Jump to content

Recommended Posts

Hi -

Current problem seems that there is an infection noted in my Action Center on the toolbar -

- Remove the Win32/Small.CA virus from your PC

This problem was caused by Win32/Small.CA, a known computer virus. -

Windows7 SP1 Home Premium on a Toshiba laptop -

From Threat Expert pages - http://www.threatexp...a03b71e4c01577e

Submitted sample:

File MD5: 0xC530CEC49216227B2A03B71E4C01577E

File SHA-1: 0x2BADA789D186BEB4A2FC1BB4BAC49DBAEBAFA252

Filesize: 50,326 bytes

Alias & packer info:

Infostealer.Banker.C [symantec]

Trojan-Dropper.Win32.Small.ca [Kaspersky Lab]

Generic Dropper [McAfee]

Troj/Small-CA [sophos]

Backdoor.Win32.SubSeven.22.A [ikarus]

The computer is not ever used for any banking or finance at all and never has been -

Below is a list of articles that classify the Win/32Small.CA as a Backdoor Trojan:

http://www.microsoft...Win32%2fSmall.R

http://www.microsoft...in32%2fSmall.CA

http://www.microsoft...=Win32/Small.CA

http://answers.micro...33-c1e402068034

Enough of my input - Here is a DDS plus attach, and a current MBAM scan -

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.17.12

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16540

John :: LAPTOP [administrator]

18/04/2013 8:24:19 AM

mbam-log-2013-04-18 (08-24-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 249923

Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.17.2

Run by John at 8:13:18 on 2013-04-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3062.2041 [GMT 10:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ================

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\system32\atiesrxx.exe

C:\windows\system32\atieclxx.exe

C:\windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\windows\system32\taskhost.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\windows\system32\CISVC.EXE

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\inetsrv\inetinfo.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\system32\mqsvc.exe

C:\windows\system32\taskeng.exe

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\windows\System32\tcpsvcs.exe

C:\windows\System32\snmp.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\mqtgsvc.exe

C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\AzTools\blueline.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k apphost

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k ftpsvc

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\svchost.exe -k iissvcs

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com

uSearch Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE

mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe

mRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exe

mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [smartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r

mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe

mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe

mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe

mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun

mRun: [MsmqIntCert] regsvr32 /s mqrt.dll

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 10.1.1.1

TCP: Interfaces\{379F2145-B3CA-4A8C-9214-E399A1260DA0} : NameServer = 198.142.0.51 61.88.88.88

TCP: Interfaces\{CBBA0E56-5139-4DCD-94DF-89921C4507C3} : DHCPNameServer = 10.1.1.1

TCP: Interfaces\{CBBA0E56-5139-4DCD-94DF-89921C4507C3}\24967605F6E646032364939373 : DHCPNameServer = 10.0.0.138

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

R1 MpKsl2160876f;MpKsl2160876f;c:\programdata\microsoft\microsoft antimalware\definition updates\{ade0c011-62c7-47c6-927e-5d6628fcb4a4}\MpKsl2160876f.sys [2013-4-18 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-12 116608]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-9-20 172032]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-10-28 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]

R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2009-7-14 20992]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-9-20 13336]

R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]

R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-17 1153368]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-9-29 185712]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-9-20 2314240]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-9-19 24064]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-9-20 230912]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-26 1011232]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-9-20 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-11-6 111960]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-10-31 677232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-9-30 180736]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-9-20 174592]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-20 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-20 1343400]

S3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2009-7-14 9728]

.

=============== Created Last 30 ================

.

2013-04-17 20:43:06 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ade0c011-62c7-47c6-927e-5d6628fcb4a4}\MpKsl2160876f.sys

2013-04-17 11:06:08 -------- d-----w- c:\program files\Enigma Software Group

2013-04-17 11:04:35 -------- d-----w- c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP

2013-04-17 11:04:32 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2013-04-17 09:19:26 7108640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ade0c011-62c7-47c6-927e-5d6628fcb4a4}\mpengine.dll

2013-04-17 03:56:29 7108640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-04-10 04:12:58 2347008 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 04:12:58 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 04:12:55 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-10 04:12:55 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 04:12:54 69632 ----a-w- c:\windows\system32\smss.exe

2013-04-10 04:12:54 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 04:12:50 3217408 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 04:12:49 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 04:12:49 131584 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 04:12:46 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-03-25 08:46:48 -------- d-----w- c:\programdata\PopCap Games

2013-03-21 09:19:41 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2013-03-21 09:19:41 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d26e94a2-7a88-411c-8737-e689ec8e8aff}\gapaengine.dll

.

==================== Find3M ====================

.

2013-04-15 21:55:03 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-15 21:55:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-04 04:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-03-05 01:51:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-05 01:51:03 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-05 01:51:03 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-02-21 10:30:16 1766912 ----a-w- c:\windows\system32\wininet.dll

2013-02-21 10:29:39 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-02-21 10:29:37 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-02-19 12:01:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-19 11:10:53 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-01-29 07:13:18 862664 ----a-w- c:\windows\system32\msvcr110.dll

2013-01-29 07:13:18 534480 ----a-w- c:\windows\system32\msvcp110.dll

2013-01-29 07:13:18 251864 ----a-w- c:\windows\system32\vccorlib110.dll

2013-01-29 07:13:14 44144 ----a-w- c:\windows\system32\drivers\point32.sys

2013-01-29 07:13:14 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll

2013-01-23 23:32:08 2121856 ----a-w- c:\windows\system32\coin93.dll

2013-01-20 04:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-20 04:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

============= FINISH: 8:13:39.37 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 19/09/2011 7:24:46 PM

System Uptime: 18/04/2013 6:42:13 AM (2 hours ago)

.

