll Script: Quarantine, Delete, Delete via BC	1916862464	Shell Browser UI Library	© Microsoft Corporation. Vљechna prбva vyhrazena.	--	1460
C:\Program Files\Microsoft Office\Office12\1029\GrooveIntlResource.dll Script: Quarantine, Delete, Delete via BC	66912256	GrooveIntlResource Module	© 2007 Microsoft Corporation. Vљechna prбva vyhrazena.	--	1460, 1076
C:\Program Files\ScanSoft\PaperPort\BindRes.dll Script: Quarantine, Delete, Delete via BC	407371776	PaperPort Resources 2	Copyright © 1993-2007 Nuance Communications, Inc.	--	3252
C:\Program Files\ScanSoft\PaperPort\MaxRes.dll Script: Quarantine, Delete, Delete via BC	470679552	PaperPort Basic Resources	Copyright © 1993-2007 Nuance Communications, Inc.	--	3252
C:\Program Files\ScanSoft\PaperPort\PPRecDiag.dll Script: Quarantine, Delete, Delete via BC	564461568	PaperPort application extension	Copyright © 1995-2006 Nuance Communications, Inc.	--	3252
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe Script: Quarantine, Delete, Delete via BC	33554432	PaperPort Print to Desktop for NT	Copyright © 1993-2007 Nuance Communications, Inc.	??	3252
C:\Program Files\ScanSoft\PaperPort\XMAXUTIL.dll Script: Quarantine, Delete, Delete via BC	598540288	PaperPort Utilities Library	Copyright © 1993-2007 Nuance Communications, Inc.	--	3252
c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_cs_b77a5c561934e089\mscorlib.resources.dll Script: Quarantine, Delete, Delete via BC	15859712	Microsoft Common Language Runtime Class Library	Copyright © Microsoft Corporation 1998-2002. All rights reserved.	--	3524, 3204, 132, 204, 3004, 436
c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\system.serviceprocess.resources.dll Script: Quarantine, Delete, Delete via BC	18284544	System.ServiceProcess.dll	Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.	--	436
c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll Script: Quarantine, Delete, Delete via BC	2047410176	System.Web.dll	Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.	--	3204, 132, 204
c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_cs_b77a5c561934e089\system.windows.forms.resources.dll Script: Quarantine, Delete, Delete via BC	58785792	System.Windows.Forms.dll	Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.	--	3204
c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll Script: Quarantine, Delete, Delete via BC	2064252928	System.dll	Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.	--	3524, 3204, 132, 204, 3004, 436
c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c548b626\mscorlib.dll Script: Quarantine, Delete, Delete via BC	2040070144			--	3524, 3204, 132, 204, 3004, 436
c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ee5e10e6\system.drawing.dll Script: Quarantine, Delete, Delete via BC	2068905984			--	3524, 3204, 132, 204, 3004
c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bf7aa1fd\system.windows.forms.dll Script: Quarantine, Delete, Delete via BC	2072051712			--	3524, 3204, 132, 204, 3004
c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_589bebd1\system.xml.dll Script: Quarantine, Delete, Delete via BC	2077622272			--	3524, 3204, 132, 204
c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3b5486ac\system.dll Script: Quarantine, Delete, Delete via BC	2065498112			--	3524, 3204, 132, 204, 3004, 436
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll Script: Quarantine, Delete, Delete via BC	2045116416	aspnet_isapi.lib	Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.	--	3524, 3204, 132, 204, 436
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll Script: Quarantine, Delete, Delete via BC	2037776384	Microsoft Common Language Runtime - WorkStation	Copyright © Microsoft Corporation 1998-2002. All rights reserved.	--	3524
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll Script: Quarantine, Delete, Delete via BC	1369899008	Dia based SymReader	© Microsoft Corporation. All rights reserved.	--	3524, 3004
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL Script: Quarantine, Delete, Delete via BC	2034434048	Microsoft .NET Runtime Just-In-Time Compiler	Copyright © Microsoft Corporation 1998-2002. All rights reserved.	--	3524, 3204, 132, 204, 3004, 436
c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll Script: Quarantine, Delete, Delete via BC	2037907456	Microsoft Common Language Runtime Class Library	Copyright © Microsoft Corporation 1998-2002. All rights reserved.	--	3524, 3204, 132, 204, 3004, 436
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll Script: Quarantine, Delete, Delete via BC	2035351552	Microsoft .NET Strong Name Support	Copyright © Microsoft Corporation 1998-2002. All rights reserved.	--	3524, 3204, 132, 204, 3004, 436
c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll Script: Quarantine, Delete, Delete via BC	2031812608	Microsoft .NET Runtime Common Language Runtime - WorkStation	Copyright © Microsoft Corporation 1998-2002. All rights reserved.	--	3524, 3204, 132, 204, 3004, 436
C:\WINDOWS\system32\cspllp.dll Script: Quarantine, Delete, Delete via BC	268435456	Companion Suite Pro LL Fax Port Monitor	Copyright © 2005	--	1956
C:\WINDOWS\system32\IM31bmp.dil Script: Quarantine, Delete, Delete via BC	10747904	ImageMan BMP File Reader	Copyright © Data Techniques, Inc. 1992-2000	--	1956
C:\WINDOWS\system32\IM31jpg.dil Script: Quarantine, Delete, Delete via BC	14811136	ImageMan JPEG/JFIF File Reader	Copyright © Data Techniques, Inc. 1992-2000	--	1956
C:\WINDOWS\system32\IM31tif.dil Script: Quarantine, Delete, Delete via BC	15073280	ImageMan TIFF Reader	Copyright © Data Techniques, Inc. 1992-2000	--	1956
C:\WINDOWS\system32\lfxpm.dll Script: Quarantine, Delete, Delete via BC	15335424	Spooler Sub System DLL	Copyright (C) Microsoft Corp. 1981-1997	--	1956
C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx Script: Quarantine, Delete, Delete via BC	87687168	Adobe Flash Player 10.0 r45	Adobe® Flash® Player. Copyright © 1996-2009 Adobe Systems Incorporated. All Rights Reserved. Protected by U.S. Patent 6,879,327; Patents Pending in the United States and other countries. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.	--	1076
c:\WINDOWS\system32\msxml4.dll Script: Quarantine, Delete, Delete via BC	1773207552	MSXML 4.0 SP 2	Copyright (C) Microsoft Corporation. 1981-2002	--	3212
C:\WINDOWS\system32\mui\0405\HHCTRLui.dll Script: Quarantine, Delete, Delete via BC	1759903744	Ovlбdacн prvek Microsoft® HTML Help	Copyright © Microsoft Corp.	--	2932
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll Script: Quarantine, Delete, Delete via BC	2023620608	MFCDLL Shared Library - Retail Version	© Microsoft Corporation. All rights reserved.	--	980
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\MFC90ENU.DLL Script: Quarantine, Delete, Delete via BC	1563820032	MFC Language Specific Resources	© Microsoft Corporation. All rights reserved.	--	980
Modules found:703, recognized as trusted 533

