Malicious Website Blocked SysWOW64\svchost.exe

Oredigger · October 24, 2014

Hello,

This afternoon I started getting a pop up notification from Malwarebytes Anti-Malware saying that it is blocking a malicious website. I will attached a jpg of the pop up message.

I came to the forum and see that others are also having this issue.

I am hoping you can help me. I have also attached the FRST.txt and Addition.txt files as well as the latest scan log from MBAM.

Thank you,

Andrew

FRST.txt

Addition.txt

MBAM Scan Log.txt

Maurice Naggar · October 25, 2014

Hello and welcome to Malwarbytes forum.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Oredigger only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log

and tell me, How is the system now

Re-enable your antivirus program.

Maurice Naggar · October 25, 2014

The logs indicate that this computer is actively being used to pirate and steal software from Adobe.

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy

I regret that it has come to this.

Maurice Naggar · October 26, 2014

With your assurance that the illegal software has been removed, this thread is now re-opened.

So, proceed and post your reports.

Oredigger · October 26, 2014

Great, thank you. I ran Combofix yesterday before our conversation. Here are the contents of the combofix.txt

ComboFix 14-10-24.01 - Andrew Burdick 10/25/2014   8:14.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16270.13543 [GMT -10:00]
Running from: c:\users\Andrew Burdick\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-25 to 2014-10-25 )))))))))))))))))))))))))))))))
.
.
2014-10-25 18:21 . 2014-10-25 18:21 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2014-10-25 18:21 . 2014-10-25 18:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-25 00:46 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47219F95-6DA3-447C-A800-F0F2E8E6A107}\mpengine.dll
2014-10-24 23:17 . 2014-10-24 23:21 -------- d-----w- C:\FRST
2014-10-24 22:54 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-24 22:40 . 2014-10-25 01:28 -------- d-----w- C:\AdwCleaner
2014-10-22 17:14 . 2014-10-22 17:14 -------- d-----w- c:\program files\iPod
2014-10-22 17:14 . 2014-10-22 17:15 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-22 17:14 . 2014-10-22 17:15 -------- d-----w- c:\program files\iTunes
2014-10-22 17:14 . 2014-10-22 17:15 -------- d-----w- c:\program files (x86)\iTunes
2014-10-21 20:11 . 2014-10-21 20:11 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-20 19:12 . 2014-10-20 19:12 0 ----a-w- c:\windows\system32\onggs.dll
2014-10-20 19:12 . 2014-10-20 19:12 70656 ----a-w- c:\windows\system32\tlhjbwv.dll
2014-10-20 19:12 . 2014-10-20 19:12 29184 ----a-w- c:\windows\SysWow64\sxgri.dll
2014-10-20 12:59 . 2014-10-20 12:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-16 13:15 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-16 13:15 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-16 13:15 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-16 13:15 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-16 13:15 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-16 13:15 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-16 13:15 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-16 13:15 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-16 13:15 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-16 13:15 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-09 17:53 . 2014-10-09 17:53 -------- d-----w- c:\programdata\Ubisoft
2014-10-08 22:52 . 2014-10-08 22:52 -------- d-----w- c:\windows\Migration
2014-10-01 22:20 . 2014-09-16 22:40 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4AC9B74E-04DE-4141-9793-44AE4F0FCCDB}\gapaengine.dll
2014-10-01 12:58 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-01 12:58 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-30 15:29 . 2014-09-30 15:29 -------- d-----w- c:\users\Andrew Burdick\AppData\Roaming\com.treefortress.Bardbarian
2014-09-30 13:28 . 2014-09-30 13:28 -------- d-----w- c:\program files (x86)\AMD AVT
2014-09-30 13:27 . 2014-09-30 13:27 -------- d-----w- c:\programdata\ATI
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-25 18:04 . 2014-04-14 00:07 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-22 21:43 . 2012-05-09 21:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-22 21:43 . 2012-05-09 21:14 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 12:59 . 2014-08-06 13:05 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 20:11 . 2012-05-09 02:47 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-01 21:11 . 2014-04-14 00:07 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 21:11 . 2014-04-14 00:07 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 21:11 . 2012-05-09 21:35 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 21:35 . 2014-05-09 23:08 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-22 06:42 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-16 22:40 . 2012-06-13 12:29 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-16 04:21 . 2014-09-16 04:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-09-16 04:19 . 2014-09-16 04:19 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-09-15 22:32 . 2014-09-15 22:32 128384 ----a-w- c:\windows\system32\amdhcp64.dll
2014-09-15 22:32 . 2014-09-15 22:32 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31 . 2014-06-21 05:26 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-09-15 22:31 . 2014-09-15 22:31 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31 . 2014-04-18 02:42 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-09-15 22:31 . 2014-04-18 02:42 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31 . 2014-06-21 05:26 1335544 ----a-w- c:\windows\system32\aticfx64.dll
2014-09-15 22:31 . 2014-04-18 02:42 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31 . 2014-07-09 15:52 10826488 ----a-w- c:\windows\system32\atidxx64.dll
2014-09-15 22:31 . 2014-09-15 22:31 9254184 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-09-15 22:31 . 2014-07-09 15:51 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31 . 2014-04-18 02:42 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-09-15 22:31 . 2014-04-18 02:42 8044976 ----a-w- c:\windows\system32\atiumd6a.dll
2014-09-15 22:31 . 2014-04-18 02:42 8296296 ----a-w- c:\windows\system32\atiumd64.dll
2014-09-15 22:29 . 2014-09-15 22:29 293088 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-09-15 22:26 . 2014-09-15 22:26 16750080 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-09-15 22:18 . 2014-09-15 22:18 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-09-15 22:18 . 2014-09-15 22:18 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-09-15 22:17 . 2014-09-15 22:17 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17 . 2014-09-15 22:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-09-15 22:17 . 2014-09-15 22:17 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17 . 2014-09-15 22:17 33867264 ----a-w- c:\windows\system32\amdocl64.dll
2014-09-15 22:17 . 2014-09-15 22:17 28770304 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-09-15 22:16 . 2014-09-15 22:16 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-09-15 22:16 . 2014-09-15 22:16 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13 . 2014-09-15 22:13 27918336 ----a-w- c:\windows\system32\atio6axx.dll
2014-09-15 22:09 . 2014-09-15 22:09 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-09-15 22:09 . 2014-09-15 22:09 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09 . 2014-09-15 22:09 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-09-15 22:09 . 2014-09-15 22:09 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-09-15 22:09 . 2014-09-15 22:09 5639168 ----a-w- c:\windows\system32\amdmantle64.dll
2014-09-15 22:08 . 2014-09-15 22:08 23375360 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07 . 2014-09-15 22:07 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-09-15 22:07 . 2014-09-15 22:07 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-09-15 22:07 . 2014-09-15 22:07 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07 . 2014-09-15 22:07 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-09-15 22:07 . 2014-09-15 22:07 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07 . 2014-09-15 22:07 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-09-15 22:06 . 2014-09-15 22:06 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05 . 2014-09-15 22:05 4480000 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-09-15 22:03 . 2014-09-15 22:03 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-09-15 22:03 . 2014-09-15 22:03 619008 ----a-w- c:\windows\system32\atieclxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-09-15 22:03 . 2014-09-15 22:03 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03 . 2014-09-15 22:03 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-09-15 22:00 . 2014-09-15 22:00 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-09-15 22:00 . 2014-09-15 22:00 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-09-15 21:59 . 2014-09-15 21:59 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-09-15 21:59 . 2014-09-15 21:59 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-09-15 21:59 . 2014-09-15 21:59 827392 ----a-w- c:\windows\system32\coinst_14.30.dll
2014-09-15 21:59 . 2014-04-18 01:09 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59 . 2014-09-15 21:59 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-09-15 21:59 . 2014-09-15 21:59 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-09-15 21:58 . 2014-09-15 21:58 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-09-09 22:11 . 2014-09-24 13:00 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 13:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-08 18:34 . 2013-10-14 21:24 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2014-09-08 18:34 . 2013-10-14 21:24 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2014-09-08 18:34 . 2013-10-14 21:24 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-09-08 18:34 . 2013-10-14 21:24 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-08-23 02:07 . 2014-08-28 13:12 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 13:12 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-12 14:26 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-12 14:26 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-07-29 00:52 . 2014-07-29 00:52 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-07-29 00:52 . 2014-07-29 00:52 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-09 23:15 223432 ----a-w- c:\users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-09 23:15 223432 ----a-w- c:\users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-09 23:15 223432 ----a-w- c:\users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Amazon Music"="c:\users\Andrew Burdick\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-09-06 6281536]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2012-05-09 5019360]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-18 421888]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-07-24 103936]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-12-07 2771832]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"DNS7reminder"="e:\program files\x86\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-16 767200]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-31 96056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-08 507776]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
c:\users\Andrew Burdick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ascendo DataVault.lnk - c:\program files (x86)\DataVault\DataVault.exe [2013-5-9 6372864]
Core Temp.exe - Shortcut.lnk - c:\program files\Core Temp\Core Temp.exe [2012-6-12 848336]
Dropbox.lnk - c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-7-25 1109344]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2014-7-25 398688]
NexDef Plug-in.lnk - c:\users\Andrew Burdick\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-10-16 1207312]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2013-2-1 1155912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"ISUSPM"=c:\programdata\FLEXnet\Connect\11\\isuspm.exe -scheduler
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm258.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
R3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 ALSysIO;ALSysIO;c:\users\ANDREW~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\ANDREW~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGSUsbFilt;Logitech Gaming KMDF USB Filter Driver;c:\windows\system32\DRIVERS\LGSUsbFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSUsbFilt.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-17 18:37 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 21:43]
.
2014-10-25 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2014-04-01 08:01]
.
2014-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:36]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:36]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847489061-2496862548-2199278647-1000Core.job
- c:\users\Andrew Burdick\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-04 14:11]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1847489061-2496862548-2199278647-1000UA.job
- c:\users\Andrew Burdick\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-04 14:11]
.
2013-05-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 19:41]
.
2014-10-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 19:41]
.
2013-03-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a5064e63-b1e1-4615-816e-3f65d4223c27.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2014-10-25 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f938dd95-1df5-4606-b748-7a557fecd5f0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-05-09 23:15 262344 ----a-w- c:\users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-05-09 23:15 262344 ----a-w- c:\users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-05-09 23:15 262344 ----a-w- c:\users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIRTU MVP"="c:\program files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe" [2012-03-12 3006240]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-23 1331288]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-02-27 8294680]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://192.168.1.147/en/cab/ipcamera.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1847489061-2496862548-2199278647-1000\Software\SecuROM\License information*]
"datasecu"=hex:71,93,f2,53,4f,b3,3f,13,b1,e4,69,8f,5a,dd,f5,15,d6,29,3c,5f,5a,
   80,6e,d3,4b,8e,71,cd,4b,7e,1a,b2,29,19,7c,aa,12,9d,a4,7b,36,78,2b,8c,08,81,\
"rkeysecu"=hex:36,02,74,53,03,38,3d,ef,88,e2,d7,9d,47,8b,6c,72
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-25 08:26:42
ComboFix-quarantined-files.txt 2014-10-25 18:26
.
Pre-Run: 95,132,807,168 bytes free
Post-Run: 101,881,151,488 bytes free
.
- - End Of File - - C80DDA84E3733F93FA12A7FDBC0FDB56
A36C5E4F47E84449FF07ED3517B43A31