Motherboard: TOSHIBA | | NSWAA

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz | CPU | 2133/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 453 GiB total, 408.762 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP242: 13/03/2013 6:00:20 PM - Windows Update

RP243: 16/03/2013 7:04:23 PM - Windows Update

RP244: 20/03/2013 11:43:16 AM - Windows Update

RP245: 23/03/2013 4:59:44 PM - Windows Update

RP246: 27/03/2013 8:18:07 PM - Windows Update

RP247: 30/03/2013 8:56:44 PM - Windows Update

RP248: 1/04/2013 7:00:15 PM - Windows Backup

RP249: 3/04/2013 12:14:36 PM - Windows Update

RP250: 6/04/2013 2:24:21 PM - Windows Update

RP251: 9/04/2013 4:44:56 PM - Windows Update

RP252: 10/04/2013 9:20:54 PM - Windows Update

RP253: 14/04/2013 2:18:02 PM - Windows Update

RP254: 17/04/2013 7:17:54 PM - Windows Update

RP255: 17/04/2013 9:05:34 PM - Installed SpyHunter

RP256: 17/04/2013 9:44:45 PM - Removed SpyHunter

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

500 From Special K

Acrobat.com

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 12.0

ATI Catalyst Install Manager

Auslogics Disk Defrag

Bejeweled 2 Deluxe 1.0

Blueline 1.1.1

Bookworm Deluxe 1.13

BurnAware Free 5.1

Business Contact Manager for Outlook 2007 SP2

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CDBurnerXP

CPUID CPU-Z 1.62.0

CueClub

Direct DiscRecorder

DVD MovieFactory for TOSHIBA

ESET Online Scanner v3

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

ImgBurn

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java 7 Update 17

Java Auto Updater

JavaFX 2.1.1

Junk Mail filter update

LSI V92 MOH Application

Malwarebytes Anti-Malware version 1.75.0.1300

Masque Casino Game Pak II

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Mouse and Keyboard Center

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

Optus Wireless Broadband

Orca Browser

Peggle Deluxe 1.01

PlayReady PC Runtime x86

PokerTH

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Reel Deal Slots - Nickels and More

Secunia PSI (2.0.0.4003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Speccy

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

SUPERAntiSpyware

swMSM

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA eco Utility

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Internal Modem Region Select Utility

TOSHIBA PC Health Monitor

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Software Modem

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Utility Common Driver

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WOT for Internet Explorer

.

==== Event Viewer Messages From Past Week ========

.

18/04/2013 6:42:48 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

.

==== End Of File ===========================

.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 04/18/2013 at 08:48 AM

Application Version : 5.6.1014

Core Rules Database Version : 10279

Trace Rules Database Version: 8091

Scan type : Quick Scan

Total Scan Time : 00:03:19

Operating System Information

Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

Memory items scanned : 773

Memory threats detected : 0

Registry items scanned : 30902

Registry threats detected : 0

File items scanned : 7147

File threats detected : 0

NOTE : I am not able to leave a space between the logs, as the ENTER button will not work at the moment while posting this

Link to post
Share on other sites

Howdy, John.

Did MSE indicate the path & filename to the file ?

Did you have MSE put it in quaratine ?

Delete this temp file c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Press Windows-key +R key on your keyboard to get RUN option.
  • Type in
    explorer.exe

    and press Enter to start Windows Explorer.

  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download, & save & then run the MS Safety scanner

http://www.microsoft...us/default.aspx

Let me know the result. If it flags any file, we will need the full path & filename.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

Step 4

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cure default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

Hi Maurice, and thanks for helping -

First, the object was not (as far as I know) found by MSE, or put in any quarantine - Just looked - In the taskbar there is an icon for "Action Center" that reminds me of things like time to do a monthly Backup etc, This is where I was notified of the Item -

Second, and MOST important, Is there a problem with the forum board, or a problem at my end ? Everything I am adding must be done by my text editor and then Copy / Pasted or I am not able to use things like the ENTER key to go to the next line ??????????

I also have several sets of home made Restore (backup) disks, Plus genuine Toshiba Reinstall disks if needed.

Now - I will install ERUNT as you requested, and start on the other instructions ---------

I have spaced the text as I write, but I find am not able to alter it once it is posted - Very annoying and reason unknown -

On all other forums that use this board (even today) I have had no problems.

I am not able to use the Space bar as an ENTER because it confuses the post -

Link to post
Share on other sites

I'd like for you to "attach" the log from DrWeb Cure-it so I can review.

You may want to consider tweaking your MSE to exclude (trust) the hosts file (as you know C:\windows\system32\drivers\etc\hosts )

You are "may" be looking at a false positive ----- unless we see a specific file identified as a suspect or a malware.

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

When all done, Re-Enable your antivirus program.

Link to post
Share on other sites

Is the Dr Web scan result kept in another area ? It was not there when I looked.

There was no Text Report found after the reboot. This scan required no reboot, so I have the report on the desktop area.

This is why I posted the report as I did above, and said the result looked like your picture.

Result of last scan below.

QuickScan 32-bit v0.9.9.118

---------------------------

Scan date: Fri Apr 19 08:43:02 2013

Machine ID: AEF34FA0

No infection found.

-------------------

Processes

---------

Adobe Acrobat Update Service 1744 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

AMD External Events 1492 C:\Windows\System32\atieclxx.exe

AMD External Events 932 C:\Windows\System32\atiesrxx.exe

ConfigFree™ 5152 C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

ConfigFree™ 2744 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

ConfigFree™ 5740 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

ConfigFree™ 5664 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

Core Service 1720 C:\Program Files\SUPERAntiSpyware\SASCore.exe

Google Toolbar for Internet Explorer 3684 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

IAStorDataSvc 3408 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

IAStorIcon 3700 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

Intel® Active Management Technology L 2044 C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

Intel® Management & Security Applicat 3872 C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

Internet Information Services 1984 C:\Windows\System32\inetsrv\inetinfo.exe

Java™ Platform SE Auto Updater 2 0 4700 C:\Program Files\Common Files\Java\Java Update\jusched.exe

KeNotify Application 3444 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

LSI Soft Modem Call Progress Service 1764 C:\Program Files\LSI SoftModem\agrsmsvc.exe

Message Center 4244 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

Microsoft Malware Protection 888 C:\Program Files\Microsoft Security Client\MsMpEng.exe

Microsoft Mouse and Keyboard Center 2568 C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

Microsoft Mouse and Keyboard Center 2560 C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

Microsoft Office Outlook 2007 with Busi 1808 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

Microsoft Security Client 4864 C:\Program Files\Microsoft Security Client\msseces.exe

Microsoft SQL Server 2648 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

Microsoft SQL Server 2868 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

Microsoft SQL Server 1220 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

Microsoft® .NET Framework 3240 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

