Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate	3064	Google Chrome	Copyright (C) 2006-2010 Google Inc. All Rights Reserved.	??	1012.05 kb, rsAh, created: 28.10.2011 18:53:38, modified: 26.10.2011 10:10:47 Command line: "C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\npSkypeChromePlugin.dll" --lang=sk --channel=2484.08CF1A80.15141194 /prefetch:4
c:\windows\explorer.exe Script: Quarantine, Delete, Delete via BC, Terminate	1904	Windows Explorer	© Microsoft Corporation. All rights reserved.	??	1009.50 kb, rsAh, created: 16.01.2007 22:05:41, modified: 14.04.2008 02:12:19 Command line: C:\WINDOWS\Explorer.EXE
c:\program files\activision\call of duty 2\gamepark2\gpcl.exe Script: Quarantine, Delete, Delete via BC, Terminate	1868	GamePark klient	Allstar Group, s.r.o.	??	399.50 kb, rsAh, created: 09.08.2011 12:18:27, modified: 29.07.2011 15:38:18 Command line: "C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe"
c:\program files\icq7.4\icq.exe Script: Quarantine, Delete, Delete via BC, Terminate	3164	ICQ	Copyright (c) 1998-2010 ICQ, LLC.	??	116.80 kb, rsAh, created: 06.04.2011 16:24:39, modified: 06.04.2011 16:24:39 Command line: "C:\Program Files\ICQ7.4\ICQ.exe"
c:\program files\common files\microsoft shared\vs7debug\mdm.exe Script: Quarantine, Delete, Delete via BC, Terminate	1480	Machine Debug Manager	© Microsoft Corporation. All rights reserved.	??	314.57 kb, rsAh, created: 20.06.2003 00:25:00, modified: 20.06.2003 00:25:00 Command line: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
c:\windows\system32\pnkbstrb.exe Script: Quarantine, Delete, Delete via BC, Terminate	2408			??	209.49 kb, rsAh, created: 24.12.2009 20:56:57, modified: 28.10.2011 17:54:35 Command line: C:\WINDOWS\system32\PnkBstrB.exe
c:\windows\system32\rundll32.exe Script: Quarantine, Delete, Delete via BC, Terminate	472	Run a DLL as an App	© Microsoft Corporation. All rights reserved.	??	32.50 kb, rsAh, created: 04.08.2004 01:56:56, modified: 14.04.2008 02:12:33 Command line: "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate	1184	Skype	(c) Skype Technologies S.A.	??	19092.13 kb, RsAh, created: 13.10.2011 11:45:22, modified: 13.10.2011 11:45:22 Command line: "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate	1020	Generic Host Process for Win32 Services	© Microsoft Corporation. All rights reserved.	??	14.00 kb, rsAh, created: 04.08.2004 01:56:58, modified: 14.04.2008 02:12:36 Command line: C:\WINDOWS\System32\svchost.exe -k Akamai
Detected:44, recognized as trusted 41

Module name	Handle	Description	Copyright	MD5	Used by processes
C:\Documents and Settings\Erika\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\npSkypeChromePlugin.dll Script: Quarantine, Delete, Delete via BC	268435456	Skype Click to Call for Chrome	(c) Skype Technologies S.A.	--	3064
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.SKY Script: Quarantine, Delete, Delete via BC	35979264	PDF Shell Extension	Copyright 2000-2007 Adobe Systems, Inc.	--	1904
c:\program files\common files\akamai\netsession_win_807ba95.dll Script: Quarantine, Delete, Delete via BC	268435456			--	1020
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL Script: Quarantine, Delete, Delete via BC	1364721664	Active Debugging Proxy/Stub	© Microsoft Corporation. All rights reserved.	--	3164, 1480
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL Script: Quarantine, Delete, Delete via BC	1365639168	Process Debug Manager	© Microsoft Corporation. All rights reserved.	--	3164
C:\Program Files\Internet Explorer\mui\041b\shdoclc.dll Script: Quarantine, Delete, Delete via BC	1981218816	Shell Doc Object and Control Library	© Microsoft Corporation. Vљetky prбva vyhradenй.	--	1904
C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll Script: Quarantine, Delete, Delete via BC	65994752	Skype Phone Number Recognizer	(c) Skype Technologies S.A.	--	3064
C:\WINDOWS\system32\NVRSSK.DLL Script: Quarantine, Delete, Delete via BC	13697024	NVIDIA Slovak language resource library	(C) NVIDIA Corporation. All rights reserved.	--	472
Modules found:346, recognized as trusted 338