Maurice Naggar · October 26, 2014

Please do a Threat & Rootkit Scan:

Start the Anti-Malware program.

Click the Settings icon ( on the top bar) > then click **Detection and Protection** subtab, Detection Options, tick the box 'Scan for rootkits'.

Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.

A Threat Scan will begin.

With _some infections_, you may see this message box.

'Could not load DDA driver'

Click 'Yes' to this message, to allow the driver to load after a restart.

Allow the computer to restart. Continue with the rest of these instructions.

When the scan is complete, click Apply Actions.

Wait for the prompt to restart the computer to appear, then click on Yes.

After the scan has completed, Click on the **History tab** > Application Logs.

Double click on the scan log which shows the Date and time of the scan just performed.

Click **'Copy to Clipboard'**

Paste the contents of the clipboard into your reply.

then in the body of reply box, do a Paste by pressing CTRL+V keys on the keyboard.

Oredigger · October 26, 2014

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/26/2014
Scan Time: 5:35:35 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.26.03
Rootkit Database: v2014.10.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Andrew Burdick

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377620
Time Elapsed: 5 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Maurice Naggar · October 26, 2014

So far, looks ok.

It's important to run this online scan to help look for any remnants that may be lurking. This scan can take upwards of an hour.

1) Turn off your anti-virus software.

2) Click Start>All Programs and locate Internet Explorer (64-bit). Right click to run as Administrator

3) Next, click on the following link ==> http://www.eset.com/onlinescan/

4) Click on the "ESET Online Scanner" button.

5) Put a check in the box that says "YES, I accept the Terms of Use."

6) Click the 'Start' button just to the right of the checkbox.

7) UNCHECK the box that says "Remove found threats" (this is very important).

8) Click on "Advanced settings".

9) Put a check in the box that says "Scan for potentially unsafe applications".

10Verify that "Scan for potentially unwanted applications" is also checked.

11) Verify that "Enable Anti-Stealth technology" is also checked.

12) Click the 'Start' button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.

13) When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."

14) Save that text file on your desktop, and then attach it to a reply for me.

15) Close the ESET online scan.

15) Re-enable your Antivirus.

I will take a look at the log, and let you know if anything needs to be removed.

Oredigger · October 26, 2014

ok, I will do that scan now and attach the results when its finished. I should have mentioned that I am still getting the Malicious Website Blocked messages from MBAM though.

Oredigger · October 26, 2014

I got an error message from Internet Explorer after I hit "start" that said "an add-on for this website failed to run". I reread your directions and tried multiple times and got the same error.

How would you like me to proceed?

Oredigger · October 26, 2014

wait, I forgot to turn off the my anti virus, trying again.

Oredigger · October 26, 2014

Nope, same error, "an add-on for this website failed to run".

Maurice Naggar · October 26, 2014

Please look on the ESET website. There are some other ways to run the online scan.

Oredigger · October 26, 2014

thanks. Running ESET now.

Oredigger · October 26, 2014

ESET finished and found threats. I have attached the log file.

ESET results 2014 10 26.txt

Maurice Naggar · October 26, 2014

Use Virustotal website and submit ( upload) the two files for analysis.

Use your Internet Explorer browser to go here at Virustotal website
Click the Choose File button and then navigate to C:\Windows\System32\sxgri.dll, then click the Scan it button.
The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for C:\Windows\SysWOW64\sxgri.dll
Save the results, and post back here in a reply.

Then let's see what the results are.

Oredigger · October 26, 2014

Virustotal results for C:\Windows\System32\sxgri.dll

Antivirus Result Update AVG MSIL5.AHHG 20141026 Ad-Aware Gen:Variant.Zusy.112032 20141026 AhnLab-V3 Dropper/Win32.Necurs 20141026 Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20141026 Avast Win32:Malware-gen 20141026 Avira TR/Crypt.XPACK.Gen2 20141026 BitDefender Gen:Variant.Zusy.112032 20141026 ESET-NOD32 a variant of MSIL/Injector.FXS 20141026 Emsisoft Gen:Variant.Zusy.112032 (B) 20141026 F-Secure Gen:Variant.Zusy.112032 20141026 GData Gen:Variant.Zusy.112032 20141026 Ikarus Trojan.MSIL.Injector 20141026 Kaspersky HEUR:Trojan.Win32.Generic 20141026 McAfee Trojan-FFDG!9D57FAF2CC61 20141026 NANO-Antivirus Trojan.Win32.XPACK.dgzzxe 20141026 AVware 20141026 AegisLab 20141026 Agnitum 20141025 Baidu-International 20141026 Bkav 20141024 ByteHero 20141026 CAT-QuickHeal 20141025 CMC 20141026 ClamAV 20141026 Comodo 20141026 Cyren 20141026 DrWeb 20141026 F-Prot 20141026 Fortinet 20141026 Jiangmin 20141025 K7AntiVirus 20141025 K7GW 20141025 Kingsoft 20141026 Malwarebytes 20141026 McAfee-GW-Edition 20141026 MicroWorld-eScan 20141025 Microsoft 20141026 Norman 20141026 Qihoo-360 20141026 Rising 20141026 SUPERAntiSpyware 20141025 Sophos 20141026 Symantec 20141026 Tencent 20141026 TheHacker 20141022 TotalDefense 20141026 VBA32 20141023 VIPRE 20141026 ViRobot 20141026 Zillya 20141025 Zoner 20141024 nProtect 20141026

Oredigger · October 26, 2014

Results for C:\Windows\SysWOW64\sxgri.dll

SHA256: 978602bc89c7bd6639b708aeb3028df8bf7458dc1ff112f4b2a2073b94a40435 File name: sxgri.dll Detection ratio: 15 / 53 Analysis date: 2014-10-26 18:20:23 UTC ( 0 minutes ago )

0

Antivirus Result Update AVG MSIL5.AHHG 20141026 Ad-Aware Gen:Variant.Zusy.112032 20141026 AhnLab-V3 Dropper/Win32.Necurs 20141026 Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20141026 Avast Win32:Malware-gen 20141026 Avira TR/Crypt.XPACK.Gen2 20141026 Baidu-International Trojan.MSIL.Injector.BFXS 20141026 BitDefender Gen:Variant.Zusy.112032 20141026 Emsisoft Gen:Variant.Zusy.112032 (B) 20141026 F-Secure Gen:Variant.Zusy.112032 20141026 GData Gen:Variant.Zusy.112032 20141026 Ikarus Trojan.MSIL.Injector 20141026 Kaspersky HEUR:Trojan.Win32.Generic 20141026 McAfee Trojan-FFDG!9D57FAF2CC61 20141026 NANO-Antivirus Trojan.Win32.XPACK.dgzzxe 20141026 AVware 20141026 AegisLab 20141026 Agnitum 20141025 Bkav 20141024 ByteHero 20141026 CAT-QuickHeal 20141025 CMC 20141026 ClamAV 20141026 Comodo 20141026 Cyren 20141026 DrWeb 20141026 F-Prot 20141026 Fortinet 20141026 Jiangmin 20141025 K7AntiVirus 20141025 K7GW 20141025 Kingsoft 20141026 Malwarebytes 20141026 McAfee-GW-Edition 20141026 MicroWorld-eScan 20141025 Microsoft 20141026 Norman 20141026 Qihoo-360 20141026 Rising 20141026 SUPERAntiSpyware 20141025 Sophos 20141026 Symantec 20141026 Tencent 20141026 TheHacker 20141022 TotalDefense 20141026 TrendMicro 20141026 TrendMicro-HouseCall 20141026 VBA32 20141023 VIPRE 20141026 ViRobot 20141026 Zillya 20141025 Zoner 20141024 nProtect 20141026

Oredigger · October 26, 2014

attached screen capture of virustotal results in case it is helpful

Maurice Naggar · October 26, 2014

The 2DLL files can be deleted. This script fix will do that.

Save the attached file Fixlist.txt to the same location where you have FRST.exe ---- thats important for the Fix to work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite an existing one please allow)

Run FRST again but this time press the "Fix" button just once and wait.

When finished, it will make a log ( fixlog.txt ) next to FRST.
Please attach the Fixlog.txt into a reply.

Fixlist.txt

Oredigger · October 26, 2014

finished - here is the Fixlog

Fixlog.txt

Maurice Naggar · October 26, 2014

OK, good. 1 was found and deleted. The other DLL was not found.

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

When all done, Re-Enable your antivirus program.

How is the system at this point?

The issue of repeating IP blocks should be no more.