Microsoft® .NET Framework 2164 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

Microsoft® Windows® Operating System 4692 C:\Program Files\Windows Media Player\wmpnetwk.exe

Microsoft® Windows® Operating System 2084 C:\Windows\explorer.exe

Microsoft® Windows® Operating System 4212 C:\Windows\servicing\TrustedInstaller.exe

Microsoft® Windows® Operating System 1832 C:\Windows\System32\CISVC.EXE

Microsoft® Windows® Operating System 468 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 564 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 632 C:\Windows\System32\lsass.exe

Microsoft® Windows® Operating System 640 C:\Windows\System32\lsm.exe

Microsoft® Windows® Operating System 528 C:\Windows\System32\mqsvc.exe

Microsoft® Windows® Operating System 3172 C:\Windows\System32\mqtgsvc.exe

Microsoft® Windows® Operating System 616 C:\Windows\System32\services.exe

Microsoft® Windows® Operating System 324 C:\Windows\System32\smss.exe

Microsoft® Windows® Operating System 2620 C:\Windows\System32\snmp.exe

Microsoft® Windows® Operating System 1620 C:\Windows\System32\spoolsv.exe

Microsoft® Windows® Operating System 2440 C:\Windows\System32\taskeng.exe

Microsoft® Windows® Operating System 356 C:\Windows\System32\taskhost.exe

Microsoft® Windows® Operating System 2596 C:\Windows\System32\TCPSVCS.EXE

Microsoft® Windows® Operating System 5488 C:\Windows\System32\wbem\WmiPrvSE.exe

Microsoft® Windows® Operating System 5696 C:\Windows\System32\wbem\WmiPrvSE.exe

Microsoft® Windows® Operating System 556 C:\Windows\System32\wininit.exe

Microsoft® Windows® Operating System 980 C:\Windows\System32\winlogon.exe

Realtek HD Audio Manager 3840 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

RSelSvc Service Application 2772 C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

Secunia PSI Agent 2384 C:\Program Files\Secunia\PSI\psia.exe

Secunia PSI Tray 4880 C:\Program Files\Secunia\PSI\psi_tray.exe

Spybot - Search & Destroy 3452 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

Synaptics Pointing Device Driver 2832 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Synaptics Pointing Device Driver 4364 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

TDCSrv Application 2956 C:\Windows\System32\TODDSrv.exe

TOSHIBA eco Utility 4184 C:\Program Files\TOSHIBA\TECO\Teco.exe

TOSHIBA eco Utility 3064 C:\Program Files\TOSHIBA\TECO\TecoService.exe

TOSHIBA Flash Cards 3252 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

TOSHIBA HDD SSD Alert 120 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

TOSHIBA HDD SSD Alert 6128 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

TOSHIBA PC Health Monitor 5600 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

TOSHIBA PC Health Monitor 5324 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

TOSHIBA Power Saver 3004 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

TOSHIBA Power Saver 2516 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

TOSHIBA ReelTime 4260 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

TOSHIBA Service Station 4924 C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

TOSHIBA Service Station 4176 C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

TOSHIBA Zooming Utility 2824 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

Windows® Internet Explorer 3600 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 4544 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 2584 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Search 3724 C:\Windows\System32\SearchFilterHost.exe

Windows® Search 4380 C:\Windows\System32\SearchIndexer.exe

Windows® Search 5076 C:\Windows\System32\SearchProtocolHost.exe

(verified) GoogleToolbarNotifier 4872 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft® Windows® Operating System 1276 C:\Windows\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 748 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1948 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1888 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2932 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 824 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1020 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1788 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 5244 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1056 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1096 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1120 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1148 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 3128 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1436 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1328 C:\Windows\System32\svchost.exe

Network activity

----------------

Process iexplore.exe (2584) connected on port 443 (HTTP over SSL) --> 203.206.150.155

Process iexplore.exe (2584) connected on port 443 (HTTP over SSL) --> 74.125.237.111

Process iexplore.exe (2584) connected on port 443 (HTTP over SSL) --> 203.206.150.155

Process iexplore.exe (2584) connected on port 443 (HTTP over SSL) --> 203.206.150.155

Process iexplore.exe (3600) connected on port 80 (HTTP) --> 83.145.197.2

Process iexplore.exe (3600) connected on port 80 (HTTP) --> 23.7.31.139

Process iexplore.exe (3600) connected on port 80 (HTTP) --> 203.206.150.177

Process iexplore.exe (3600) connected on port 80 (HTTP) --> 203.206.150.177

Process iexplore.exe (3600) connected on port 80 (HTTP) --> 203.206.84.33

Process iexplore.exe (3600) connected on port 80 (HTTP) --> 37.59.67.149

Process mqsvc.exe (528) listens on ports: 2103 (MSMQ-RPC), 2105 (MSMQ-RPC), 2107 (MSMQ-Mgmt), 49155 (RPC)

Process wininit.exe (556) listens on ports: 49152 (RPC)

Process services.exe (616) listens on ports: 49160 (RPC)

Process lsass.exe (632) listens on ports: 49158 (RPC)

Process svchost.exe (824) listens on ports: 135 (RPC)

Process svchost.exe (1020) listens on ports: 49153 (RPC)

Process svchost.exe (1148) listens on ports: 49154 (RPC)

Process spoolsv.exe (1620) listens on ports: 49156 (RPC)

Process TCPSVCS.EXE (2596) listens on ports: 7 (Echo), 9 (Discard), 13 (Daytime), 17 (Quotd), 19 (Chargen)

Process wmpnetwk.exe (4692) listens on ports: 554 (RTSP)

Autoruns and critical files

---------------------------

HWSetup C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Adobe® Flash® Player Update Service C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE

IAStorIcon C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

KeNotify Application C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

Message Center C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe

Microsoft® Windows® Operating System C:\windows\system32\regsvr32.exe

Microsoft® Windows® Operating System C:\windows\system32\ssText3d.scr

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

Secunia PSI Tray C:\Program Files\Secunia\PSI\psi_tray.exe

SmartFaceVWatcher C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

SuperAntiSpyware c:\program files\superantispyware\sasseh.dll

SVPWUTIL Application C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe

Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

TOSHIBA Button Support C:\Program Files\TOSHIBA\TBS\HSON.exe

TOSHIBA eco Utility C:\Program Files\TOSHIBA\TECO\Teco.exe

TOSHIBA Flash Cards C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

TOSHIBA HDD SSD Alert C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

TOSHIBA PC Health Monitor C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe

TOSHIBA Power Saver C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

TOSHIBA ReelTime C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

TOSHIBA Service Station C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

TOSHIBA Web Camera Application C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

TOSHIBA Zooming Utility C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Browser plugins

---------------

AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

Adobe Acrobat C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

Google Update C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

Java Deployment Toolkit 7.0.170.2 C:\windows\system32\npDeployJava1.dll

Java™ Platform SE 7 U17 C:\Program Files\Java\jre7\bin\jp2ssv.dll

Java™ Platform SE 7 U17 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

Java™ Platform SE 7 U17 C:\Program Files\Java\jre7\bin\ssv.dll

Microsoft® Windows® Operating System C:\windows\system32\MSWSOCK.DLL

Microsoft® Windows® Operating System C:\windows\System32\nlaapi.dll

NPSWF32_11_7_700_169.dll C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll

Shockwave for Director C:\windows\system32\Adobe\Director\np32dsw_1202122.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

Windows® Internet Explorer C:\Windows\System32\ieframe.dll

WOT.dll C:\Program Files\WOT\WOT.dll

(verified) Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll

(verified) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

Scan

----

MD5: 79b0a04e2df042045a25706b4bad2116 C:\Malwarebytes' Anti-Malware\mbamext.dll

MD5: b1bb8edc9d83d8096ee873f04cee600c C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

MD5: f9616d202b0124d373d2d82a4aa66b1d c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

MD5: 3cb07566302bceeb898de270a0bec175 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 3927397ac60d943daf8808affed582b7 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

MD5: 12916e0642e92561c98b18a2a2d01b14 C:\Program Files\Common Files\Java\Java Update\jusched.exe

MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files\ERUNT\AUTOBACK.EXE

MD5: 5d4bc124faae6730ac002cdb67bf1a1c C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

MD5: e971e06dde68684cb3957c5d0e133cb0 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

MD5: b53a732c08002f6eda943deb8ce91f6e C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_68D43262AB91CB4A.dll

MD5: 58ec0172da8a00597e93a072f6e7f044 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_C9EDDF0B6984A451.dll

MD5: b9497c5acaea521663bffbb321dd3afa C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

MD5: bad663957f682f95b22c4e83ab49cb52 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

MD5: 76e7410b3a308f6960d3ce06dc7874ad C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll

MD5: 917a728a12f25fcf4636858fac9979fa C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

MD5: e0ff893763ba82baabb869a351f0c455 C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

MD5: a1c148801b4af64847aeb9f3ad9594ef C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

MD5: 1cbad5eee017fafea2bf75e82330783d C:\Program Files\Intel\Intel® Management Engine Components\UNS\DTMessageLib.dll

MD5: d480c9220bfe667de65a46cde80ea7e9 C:\Program Files\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll

MD5: 41118d920b2b268c0adc36421248cdcf C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

MD5: 122f89e0905fc656d56f65cd7a2e9b4d C:\Program Files\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll

MD5: 40f55c563961c01c466e011b6aa61e27 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgr.dll

MD5: 7493ea4de41348f7d3edbf9db298f56a C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

MD5: 852f12ca7c4fc7e3d77b606492435556 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

MD5: 9d26e14c0f3e5b081dae517b99d36f70 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll

MD5: 7ff74fece8c0e7b0207d3629ae2a3d16 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUtil.dll

MD5: adff528ca09752078f26b620a6f42760 C:\Program Files\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll

MD5: d0fff1f89431a60a2cc077452b53a50d C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI.dll

MD5: e8969a2864a30b2168f25a896088de10 C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

MD5: fd31dff0cc05bd581c2db1bb6f7ffdce C:\Program Files\Internet Explorer\ieproxy.dll

MD5: b32ed424fd72ffa7554f23f125f2132d C:\Program Files\Internet Explorer\IEShims.dll

MD5: e4f6125ed5185f8fa37cc4f449b85526 C:\Program Files\Internet Explorer\iexplore.exe

MD5: b39fbbb2460c3c43317cd65e82ffbbf8 C:\Program Files\Internet Explorer\sqmapi.dll

MD5: 27861540f6a834218c9ed6e2fe75e32b C:\Program Files\Java\jre7\bin\jp2ssv.dll

MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Java\jre7\bin\msvcr100.dll

MD5: 05c4a7136f3012bb47107333b5d351d3 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

MD5: 0e0d229cc5ad08adb848878fd167e0c5 C:\Program Files\Java\jre7\bin\ssv.dll

MD5: 6416f9b6b220f0a890525c38235afad7 C:\Program Files\LSI SoftModem\agrsmsvc.exe

MD5: f9b5824fd56073eb3560845f2c6bb1b1 c:\Program Files\Microsoft Mouse and Keyboard Center\Components\Commands\dpghnt\dpghnt.dll

MD5: b0cec6556155c41abddc6ca780774b03 c:\Program Files\Microsoft Mouse and Keyboard Center\dpgcmd.dll

MD5: 0854491f73aea9be5728c5a0ebc3b0dc C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

MD5: 96b56ea42e3d6f39159e1495bde1445e C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

MD5: 3124082c2f89e7495977a6ff051a67e0 c:\Program Files\Microsoft Mouse and Keyboard Center\srres.dll

MD5: 118d81523ea80b9e252cb840e94754c6 C:\Program Files\Microsoft Security Client\EppManifest.dll

MD5: 3d9381a332e4373f8811c71ba5078b31 c:\Program Files\Microsoft Security Client\mpclient.dll

MD5: aa87d7709021503687326432dc59590d c:\Program Files\Microsoft Security Client\mprtp.dll

MD5: f556912e70b22d740c9c99e310e3c11f c:\Program Files\Microsoft Security Client\mpsvc.dll

MD5: c1f19d2bacbee9ab64d9ae69e9859ac0 C:\Program Files\Microsoft Security Client\MsMpEng.exe

MD5: 4d2f7561d8a840450aabfad3740b0e6b C:\Program Files\Microsoft Security Client\msseces.exe