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\System32\Drivers\Aavmker4.SYS Script: Quarantine, Delete, Delete via BC	F786F000	006000 (24576)	avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP	Copyright (c) 1996-2010 ALWIL Software
C:\WINDOWS\System32\Drivers\aswFsBlk.SYS Script: Quarantine, Delete, Delete via BC	F7947000	003000 (12288)	avast! File System Access Blocking Driver	Copyright (c) 1996-2010 ALWIL Software
C:\WINDOWS\System32\Drivers\aswMon2.SYS Script: Quarantine, Delete, Delete via BC	EFAB9000	017000 (94208)	avast! File System Filter Driver for Windows XP	Copyright (c) 1996-2010 ALWIL Software
C:\WINDOWS\System32\Drivers\aswSP.SYS Script: Quarantine, Delete, Delete via BC	F210C000	027000 (159744)	avast! self protection module	Copyright (c) 1996-2010 ALWIL Software
C:\WINDOWS\System32\Drivers\aswTdi.SYS Script: Quarantine, Delete, Delete via BC	F70D8000	00A000 (40960)	avast! TDI Filter Driver	Copyright (c) 1996-2010 ALWIL Software
C:\WINDOWS\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, Delete via BC	F1FEE000	018000 (98304)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, Delete via BC	F79AD000	002000 (8192)
C:\WINDOWS\system32\Drivers\gjhqidq.sys Script: Quarantine, Delete, Delete via BC	F7284000	0C3000 (798720)
C:\WINDOWS\system32\drivers\lfxnt.sys Script: Quarantine, Delete, Delete via BC	F785F000	008000 (32768)
Modules found - 188, recognized as trusted - 179

Services

Service	Description	Status	File	Group	Dependencies
avast! Antivirus Service: Stop, Delete, Disable	avast! Antivirus	Running	C:\Program Files\Alwil Software\Avast5\AvastSvc.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup	aswMon2
avast! Mail Scanner Service: Stop, Delete, Disable	avast! Mail Scanner	Not started	C:\Program Files\Alwil Software\Avast5\AvastSvc.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup	avast! Antivirus
avast! Web Scanner Service: Stop, Delete, Disable	avast! Web Scanner	Not started	C:\Program Files\Alwil Software\Avast5\AvastSvc.exe Script: Quarantine, Delete, Delete via BC	ShellSvcGroup	avast! Antivirus
Detected - 103, recognized as trusted - 100

Drivers

Service	Description	Status	File	Group	Dependencies
Aavmker4 Driver: Unload, Delete, Disable	avast! Asynchronous Virus Monitor	Running	C:\WINDOWS\system32\Drivers\Aavmker4.sys Script: Quarantine, Delete, Delete via BC
aswFsBlk Driver: Unload, Delete, Disable	aswFsBlk	Running	C:\WINDOWS\system32\Drivers\aswFsBlk.sys Script: Quarantine, Delete, Delete via BC	FSFilter Activity Monitor
aswMon2 Driver: Unload, Delete, Disable	aswMon2	Running	C:\WINDOWS\system32\Drivers\aswMon2.sys Script: Quarantine, Delete, Delete via BC
aswSP Driver: Unload, Delete, Disable	aswSP	Running	C:\WINDOWS\system32\Drivers\aswSP.sys Script: Quarantine, Delete, Delete via BC
aswTdi Driver: Unload, Delete, Disable	avast! Network Shield Support	Running	C:\WINDOWS\system32\Drivers\aswTdi.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
lfxnt Driver: Unload, Delete, Disable	lfxnt	Running	C:\WINDOWS\system32\drivers\lfxnt.sys Script: Quarantine, Delete, Delete via BC	Extended base
Abiosdsk Driver: Unload, Delete, Disable	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
aswRdr Driver: Unload, Delete, Disable	aswRdr	Not started	C:\WINDOWS\system32\Drivers\aswRdr.sys Script: Quarantine, Delete, Delete via BC	PNP_TDI
Atdisk Driver: Unload, Delete, Disable	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
Changer Driver: Unload, Delete, Disable	Changer	Not started	Changer.sys Script: Quarantine, Delete, Delete via BC	Filter
eLock2BurnerLockDriver Driver: Unload, Delete, Disable	eLock2BurnerLockDriver	Not started	C:\WINDOWS\system32\eLock2BurnerLockDriver.sys Script: Quarantine, Delete, Delete via BC
eLock2FSCTLDriver Driver: Unload, Delete, Disable	eLock2FSCTLDriver	Not started	C:\WINDOWS\system32\eLock2FSCTLDriver.sys Script: Quarantine, Delete, Delete via BC
lbrtfdc Driver: Unload, Delete, Disable	lbrtfdc	Not started	lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
PCIDump Driver: Unload, Delete, Disable	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, Delete via BC	PCI Configuration
PDCOMP Driver: Unload, Delete, Disable	PDCOMP	Not started	PDCOMP.sys Script: Quarantine, Delete, Delete via BC
PDFRAME Driver: Unload, Delete, Disable	PDFRAME	Not started	PDFRAME.sys Script: Quarantine, Delete, Delete via BC
PDRELI Driver: Unload, Delete, Disable	PDRELI	Not started	PDRELI.sys Script: Quarantine, Delete, Delete via BC
PDRFRAME Driver: Unload, Delete, Disable	PDRFRAME	Not started	PDRFRAME.sys Script: Quarantine, Delete, Delete via BC
Simbad Driver: Unload, Delete, Disable	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, Delete via BC	Filter
WDICA Driver: Unload, Delete, Disable	WDICA	Not started	WDICA.sys Script: Quarantine, Delete, Delete via BC
Detected - 211, recognized as trusted - 191