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
.sys Script: Quarantine, Delete, Delete via BC	F7474000	018000 (98304)
C:\WINDOWS\System32\Drivers\dump_atapi.sys Script: Quarantine, Delete, Delete via BC	B5BAE000	018000 (98304)
C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Script: Quarantine, Delete, Delete via BC	F79D9000	002000 (8192)
Modules found - 119, recognized as trusted - 116

Services

Service	Description	Status	File	Group	Dependencies
PnkBstrB Service: Stop, Delete, Disable, Delete via BC	PnkBstrB	Running	C:\WINDOWS\system32\PnkBstrB.exe Script: Quarantine, Delete, Delete via BC
EhttpSrv Service: Stop, Delete, Disable, Delete via BC	ESET HTTP Server	Not started	C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe Script: Quarantine, Delete, Delete via BC
ekrn Service: Stop, Delete, Disable, Delete via BC	ESET Service	Not started	C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Script: Quarantine, Delete, Delete via BC
npggsvc Service: Stop, Delete, Disable, Delete via BC	nProtect GameGuard Service	Not started	C:\WINDOWS\system32\GameMon.des Script: Quarantine, Delete, Delete via BC
Detected - 105, recognized as trusted - 101

Drivers

Service	Description	Status	File	Group	Dependencies
Abiosdsk Driver: Unload, Delete, Disable, Delete via BC	Abiosdsk	Not started	Abiosdsk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
abp480n5 Driver: Unload, Delete, Disable, Delete via BC	abp480n5	Not started	abp480n5.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
adpu160m Driver: Unload, Delete, Disable, Delete via BC	adpu160m	Not started	adpu160m.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Aha154x Driver: Unload, Delete, Disable, Delete via BC	Aha154x	Not started	Aha154x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78u2 Driver: Unload, Delete, Disable, Delete via BC	aic78u2	Not started	aic78u2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
aic78xx Driver: Unload, Delete, Disable, Delete via BC	aic78xx	Not started	aic78xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
AliIde Driver: Unload, Delete, Disable, Delete via BC	AliIde	Not started	AliIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
amsint Driver: Unload, Delete, Disable, Delete via BC	amsint	Not started	amsint.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc Driver: Unload, Delete, Disable, Delete via BC	asc	Not started	asc.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3350p Driver: Unload, Delete, Disable, Delete via BC	asc3350p	Not started	asc3350p.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
asc3550 Driver: Unload, Delete, Disable, Delete via BC	asc3550	Not started	asc3550.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Atdisk Driver: Unload, Delete, Disable, Delete via BC	Atdisk	Not started	Atdisk.sys Script: Quarantine, Delete, Delete via BC	Primary disk
cd20xrnt Driver: Unload, Delete, Disable, Delete via BC	cd20xrnt	Not started	cd20xrnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Changer Driver: Unload, Delete, Disable, Delete via BC	Changer	Not started	Changer.sys Script: Quarantine, Delete, Delete via BC	Filter
CmdIde Driver: Unload, Delete, Disable, Delete via BC	CmdIde	Not started	CmdIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
Cpqarray Driver: Unload, Delete, Disable, Delete via BC	Cpqarray	Not started	Cpqarray.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dac960nt Driver: Unload, Delete, Disable, Delete via BC	dac960nt	Not started	dac960nt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
dpti2o Driver: Unload, Delete, Disable, Delete via BC	dpti2o	Not started	dpti2o.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
EagleXNt Driver: Unload, Delete, Disable, Delete via BC	EagleXNt	Not started	C:\WINDOWS\system32\drivers\EagleXNt.sys Script: Quarantine, Delete, Delete via BC
GGSAFERDriver Driver: Unload, Delete, Disable, Delete via BC	GGSAFER Driver	Not started	C:\Program Files\Garena\safedrv.sys Script: Quarantine, Delete, Delete via BC