MD5: e570eca850f30eb740c2e9699df3d2bd c:\Program Files\Microsoft Security Client\NisSrv.exe

MD5: 875e1a57b0d5469375f7060c226578db c:\Program Files\Microsoft Security Client\shellext.dll

MD5: a5c14075b571af1c9592595be724d9d2 c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

MD5: 6163664c7e9cd110af70180c126c3fdc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

MD5: 1d89eb4e2a99cabd4e81225f4f4c4b25 c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

MD5: 86ebd8b1f23e743aad21f4d5b4d40985 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

MD5: d89083c4eb02daca8f944b0e05e57f9d C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

MD5: 0d77436da61be7338bc600f0d8773331 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll

MD5: e111ced19d6a9ff9bba5c219d0c5a3ce c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\opends60.dll

MD5: 247fe8defbb95a4319c7b4b215f92891 c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.RLL

MD5: d6d4130c0bbc0d18c2da703cc38260a9 c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlos.dll

MD5: 837608240884733792ddae81e50b802a C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

MD5: 837608240884733792ddae81e50b802a c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

MD5: b8932ed1f25a64dce8f9a6d196876b40 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

MD5: 07a72133045173ebd14f838fe218a326 C:\Program Files\Secunia\PSI\psi_tray.exe

MD5: 5b66db4877bbac9f7493aa8d84421e49 C:\Program Files\Secunia\PSI\psia.exe

MD5: 0e88fdf474f2cdd370a4a6ce77d018f0 C:\Program Files\Secunia\PSI\sua.exe

MD5: 01e81c84ad1d0acc61cf3cfd06632210 C:\Program Files\SUPERAntiSpyware\SASCore.exe

MD5: 477e08fe0114afea114fc954c983d4db C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

MD5: 39763504067962108505bff25f024345 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

MD5: 77b9fc20084b48408ad3e87570eb4a85 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

MD5: 2975c66459c426c20bc22d639df6b611 c:\program files\superantispyware\sasseh.dll

MD5: 5451f7908f2d99a2ff3feefa00726de0 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MD5: dbc33067b2dce28a2758ed920e665a0e C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

MD5: 6766a877a56a475c85323bee49c56f8e C:\Program Files\TOSHIBA\BulletinBoard\TosNcCom.dll

MD5: e453f655a4bdfea2eda33d497b909eb7 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

MD5: 50a0232693825df4f6dea44a236ba848 C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll

MD5: 8a9dd5e028a783bcd595f1bb9cdbd65a C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

MD5: 2b2c711d49e745113fa682d72a3efa8f C:\Program Files\Toshiba\ConfigFree\CFNotify.dll

MD5: cab0eeaf5295fc96ddd3e19dce27e131 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

MD5: 8a07221789d46b2ea7dfca2bc807572a C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

MD5: 84c786d303c79c4e61fefd6c9ffd56a4 C:\Program Files\TOSHIBA\ConfigFree\CFWLAPI.dll

MD5: c7f070bdd9700bd4a482401334d3488e C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll

MD5: 15936a348676d246a41a4781e6a34692 C:\Program Files\TOSHIBA\ConfigFree\NDSMUI.dll

MD5: adb67488447d0ff271355a4451ed6c73 C:\Program Files\TOSHIBA\ConfigFree\NDSParts.dll

MD5: d88e81decd3014c45603b4b327b4ee1a C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

MD5: cf61d8261599d4025da8bacbed37b6bf C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll

MD5: 8dc3534953ece00c7b993f219f8e6210 C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll

MD5: c6a0c54abd119b5f3c52630f08be6040 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll

MD5: 81ca32efcf10c09b9e8b0387f9479074 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll

MD5: 0803424c3751b2f96df8e270e7157bf1 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll

MD5: 08415dc2e0df45d52a0436587adb64ca C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll

MD5: 8a0132d6154cd69e52aed9ea0f7c0531 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll

MD5: 05b9079a6663e3c6859e5515145c4951 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll

MD5: e7dd4b34c5940bc176073e8539e5660c C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll

MD5: 71e22e0be06a21070af772c7b499cfbe C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll

MD5: 8bd3bb73c83c5a6b73e9d84597a817e3 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll

MD5: ea712cd98ed9668152ae8c2395ea602a C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll

MD5: 6161257008fe77d3adfa9cbbc419f843 C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll

MD5: ac301c9c2ed090b5aa3a4a0b34d82381 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll

MD5: 86f05740a1a133e9f7f8ba0c108308f5 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

MD5: 674f1f10c790624e6aeff1133eb5690a C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll

MD5: 43804516e0a84bede6a430869f48cda5 C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll

MD5: a6a340d2f039876cc803be2a2be74315 C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll

MD5: 0538ba01268959d37d1cc9d4c47188f1 C:\Program Files\TOSHIBA\Power Saver\TCooling.dll

MD5: 25e4eb19f92c2958df6fcd515105d5cd C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL

MD5: 3c0d2185c2184be7d3973ddf1a6b547e C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL

MD5: 79f8391323cf2df94ecf25f5522b4964 C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll

MD5: cebe9ac04ee764785e88dd2028907b39 C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll

MD5: 90c1fe8b81a3e5e3305783f00be0470b C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

MD5: fda24ca6f0dc02a30b89691248d6f470 C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll

MD5: b705f0b795813dc63d45ff9166fb4d0c C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll

MD5: 4e3cc79f611240547b3221da18f3ea8a C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

MD5: df4edc7e5b8ebdea2625e421517f8b6b C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll

MD5: 5a795ba527a05bc31f3c2188baad4945 C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll

MD5: 262c9968f5caa82d0d6be19b7649c1d2 C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll

MD5: 85dff68e5d0f582c141a03b5d22996b0 C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll

MD5: a63d618f4c929c38982602fc2f62a679 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

MD5: 8f65cf534a9ddfcd46cdbe7cf11c7e84 C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

MD5: 2e3f9fa245211fea91fc1cc7eac6aff5 C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

MD5: 970655fc35afce065761c0e49adcd69e C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll

MD5: a11f5ee731cd48f3dc509e2d180e1af0 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