Autoruns

File name	Status	Startup method	Description
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, avast5 Delete
C:\PROGRA~1\MICROS~2\Office12\1029\MAPIR.DLL Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Outlook, EventMessageFile Delete
C:\Program Files\Common Files\LightScribe\LSSMsg.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\LightScribeService, EventMessageFile Delete
C:\Program Files\Companion Suite Pro LL\MFPrintServer.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, MFPrintServer_Pro_LL Delete
C:\Program Files\Companion Suite Pro LL\MFServices.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, MFServices_Pro_LL Delete
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, IndexSearch Delete
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, PaperPort PTD Delete
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ASP.NET_1.1.4322\Performance, Library Delete
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\ASP.NET\1.1.4322.0, DllFullPath Delete
C:\WINDOWS\System32\PrintFilterPipelineSvc.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile Delete
C:\WINDOWS\System32\drivers\lfxnt.sys Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\lfxnt, EventMessageFile Delete
C:\WINDOWS\System32\hidserv.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HidServ\Parameters, ServiceDll Delete
C:\WINDOWS\System32\igmpv2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile Delete
C:\WINDOWS\System32\ipbootp.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile Delete
C:\WINDOWS\System32\iprip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile Delete
C:\WINDOWS\System32\mhn.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MHN\Parameters, ServiceDll Delete
C:\WINDOWS\System32\ospf.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile Delete
C:\WINDOWS\System32\ospfmib.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile Delete
C:\WINDOWS\System32\polagent.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile Delete
C:\WINDOWS\System32\tssdis.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile Delete
C:\WINDOWS\system32\MsSip1.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL Delete
C:\WINDOWS\system32\MsSip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL Delete
C:\WINDOWS\system32\MsSip3.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL Delete
C:\WINDOWS\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\WINDOWS\system32\stisvc.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Control Panel\IOProcs, MVB Delete
vgafix.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
Autoruns items found - 602, recognized as trusted - 569

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
	Extension module			{2670000A-7350-4f3c-8081-5663EE0C6C49} Delete
	Extension module			{92780B25-18CC-41C8-B9BE-3C9C571A8263} Delete
	URLSearchHook			{EF99BD32-C1FB-11D2-892F-0090271D4F88} Delete
Items found - 9, recognized as trusted - 6

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
deskpan.dll Script: Quarantine, Delete, Delete via BC	Display Panning CPL Extension			{42071714-76d4-11d1-8b24-00a0c9068ff3} Delete
	Shell extensions for file compression			{764BF0E1-F219-11ce-972D-00AA00A14F56} Delete
	Encryption Context Menu			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Delete
	Taskbar and Start Menu			{0DF44EAA-FF21-4412-828E-260A8728E7F1} Delete
rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Script: Quarantine, Delete, Delete via BC	Autoplay for SlideShow			{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} Delete
	User Accounts			{7A9D77BD-5403-11d2-8785-2E0420524153} Delete
C:\Program Files\Alwil Software\Avast5\ashShell.dll Script: Quarantine, Delete, Delete via BC	avast	avast! Shell Extension	Copyright (c) 2010 ALWIL Software	{472083B0-C522-11CF-8763-00608CC02F24} Delete
	IE User Assist			{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} Delete
Items found - 225, recognized as trusted - 217

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
C:\WINDOWS\system32\cspllp.dll Script: Quarantine, Delete, Delete via BC	Monitor	Companion Suite Pro LL Fax Port	Companion Suite Pro LL Fax Port Monitor	Copyright © 2005
C:\WINDOWS\system32\lfxpm.dll Script: Quarantine, Delete, Delete via BC	Monitor	Companion Suite Pro LL TCP/IP Monitor	Spooler Sub System DLL	Copyright (C) Microsoft Corp. 1981-1997
Items found - 12, recognized as trusted - 10

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
Items found - 0, recognized as trusted - 0

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 3, recognized as trusted - 3