hpn Driver: Unload, Delete, Disable, Delete via BC	hpn	Not started	hpn.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
i2omgmt Driver: Unload, Delete, Disable, Delete via BC	i2omgmt	Not started	i2omgmt.sys Script: Quarantine, Delete, Delete via BC	SCSI Class
i2omp Driver: Unload, Delete, Disable, Delete via BC	i2omp	Not started	i2omp.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ini910u Driver: Unload, Delete, Disable, Delete via BC	ini910u	Not started	ini910u.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
IntelIde Driver: Unload, Delete, Disable, Delete via BC	IntelIde	Not started	IntelIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
lbrtfdc Driver: Unload, Delete, Disable, Delete via BC	lbrtfdc	Not started	lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
mraid35x Driver: Unload, Delete, Disable, Delete via BC	mraid35x	Not started	mraid35x.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
PCIDump Driver: Unload, Delete, Disable, Delete via BC	PCIDump	Not started	PCIDump.sys Script: Quarantine, Delete, Delete via BC	PCI Configuration
PDCOMP Driver: Unload, Delete, Disable, Delete via BC	PDCOMP	Not started	PDCOMP.sys Script: Quarantine, Delete, Delete via BC
PDFRAME Driver: Unload, Delete, Disable, Delete via BC	PDFRAME	Not started	PDFRAME.sys Script: Quarantine, Delete, Delete via BC
PDRELI Driver: Unload, Delete, Disable, Delete via BC	PDRELI	Not started	PDRELI.sys Script: Quarantine, Delete, Delete via BC
PDRFRAME Driver: Unload, Delete, Disable, Delete via BC	PDRFRAME	Not started	PDRFRAME.sys Script: Quarantine, Delete, Delete via BC
perc2 Driver: Unload, Delete, Disable, Delete via BC	perc2	Not started	perc2.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
perc2hib Driver: Unload, Delete, Disable, Delete via BC	perc2hib	Not started	perc2hib.sys Script: Quarantine, Delete, Delete via BC	Filter
ql1080 Driver: Unload, Delete, Disable, Delete via BC	ql1080	Not started	ql1080.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Ql10wnt Driver: Unload, Delete, Disable, Delete via BC	Ql10wnt	Not started	Ql10wnt.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql12160 Driver: Unload, Delete, Disable, Delete via BC	ql12160	Not started	ql12160.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1240 Driver: Unload, Delete, Disable, Delete via BC	ql1240	Not started	ql1240.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ql1280 Driver: Unload, Delete, Disable, Delete via BC	ql1280	Not started	ql1280.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
Simbad Driver: Unload, Delete, Disable, Delete via BC	Simbad	Not started	Simbad.sys Script: Quarantine, Delete, Delete via BC	Filter
Sparrow Driver: Unload, Delete, Disable, Delete via BC	Sparrow	Not started	Sparrow.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_hi Driver: Unload, Delete, Disable, Delete via BC	sym_hi	Not started	sym_hi.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
sym_u3 Driver: Unload, Delete, Disable, Delete via BC	sym_u3	Not started	sym_u3.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc810 Driver: Unload, Delete, Disable, Delete via BC	symc810	Not started	symc810.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
symc8xx Driver: Unload, Delete, Disable, Delete via BC	symc8xx	Not started	symc8xx.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
TosIde Driver: Unload, Delete, Disable, Delete via BC	TosIde	Not started	TosIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
ultra Driver: Unload, Delete, Disable, Delete via BC	ultra	Not started	ultra.sys Script: Quarantine, Delete, Delete via BC	SCSI miniport
ViaIde Driver: Unload, Delete, Disable, Delete via BC	ViaIde	Not started	ViaIde.sys Script: Quarantine, Delete, Delete via BC	System Bus Extender
WDICA Driver: Unload, Delete, Disable, Delete via BC	WDICA	Not started	WDICA.sys Script: Quarantine, Delete, Delete via BC
Detected - 192, recognized as trusted - 143