MD5: 1694b28ebf704c0c0da037ea65cd051f C:\Program Files\TOSHIBA\TBS\HSON.exe

MD5: 5001c35cd6fcbdb228fca5df53f234de C:\Program Files\Toshiba\TBS\NotifyTBS.dll

MD5: 0df7a78916221cff4ed72244c4fa95e4 C:\Program Files\TOSHIBA\TECO\Teco.exe

MD5: 9caff7f52a02cfc00febf1130afc8700 C:\Program Files\TOSHIBA\TECO\TecoHci.dll

MD5: 9e112ba491b2f152b31cca27bdd3705e C:\Program Files\TOSHIBA\TECO\TecoPower.dll

MD5: cdd03ce0c0060d1a6f0e2dc65de5350a C:\Program Files\TOSHIBA\TECO\TecoService.exe

MD5: 5c651246cd24095952f976a754c6b110 C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll

MD5: faaaf481cc851ce9a1a35d53bd8163db C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll

MD5: 4c9dd75b7c1a2ee125f1dbc77ca98f20 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

MD5: ca444c0a8277201c5e7c52ba50d3c70a C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

MD5: 8337de8dba0494f0ddb9c6fb3bddf7f1 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

MD5: f8ab79371790d26b86ab41d152804775 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

MD5: 995321affdf3596cddbfd1264c1884f0 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll

MD5: 4170556b35a38a428a626f5c0f035c3e C:\Program Files\TOSHIBA\TOSHIBA Service Station\FilterLib.dll

MD5: 48a6a53e6b36ff664086a3f55297105e C:\Program Files\TOSHIBA\TOSHIBA Service Station\Interop.TosNcCom.dll

MD5: b8be9e10dd4f53866cda4c4e7868b15e C:\Program Files\TOSHIBA\TOSHIBA Service Station\libTMachInfo.dll

MD5: 9d2ac8c3e4e939b2bb07e642f90bbab4 C:\Program Files\TOSHIBA\TOSHIBA Service Station\PluginLib.dll

MD5: ef4add840fb64b62c2a0e6699925a311 C:\Program Files\TOSHIBA\TOSHIBA Service Station\Plugins\Alerts.dll

MD5: 05e8652d704175d366b4b123ee26f1b8 C:\Program Files\TOSHIBA\TOSHIBA Service Station\Plugins\PCHealthInfo.dll

MD5: 58327838b09ebaed3ea86721434c0578 C:\Program Files\TOSHIBA\TOSHIBA Service Station\Plugins\SwUpdates.dll

MD5: 28644b0523d64eff2fc7312a2ee74b0a C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

MD5: 541b822882607023e75ffec0c8f90faf C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

MD5: 1494918eb9c24c0da844a755b68c862f C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

MD5: 9f86003453da6e2705fc4250e845f088 C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe

MD5: c296e4aca39fcec238b3944c019e538d C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll

MD5: 56191f39883769f3e595551b5f36136d C:\Program Files\TOSHIBA\TPHM\TPCHDISK.dll

MD5: 45de454c57ba3556f434fa9f1611847d C:\Program Files\TOSHIBA\TPHM\TPCHMui.dll

MD5: 4aa4e09a213ed1376d494a6c9b71e462 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

MD5: fb795436d66dd0a7d615ebf8eb75d448 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

MD5: 8045d85c68a1b3b2abfb3169a8ed9b28 C:\Program Files\TOSHIBA\TPHM\TReport.dll

MD5: 5f91764211d1517c15c9d2c4ed665a09 C:\Program Files\TOSHIBA\Utilities\HWSetup.exe

MD5: c5b2679b0ae204fdd0415199b7afef20 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

MD5: eb19e5ce71b9410fa81e3672af2f8146 C:\Program Files\TOSHIBA\Utilities\NotifyX.dll

MD5: 96e8146a1107387eda800ca9ca36cdb0 C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe

MD5: 3b40d3a61aa8c21b88ae57c58ab3122e C:\Program Files\Windows Media Player\wmpnetwk.exe

MD5: 72287eb65a1ceb2b27e63aeab39649c0 C:\Program Files\WOT\WOT.dll

MD5: 5fc8307e040c2e95ea4f486c8379fb64 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37FD7DDE-B9F2-48A8-8B08-F4990836353F}\mpengine.dll

MD5: 5440ee9cd44616d60cde57ebdb286e95 C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

MD5: c3e39fb1398eee8e612c2fe53a9192ef C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MD5: a2bd298e0d4eab4618dda2c4c237261c C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll

MD5: 1c1d08a616b3ac56acab86d4b68bb9da C:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\405750446c2533817879ccad7b30dc54\SMSvcHost.ni.exe

MD5: 21e110ff1c0e948860458bd7b692de13 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MD5: 27e79a455ef80647f4f57fa3c2b09c94 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MD5: 1b6a47288ea57c7cf96b013324c67feb C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll

MD5: 51d2f66c0c55419ca4a797c8d1b0ad8d C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll

MD5: c3670cd073caf4866f600cda2e8cd0e5 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MD5: 84c62605b877a378fe6f76e380d97e7b C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll

MD5: ecf18c562bd3604293944120ca1dc208 C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll

MD5: 7765680e25e329708cb034b180cf9fcd C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll

MD5: dd80d3894f5e1d36864d9727214605cd C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll

MD5: 8b1590c627138166c015a5680abf6bb2 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MD5: 871f7f32e3441580138e61a4aa072df6 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MD5: 3518cb4e2d896cab53d5386f15ac0566 C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MD5: fba4773ecfeffc6566fb2ad13cec4940 C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

MD5: 56940b50ab0e5923822f47b0e4463885 C:\Windows\Downloaded Program Files\qsax.dll

MD5: a8c362018efc87beb013ee28f29c0863 C:\windows\ehome\ehRecvr.exe

MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\explorer.exe

MD5: 39cdcb109bf200cc8a05b9c7e6272d11 C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

MD5: 09a116fb06c5e362ef8938d29cdab27b C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: 8b92bed5b8d4a8480e7aa631f35a6f35 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: 972dcc74d4cdcb64086e7cfacbdb74cb C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll

MD5: c521d7eb6497bb1af6afa89e322fb43c C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