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 16, recognized as trusted - 16
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 38990 [908] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 35010 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 63653 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
1028 LISTENING 0.0.0.0 2224 [2552] c:\windows\system32\alg.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1048 CLOSE_WAIT 217.170.13.191 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1049 CLOSE_WAIT 217.170.13.191 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1052 ESTABLISHED 216.27.60.36 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1057 CLOSE_WAIT 64.18.5.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1061 CLOSE_WAIT 208.42.184.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1062 CLOSE_WAIT 72.4.117.22 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1063 CLOSE_WAIT 196.46.128.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1070 CLOSE_WAIT 168.61.70.64 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1074 CLOSE_WAIT 209.139.197.115 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1075 CLOSE_WAIT 209.139.197.115 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1078 CLOSE_WAIT 12.171.186.9 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1083 LISTENING 0.0.0.0 36899 [3204] c:\program files\ati technologies\ati.ace\cli.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1090 CLOSE_WAIT 212.130.34.220 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1093 CLOSE_WAIT 81.114.70.135 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1098 CLOSE_WAIT 38.113.116.218 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1101 CLOSE_WAIT 64.191.223.40 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1102 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1103 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1104 CLOSE_WAIT 195.200.70.104 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1106 CLOSE_WAIT 64.18.4.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1107 CLOSE_WAIT 64.18.4.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1110 CLOSE_WAIT 94.228.131.162 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1112 CLOSE_WAIT 66.199.131.232 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1114 CLOSE_WAIT 205.144.52.21 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1116 ESTABLISHED 202.3.177.33 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1117 CLOSE_WAIT 208.74.58.37 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1120 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1129 CLOSE_WAIT 64.18.5.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1137 CLOSE_WAIT 94.23.206.204 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1143 CLOSE_WAIT 94.23.39.170 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1147 CLOSE_WAIT 203.111.138.2 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1153 CLOSE_WAIT 38.113.116.216 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1155 CLOSE_WAIT 217.170.69.174 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1156 ESTABLISHED 66.49.245.211 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1157 CLOSE_WAIT 203.99.245.9 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1163 CLOSE_WAIT 202.155.61.25 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1164 CLOSE_WAIT 208.80.204.44 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1166 CLOSE_WAIT 82.144.58.67 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1170 CLOSE_WAIT 208.86.183.83 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1174 CLOSE_WAIT 216.99.131.16 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1175 LISTENING 0.0.0.0 2272 [204] c:\program files\ati technologies\ati.ace\cli.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1176 LISTENING 0.0.0.0 39166 [132] c:\program files\ati technologies\ati.ace\cli.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1179 CLOSE_WAIT 213.83.66.193 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1180 CLOSE_WAIT 70.164.112.118 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1193 CLOSE_WAIT 64.18.5.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1210 CLOSE_WAIT 65.248.93.141 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1212 CLOSE_WAIT 91.198.174.232 80 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1217 CLOSE_WAIT 195.245.230.115 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1219 ESTABLISHED 209.150.136.129 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1220 CLOSE_WAIT 167.230.202.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1224 CLOSE_WAIT 64.18.6.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1227 CLOSE_WAIT 64.18.6.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1229 CLOSE_WAIT 129.33.174.70 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1230 CLOSE_WAIT 85.158.139.19 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1243 CLOSE_WAIT 161.235.223.107 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1244 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1246 CLOSE_WAIT 205.157.110.104 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1247 CLOSE_WAIT 216.163.188.60 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1252 CLOSE_WAIT 192.83.249.24 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1253 CLOSE_WAIT 217.149.195.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1255 CLOSE_WAIT 164.71.1.140 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1257 CLOSE_WAIT 200.189.189.3 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1262 ESTABLISHED 124.219.31.196 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1264 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1265 CLOSE_WAIT 211.215.23.34 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1269 CLOSE_WAIT 64.18.5.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1270 CLOSE_WAIT 220.181.12.67 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1274 CLOSE_WAIT 74.218.77.201 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1275 CLOSE_WAIT 64.18.4.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1277 CLOSE_WAIT 94.232.196.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1278 CLOSE_WAIT 66.151.52.26 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1280 CLOSE_WAIT 203.134.137.98 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1301 CLOSE_WAIT 161.195.68.251 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1328 CLOSE_WAIT 217.7.200.205 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1332 CLOSE_WAIT 64.18.5.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1338 CLOSE_WAIT 195.33.130.249 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1343 CLOSE_WAIT 211.9.230.180 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1344 CLOSE_WAIT 64.18.7.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1347 CLOSE_WAIT 194.78.42.120 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1349 CLOSE_WAIT 75.126.136.141 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1351 CLOSE_WAIT 202.75.36.46 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1352 CLOSE_WAIT 124.74.249.12 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1355 CLOSE_WAIT 74.125.148.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1360 CLOSE_WAIT 38.113.116.218 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1364 CLOSE_WAIT 64.18.6.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1367 CLOSE_WAIT 216.163.188.58 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1373 CLOSE_WAIT 217.147.83.31 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1374 CLOSE_WAIT 213.33.108.44 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1379 CLOSE_WAIT 216.82.241.243 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1382 CLOSE_WAIT 38.113.116.218 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1386 CLOSE_WAIT 216.82.254.195 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1390 ESTABLISHED 65.99.255.2 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1400 CLOSE_WAIT 89.104.216.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1401 CLOSE_WAIT 74.55.2.34 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1412 CLOSE_WAIT 218.57.22.44 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1415 CLOSE_WAIT 200.40.30.218 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1420 CLOSE_WAIT 216.82.249.35 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1423 CLOSE_WAIT 81.252.22.130 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1427 ESTABLISHED 217.167.236.89 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1432 CLOSE_WAIT 204.10.142.253 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1434 CLOSE_WAIT 12.54.27.16 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1435 CLOSE_WAIT 64.18.6.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1438 CLOSE_WAIT 119.38.209.106 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1445 ESTABLISHED 64.34.193.238 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1450 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1452 CLOSE_WAIT 89.190.178.29 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1453 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1457 CLOSE_WAIT 78.142.157.2 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1460 CLOSE_WAIT 89.96.207.51 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1465 CLOSE_WAIT 194.116.199.19 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1467 CLOSE_WAIT 38.113.116.218 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1472 CLOSE_WAIT 212.12.187.93 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1473 CLOSE_WAIT 66.170.128.