Oredigger · October 26, 2014

_{HI, I had to run the scan in Chrome, it would not run in ie. After the scan I started getting the blocked website again}

QuickScan 32-bitv0.9.9.142
--------------------------
Scan date: Sun Oct 26 10:26:32 2014
Machine ID: 72B5FB75

No infection found.
-------------------

Processes
---------
(unsigned) CommandService Application               2124    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(unsigned) Monitor Application                      4152    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(unsigned) nexdef.exe                               4100    C:\Users\Andrew Burdick\AppData\Local\Autobahn\nexdef.exe
(unsigned) QuickBooks for Windows                   2404    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(unsigned) SetPoint32.exe                           4144    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

(verified)   hpwuSchd Application                    4216    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(verified) Adobe Acrobat Update Service             1844    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(verified) Amazon Music Helper.exe                  3484    C:\Users\Andrew Burdick\AppData\Local\Amazon Music\Amazon Music Helper.exe
(verified) Apple Push                               1968    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(verified) Bing Bar                                 1944    C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(verified) Dragon NaturallySpeaking                 1056    C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(verified) Dropbox                                  4624    C:\Users\Andrew Burdick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(verified) Evernote®                                5076    C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(verified) Evernote®                                4688    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(verified) Evernote®                                5088    C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(verified) FlexNet Connect                          5032    C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(verified) Google Chrome                            1292    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome                            5296    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome                            6748    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome                            7884    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome                            3872    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome                            6424    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) Google Chrome                            4896    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified) IAStorDataSvc                            3044    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(verified) IAStorIcon                               6152    C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(verified) iCloud                                   3652    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(verified) Intel® Active Management Technology L 6360    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(verified) Intel® Dynamic Application Loader Hos 2092    C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(verified) Intel® Management and Security Applic 3464    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(verified) Intel® USB 3.0 Monitor                 4936    C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(verified) IntelMeFWService.exe                     2064    C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(verified) iTunes                                   4572    C:\Program Files (x86)\iTunes\iTunesHelper.exe
(verified) Java Platform SE Auto Updater            4412    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Malwarebytes Anti-Malware                3536    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(verified) Malwarebytes Anti-Malware                2152    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(verified) Malwarebytes Anti-Malware                2248    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(verified) Microsoft Office 2013                    6860    C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(verified) Microsoft Office 2013                    7188    C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(verified) Microsoft® Windows® Operating System     7040    C:\Windows\SysWOW64\ctfmon.exe
(verified) Microsoft® Windows® Operating System     4648    C:\Windows\SysWOW64\svchost.exe
(verified) MobileDeviceService                      1900    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(verified) QuickBooks Automatic Update              4032    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(verified) XFast USB                                4772    C:\Program Files (x86)\XFastUSB\XFastUsb.exe

Network activity
----------------
Process APSDaemon.exe (1968) connected on port 5223 (XMPP/Jabber) --> 17.110.224.213
Process Amazon Music Helper.exe (3484) connected on port 443 (HTTP over SSL) --> 176.32.98.79
Process iCloudServices.exe (3652) connected on port 443 (HTTP over SSL) --> 17.158.52.55
Process Dropbox.exe (4624) connected on port 80 (HTTP) --> 108.160.165.33
Process chrome.exe (5296) connected on port 443 (HTTP over SSL) --> 17.158.52.35
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.225.144
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.239.8
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.28.95
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.239.31
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.239.3
Process chrome.exe (6748) connected on port 80 (HTTP) --> 23.193.152.53
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.239.13
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.239.1
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.239.1
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.239.7
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.239.26
Process chrome.exe (6748) connected on port 80 (HTTP) --> 74.125.225.144
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.239.31
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.239.10
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.28.95
Process chrome.exe (6748) connected on port 443 (HTTP over SSL) --> 74.125.239.11
Process chrome.exe (6748) connected on port 80 (HTTP) --> 66.235.141.17

Process QBCFMonitorService.exe (2404) listens on ports: 8019
Process Dropbox.exe (4624) listens on ports: 17500

Autoruns and critical files
---------------------------
(verified)   hpwuSchd Application                    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(verified) Adobe Reader and Acrobat Manager         C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Adobe® Flash® Player Update Service      C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) Amazon Music Helper.exe                  C:\Users\Andrew Burdick\AppData\Local\Amazon Music\Amazon Music Helper.exe
(verified) Apple Push                               C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(unsigned) Ascendo DataVault                        C:\Program Files (x86)\DataVault\DataVault.exe
(verified) Catalyst® Control Center                 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(unsigned) Core Temp                                C:\Program Files\Core Temp\Core Temp.exe
(verified) Delayed launcher                         C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
(verified) Dropbox                                  C:\Users\Andrew Burdick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(verified) Evernote®                                C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(verified) Evernote®                                C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(verified) FlexNet Connect                          C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(verified) Glary Utilities                          C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
(verified) Google Update                            C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) Google Update                            C:\Users\Andrew Burdick\AppData\Local\Google\Update\GoogleUpdate.exe
(verified) iCloud                                   C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(verified) Intel Services Manager                   C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
(verified) Intel® USB 3.0 Monitor                 C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(verified) IntuitSyncManager                        C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
(verified) iTunes                                   C:\Program Files (x86)\iTunes\iTunesHelper.exe
(verified) Java Platform SE Auto Updater            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Logitech SetPoint                        C:\Program Files\Logitech\SetPoint\SetPoint.exe
(verified) Lucidlogix appinit_dll.                  c:\Windows\System32\appinit_dll.dll
(verified) Lucidlogix appinit_dll.                  c:\Windows\SysWOW64\appinit_dll.dll
(verified) Microsoft® Windows® Operating System     C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Microsoft® Windows® Operating System     c:\Windows\System32\userinit.exe
(unsigned) Monitor Application                      C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(unsigned) nexdef.exe                               C:\Users\Andrew Burdick\AppData\Local\Autobahn\nexdef.exe
(verified) QuickBooks Automatic Update              C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(unsigned) QuickTime                                C:\Program Files (x86)\QuickTime\QTTask.exe
(unsigned) SUPERAntiSpyware                         C:\Program Files\SUPERAntiSpyware\SASTask.exe
(verified) XFast USB                                C:\Program Files (x86)\XFastUSB\XFastUsb.exe

Browser plugins
---------------
(verified) Adobe Acrobat                            C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
(verified) AdobeAAMDetect                           C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
(verified) AmazonMP3DownloaderPlugin                E:\Program Files\x86\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
(verified) Bing Bar                                 c:\program files (x86)\microsoft\BingBar\7.3.132.0\BingExt.dll
(verified) Bitdefender QuickScan                    C:\Users\Andrew Burdick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.145_0\npqscan.dll
(verified) Bonjour                                  C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) Bonjour                                  C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Evernote®                                c:\program files (x86)\Evernote\Evernote\evernoteie.dll
(verified) EZTwain Pro                              C:\Windows\Downloaded Program Files\EZCurl.dll
(verified) EZTwain Pro                              C:\Windows\Downloaded Program Files\EZDcx.dll
(verified) EZTwain Pro                              C:\Windows\Downloaded Program Files\EZGif.dll
(verified) EZTwain Pro                              C:\Windows\Downloaded Program Files\EZJpeg.dll
(verified) EZTwain Pro                              C:\Windows\Downloaded Program Files\EZOcr.dll
(verified) EZTwain Pro                              C:\Windows\Downloaded Program Files\EZPdf.dll
(verified) EZTwain Pro                              C:\Windows\Downloaded Program Files\EZPng.dll
(verified) EZTwain Pro                              C:\Windows\Downloaded Program Files\EZSymbol.dll
(verified) EZTwain Pro                              C:\Windows\Downloaded Program Files\EZTiff.dll
(verified) EZTwainX TWAIN Scanning Control          C:\Windows\Downloaded Program Files\EZTwainX.ocx
(verified) Google Talk Plugin                       C:\Users\Andrew Burdick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
(verified) Google Talk Plugin Video Renderer        C:\Users\Andrew Burdick\AppData\Roaming\Mozilla\plugins\npo1d.dll
(verified) Google Toolbar for Internet Explorer     c:\program files (x86)\Google\google toolbar\googletoolbar_32.dll
(verified) Google Update                            C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
(verified) Google Update                            C:\Users\Andrew Burdick\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
(unsigned) Harmony Firefox Plugin                   C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
(verified) HP Smart Print                           C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
(verified) iCloud Control Panel                     C:\Users\Andrew Burdick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\win-x32\AppleChromeDAV.dll
(unsigned) ie.dll                                   c:\program files (x86)\datavault\ie.dll
(verified) Intel® Identity Protection Technology    C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
(verified) Intel® Identity Protection Technology    C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
(verified) Java Deployment Toolkit 8.0.250.18       C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
(verified) Java Platform SE 8 U25               c:\program files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
(verified) Java Platform SE 8 U25               C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
(verified) Java Platform SE 8 U25               c:\program files (x86)\Java\jre1.8.0_25\bin\ssv.dll
(verified) Logitech Device Detection                C:\Windows\Downloaded Program Files\LogitechDeviceDetection32.ocx
(verified) Microsoft Office 2010                    C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010                    c:\program files\microsoft office 15\root\office15\urlredir.dll
(verified) Microsoft Office 2013                    C:\Program Files\Microsoft Office 15\root\office15\NPSPWRAP.DLL
(verified) Microsoft® Windows Live ID               c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® Windows Live ID               C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows Live ID               C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\mswsock.dll
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\nlaapi.dll
(verified) nativeqs.dll                             C:\Users\Andrew Burdick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.145_0\nativeqs.dll
(unsigned) npapi.dll                                C:\Program Files (x86)\DataVault\npapi.dll
(verified) npitunes.dll                             C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPSWF32_15_0_0_152.dll                   C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
(verified) npuplaypc.dll                            C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
(unsigned) qsinstaller.exe                          C:\Users\Andrew Burdick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.145_0\qsinstaller.exe
(unsigned) QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.5                  C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
(verified) Silverlight Plug-In                      C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
(unsigned) thinkorswim                              C:\Program Files (x86)\thinkorswim\npthinkorswim.dll
(unsigned) tossc                                    C:\Program Files (x86)\thinkorswim\nptossc.dll
(verified) WebEx Download Module                    C:\Windows\Downloaded Program Files\ieatgpc.dll
(verified) Windows® Internet Explorer               C:\Windows\SysWOW64\ieframe.dll
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\NapiNSP.dll
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System     C:\Windows\System32\winrnr.dll