MD5: f476ec40033cdb91efbe73eb99b8362d C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: 2c49b175aee1d4364b91b531417fe583 C:\Windows\servicing\TrustedInstaller.exe

MD5: b57053cd59114d36952461ee638d3784 C:\windows\system32\acppage.dll

MD5: 9a39a2a5f443a756c568c6ed5748afe4 C:\windows\System32\Actioncenter.dll

MD5: 521b748a7f9923302ca18b7e6aa2eeae C:\windows\system32\ACTIVEDS.dll

MD5: d2958325c1ae1ae37a83334c6229e3bc C:\windows\system32\actxprxy.dll

MD5: d6280bddb45463c8ca6a647e2cfaba94 C:\windows\system32\ADMWPROX.DLL

MD5: 66640a55aeff3819c94e0a8d40d7e0ad C:\windows\system32\Adobe\Director\np32dsw_1202122.dll

MD5: 95e2376b3323f062eb562b8586d0f14a C:\windows\system32\ADVAPI32.dll

MD5: 8b794ae6d5c7d42092804bc39a2eb8f6 c:\windows\system32\AEPIC.dll

MD5: 7812537eb7af2eaed650f06332a805fd C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

MD5: eb7ab4d04810406731fd34538e4b9a0c C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

MD5: e8a4bbdb754f4b02d435676e1da61625 C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

MD5: 502d593cb5380b28973367d02a561c2a C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

MD5: 3df0a5319da331d41fedcd19e7943407 C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

MD5: c6d2cbbf23f941a258e4c7acd91d2c54 C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

MD5: 10e6e57e9969d65a204144733350cbfc C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

MD5: 679566981ad21a4a97b3ebdd02b90173 C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

MD5: 9d0753e3338218a16db6064792d4a104 C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

MD5: c0f480030d210e00d13ff5652de09bc4 C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

MD5: 2ef5989079a591fc8e0e1397ad0abccf C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

MD5: 070a8322a99c9896359a688c0f641e91 C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

MD5: 77c06a24bbff6910fa580deee7fa6860 C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

MD5: b5f32e970c316f18a2d371b0c6462493 C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

MD5: 663ad6d905f8243f7128a5ff253cd539 C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

MD5: 9366615015ae89730b120dfff84d398c C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

MD5: d8d8aace7e4adb74a2b5bcc4752d4551 C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

MD5: 6aff6341541922e8926b5d075b1b826f C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

MD5: dd96f6365b16e75a445f5799ef4c6e36 C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

MD5: 26a6d505be05d3af660f810906907b8e C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

MD5: 4c94752c2f167cd5f2311bccc37700ff C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5: f947fa55cb0404f107c3b96023584003 C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

MD5: 48c4878254c6bfe8f1bd3e70ccbed090 C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

MD5: bd329655c141263797405fc26a02a53b C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

MD5: d3e8f9b8c009eb158a7d3afb159f4eeb C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

MD5: 2d7c3d32691bd5f77b02f404d56b3edb C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

MD5: 62c50b99d25813365fdeb39c43d9c655 C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

MD5: 6a13b4f3b3f575f1e24b877b9359aaba C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

MD5: 49aca548b2423f1c67898e6ac719a9a6 C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

MD5: 2e33dfd10f28f86c3fc40ee123cc3904 C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

MD5: 1c60e09ca1c3a045bc4d367f67c915b7 C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

MD5: 60f4aefa103d421ea4a40e31409b4756 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

MD5: 6951562dc4625eefc6eacd52ad165866 C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

MD5: 007863e45f25aa47a4c30d0930bbfd85 C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

MD5: 589cbc4989f750e1da35625ab481cf43 C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

MD5: 3be0d923aa45a4dbe091c2d84f0b4fe7 C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

MD5: 2f75b73974ad36cfe84f86f766ca9fa0 C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\windows\system32\apphelp.dll

MD5: fb1959012294d6ad43e5304df65e3c26 c:\windows\system32\appinfo.dll

MD5: a5d26fd1187fcc3dacebdfacbdc6c2bc C:\windows\system32\atiadlxx.dll

MD5: d97e3dc09f2c53bde241fa4f30ee2573 C:\windows\system32\atidxx32.dll

MD5: ec202754d81ee0bb0d1dd5d1195fcf13 C:\Windows\System32\atieclxx.exe

MD5: 4b01f74396ac5a4eb4888eb9c6558da3 C:\Windows\System32\atiesrxx.exe

MD5: c940f2f5c60b3727c5f18840735b229c C:\windows\System32\audioses.dll

MD5: ce3b4e731638d2ef62fcb419be0d39f0 c:\windows\system32\audiosrv.dll

MD5: cdd35c1ce1ebfe80c055691cdc8df443 C:\windows\system32\authui.dll

MD5: 6e30d02aac9cac84f421622e3a2f6178 C:\windows\System32\AxInstSV.dll

MD5: dab748ae0439955ed2fa22357533dddb C:\windows\system32\basesrv.DLL

MD5: 67c1b58706b47eeba4e117ac197289e6 C:\windows\system32\BatMeter.dll

MD5: 1e2bac209d184bb851e1a187d8a29136 c:\windows\system32\bfe.dll

MD5: ea2b00551f3e7b3d5f7fb730a55f8246 C:\windows\system32\BlackBox.dll

MD5: 72910f1deb838e6e08a9017bfb7d4f0b C:\windows\system32\BROWCLI.DLL

MD5: 3daa727b5b0a45039b0e1c9a211b8400 c:\windows\system32\browser.dll

MD5: e3d5e244807ad655787fcd25477cc1bc C:\Windows\System32\bthprops.cpl

MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll

MD5: 319c6b309773d063541d01df8ac6f55f C:\windows\System32\certprop.dll

MD5: 3ffaea12666e565ff51bf2fca674f543 C:\windows\system32\CFGMGR32.dll

MD5: 3e2afafa158c9ed670c106842bdcc81e C:\Windows\System32\CISVC.EXE

MD5: ae9898d5600a232cd8ae3298692162e5 C:\windows\system32\CLUSAPI.DLL

MD5: ad7b9c14083b52bc532fba5948342b98 C:\windows\system32\cmd.exe

MD5: 50ba656134f78af64e4dd3c8b6fefd7e C:\windows\system32\cngaudit.dll

MD5: 7227043c783f12f9fb1f312bff791660 C:\windows\System32\CNMLM9F.DLL

MD5: d1de1eafde97be41cf6585027ff3e732 C:\windows\system32\COMDLG32.dll

MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\windows\system32\credssp.dll