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1480 CLOSE_WAIT 195.7.17.39 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1483 CLOSE_WAIT 195.3.96.71 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1485 CLOSE_WAIT 195.216.229.68 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1486 CLOSE_WAIT 213.245.2.2 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1487 CLOSE_WAIT 217.243.246.34 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1497 CLOSE_WAIT 216.82.253.19 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1508 CLOSE_WAIT 199.185.88.168 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1509 CLOSE_WAIT 12.154.55.40 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1513 ESTABLISHED 204.3.218.220 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1517 CLOSE_WAIT 64.18.5.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1524 CLOSE_WAIT 64.18.5.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1528 CLOSE_WAIT 199.101.6.141 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1534 ESTABLISHED 133.86.19.7 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1535 CLOSE_WAIT 202.221.162.68 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1537 CLOSE_WAIT 205.247.25.126 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1538 CLOSE_WAIT 201.238.221.139 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1546 CLOSE_WAIT 72.14.213.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1550 CLOSE_WAIT 159.251.88.1 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1551 CLOSE_WAIT 64.191.223.39 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1554 CLOSE_WAIT 64.18.4.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1555 CLOSE_WAIT 64.18.5.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1556 CLOSE_WAIT 72.14.213.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1568 CLOSE_WAIT 38.113.116.218 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1571 CLOSE_WAIT 213.151.79.28 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1582 CLOSE_WAIT 69.3.56.170 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1586 ESTABLISHED 66.151.46.19 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1592 CLOSE_WAIT 167.230.202.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1594 CLOSE_WAIT 208.80.206.32 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1595 CLOSE_WAIT 74.208.77.237 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1596 CLOSE_WAIT 167.230.202.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1600 CLOSE_WAIT 206.244.170.2 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1603 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1609 CLOSE_WAIT 200.72.133.28 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1612 ESTABLISHED 205.144.60.21 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1613 CLOSE_WAIT 61.136.143.183 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1614 CLOSE_WAIT 208.43.89.133 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1619 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1620 CLOSE_WAIT 198.212.10.95 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1621 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1624 CLOSE_WAIT 69.213.219.61 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1627 CLOSE_WAIT 67.231.152.94 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1633 CLOSE_WAIT 12.104.176.25 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1634 CLOSE_WAIT 64.18.5.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1653 CLOSE_WAIT 62.119.28.105 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1662 CLOSE_WAIT 209.85.229.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1671 ESTABLISHED 69.61.255.195 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1676 CLOSE_WAIT 74.125.157.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1678 CLOSE_WAIT 208.87.233.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1685 CLOSE_WAIT 72.16.255.217 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1686 CLOSE_WAIT 203.197.88.69 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1687 CLOSE_WAIT 130.227.16.200 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1689 CLOSE_WAIT 193.84.73.211 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1691 CLOSE_WAIT 212.170.236.87 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1697 CLOSE_WAIT 206.137.17.201 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1701 CLOSE_WAIT 193.54.215.242 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1706 CLOSE_WAIT 213.83.66.177 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1710 CLOSE_WAIT 213.83.66.193 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1713 CLOSE_WAIT 12.37.248.67 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1714 CLOSE_WAIT 211.13.217.12 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1719 CLOSE_WAIT 217.16.16.81 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1721 CLOSE_WAIT 74.125.43.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1722 CLOSE_WAIT 208.80.206.60 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1725 CLOSE_WAIT 219.163.200.91 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1730 CLOSE_WAIT 212.217.29.20 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1733 CLOSE_WAIT 174.133.251.140 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1737 CLOSE_WAIT 64.191.223.39 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1738 CLOSE_WAIT 88.79.119.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1741 CLOSE_WAIT 194.153.145.38 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1742 CLOSE_WAIT 209.139.197.115 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1752 CLOSE_WAIT 192.83.249.24 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1756 CLOSE_WAIT 64.18.6.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1757 CLOSE_WAIT 193.252.22.142 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1768 CLOSE_WAIT 64.18.5.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1770 CLOSE_WAIT 64.18.6.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1773 CLOSE_WAIT 59.36.102.50 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1777 CLOSE_WAIT 24.177.128.217 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1778 CLOSE_WAIT 85.115.58.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1780 ESTABLISHED 190.81.46.162 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1781 CLOSE_WAIT 167.230.202.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1785 CLOSE_WAIT 159.207.224.160 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1787 CLOSE_WAIT 208.87.233.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1790 CLOSE_WAIT 206.210.162.83 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1798 CLOSE_WAIT 91.213.160.40 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1801 CLOSE_WAIT 84.96.92.132 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1806 CLOSE_WAIT 213.136.12.237 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1808 ESTABLISHED 210.59.199.248 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1809 CLOSE_WAIT 74.125.43.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1810 CLOSE_WAIT 207.126.154.12 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1815 CLOSE_WAIT 216.163.188.54 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1817 ESTABLISHED 198.246.243.1 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1820 CLOSE_WAIT 200.74.162.234 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1825 CLOSE_WAIT 64.18.4.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1826 CLOSE_WAIT 64.18.4.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1829 CLOSE_WAIT 212.178.157.66 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1832 CLOSE_WAIT 83.19.232.154 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1834 CLOSE_WAIT 203.183.218.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1842 CLOSE_WAIT 212.139.137.147 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1847 CLOSE_WAIT 64.18.6.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1848 CLOSE_WAIT 69.70.228.38 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1850 CLOSE_WAIT 193.19.161.34 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1861 CLOSE_WAIT 152.2.91.130 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1865 ESTABLISHED 66.207.132.3 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1867 CLOSE_WAIT 64.18.5.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1872 CLOSE_WAIT 213.83.66.193 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1873 CLOSE_WAIT 193.130.87.50 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1874 CLOSE_WAIT 64.207.239.16 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1875 CLOSE_WAIT 199.224.111.34 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1876 CLOSE_WAIT 200.6.55.16 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1877 CLOSE_WAIT 200.24.162.118 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1880 CLOSE_WAIT 174.142.32.88 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1881 CLOSE_WAIT 194.41.109.9 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1884 CLOSE_WAIT 74.125.148.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1885 CLOSE_WAIT 74.55.40.226 80 [980] c:\program files\alwil software\avast5\avastui.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1887 CLOSE_WAIT 220.181.12.67 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1888 CLOSE_WAIT 208.42.184.8 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1892 CLOSE_WAIT 64.18.5.