Autoruns

File name	Status	Startup method	Description
C:\DOCUME~1\Erika\LOCALS~1\Temp\wininitd.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Audio HD Driver Delete
C:\Documents and Settings\Erika\Application Data\audiohd.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Windows Audio Driver Delete
C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\All Users\Start Menu\Programs\Startup\, C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GamePark klient 2.lnk,
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Launch LCDMon Delete
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, egui Delete
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B089FE88-FB52-11D3-BDF1-0050DA34150D} Delete
C:\Program Files\Electronic Arts\EADM\Core.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, EA Core Delete
C:\Program Files\Gameforge4D\4Story\PrePatch.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, 4StoryPrePatch Delete
C:\Program Files\ICQ7.2\ICQ.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, ICQ Delete
C:\Program Files\NuGardt Software\Seismovision 3\Seismovision3.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Seismovision 3.lnk,
C:\Program Files\PokerStars\PokerStarsUpdate.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk,
C:\Program Files\Skype\Phone\Skype.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Skype Delete
C:\Program Files\Winamp\winampa.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, WinampAgent Delete
C:\Program Files\Zoner\Photo Studio 13\Program32\Zps.exe Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\, C:\Documents and Settings\Erika\Application Data\Microsoft\Internet Explorer\Quick Launch\Zoner Photo Studio 13.lnk,
C:\WINDOWS\System32\Drivers\AliIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\aliide, EventMessageFile
C:\WINDOWS\System32\Drivers\CmdIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cmdide, EventMessageFile
C:\WINDOWS\System32\Drivers\IntelIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelide, EventMessageFile
C:\WINDOWS\System32\Drivers\TosIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\toside, EventMessageFile
C:\WINDOWS\System32\Drivers\ViaIde.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\viaide, EventMessageFile
C:\WINDOWS\System32\Drivers\lbrtfdc.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\lbrtfdc, EventMessageFile
C:\WINDOWS\System32\PrintFilterPipelineSvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PrintFilterPipelineSvc, EventMessageFile
C:\WINDOWS\System32\drivers\ss_bbus.sys Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ss_bbus, EventMessageFile
C:\WINDOWS\System32\igmpv2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IGMPv2, EventMessageFile
C:\WINDOWS\System32\ipbootp.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPBOOTP, EventMessageFile
C:\WINDOWS\System32\iprip2.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPRIP2, EventMessageFile
C:\WINDOWS\System32\ospf.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPF, EventMessageFile
C:\WINDOWS\System32\ospfmib.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\OSPFMib, EventMessageFile
C:\WINDOWS\System32\polagent.dll Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PolicyAgent, EventMessageFile
C:\WINDOWS\System32\tssdis.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermServSessDir, EventMessageFile
C:\WINDOWS\system32\KB905474\wgasetup.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WgaSetup, EventMessageFile
C:\WINDOWS\system32\MsSip1.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 1, $DLL Delete
C:\WINDOWS\system32\MsSip2.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 2, $DLL Delete
C:\WINDOWS\system32\MsSip3.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WinTrust\SubjectPackages\MS Subjects 3, $DLL Delete
C:\WINDOWS\system32\SEISMO~1.SCR Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Control Panel\Desktop, scrnsave.exe Delete
C:\WINDOWS\system32\SEISMO~1.SCR Script: Quarantine, Delete, Delete via BC	Active	File system.ini	C:\WINDOWS\system.ini, boot, SCRNSAVE.EXE
C:\WINDOWS\system32\WUDHost.exe Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Windows-Network Component Delete
C:\WINDOWS\system32\psxss.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\WINDOWS\system32\stisvc.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System, EventMessageFile
c:\program files\common files\akamai\netsession_win_807ba95.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Akamai\Parameters, ServiceDll Delete
kbd101.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver JPN Delete
kbd101a.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\i8042prt\Parameters, LayerDriver KOR Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, .DEFAULT\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-19\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-20\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_USERS, S-1-5-18\Control Panel\IOProcs, MVB Delete
mvfs32.dll Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Control Panel\IOProcs, MVB Delete
services32.exe Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\SafeBoot, AlternateShell
vgafix.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fixedfon.fon Delete
vgaoem.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, oemfonts.fon Delete
vgasys.fon Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WOW\boot, fonts.fon Delete
Autoruns items found - 870, recognized as trusted - 820

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Script: Quarantine, Delete, Delete via BC	BHO	Skype Click to Call for Internet Explorer	(c) Skype Technologies S.A.	{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Delete
C:\Program Files\PokerStars\PokerStarsUpdate.exe Script: Quarantine, Delete, Delete via BC	Extension module			{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} Delete
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Script: Quarantine, Delete, Delete via BC	Extension module	Skype Click to Call for Internet Explorer	(c) Skype Technologies S.A.	{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Delete
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Script: Quarantine, Delete, Delete via BC	Extension module	Skype Click to Call for Internet Explorer	(c) Skype Technologies S.A.	{92780B25-18CC-41C8-B9BE-3C9C571A8263} Delete
Items found - 25, recognized as trusted - 21