Scan
----
MD5: 446bcae59e26321802e000fc3e0c390a C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
MD5: 3cd5fd3fed5388dc01a072db5d06c9cd C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 47ea5f76fab723c61ab4a0d79bad512c C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: c5679e5186b2fc95bc76a8a9870d5456 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: f00da1a135fca11d4426d9a5ab72cf0f C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
MD5: 29158b1dc3f86d4b0d6a127fe586adff C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 09e60b4fe341a94a300830c008907099 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: bef3760b4e1d599813230b3ab4c619bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
MD5: 8eaeb0ed23a98de0f0c812d756e47ce9 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: 5b9282f1bf7c34a93a282ec4d6918e12 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 005d62e870f103e9ee427724d9dc3bf4 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 7fccdae9116cec026fd7c848a3ffb4e7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\Foundation.dll
MD5: 54023df1a9a7d481b4762b09ecca330f C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt49.dll
MD5: 534de277e2719093eb1afc3ee3307a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: bce7dd8098ce6dd28ee2b0d5d5028b47 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: 922563953e405aa9762f90778b711f77 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: d641f0b7bf2e3a34d8681c2af92e79d2 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libtidy.dll
MD5: c0c76975dd290a1bd76141b8ce9a083f C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 8ca0a722526de3fc8d09700b0e017eca C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: d67daa3998efc0982b051a16a83fde14 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 57a6362d71b5003c48ee21f2dbb624b1 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: d97507c17a3351db5632c620de5fad19 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.dll
MD5: 725ab72d5dd462f2edaf1a6c59c8cfb5 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: f1e2d8498efeeb474be9aff6105e8195 C:\Program Files (x86)\Common Files\Apple\Internet Services\AOSKit.dll
MD5: ca595fa53e6c797ec1ab43afb4b4f183 C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MD5: 716905b75bfd63dff5a635248be3b2b5 C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.resources\en.lproj\iCloudServicesLocalized.dll
MD5: a393e936945c184967afb0718fa3619a C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices_main.dll
MD5: 650d03e40f93fae323cb841f80368e5c C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: c16f9a340ac46a8f835cc496b6f3a4e7 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: a081515d303703dd209ba588646acaf1 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: cff7cd91e1814438552959bc71fe5342 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\libeay32.dll
MD5: ad4524bf57249027759a426a450e085d C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: 44a611dce116d109c8ccf692f09dfbae C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ssleay32.dll
MD5: cc71deba84e7ad3192bb6b48f62a1b0b C:\Program Files (x86)\Common Files\Intuit\QuickBooks\CFScan.dll
MD5: 6bee1814470dc12fa20c53dfc3c97ebb C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
MD5: b1a7437a886ce87b31a12a154ed33833 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
MD5: 912568e43e0d87c29412993ff49dbcb2 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBDBPortFinder.DLL
MD5: f5dd097058c147cde4c5aa476b2f3f2c C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
MD5: 0122e3120de2429dcdcd80ba7f9aba04 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\QBSendError20.dll
MD5: aec5c09809c3ead1c16ac86ef098e565 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbuchannel.dll
MD5: 6559286a3d75a5f5f6dcdb77851ee8e5 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
MD5: fc2741a70b84d7e7ba5f51a352669ee8 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\stlport_r50.dll
MD5: fc2741a70b84d7e7ba5f51a352669ee8 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\stlport_r50.dll
MD5: d7085ad6ebac045c3c744e7a8360a290 C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
MD5: 887caa31048eb8ed09a0cbd0e6f46f09 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 28ddca0021ac200864248e02ef9727e2 C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
MD5: 30b5f9fb0c35ae6b4a0851d24ce2ee8b C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
MD5: b5fc9ad4a57ca33c538ce3eb8bedb1d0 C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
MD5: db0768632c680b7c0d3aa92d80416893 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: e2095c5cbe19cb17f8c6b07a5805b784 C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
MD5: 347808ff7daa6ba6a25d0e4fea67e15d C:\Program Files (x86)\DataVault\DataVault.exe
MD5: b8c57691a4d7f2464cb9d8a67357af47 c:\program files (x86)\datavault\ie.dll
MD5: ab0fa74bad60f65414a1bf2d9f88faaa C:\Program Files (x86)\DataVault\npapi.dll
MD5: e820f3510049607125e2a025987383b4 C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
MD5: 9d400d6fb93666e907462aacf3daff4b C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
MD5: 3705b56800d4a7254176c1fdcb5600a4 C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
MD5: 308c9bb334e56620ab39bec823003a32 C:\Program Files (x86)\Evernote\Evernote\encrashrep.dll
MD5: 4195f78e6412e376705c1404df0ce84e C:\Program Files (x86)\Evernote\Evernote\ENFatInk.dll
MD5: aad7295ca2411a8619e340ba80bae0d8 C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
MD5: d2c12d1d75561a227766bb68879cef55 C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
MD5: 52b1e17ec9cca1e5bd63d60d78087429 c:\program files (x86)\Evernote\Evernote\evernoteie.dll
MD5: 79463f6fcc61e15e953621f110a54f13 C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
MD5: 48b751172412d5eb0fe64fbc9ae8d724 C:\Program Files (x86)\Evernote\Evernote\fpdfemb.dll
MD5: 5ee4fbe5bc0147cf74e5215b7ba3a2cd C:\Program Files (x86)\Evernote\Evernote\icudt.dll
MD5: 8b93585b7e4fe0b9178edea84f786b70 C:\Program Files (x86)\Evernote\Evernote\libcef.dll
MD5: 5bdfe313d3058fcd17843ba8c210c0e0 C:\Program Files (x86)\Evernote\Evernote\libhunspell.dll
MD5: e6294243a76228b76c4a605af170c407 C:\Program Files (x86)\Evernote\Evernote\libpcre.dll
MD5: bdb56c2c356b4adb10f3d4100c2ae3ac C:\Program Files (x86)\Evernote\Evernote\libsqlite.dll
MD5: eaa88e9dc77598bcaad214f2fb0bf0b7 C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MD5: ca4341070688ba13e8eef1ce997899a0 C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MD5: bf911c487fa80932cd65e32d55fe0f8d C:\Program Files (x86)\Evernote\Evernote\LibZIP.dll
MD5: 9cdb8249465188b0470d5f4d54925756 C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
MD5: fa198903b4151edf0f01c5fe19a3875a C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome.dll
MD5: 0ed24e33904110b49b8c7ae883093c16 C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome_child.dll
MD5: 5e6504432db222547b729b784689bebb C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\chrome_elf.dll
MD5: 5bf8e37fa1e25227480f9cd2aca21fb6 C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\d3dcompiler_46.dll
MD5: fb7ec1437dd9b869c9c9844cf7b8ede6 C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
MD5: 96f620b4d6c245b4401624c248aa4a17 C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
MD5: 9873aefdf96e5e7cd8f11722dc3a2557 C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
MD5: 83cfd96a3674c2183aac5651b86aca3d C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libpeerconnection.dll
MD5: 6564b4ae1c541c7e0c51c8590b302008 C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
MD5: b53d59915a356b06c1d7de5b22b4177c C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
MD5: 5d4bc124faae6730ac002cdb67bf1a1c C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
MD5: 81590207a8efab40bafe743d8073eb9b c:\program files (x86)\Google\google toolbar\googletoolbar_32.dll
MD5: 40aae0a1a4f664828df5a95875aea1c8 C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
MD5: 51508f0c2476177e50c31b0bbfbf1bdb C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
MD5: b7d7f9d7c449b79aa2898ba092a56565 C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
MD5: 34d296afc913e302953c70463ef09a48 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
MD5: 3c6630473dd42ffc57d9f5564f533127 C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
MD5: 896aa2f1d79662b17d5dbbe588e24e30 C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
MD5: e5b64eef764ff090c6ad0c8c5c4c62b0 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
MD5: d158d8f67851ca35efa39418b16940b8 C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
MD5: 2b23faa39d8f949ed5eee03eca50bcd5 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
MD5: e22a28918335eb3c573637c2de769234 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
MD5: 0b65f1a60ed6df8babd6f912178fa925 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\Common.dll
MD5: 6819f72ebded8534e6f49c72831b7d0a C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\Configurator.dll
MD5: fbeb41d943755b32432e56c210f78e96 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\EventManager.dll
MD5: c3c31717d39cb97c5149abcb2b929220 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\GmsCommon.dll
MD5: 7d44a1521cc50ba50b1ae5d76f6edec1 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusEventHandler.dll
MD5: 3c5405ef78576e8e4d791eb18f6856a8 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
MD5: e3608d9fd3e087554546ee0c26f496f9 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\WsmanClient.dll
MD5: c7aac31a910e4bbfdf94d3786ed13e71 C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
MD5: ffbeab63b173ee007758bc0c52959dfe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorCommon.dll
MD5: d805aab00d69370e20383d74e08cf735 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgr.dll
MD5: 777788d9b63cceeef2db353ba4edd454 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
MD5: 532c9b5b2b4b88a8b8077e9c42288b48 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvcInterfaces.dll
MD5: c0e392910782c2bb9a28c8538cc1e1a1 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MD5: 7bc5778bf0a2e87d3270da11ecb5110a C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
MD5: 7a3b169ff2ea753b2c14a5cb72bb87fc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUtil.dll
MD5: 15f10ee5cdaadc42c4dd53cae0595ab3 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorViewModel.dll
MD5: bea1ec3ca4171dd3481d549fce2d6b2a C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
MD5: 58a98504136f78a07ce8c91df3d08662 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI2.dll
MD5: 4098b69c6fb272ba2e648f08e8bd75c1 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\PSI.dll
MD5: c854d6dd7eb3d13385c6d6c04a6d076c C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\PSIClient.dll
MD5: 2045a5154e6e436aad9e2761268dd53d C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\PsiData.dll
MD5: a3da49ff1d7288237ff18b31b7fe1087 C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
MD5: 4d1da8ce5e364d22b4ff00f163194514 C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
MD5: 536a4997067287e261d904e33f253578 C:\Program Files (x86)\iTunes\iTunesHelper.dll
MD5: 0ef0822810009d58118ccdfd098fa9f4 C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: c65439fc97be565644d20a159aa38c4a C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
MD5: 0750f7cc03ccaa673270df11600ccad6 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll
MD5: 54740489c66afc8b78cf9a2893a5da63 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: 238f239eaeff7e3e782913d599084e18 C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
MD5: 51ee843959499f37337b3faf9414f977 c:\program files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
MD5: e7006bb5611298dbdd03fe3519c19ac2 C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
MD5: c6e75974a977e391f6548d76847b22a1 c:\program files (x86)\Java\jre1.8.0_25\bin\ssv.dll
MD5: 9780d807fe1c36e76fb9a48d4e5277f8 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
MD5: cd28adbde9b910626c9d613e02c2972e C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
MD5: 735623aaed32285d47fe6716d92abc40 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MD5: 964b05ee97d3e71f585f97fd93c2cd6b C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MD5: 955c1332235a008adf975d56a81507c1 C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
MD5: ce5bab535bfa98530ddac4661a751dfe C:\Program Files (x86)\Malwarebytes Anti-Malware\7z.dll
MD5: ff014ac49ac32e5f1c7d6e271b320893 C:\Program Files (x86)\Malwarebytes Anti-Malware\imageformats\qgif4.dll
MD5: 59569d4be0d79a2b8c3241c6dcea0034 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.dll
MD5: f89773dfa9b8c95a3ac2af1e7d99e483 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
MD5: a8d4b1d04a5fcd862321ce106da7ce4e C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamcore.dll
MD5: 6d8a2ee4244630b290a837e79c0f37a1 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
MD5: 09d4503cbb6adb3a54e7c7a75090b728 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
MD5: a422816a15cfac50567fd0f6582fd2cf C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamsrv.dll
MD5: ca55500e2e0515fcc888c4a5e01e64b7 C:\Program Files (x86)\Malwarebytes Anti-Malware\msvcp100.dll
MD5: 4c539e592e50633b21ab1e1fda40a32a C:\Program Files (x86)\Malwarebytes Anti-Malware\msvcr100.dll
MD5: 61af7614418ba5b9e8b4eb82e459be53 C:\Program Files (x86)\Malwarebytes Anti-Malware\QtCore4.dll
MD5: 2954dc080087cf73818f959cb3ed9c13 C:\Program Files (x86)\Malwarebytes Anti-Malware\QtGui4.dll
MD5: d36b759179ddd214743dcfb8ed791fa2 C:\Program Files (x86)\Malwarebytes Anti-Malware\QtNetwork4.dll
MD5: 15c8afc4f5e0ccd3c692ba860526528e C:\Program Files (x86)\Microsoft Security Client\MpClient.dll
MD5: 523656f7a19585b962138504f164643b C:\Program Files (x86)\Microsoft Security Client\MpOAv.dll
MD5: 893bf7d2261c56c24f813405d9d018e0 C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
MD5: cfbe6ac308ddcbcef06658a5a1b82948 C:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll
MD5: 5f685973740f289be3c809952db8408b C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
MD5: 672f071643923998c334459d5e957c19 c:\program files (x86)\microsoft\BingBar\7.3.132.0\BingExt.dll
MD5: 76f78018f45e7f92164cea5020176933 C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
MD5: 08e7173d1b74095335052459200cb1ea C:\Program Files (x86)\QuickTime\QTTask.exe
MD5: 3ca734ce373e5675fbc15ca2c45228e5 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
MD5: 8dbc6056e367e72c9de4e471c8e72b19 C:\Program Files (x86)\thinkorswim\npthinkorswim.dll
MD5: cdd464a05245006900b8de4a1d9b8a5c C:\Program Files (x86)\thinkorswim\nptossc.dll
MD5: ebd035c24186b78934de90279c9d740b C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
MD5: 2b2687d326eb5bb5c367473e033bbeec C:\Program Files (x86)\Windows Defender\MpOAV.dll
MD5: 00555b98bec9d41d21da6a479719cf4f C:\Program Files (x86)\XFastUSB\XFastUsb.exe
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 88e52495b47c67126b510af53fdb0bc7 C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
MD5: fe9c0029e1af26350d9985d00520e5c8 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
MD5: 0a888754c63c3a5d8cd8f7492c62b40d C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 72a04007efef1825625d5af3022d93c8 C:\Program Files\Core Temp\Core Temp.exe
MD5: 832ce330dd987227b7dea8c03f22aefa C:\Program Files\Intel\iCLS Client\HeciServer.exe
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
MD5: 7fae5b6cdb18b0b2e81f32869f595022 C:\Program Files\iPod\bin\iPodService.exe
MD5: 970e191fa2ba21844d7103792b6885f6 C:\Program Files\Logitech\SetPoint\SetPoint.exe
MD5: dcdaa5ad16ae0fd9a71ed7347ab2c236 C:\Program Files\Logitech\SetPoint\x86\AdobeHookDll.dll
MD5: e23d6338e27442a11578dd284ea4d08c C:\Program Files\Logitech\SetPoint\x86\AOLHookDll.dll
MD5: 858b5dff1516d0deeae8a129b9eeb005 C:\Program Files\Logitech\SetPoint\x86\GameHook.dll
MD5: 697743e98dfe021850bd28c4aae990cd C:\Program Files\Logitech\SetPoint\x86\HookDll.dll
MD5: 9c13b38b77b89283238f79b960e72fff C:\Program Files\Logitech\SetPoint\x86\IMHook.dll
MD5: 29bb5ae1f5535b909ceee43f21a7ee0d C:\Program Files\Logitech\SetPoint\x86\KEMHook.dll
MD5: 25e06481510846a7b0447fe8c051dc8f C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll
MD5: 55709a4daf50eaf99c38aa09e758decd C:\Program Files\Logitech\SetPoint\x86\MessengerHook.dll
MD5: c316afae719b1c1ce1b903673bc6a641 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
MD5: 871eee78f98d6e31c80fd39433a8fe2f C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
MD5: f2814e9b05d3a3c8e5bab7c6ebf6f1ad C:\Program Files\Microsoft Office 15\root\office15\1033\ospintl.dll
MD5: deaeb4b9b91be9b3a619bd104e81f1c1 C:\Program Files\Microsoft Office 15\root\office15\1033\wwintl.dll
MD5: 2c5b4487ac22fb158465b60e70c2ec8f C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MD5: f453959f223988909302dcb363021efa C:\Program Files\Microsoft Office 15\root\office15\appvisvsubsystems32.dll
MD5: 06b7e2ed8b515d478020bac681b28c41 C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MD5: bb5a3e8e0683248549cd68378dcaba6d C:\Program Files\Microsoft Office 15\root\office15\csi.dll
MD5: b303f05acac08e4c382ca0b304b36258 C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
MD5: 60257ebaae2a9a2129253165ceca7508 C:\Program Files\Microsoft Office 15\root\office15\msproof7.dll
MD5: e3c817f7fe44cc870ecdbcbc3ea36132 C:\Program Files\Microsoft Office 15\root\office15\msvcp100.dll
MD5: bf38660a9125935658cfa3e53fdc7d65 C:\Program Files\Microsoft Office 15\root\office15\msvcr100.dll
MD5: 18cf51689186aeb9d1d149aeb0e92d03 C:\Program Files\Microsoft Office 15\root\office15\NPSPWRAP.DLL
MD5: a7bf24a6bcc146d79b24d688febbe2c9 C:\Program Files\Microsoft Office 15\root\office15\oart.dll
MD5: 706c83135a75155d03b2045ddfec9406 C:\Program Files\Microsoft Office 15\root\office15\PROOF\1033\MSGR3EN.DLL
MD5: ec9dd58c7486d01cabf1b5e18cc0e9df c:\program files\microsoft office 15\root\office15\urlredir.dll
MD5: 261f4557c83373370330f2e48b9b7dfb C:\Program Files\Microsoft Office 15\root\office15\winword.exe
MD5: 1f05a1a78003b2a01040ff0a4a4a74a7 C:\Program Files\Microsoft Office 15\root\office15\wwlib.dll
MD5: 5a351422c96da469af9e2ea73379706d C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\1033\ACEWSTR.DLL
MD5: 016647eb9f0e80d7d1670411cb5821ef C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\1033\msointl.dll
MD5: 406f03e2c6a5d473ff05267d3d2f9d60 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\acecore.dll
MD5: 172e0134dcf66a8f51d17a3cba11a32c C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\acees.dll
MD5: a33b5bce564da2aa0b122751e9508465 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\ACEOLEDB.DLL
MD5: bb5a3e8e0683248549cd68378dcaba6d C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csi.dll
MD5: 1ffc7aa8c2d742c986994c092e9299cf C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\Cultures\OFFICE.ODF
MD5: d4bf190011cd8d5d9e2308c66f357437 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\EXPSRV.DLL
MD5: 93efedf7cf5e2bdf476b01558c6c67cd C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSO.DLL
MD5: 26b1bc97c2c06a332a1017650df53e99 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSPTLS.DLL
MD5: b3501890054309831635c70ac7b2ff56 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\riched20.dll
MD5: 544b4524dcfbb888c11fb1ee419715ae C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\VBAJET32.DLL
MD5: f0d5494d8b177c37e16966262f5d0f68 c:\Program Files\Microsoft Security Client\MsMpEng.exe
MD5: 9690f420a99364c1e5c439914b0de25c c:\Program Files\Microsoft Security Client\NisSrv.exe
MD5: 970c70f6b2953ed43822d3797855d84c C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
MD5: 3289766038db2cb14d07dc84392138d5 C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
MD5: 58a38e75f3316a83c23df6173d41f2b5 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
MD5: 9b4dd5c7508f8f75803ddf3baa4c5139 C:\Program Files\SUPERAntiSpyware\SASTask.exe
MD5: 7cbb1d4d13dc62d7f529d87151fd3cd3 C:\Program Files\Windows Defender\MpSvc.dll
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: e3bf29ced96790cdaafa981ffddf53a3 C:\Program Files\Windows Sidebar\sidebar.exe
MD5: 6f5c9785c05d23dabe407653c12b8a05 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
MD5: bc59ae9a62b28a31487bfd32373bcd5d C:\Users\Andrew Burdick\AppData\Local\Amazon Music\Amazon Music Helper.exe
MD5: a0156882419e3493ad3f3dfd43f60c14 C:\Users\Andrew Burdick\AppData\Local\Autobahn\nexdef.exe
MD5: c17cf1e7ed495ade9e2bbb07aa592d92 C:\Users\Andrew Burdick\AppData\Local\Autobahn\rt\bin\hpi.dll
MD5: d5f824b36d43465808639b082553cf59 C:\Users\Andrew Burdick\AppData\Local\Autobahn\rt\bin\java.dll
MD5: 299634b6acaa2795e2ab4a3f935b026e C:\Users\Andrew Burdick\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MD5: b52bcf2bf55ff248601277b7d7c8d13d C:\Users\Andrew Burdick\AppData\Local\Autobahn\rt\bin\net.dll
MD5: 6c078c9f52d38604af22a025fd2394ac C:\Users\Andrew Burdick\AppData\Local\Autobahn\rt\bin\nio.dll
MD5: 8f9397974d713971656da2681e787b4a C:\Users\Andrew Burdick\AppData\Local\Autobahn\rt\bin\zip.dll
MD5: 0db1d42e30aa8da79e2e29664feb64d1 C:\Users\Andrew Burdick\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MD5: b8cb9c2c3c49b355f5e5d74699e9b398 C:\Users\Andrew Burdick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\win-x32\AppleBMDAV.resources\en.lproj\AppleBMDAVLocalized.dll
MD5: 81a80a2e3427a91387a4d93c24bd248c C:\Users\Andrew Burdick\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\win-x32\AppleChromeDAV.dll
MD5: 204b61122b0520942b78272eeba1bf1a C:\Users\Andrew Burdick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.145_0\nativeqs.dll
MD5: f9712c06a56b9160ec19c12ad5f79abc C:\Users\Andrew Burdick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.145_0\npqscan.dll
MD5: 9f4c7638a3a9ee508d18628a810467e7 C:\Users\Andrew Burdick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.145_0\qsinstaller.exe
MD5: 40aae0a1a4f664828df5a95875aea1c8 C:\Users\Andrew Burdick\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll
MD5: 506708142bc63daba64f2d3ad1dcd5bf C:\Users\Andrew Burdick\AppData\Local\Google\Update\GoogleUpdate.exe
MD5: 4a5ec99b7a300946e15adbd8d303ab59 C:\Users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\logging.dll
MD5: ab09ce954c647f3c2b4328b57d519996 C:\Users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\msvcp110.dll
MD5: 80e987dbe08677e2ec09615cd4358607 C:\Users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\msvcr110.dll
MD5: 1c1bb3dd5cb3714d3810b0c035b29a99 C:\Users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
MD5: 1f1c57ba9954d396144760193e25c3b1 C:\Users\Andrew Burdick\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\Telemetry.dll
MD5: 4e566fea83fceeaf2873702806b55006 C:\Users\Andrew Burdick\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpizxx15.dll
MD5: eb8e27a3c1ea82711bc4037d53ee5122 C:\Users\Andrew Burdick\AppData\Roaming\Dropbox\bin\Dropbox.exe