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1894 CLOSE_WAIT 216.163.188.60 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1899 CLOSE_WAIT 85.214.77.216 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1903 CLOSE_WAIT 85.115.62.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1908 CLOSE_WAIT 212.198.247.117 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1910 CLOSE_WAIT 194.78.38.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1918 CLOSE_WAIT 207.126.147.12 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1920 CLOSE_WAIT 64.52.215.170 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1922 CLOSE_WAIT 174.36.9.240 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1925 ESTABLISHED 69.217.36.153 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1928 CLOSE_WAIT 64.18.4.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1930 CLOSE_WAIT 62.217.193.2 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1931 CLOSE_WAIT 58.221.42.141 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1941 CLOSE_WAIT 194.242.63.182 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1942 CLOSE_WAIT 192.83.249.24 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1944 CLOSE_WAIT 167.239.223.107 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1945 CLOSE_WAIT 64.18.7.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1952 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1960 CLOSE_WAIT 64.119.243.136 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1963 CLOSE_WAIT 64.18.5.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1965 CLOSE_WAIT 204.27.52.6 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1967 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1968 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1970 CLOSE_WAIT 72.14.213.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1973 CLOSE_WAIT 12.96.222.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1977 CLOSE_WAIT 64.128.190.157 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1979 CLOSE_WAIT 216.82.254.195 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1983 ESTABLISHED 195.101.95.237 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1984 CLOSE_WAIT 195.114.19.31 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1991 CLOSE_WAIT 167.82.191.21 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1993 CLOSE_WAIT 205.178.149.7 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2000 CLOSE_WAIT 64.18.5.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2009 CLOSE_WAIT 70.62.112.198 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2010 CLOSE_WAIT 208.87.233.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2016 CLOSE_WAIT 147.108.253.150 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2017 ESTABLISHED 210.190.172.45 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2019 CLOSE_WAIT 66.202.50.100 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2025 ESTABLISHED 199.239.233.55 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2029 CLOSE_WAIT 85.115.58.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2030 CLOSE_WAIT 69.67.167.68 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2032 CLOSE_WAIT 64.18.6.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2034 CLOSE_WAIT 213.175.211.119 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2038 CLOSE_WAIT 165.76.8.44 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2040 CLOSE_WAIT 208.42.184.8 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2041 CLOSE_WAIT 58.221.42.141 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2043 CLOSE_WAIT 209.139.197.115 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2044 CLOSE_WAIT 209.139.197.115 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2048 CLOSE_WAIT 94.228.131.162 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2049 ESTABLISHED 89.29.94.130 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2057 CLOSE_WAIT 91.121.126.18 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2059 CLOSE_WAIT 24.73.226.22 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2062 ESTABLISHED 82.110.109.199 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2070 CLOSE_WAIT 174.36.1.72 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2078 CLOSE_WAIT 64.191.223.42 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2080 CLOSE_WAIT 64.18.7.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2081 CLOSE_WAIT 216.163.188.60 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2082 CLOSE_WAIT 64.191.223.39 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2083 CLOSE_WAIT 161.235.223.108 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2087 CLOSE_WAIT 64.18.7.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2090 ESTABLISHED 117.135.143.108 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2091 CLOSE_WAIT 211.14.126.65 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2093 ESTABLISHED 192.109.108.33 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2095 CLOSE_WAIT 195.2.72.144 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2101 CLOSE_WAIT 209.136.87.101 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2103 CLOSE_WAIT 193.220.119.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2107 CLOSE_WAIT 74.125.39.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2108 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2109 CLOSE_WAIT 88.85.247.226 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2111 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2112 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2118 CLOSE_WAIT 64.18.5.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2120 ESTABLISHED 216.157.243.239 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2122 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2124 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2125 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2129 CLOSE_WAIT 216.163.188.60 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2134 CLOSE_WAIT 64.18.7.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2145 CLOSE_WAIT 194.109.24.134 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2152 CLOSE_WAIT 200.201.181.198 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2156 CLOSE_WAIT 168.61.70.17 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2160 CLOSE_WAIT 80.169.163.148 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2162 CLOSE_WAIT 210.229.188.36 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2163 ESTABLISHED 32.97.110.151 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2164 CLOSE_WAIT 82.187.221.178 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2168 CLOSE_WAIT 218.208.111.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2172 CLOSE_WAIT 209.85.222.5 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2176 CLOSE_WAIT 85.115.58.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2178 CLOSE_WAIT 195.225.160.4 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2187 CLOSE_WAIT 216.163.188.60 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2189 CLOSE_WAIT 216.163.188.60 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2190 CLOSE_WAIT 209.139.197.115 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2195 CLOSE_WAIT 94.228.131.162 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2202 CLOSE_WAIT 129.179.7.132 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2213 CLOSE_WAIT 220.181.12.52 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2216 CLOSE_WAIT 200.87.200.130 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2217 CLOSE_WAIT 81.103.221.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2218 CLOSE_WAIT 64.191.223.40 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2219 CLOSE_WAIT 195.162.10.2 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2221 CLOSE_WAIT 192.83.249.24 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2223 CLOSE_WAIT 64.16.193.48 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2225 CLOSE_WAIT 193.42.228.8 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2226 CLOSE_WAIT 75.99.173.178 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2227 CLOSE_WAIT 64.18.6.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2229 ESTABLISHED 70.89.135.115 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2233 CLOSE_WAIT 38.113.116.218 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2234 CLOSE_WAIT 210.19.80.2 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2236 CLOSE_WAIT 213.186.33.29 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2243 CLOSE_WAIT 119.38.209.106 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2246 CLOSE_WAIT 204.52.250.90 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2250 CLOSE_WAIT 66.111.4.72 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2251 CLOSE_WAIT 78.31.43.195 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2254 CLOSE_WAIT 64.18.4.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2255 ESTABLISHED 69.94.123.148 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2259 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2260 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2261 CLOSE_WAIT 209.137.233.141 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2262 ESTABLISHED 69.198.67.146 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2265 CLOSE_WAIT 64.18.4.