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
	Display Panning CPL Extension			{42071714-76d4-11d1-8b24-00a0c9068ff3} Delete
	Shell extensions for file compression			{764BF0E1-F219-11ce-972D-00AA00A14F56} Delete
	Encryption Context Menu			{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} Delete
	Taskbar and Start Menu			{0DF44EAA-FF21-4412-828E-260A8728E7F1} Delete
	User Accounts			{7A9D77BD-5403-11d2-8785-2E0420524153} Delete
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll Script: Quarantine, Delete, Delete via BC	ESET Smart Security - Context Menu Shell Extension			{B089FE88-FB52-11D3-BDF1-0050DA34150D} Delete
Items found - 197, recognized as trusted - 191

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
Items found - 8, recognized as trusted - 8

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer
Items found - 4, recognized as trusted - 4

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 3, recognized as trusted - 3

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 19, recognized as trusted - 19
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
80 LISTENING 0.0.0.0 53419 [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
135 LISTENING 0.0.0.0 2177 [1060] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
139 LISTENING 0.0.0.0 39150 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
443 LISTENING 0.0.0.0 10262 [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 10405 [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
1035 ESTABLISHED 77.67.10.149 443 [1020] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1039 LISTENING 0.0.0.0 32827 [1020] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1050 LISTENING 0.0.0.0 53380 [3936] c:\windows\system32\alg.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1065 ESTABLISHED 95.102.169.22 35160 [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1075 ESTABLISHED 172.20.0.198 49937 [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1083 ESTABLISHED 78.45.89.184 36658 [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1093 ESTABLISHED 213.146.189.206 12350 [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1129 ESTABLISHED 109.183.199.151 54233 [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1130 ESTABLISHED 78.102.40.189 13526 [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1142 ESTABLISHED 74.125.39.103 80 [2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1143 ESTABLISHED 66.102.13.97 443 [2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1144 ESTABLISHED 74.125.79.101 80 [2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1146 ESTABLISHED 74.125.39.103 80 [2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1147 ESTABLISHED 74.125.39.120 443 [2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1171 ESTABLISHED 205.188.11.70 5190 [3164] c:\program files\icq7.4\icq.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1236 ESTABLISHED 89.108.66.156 80 [3344] c:\program files\avz4\avz.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1247 TIME_WAIT 217.31.52.197 80 [0]
1248 TIME_WAIT 217.31.52.197 80 [0]
1249 TIME_WAIT 217.31.52.197 80 [0]
1250 TIME_WAIT 217.31.52.197 80 [0]
1251 TIME_WAIT 217.31.52.197 80 [0]
1253 TIME_WAIT 95.168.205.43 80 [0]
1254 TIME_WAIT 74.125.79.102 80 [0]
1255 TIME_WAIT 74.125.79.102 80 [0]
1256 TIME_WAIT 199.93.52.126 80 [0]
1257 TIME_WAIT 199.93.52.126 80 [0]
1258 TIME_WAIT 95.168.205.43 80 [0]
1259 TIME_WAIT 95.168.205.43 80 [0]
1260 TIME_WAIT 95.168.205.43 80 [0]
1261 TIME_WAIT 178.237.23.235 80 [0]
5152 LISTENING 0.0.0.0 30819 [1568] c:\program files\java\jre6\bin\jqs.exe
Script: Quarantine, Delete, Delete via BC, Terminate
8091 LISTENING 0.0.0.0 39150 [1868] c:\program files\activision\call of duty 2\gamepark2\gpcl.exe
Script: Quarantine, Delete, Delete via BC, Terminate
9421 LISTENING 0.0.0.0 119 [1020] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
9422 LISTENING 0.0.0.0 12472 [1020] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
9423 LISTENING 0.0.0.0 2176 [1020] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
36446 LISTENING 0.0.0.0 43108 [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
41711 LISTENING 0.0.0.0 2144 [780] c:\program files\dna\btdna.exe
Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123 LISTENING -- -- [1156] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
123 LISTENING -- -- [1156] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
443 LISTENING -- -- [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING -- -- [4] System
Script: Quarantine, Delete, Delete via BC, Terminate
500 LISTENING -- -- [816] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1025 LISTENING -- -- [604] c:\program files\divx\divx update\divxupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1032 LISTENING -- -- [1020] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1033 LISTENING -- -- [1020] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1037 LISTENING -- -- [1020] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1040 LISTENING -- -- [1020] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1062 LISTENING -- -- [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1066 LISTENING -- -- [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1149 LISTENING -- -- [3164] c:\program files\icq7.4\icq.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1408] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [780] c:\program files\dna\btdna.exe
Script: Quarantine, Delete, Delete via BC, Terminate
1900 LISTENING -- -- [1408] c:\windows\system32\svchost.exe
Script: Quarantine, Delete, Delete via BC, Terminate
4500 LISTENING -- -- [816] c:\windows\system32\lsass.exe
Script: Quarantine, Delete, Delete via BC, Terminate
36446 LISTENING -- -- [1184] c:\program files\skype\phone\skype.exe
Script: Quarantine, Delete, Delete via BC, Terminate
41711 LISTENING -- -- [780] c:\program files\dna\btdna.exe
Script: Quarantine, Delete, Delete via BC, Terminate
44301 LISTENING -- -- [272] c:\windows\system32\pnkbstra.exe
Script: Quarantine, Delete, Delete via BC, Terminate
45301 LISTENING -- -- [2408] c:\windows\system32\pnkbstrb.exe
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 6, recognized as trusted - 6