MD5: a659adbc53a82f558cb5059454554675 C:\Users\Andrew Burdick\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
MD5: 5434e18b933e03f274d8da59fda4c676 C:\Users\Andrew Burdick\AppData\Roaming\Dropbox\bin\icudt.dll
MD5: 50ee5f0af1baeba3ef31894f58a286ec C:\Users\Andrew Burdick\AppData\Roaming\Dropbox\bin\libcef.dll
MD5: 63ed6dedacedac71005a29428c1d4382 C:\Users\Andrew Burdick\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MD5: 80703c2f3c6b7dd9c4b9ccbb1699065a C:\Users\Andrew Burdick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
MD5: 649972ef1beb3ea9faf64e4457d40039 C:\Users\Andrew Burdick\AppData\Roaming\Mozilla\plugins\npo1d.dll
MD5: 96c70bd48d49b87475f4572dedc62eb9 C:\Windows\AppPatch\AcLayers.dll
MD5: b7a50025e0d3521e6aa4d2f047c95f61 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MD5: d4a6547df01a88fecbaac7c987e0e201 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a229c5bed4a12b5db6ca55d223ada6df\System.ServiceProcess.ni.dll
MD5: aa60fc73326973a774036486421f386c C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MD5: 2690bc33297ca0132cd9325b8e8229b9 C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\191cccca53af603f41564a8b3d0f7df2\IAStorCommon.ni.dll
MD5: 092d5a06302b95da434520aac0f11944 C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\0889e04be40c4352c1a3279b49ac2c86\IAStorDataMgrSvcInterfaces.ni.dll
MD5: c888b2f984516e827880d8bf7028357e C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgr\e3aaab0ad2765fcd85b0971c4a217c1f\IAStorDataMgr.ni.dll
MD5: 3162981b0e9d8f0233a27db4770bb0f9 C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvc\4b8429c0e4d6bb5702c2be175d8d1536\IAStorDataMgrSvc.ni.exe
MD5: 85f52823c907c1ac7f8f6408300ebc4d C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\61b4f6171008fd1ddd253ed2d1198096\IAStorUtil.ni.dll
MD5: 912635f0b9cad7f7236af6419609b752 C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorViewModel\50d5868d94b7906d4cc0fb0282e06aae\IAStorViewModel.ni.dll
MD5: 839fd7c9e08308ebd10b962684c6a673 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d1265d6159ea876f9d63ea4c1361b587\mscorlib.ni.dll
MD5: 3ac0d726ef476544541b9bbb85d22624 C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\d747bc7ada99b5060484e3095274c9d0\PresentationFramework.ni.dll
MD5: 62b74b9b5a1a67fc4bf5e44476fad692 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b96f42b103d3455036bbeb8fee037931\PresentationCore.ni.dll
MD5: b1dcab443a5df464f61309fa9a1dea7b C:\Windows\assembly\NativeImages_v4.0.30319_32\PSI\5bf8a7087fd225dd6534adfc00a594ce\PSI.ni.dll
MD5: c763bd016b583a6b0f23eddd638a53ef C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\9a896369e090fab5f58e7076181a1a0d\PSIClient.ni.dll
MD5: 85237ce030bce246a52e7d5afebdd174 C:\Windows\assembly\NativeImages_v4.0.30319_32\PsiData\eba925e4c2466bcffe3c3fb79e139b41\PsiData.ni.dll
MD5: cdb6fdd0f4e1ef98c62df003ac2a19a6 C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\6e7ce9401fda1718a4b6e3a27e8de909\SMDiagnostics.ni.dll
MD5: f62cc7fe862d6704a9488079a957802c C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\1a5673a89024ff7f68ebd81bc38bd640\System.Configuration.Install.ni.dll
MD5: 439312bd9079f379672a84ec8ea51be1 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8b7f1232264c4795152f77a2434c02ab\System.Configuration.ni.dll
MD5: 514494be3739384b680433ac4529ba2f C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\32282378a8280af393b626510cf4a5b9\System.Core.ni.dll
MD5: 20f6639b944dab341c348530c587e52c C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5b51c6c31291676944903acbbf711d8d\System.Data.ni.dll
MD5: e8dec9f28b8fb6a5d0239f6910d132d7 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53d0b6fa2fc28f7d50f84999fc2a1bbf\System.Drawing.ni.dll
MD5: 25ebcfb3bcc6c351f0ee2eef565e157a C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\893a4abb6db1e57c15f1f831cd6420e1\System.IdentityModel.ni.dll
MD5: a537bf887865cdf70a5b12da064a177d C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\82f6179063c1d1fa69f57c4d59a850a8\System.Management.ni.dll
MD5: bb55e334a34e91464c87aa792867679d C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\de2a832558f95db343e443c365bd3575\System.Numerics.ni.dll
MD5: b7b3fece714bf981b40c61ba845112ea C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ad1a5e8488b493088c4317191604dc81\System.Runtime.Serialization.ni.dll
MD5: e7cc8f40625fa07ccec77ed66a0329ba C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3f0f817ec8615abe26906aa354a29e71\System.ServiceProcess.ni.dll
MD5: 1bcca84e830be84204071c4d09e692f8 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9d31dc037429437307aacdbcb88bab3c\System.ServiceModel.Internals.ni.dll
MD5: cf38da5ec2540fecf0082529df762014 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\a3ab3961c1e2c3b98a3397d11eb38d2b\System.ServiceModel.Web.ni.dll
MD5: 08c2cbcd00e17fe69a842905b443ef9a C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3d1acd5d42efed17d6c6ce2836a7403e\System.ServiceModel.ni.dll
MD5: 89f7852f4b8d66e8d629309a88675455 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\076f1e8db8f36f51f247c42b068c4097\System.Transactions.ni.dll
MD5: 713d2564707b1c485c56c9c307cf14a2 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bcc9a98d4cae057c7278f80d56836140\System.Windows.Forms.ni.dll
MD5: 37b6172cb06a35023e3a02fd9e13d4f7 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a4066040e82329538bec1a194a222d93\System.Xml.ni.dll
MD5: 4b24c335c4f636e4ea039651aa8a1d53 C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d18e2115a3270f89663fce831547f534\System.ni.dll
MD5: 739d5723b45d5c7da706a4d225e161a1 C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\96ef38bc80d4e36e0812ee749f90f435\WindowsBase.ni.dll
MD5: 64ac74e4668f395eb0a85e460a1b01b0 C:\Windows\Downloaded Program Files\EZCurl.dll
MD5: 472cdc4ed128378e64c687bfd2e5bfe8 C:\Windows\Downloaded Program Files\EZDcx.dll
MD5: 6b18f34989e3fc1940a437cb8cdecc70 C:\Windows\Downloaded Program Files\EZGif.dll
MD5: 2eebeb9be87dc31f94f901cbeb895f68 C:\Windows\Downloaded Program Files\EZJpeg.dll
MD5: ec919493eb14435702ef8e349f3f3e46 C:\Windows\Downloaded Program Files\EZOcr.dll
MD5: 50e4b028406c6b4ae682d44e0ff0c707 C:\Windows\Downloaded Program Files\EZPdf.dll
MD5: 137385981b74facf513d732587729cbc C:\Windows\Downloaded Program Files\EZPng.dll
MD5: aa8974ae92088079affe5f9d71bd86a7 C:\Windows\Downloaded Program Files\EZSymbol.dll
MD5: 1f9676644c2b559ceb4e91cef9623c53 C:\Windows\Downloaded Program Files\EZTiff.dll
MD5: 0320fd324fb8add93d6cb585fe977427 C:\Windows\Downloaded Program Files\EZTwainX.ocx
MD5: 73431373f80f68a4c2865298a453bd2a C:\Windows\Downloaded Program Files\ieatgpc.dll
MD5: fc901291cf0fb98dad8cc2961f3db50e C:\Windows\Downloaded Program Files\LogitechDeviceDetection32.ocx
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehrecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\explorer.exe
MD5: d429eedfc30d8d609861e0ac13261580 C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
MD5: 077bf61ffb9736eb5d4d2f9a1d22b4f2 C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
MD5: b4d73f04e9bc076f7cdac4327df636bb C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: c98a5b9d932430ad8eebd3ef73756ef7 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: f15ab80b867d3332d5ddfb0a05b9ce04 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
MD5: 9acbe5ec13c2cc95833bfb7636ca8b1a C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
MD5: e58808846b62041bfb05395e1ced6499 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
MD5: 09a116fb06c5e362ef8938d29cdab27b C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: f13ec8a783e0cb0d6dc26a3ca848b7b8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
MD5: ff98ef5a50ea52fa115fe60b0f0a92b1 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: a15811ef4a3d20f6c7d67c4673014e18 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: e9bd0a4240d867f49821a1129e405ffa C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: 607329adb3371634dd8ef8acb430d290 C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
MD5: 79ea94e7a55e673b1e5202e666b61ec2 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: f5ab4d2e36625f355e81539239765107 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
MD5: 4e760901954969963dc30cbafcbb9afd C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 0e01bcc7ad4fc88925d7f20919ab0f21 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
MD5: cec516d55b8e81675a947aad5f1987cd C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MD5: 33cf5a5292dc77c4b690d5dfb0b2a433 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: b53bbeb3a90030adcd8fcec26ab0e65b C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
MD5: cfcd9edb4b54653b767ebdf722ba8309 C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 4810bdb223adbef09c6a96153f7b9987 C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
MD5: 05635e9f41c3ed112e48b06a039c0b3d C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
MD5: ca9bf20c89804ddf90b77186e9c4053d C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: 6ab46ceebd62287b3cac9cabf35c0b31 C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
MD5: c1b384335b462d49d44a36eef3d84458 C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
MD5: 9bb5788e5403adb0fbec56c12fdf01f6 C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
MD5: e1364901e2db1d50069b3c7d3167d788 C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
MD5: c204a714c587e5935d93818357c5f2f1 C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: ab19dc0b708cfda06567b1428d5ebe16 C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
MD5: 4d338a4961c16ce062725508a43392ad C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 1f89ee12d56d833d0bf4b8070d213a27 C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
MD5: f8664c3b4a7365773312eae6593e7525 C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 6f482e6ba305ab471d0baf728bc75310 C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
MD5: 541f08d2a39affbd938c76137407d286 C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
MD5: 9ceba869447b1e338631db05493c21ce C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: c74df35f56ca85075060ed2a715d776a C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 5ea6870fe09f75d92e26a2614a756659 C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: b28490ac5caabf0bf796a49946300f67 C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
MD5: 65e14c022a7e3a70c7fd2627ef75b4d6 C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: c7280f39f0e4ed5ddb97630b59c1a804 C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
MD5: e515b51caa7ce378ca9419ee9b07cd2f C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
MD5: 232e3a49a5897afda0881f3d2a1ad98a C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: 46237f5c64ca4638024e341be2ad1d19 C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: ccba7f264a5259df5f6915cbefc453c9 C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
MD5: c3566123385c8ff53bffe4d7413f6290 C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 6a13b4f3b3f575f1e24b877b9359aaba C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: 49aca548b2423f1c67898e6ac719a9a6 C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
MD5: 2e33dfd10f28f86c3fc40ee123cc3904 C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
MD5: 1c60e09ca1c3a045bc4d367f67c915b7 C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: 60f4aefa103d421ea4a40e31409b4756 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