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2266 CLOSE_WAIT 210.196.169.193 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2267 CLOSE_WAIT 212.224.137.106 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2279 CLOSE_WAIT 87.230.77.22 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2280 CLOSE_WAIT 62.128.193.98 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2281 CLOSE_WAIT 57.66.138.16 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2282 CLOSE_WAIT 195.2.244.45 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2284 CLOSE_WAIT 192.5.209.6 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2286 CLOSE_WAIT 38.113.116.216 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2289 CLOSE_WAIT 64.191.223.42 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2290 CLOSE_WAIT 212.59.199.31 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2292 ESTABLISHED 69.94.98.7 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2294 CLOSE_WAIT 62.128.158.159 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2295 CLOSE_WAIT 209.85.222.5 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2299 CLOSE_WAIT 64.18.5.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2300 CLOSE_WAIT 216.55.101.25 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2303 CLOSE_WAIT 64.18.5.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2304 CLOSE_WAIT 84.96.93.164 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2307 CLOSE_WAIT 209.139.197.115 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2311 CLOSE_WAIT 220.181.12.52 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2314 CLOSE_WAIT 64.18.5.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2315 CLOSE_WAIT 94.228.131.162 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2317 CLOSE_WAIT 85.115.54.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2320 CLOSE_WAIT 62.204.37.1 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2325 CLOSE_WAIT 216.52.152.61 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2327 CLOSE_WAIT 203.190.224.42 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2329 CLOSE_WAIT 203.84.134.2 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2332 CLOSE_WAIT 12.31.191.99 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2333 CLOSE_WAIT 193.110.75.1 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2335 CLOSE_WAIT 192.83.249.24 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2337 CLOSE_WAIT 218.219.70.203 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2341 CLOSE_WAIT 195.2.72.144 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2343 CLOSE_WAIT 38.113.116.216 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2345 CLOSE_WAIT 24.106.36.36 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2365 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2366 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2371 ESTABLISHED 85.33.2.53 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2373 CLOSE_WAIT 64.119.241.136 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2379 ESTABLISHED 187.94.64.130 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2380 CLOSE_WAIT 62.2.90.138 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2382 CLOSE_WAIT 217.167.134.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2385 CLOSE_WAIT 74.218.206.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2386 ESTABLISHED 62.62.128.70 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2387 CLOSE_WAIT 195.3.96.71 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2388 CLOSE_WAIT 67.210.88.16 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2390 CLOSE_WAIT 59.106.52.214 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2396 CLOSE_WAIT 210.54.141.1 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2397 CLOSE_WAIT 216.211.128.3 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2401 CLOSE_WAIT 195.127.173.180 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2403 CLOSE_WAIT 195.4.92.9 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2404 CLOSE_WAIT 64.191.223.40 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2405 CLOSE_WAIT 64.18.5.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2406 CLOSE_WAIT 213.166.17.26 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2413 CLOSE_WAIT 64.18.5.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2417 CLOSE_WAIT 203.211.152.111 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2427 CLOSE_WAIT 119.46.144.228 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2428 CLOSE_WAIT 85.115.54.190 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2431 CLOSE_WAIT 74.125.43.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2436 CLOSE_WAIT 131.167.253.87 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2438 CLOSE_WAIT 62.245.150.131 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2441 CLOSE_WAIT 211.133.135.166 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2443 CLOSE_WAIT 59.36.102.50 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2451 CLOSE_WAIT 94.228.131.162 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2454 CLOSE_WAIT 94.228.131.162 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2455 CLOSE_WAIT 24.177.128.217 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2456 CLOSE_WAIT 72.85.245.188 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2457 CLOSE_WAIT 82.117.159.67 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2459 CLOSE_WAIT 69.94.110.245 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2469 ESTABLISHED 195.16.57.210 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2470 CLOSE_WAIT 64.18.4.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2472 CLOSE_WAIT 219.101.186.28 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2474 CLOSE_WAIT 202.157.178.71 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2477 CLOSE_WAIT 192.83.249.24 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2478 CLOSE_WAIT 219.101.142.239 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2481 CLOSE_WAIT 218.1.66.97 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2497 CLOSE_WAIT 157.78.0.241 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2498 CLOSE_WAIT 200.111.48.148 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2505 CLOSE_WAIT 195.7.102.21 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2510 ESTABLISHED 85.92.134.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2511 CLOSE_WAIT 209.136.87.101 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2515 CLOSE_WAIT 194.116.199.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2516 CLOSE_WAIT 207.126.154.12 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2528 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2530 CLOSE_WAIT 203.227.129.20 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2531 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2532 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2533 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2534 CLOSE_WAIT 85.158.139.194 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2538 CLOSE_WAIT 203.183.218.15 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2539 CLOSE_WAIT 195.3.96.71 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2543 CLOSE_WAIT 64.18.6.13 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2544 CLOSE_WAIT 216.136.24.140 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2547 CLOSE_WAIT 94.126.40.215 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2552 CLOSE_WAIT 86.109.103.34 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2554 CLOSE_WAIT 64.18.4.11 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2556 CLOSE_WAIT 122.200.253.202 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2559 CLOSE_WAIT 218.236.90.205 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2560 CLOSE_WAIT 133.56.0.8 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2561 CLOSE_WAIT 63.100.40.112 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2563 CLOSE_WAIT 216.52.118.222 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2564 CLOSE_WAIT 193.158.75.202 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2566 CLOSE_WAIT 211.125.116.197 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2569 CLOSE_WAIT 72.232.162.162 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2572 CLOSE_WAIT 64.18.7.14 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2574 CLOSE_WAIT 204.15.82.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2578 CLOSE_WAIT 64.18.5.10 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2579 CLOSE_WAIT 74.125.43.27 25 [672] c:\windows\system32\services.exe
Script: Quarantine, Delete, Delete via BC, Terminate
9999 LISTENING 0.0.0.0 30721 [436] c:\acer\empowering technology\eperformance\memcheck.exe
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123 LISTENING -- -- [952] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
123 LISTENING -- -- [952] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
500 LISTENING -- -- [684] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1556] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1556] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2717 LISTENING -- -- [1076] c:\program files\internet explorer\iexplore.exe
Script: Quarantine, Delete, Delete via BC, Terminate
2723 LISTENING -- -- [2708] c:\program files\internet explorer\iexplore.exe
Script: Quarantine, Delete, Delete via BC, Terminate
3776 LISTENING -- -- [2084] c:\windows\ehome\mcrdsvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate
4500 LISTENING -- -- [684] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 1, recognized as trusted - 1