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 33, recognized as trusted - 33

Active Setup

File name Description Manufacturer CLSID
Items found - 14, recognized as trusted - 14

HOSTS file

Hosts file record
127.0.0.1 localhost
Clear Hosts file

Protocols and handlers

File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, Delete via BC Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Script: Quarantine, Delete, Delete via BC Handler Skype Click to Call for Internet Explorer (skype-ie-addon-data: pluggable protocol) (c) Skype Technologies S.A. {91774881-D725-4E58-B298-07617B9B86A8}
Delete
Items found - 33, recognized as trusted - 29

Suspicious objects

File Description Type

AVZ Antiviral Toolkit log; AVZ version is 4.37
Scanning started at 29.10.2011 17:19:44
Database loaded: signatures - 294598, NN profile(s) - 2, malware removal microprograms - 56, signature database released 29.10.2011 19:09
Heuristic microprograms loaded: 388
PVS microprograms loaded: 9
Digital signatures of system files loaded: 302911
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 5.1.2600, Service Pack 3 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Driver loaded successfully
 SDT found (RVA=08B520)
 Kernel ntoskrnl.exe found in memory at address 804D7000
   SDT = 80562520
   KiST = 804E48D0 (284)
Functions checked: 284, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
 Analyzing CPU 1
 Analyzing CPU 2
 Analyzing CPU 3
 Analyzing CPU 4
 Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Driver loaded successfully
 Checking - complete
2. Scanning RAM
 Number of processes found: 43
Extended process analysis: 1868 C:\Program Files\Activision\Call of Duty 2\GamePark2\gpcl.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 2408 C:\WINDOWS\system32\PnkBstrB.exe
[ES]:Program code includes networking-related functionality
[ES]:Capable of sending mail ?!
[ES]:Application has no visible windows
[ES]:Located in system folder
 Number of modules loaded: 344
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Non-standard registry key for system service: BITS ImagePath=""
Non-standard registry key for system service: wuauserv ImagePath=""
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote Registry)
>> Services: potentially dangerous service allowed: TermService (Terminal Services)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
>> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
>> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 387, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 29.10.2011 17:20:18
Time of scanning: 00:00:35
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
System Analysis in progress