MD5: 6951562dc4625eefc6eacd52ad165866 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 007863e45f25aa47a4c30d0930bbfd85 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MD5: 589cbc4989f750e1da35625ab481cf43 C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
MD5: 3be0d923aa45a4dbe091c2d84f0b4fe7 C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
MD5: ff41cf91302c9c12bc2abd41989ddeb5 C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
MD5: 812a161fc470fa832c3f0cc3d7aca2f9 C:\Windows\System32\apisetschema.dll
MD5: d032f8da9a774066b970bf9ffd59064c c:\Windows\System32\appinit_dll.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\System32\cmd.exe
MD5: 7ca1becea5de2643addad32670e7a4c9 C:\Windows\System32\cryptsvc.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\System32\dhcpcore.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\System32\explorer.exe
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\System32\msiexec.exe
MD5: e94c583cde2348950155f2af2876f34d C:\Windows\System32\mswsock.dll
MD5: 0ba65122ffa7e37564ee86422dbf7ae8 C:\Windows\System32\nlaapi.dll
MD5: a2b0924d50f4435fd389499047ce553a C:\Windows\System32\ntdll.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\System32\pla.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\System32\provsvc.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\System32\SearchIndexer.exe
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\System32\SessEnv.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\Windows\System32\userinit.exe
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: 75e8ebd7040ce238684333f97014762a C:\Windows\System32\WebClnt.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\System32\winhttp.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\System32\WsmSvc.dll
MD5: d67472125471784de7147946eda25feb C:\Windows\SysWOW64\advapi32.dll
MD5: 6a13b4f3b3f575f1e24b877b9359aaba C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: 49aca548b2423f1c67898e6ac719a9a6 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
MD5: 2e33dfd10f28f86c3fc40ee123cc3904 C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
MD5: 1c60e09ca1c3a045bc4d367f67c915b7 C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: 60f4aefa103d421ea4a40e31409b4756 C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
MD5: 6951562dc4625eefc6eacd52ad165866 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 007863e45f25aa47a4c30d0930bbfd85 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MD5: 589cbc4989f750e1da35625ab481cf43 C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
MD5: 3be0d923aa45a4dbe091c2d84f0b4fe7 C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\SysWOW64\apphelp.dll
MD5: d032f8da9a774066b970bf9ffd59064c c:\Windows\SysWOW64\appinit_dll.dll
MD5: 15c9eaed649ee615e3de117582caf12a C:\Windows\SysWOW64\aticfx32.dll
MD5: 240f50db4dcb922dc1678affde2e0f4a C:\Windows\SysWOW64\atidxx32.dll
MD5: 99f25bd6fecffaa0537d9fd8eaee9d2a C:\Windows\SysWOW64\atiuxpag.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\SysWOW64\AudioSes.dll
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\SysWOW64\cabinet.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\SysWOW64\cfgmgr32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\SysWOW64\comdlg32.dll
MD5: db1d6751689b4a7ee2439c64f2adf1c9 C:\Windows\SysWOW64\credssp.dll
MD5: e9bb0cd09da17c71fd1b9954d75aeef7 C:\Windows\SysWOW64\credui.dll
MD5: cc09e0c9a2d89c6e71d093dc8bd121b7 C:\Windows\SysWOW64\crypt32.dll
MD5: 7b851a8018b1ea00a69707a390004884 C:\Windows\SysWOW64\cryptnet.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\SysWOW64\cscapi.dll
MD5: 4a3cdcef8ed41b221f3dbef5792fb52d C:\Windows\SysWOW64\ctfmon.exe
MD5: 14800bd31701a5047ac3145bb1e698ae C:\Windows\SysWOW64\d2d1.dll
MD5: 3c1936a12c62254f914a01bbc6a8dc69 C:\Windows\SysWOW64\d3d10_1.dll
MD5: d4212ab475a3b25ec4df574536c3edc5 C:\Windows\SysWOW64\d3d10_1core.dll
MD5: 79896a78039c9a63c56197843cfbad0b C:\Windows\SysWOW64\d3d10warp.dll
MD5: 6de66fe7c526637e74cd066461c7c871 C:\Windows\SysWOW64\d3d11.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\SysWOW64\d3d9.dll
MD5: 1c9b45e87528b8bb8cfa884ea0099a85 C:\Windows\SysWOW64\D3DCompiler_43.dll
MD5: 86e39e9161c3d930d93822f1563c280d C:\Windows\SysWOW64\D3DX9_43.dll
MD5: eaf4712b706936c0b10d3b5319b37e81 C:\Windows\SysWOW64\davclnt.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\SysWOW64\dbghelp.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\SysWOW64\devobj.dll
MD5: 81f6c1ae23b1c493d9e996c3103915d7 C:\Windows\SysWOW64\dhcpcsvc6.dll
MD5: 5e08ac958be05247ff1539e0d1ce7905 C:\Windows\SysWOW64\dinput8.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\SysWOW64\dnsapi.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\SysWOW64\dnssd.dll
MD5: 1c0e369575f387460e2a5f28269b2cc4 C:\Windows\SysWOW64\DWrite.dll
MD5: d4f264fe23f8953d840904418220c15e C:\Windows\SysWOW64\dxgi.dll
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\SysWOW64\ExplorerFrame.dll
MD5: 1e8d06aae74fed674c1156b3fea911c2 C:\Windows\SysWOW64\Faultrep.dll
MD5: f0d0e883ebbdc7615dc9edea0ffb2817 C:\Windows\SysWOW64\FWPUCLNT.DLL
MD5: 980305ac3af53c1964a11190451abb32 C:\Windows\SysWOW64\gdi32.dll
MD5: 8c3d32a4a46326031309a43c52539d7f C:\Windows\SysWOW64\ieapfltr.dat
MD5: 0f44172a5b34e8f208cd0f209edd4a73 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 46ad2c023afae4b34bb53a03d3d29a45 C:\Windows\SysWOW64\ieframe.dll
MD5: c8e7cbb6e1d0e7c82f40316f5a289f4a C:\Windows\SysWOW64\iertutil.dll
MD5: e7b9d5ff20ffdd4aae2ef1d1b8c27a37 C:\Windows\SysWOW64\imagehlp.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\SysWOW64\imm32.dll
MD5: a77f650fe3c5ac3b5d26dbd86d7e18e0 C:\Windows\SysWOW64\InetClnt.dll
MD5: 815f3180b5117e42e422188e9ccc89c6 C:\Windows\SysWOW64\IntelCpHeciSvc.exe
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\SysWOW64\IPHLPAPI.DLL
MD5: 27e77b7ce4ced3fa7b075dce4007e360 C:\Windows\SysWOW64\jscript9.dll
MD5: 76161b9d78a275f8f28dd67436013110 C:\Windows\SysWOW64\kernel32.dll
MD5: 461b713de7f353c6447b744f1a049930 C:\Windows\SysWOW64\KernelBase.dll
MD5: 8ea53101ff2b15bdff934b62a8fb326d C:\Windows\SysWOW64\logoncli.dll
MD5: cc23295da8f7b5c53f93804d2f5d30eb C:\Windows\SysWOW64\lpk.dll
MD5: b8b7d4b459345d01aff11ff172b8a693 C:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_189.ocx
MD5: 2637233632ccd1837a1a57a43caf00a4 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: dfc9460cc37e5c414dc4680b10c19e7a C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\SysWOW64\MMDevAPI.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\SysWOW64\msasn1.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\SysWOW64\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SysWOW64\mscoree.dll
MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\SysWOW64\msdmo.dll
MD5: 5cc7c09299a59efb3d39b919440e4d1b C:\Windows\SysWOW64\mshtml.dll
MD5: 3888d02ce6413c2a06d903de1c778bf5 C:\Windows\SysWOW64\msi.dll
MD5: c5413bc4f10ceb4c3070bbf04d324117 C:\Windows\SysWOW64\msisip.dll
MD5: 56ceed370508f69a1ba04939bd1badda C:\Windows\SysWOW64\msutb.dll
MD5: 8ba721f76c97a219599e88722aa48875 C:\Windows\SysWOW64\msv1_0.dll
MD5: e3c817f7fe44cc870ecdbcbc3ea36132 C:\Windows\SysWOW64\msvcp100.dll
MD5: bf38660a9125935658cfa3e53fdc7d65 C:\Windows\SysWOW64\msvcr100.dll
MD5: 82dcd6037f35073a6ec1ee397d808135 C:\Windows\SysWOW64\msvcr120_clr0400.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\SysWOW64\msvcrt.dll
MD5: e94c583cde2348950155f2af2876f34d C:\Windows\SysWOW64\mswsock.dll
MD5: 8b8d1cef498678cab9df17145d34bc64 C:\Windows\SysWOW64\msxml3.dll
MD5: e227b810296aa27e6c69307a7b6456e5 C:\Windows\SysWOW64\msxml6.dll
MD5: c61ddfe40204f3be3df111981d91560e C:\Windows\SysWOW64\ncrypt.dll
MD5: 2fca0d2c59a855c54bafa22aa329df0f C:\Windows\SysWOW64\netapi32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\SysWOW64\netutils.dll
MD5: 0ba65122ffa7e37564ee86422dbf7ae8 C:\Windows\SysWOW64\nlaapi.dll
MD5: a2b0924d50f4435fd389499047ce553a C:\Windows\SysWOW64\ntdll.dll
MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\SysWOW64\ntlanman.dll
MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\SysWOW64\ntshrui.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\SysWOW64\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\oleacc.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\SysWOW64\oleaut32.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\SysWOW64\propsys.dll
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\SysWOW64\riched20.dll
MD5: d8bed6ba298dbaaf6f3d746739fcd333 C:\Windows\SysWOW64\rpcrt4.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\SysWOW64\RpcRtRemote.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\SysWOW64\samcli.dll
MD5: f95e1e9d97d25c11f29ca34c843a6f4d C:\Windows\SysWOW64\schannel.dll
MD5: b094390b6b2d0456821384771020870b C:\Windows\SysWOW64\secur32.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\SysWOW64\setupapi.dll
MD5: 2c4a87ca8c00e98efdcfa2e8ec9a3503 C:\Windows\SysWOW64\shdocvw.dll
MD5: 386bf6fd9fc562b1a5558c49e1c3a6fb C:\Windows\SysWOW64\shell32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\SysWOW64\shlwapi.dll
MD5: 12583af6cbe0050651eaf2723b3ad7b3 C:\Windows\SysWOW64\speedfan.sys
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\SysWOW64\srvcli.dll
MD5: 10826da2fc073702aeab93af3d73b066 C:\Windows\SysWOW64\sspicli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\SysWOW64\sxs.dll
MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\SysWOW64\taskschd.dll
MD5: ab28f96cb72cf5d4df084a122f29102a C:\Windows\SysWOW64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\SysWOW64\user32.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\SysWOW64\userenv.dll
MD5: a5f833506bf6a1b5d693e1499dee2444 C:\Windows\SysWOW64\usp10.dll
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\SysWOW64\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\SysWOW64\wbemcomn.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\SysWOW64\wdmaud.drv
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\SysWOW64\webio.dll
MD5: db846eeca70ee9d2e2ff31147c57b0f4 C:\Windows\SysWOW64\webservices.dll
MD5: a054ea8fbe16d4d34f06d81a4f0088e2 C:\Windows\SysWOW64\WindowsCodecs.dll
MD5: 2875b386b45b8a77e2343c5e129ae50c C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\SysWOW64\winhttp.dll
MD5: b3b9e14680ef3501068c50dcf7e6981f C:\Windows\SysWOW64\wininet.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\SysWOW64\winmm.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\SysWOW64\winspool.drv
MD5: fd67683fba9b2c4bb551780bd8846f64 C:\Windows\SysWOW64\winsta.dll
MD5: 68eaaedf0365168b804e8728368fa946 C:\Windows\SysWOW64\wintrust.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\SysWOW64\wkscli.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\SysWOW64\Wldap32.dll
MD5: 43c9cf6825cea58f1815b7c3dbbb385c C:\Windows\SysWOW64\Wpc.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\SysWOW64\ws2_32.dll
MD5: e8f6851e4600cd3674422487ee240941 C:\Windows\SysWOW64\wshext.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\SysWOW64\wtsapi32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\SysWOW64\xmllite.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MD5: d34a527493f39af4491b3e909dc697ca C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MD5: 5963633010616b25503ee126f55e8de4 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: 75f5e1fe8d55cf8e577e0ec5f2290d3f C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MD5: ee19c85ca685a275be346ec41f1870f9 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18455_none_72d576ad8665e853\GdiPlus.dll
MD5: 8de1b0441b8445508a917594bc847976 E:\Program Files\x86\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll