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 26, recognized as trusted - 26

Active Setup

File name Description Manufacturer CLSID
Items found - 17, recognized as trusted - 17

HOSTS file

Hosts file record
127.0.0.1 localhost

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Items found - 31, recognized as trusted - 28

Suspicious objects

File Description Type

Attention !!! Database was last updated 21.8.2009 it is necessary to update the database (via File - Database update) AVZ Antiviral Toolkit log; AVZ version is 4.32 Scanning started at 5.6.2010 11:46:48 Database loaded: signatures - 237871, NN profile(s) - 2, malware removal microprograms - 56, signature database released 21.08.2009 14:23 Heuristic microprograms loaded: 374 PVS microprograms loaded: 9 Digital signatures of system files loaded: 135524 Heuristic analyzer mode: Maximum heuristics mode Malware removal mode: disabled Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights System Restore: enabled 1. Searching for Rootkits and other software intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Driver loaded successfully SDT found (RVA=085700) Kernel ntkrnlpa.exe found in memory at address 804D7000 SDT = 8055C700 KiST = 8050446C (284) Functions checked: 284, intercepted: 0, restored: 0 1.3 Checking IDT and SYSENTER Analyzing CPU 1 Checking IDT and SYSENTER - complete 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed Driver loaded successfully 1.5 Checking IRP handlers \FileSystem\FastFat[IRP_MJ_CREATE] = 84D18CC0 -> hook not defined Checking - complete 2. Scanning RAM Number of processes found: 53 Extended process analysis: 1656 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [ES]:Program code includes networking-related functionality [ES]:Application has no visible windows [ES]:Loads RASAPI DLL - may use dialing ? Extended process analysis: 3180 C:\Program Files\Companion Suite Pro LL\MFPrintServer.exe [ES]:Program code includes networking-related functionality [ES]:Application has no visible windows [ES]:Registered for automatic startup !! Extended process analysis: 3212 C:\Program Files\Companion Suite Pro LL\MFServices.exe [ES]:Program code includes networking-related functionality [ES]:Application has no visible windows [ES]:Registered for automatic startup !! Extended process analysis: 3252 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [ES]:Application has no visible windows [ES]:Registered for automatic startup !! Number of modules loaded: 672 Scanning RAM - complete 3. Scanning disks 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious software Checking - disabled by user 7. Heuristic system check >>> Suspicion for service/driver reg key masking "gjhqidq" Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry) >> Services: potentially dangerous service allowed: TermService (Terminal Services) >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service) >> Services: potentially dangerous service allowed: Schedule (Task Scheduler) >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing) >> Services: potentially dangerous service allowed: RDSessMgr (Spr?vce relac? n?pov?dy ke vzd?len? plo?e) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled Checking - complete 9. Troubleshooting wizard >> HDD autorun is allowed >> Network drives autorun is allowed >> Removable media autorun is allowed Checking - complete Files scanned: 725, extracted from archives: 0, malicious software found 0, suspicions - 0 Scanning finished at 5.6.2010 11:48:01 Time of scanning: 00:01:17 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address http://virusinfo.info conference System Analysis in progress
Script commands

Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
Remove traces of deleted files
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:
Performance tweaking: disable service RemoteRegistry (Remote Registry)
Performance tweaking: disable service TermService (Terminal Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery Service)
Performance tweaking: disable service Schedule (Task Scheduler)
Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)
Performance tweaking: disable service RDSessMgr (Sprбvce relacн nбpovмdy ke vzdбlenй ploљe)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries
File list