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service RemoteRegistry (Remote Registry)
Performance tweaking: disable service TermService (Terminal Services)
Performance tweaking: disable service SSDPSRV (SSDP Discovery Service)
Performance tweaking: disable service Schedule (Task Scheduler)
Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)
Performance tweaking: disable service RDSessMgr (Remote Desktop Help Session Manager)
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
80	LISTENING	0.0.0.0	53419	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
135	LISTENING	0.0.0.0	2177	[1060] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
139	LISTENING	0.0.0.0	39150	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
443	LISTENING	0.0.0.0	10262	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	10405	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
1035	ESTABLISHED	77.67.10.149	443	[1020] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1039	LISTENING	0.0.0.0	32827	[1020] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1050	LISTENING	0.0.0.0	53380	[3936] c:\windows\system32\alg.exe Script: Quarantine, Delete, Delete via BC, Terminate
1065	ESTABLISHED	95.102.169.22	35160	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
1075	ESTABLISHED	172.20.0.198	49937	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
1083	ESTABLISHED	78.45.89.184	36658	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
1093	ESTABLISHED	213.146.189.206	12350	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
1129	ESTABLISHED	109.183.199.151	54233	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
1130	ESTABLISHED	78.102.40.189	13526	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
1142	ESTABLISHED	74.125.39.103	80	[2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate
1143	ESTABLISHED	66.102.13.97	443	[2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate
1144	ESTABLISHED	74.125.79.101	80	[2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate
1146	ESTABLISHED	74.125.39.103	80	[2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate
1147	ESTABLISHED	74.125.39.120	443	[2484] c:\documents and settings\erika\local settings\application data\google\chrome\application\chrome.exe Script: Quarantine, Delete, Delete via BC, Terminate
1171	ESTABLISHED	205.188.11.70	5190	[3164] c:\program files\icq7.4\icq.exe Script: Quarantine, Delete, Delete via BC, Terminate
1236	ESTABLISHED	89.108.66.156	80	[3344] c:\program files\avz4\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate
1247	TIME_WAIT	217.31.52.197	80	[0]
1248	TIME_WAIT	217.31.52.197	80	[0]
1249	TIME_WAIT	217.31.52.197	80	[0]
1250	TIME_WAIT	217.31.52.197	80	[0]
1251	TIME_WAIT	217.31.52.197	80	[0]
1253	TIME_WAIT	95.168.205.43	80	[0]
1254	TIME_WAIT	74.125.79.102	80	[0]
1255	TIME_WAIT	74.125.79.102	80	[0]
1256	TIME_WAIT	199.93.52.126	80	[0]
1257	TIME_WAIT	199.93.52.126	80	[0]
1258	TIME_WAIT	95.168.205.43	80	[0]
1259	TIME_WAIT	95.168.205.43	80	[0]
1260	TIME_WAIT	95.168.205.43	80	[0]
1261	TIME_WAIT	178.237.23.235	80	[0]
5152	LISTENING	0.0.0.0	30819	[1568] c:\program files\java\jre6\bin\jqs.exe Script: Quarantine, Delete, Delete via BC, Terminate
8091	LISTENING	0.0.0.0	39150	[1868] c:\program files\activision\call of duty 2\gamepark2\gpcl.exe Script: Quarantine, Delete, Delete via BC, Terminate
9421	LISTENING	0.0.0.0	119	[1020] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
9422	LISTENING	0.0.0.0	12472	[1020] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
9423	LISTENING	0.0.0.0	2176	[1020] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
36446	LISTENING	0.0.0.0	43108	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
41711	LISTENING	0.0.0.0	2144	[780] c:\program files\dna\btdna.exe Script: Quarantine, Delete, Delete via BC, Terminate
UDP ports
123	LISTENING	--	--	[1156] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
123	LISTENING	--	--	[1156] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
137	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
443	LISTENING	--	--	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	--	--	[4] System Script: Quarantine, Delete, Delete via BC, Terminate
500	LISTENING	--	--	[816] c:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate
1025	LISTENING	--	--	[604] c:\program files\divx\divx update\divxupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate
1032	LISTENING	--	--	[1020] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1033	LISTENING	--	--	[1020] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1037	LISTENING	--	--	[1020] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1040	LISTENING	--	--	[1020] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1062	LISTENING	--	--	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
1066	LISTENING	--	--	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
1149	LISTENING	--	--	[3164] c:\program files\icq7.4\icq.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1408] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[780] c:\program files\dna\btdna.exe Script: Quarantine, Delete, Delete via BC, Terminate
1900	LISTENING	--	--	[1408] c:\windows\system32\svchost.exe Script: Quarantine, Delete, Delete via BC, Terminate
4500	LISTENING	--	--	[816] c:\windows\system32\lsass.exe Script: Quarantine, Delete, Delete via BC, Terminate
36446	LISTENING	--	--	[1184] c:\program files\skype\phone\skype.exe Script: Quarantine, Delete, Delete via BC, Terminate
41711	LISTENING	--	--	[780] c:\program files\dna\btdna.exe Script: Quarantine, Delete, Delete via BC, Terminate
44301	LISTENING	--	--	[272] c:\windows\system32\pnkbstra.exe Script: Quarantine, Delete, Delete via BC, Terminate
45301	LISTENING	--	--	[2408] c:\windows\system32\pnkbstrb.exe Script: Quarantine, Delete, Delete via BC, Terminate