No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.02 MB sent, 1.50 KB recvd
Scanned 626 files and modules - 20 seconds

==============================================================================

Oredigger · October 26, 2014

In case the text was too small in the above post, I am still getting the blocked websites. I had to run the scan in Chrome because it would not load an add on in Internet Explorer.

Maurice Naggar · October 26, 2014

The Bitdefender Quickscan found no malware.

Let's have you try this free special tool from Microsoft. It hunts for known malware and can remove what it finds, if any.

Note: The IP blocks can very well be a legitimate sign of malware blocked by the Anti-Malware.

I suggest you get and run the Microsoft Windows Defender Offline. This is an "offline" tool that you boot the pc with and scan your system for malware.
To get started, find a blank CD, DVD, or USB flash drive with at least 250 MB of free space and then download and run the tool—the tool will help you create the removable media.

The basic sequence of steps are
a) Download and SAVE the tool to a unique folder/location on your pc
b) Create the CD/DVD/USB-flash drive with tool (read all the directions at Microsoft {below} on how to make the media )
c) Set pc to boot from the offline media
d) Place media in & restart system
e) Run the tool. Have infinite patience & have it scan the entire system. Remove any malware that is found.

The Malwarebytes Anti-Malware Website Blocking feature will advise users when an known malicious IP is attempted to be reached(outgoing) or is trying access your PC(incoming).

Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done.

No action is required unless you're also experiencing malware symptoms or there are multiple IPs(ex;123.23.34 and 4.44.56).
A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, SKYPE or P2P software to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert

Windows Vista and Windows 7 & 8 will show the process, but Windows XP does not have the structure in place for this to be displayed by our software

Please see/review this reference on MBAM's IP blocks
https://helpdesk.malwarebytes.org/hc/en-us/articles/202325608

Download & info link http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

The frequently asked questions for this tool
http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq

**If your PC is running Windows 8.1, you'll need to use Windows Defender Offline Beta.** For more information and links to the download, see What is Windows Defender Offline Beta?
http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline-beta

Malicious Website Blocked SysWOW64\svchost.exe

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information