MD5: 108c2cfa5527458c096a699929ecbd80 C:\windows\system32\credui.dll

MD5: 60d21799a4af4edce65fb98830e4b0c8 C:\windows\system32\CRYPT32.dll

MD5: ca79539d3d4c0ba66f0f051a5ee5e923 C:\windows\system32\cryptnet.dll

MD5: 96c0e38905cfd788313be8e11dae3f2f c:\windows\system32\cryptsvc.dll

MD5: 28ca821606669bb9215ce010767720fa C:\windows\system32\CRYPTUI.dll

MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\windows\System32\cscapi.dll

MD5: 23ab7e36551c6ba5370ef7f05142f0eb C:\windows\system32\CSRSRV.dll

MD5: 342271f6142e7c70805b8a81e1ba5f5c C:\Windows\System32\csrss.exe

MD5: 9ff8f684bacf326082e5562f7c104a79 C:\windows\system32\d2d1.dll

MD5: 3c1936a12c62254f914a01bbc6a8dc69 C:\windows\system32\d3d10_1.dll

MD5: d4212ab475a3b25ec4df574536c3edc5 C:\windows\system32\d3d10_1core.dll

MD5: b3170ccc779b682c3341873ea60cf084 C:\windows\system32\D3D10Warp.dll

MD5: 7acdfb4cc67f4993df0e0731576309b2 C:\windows\system32\d3d11.dll

MD5: 284b59d7b56fc76c80e622ab856b1fab C:\windows\System32\davclnt.dll

MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 c:\windows\system32\dbghelp.dll

MD5: e9e01eb683c132f7fa27cd607b8a2b63 c:\windows\system32\dhcpcore.dll

MD5: ef71ba5df59034962b0c62314a71351a C:\windows\System32\dhcpcore6.dll

MD5: 81f6c1ae23b1c493d9e996c3103915d7 C:\windows\System32\dhcpcsvc6.DLL

MD5: ecf036299aa554b5e0455262857b39d0 C:\windows\system32\diagperf.dll

MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\windows\system32\DNSAPI.dll

MD5: 100103c6535c66265267f5eea5f5846e C:\windows\System32\dnsext.dll

MD5: 33ef4861f19a0736b11314aad9ae28d0 c:\windows\system32\dnsrslvr.dll

MD5: 366ba8fb4b7bb7435e3b9eacb3843f67 C:\windows\System32\dot3svc.dll

MD5: 8ec04ca86f1d68da9e11952eb85973d6 c:\windows\system32\dps.dll

MD5: 0c0df0f05baea320fa301f34e256e08b C:\windows\system32\dpx.dll

MD5: 1b133875b8aa8ac48969bd3458afe9f5 C:\windows\system32\drivers\1394ohci.sys

MD5: cea80c80bed809aa0da6febc04733349 C:\windows\system32\drivers\ACPI.sys

MD5: 1efbc664abff416d1d07db115dcb264f C:\windows\system32\drivers\acpipmi.sys

MD5: 9ebbba55060f786f0fcaa3893bfa2806 C:\windows\system32\drivers\afd.sys

MD5: 07758c2196a62f207f77556311e7459a C:\windows\system32\DRIVERS\AGRSM.sys

MD5: d320bf87125326f996d4904fe24300fc C:\windows\system32\drivers\amdsata.sys

MD5: 46387fb17b086d16dea267d5be23a2f2 C:\windows\system32\drivers\amdxata.sys

MD5: aea177f783e20150ace5383ee368da19 C:\windows\system32\drivers\appid.sys

MD5: a12b4aa7f1294f065a03fba79de29e5a C:\windows\system32\DRIVERS\atikmdag.sys

MD5: 8f2da3028d5fcbd1a060a3de64cd6506 C:\windows\system32\DRIVERS\bowser.sys

MD5: be167ed0fdb9c1fa1133953c18d5a6c9 C:\windows\system32\DRIVERS\cdrom.sys

MD5: 247b4ce2dab1160cd422d532d5241e1f C:\windows\System32\Drivers\cng.sys

MD5: cbe8c58a8579cfe5fccf809e6f114e89 C:\windows\system32\drivers\CompositeBus.sys

MD5: f024449c97ec1e464aaffda18593db88 C:\windows\System32\Drivers\dfsc.sys

MD5: 23f5d28378a160352ba8f817bd8c71cb C:\windows\System32\drivers\dxgkrnl.sys

MD5: 988c0a49f09d75d3341cb419141793c1 C:\windows\system32\DRIVERS\ewusbmdm.sys

MD5: 01fd440c181c2e2f993ccf7b677701e8 C:\windows\system32\DRIVERS\ewusbnet.sys

MD5: e306a24d9694c724fa2491278bf50fdb C:\windows\System32\DRIVERS\fvevol.sys

MD5: 9036377b8a6c15dc2eec53e489d159b5 C:\windows\system32\drivers\HDAudBus.sys

MD5: a5ef29d5315111c80a5c1abad14c8972 C:\windows\system32\drivers\HdAudio.sys

MD5: a88485dc6a7136c10d9a6c7e38fdfe3c C:\windows\system32\DRIVERS\HECI.sys

MD5: 10c19f8290891af023eaec0832e1eb4d C:\windows\system32\DRIVERS\hidusb.sys

MD5: 871917b07a141bff43d76d8844d48106 C:\windows\system32\drivers\HTTP.sys

MD5: 0c4e035c7f105f1299258c90886c64c5 C:\windows\System32\drivers\hwpolicy.sys

MD5: d5edb998656e6ecf1a17c78dab019a3c C:\windows\system32\DRIVERS\iaStor.sys

MD5: 5cd5f9a5444e6cdcb0ac89bd62d8b76e C:\windows\system32\drivers\iaStorV.sys

MD5: 4bd7134618c1d2a27466a099062547bf C:\windows\system32\drivers\IPMIDrv.sys

MD5: 9e3ced91863e6ee98c24794d05e27a71 C:\windows\system32\drivers\kbdhid.sys

MD5: b7895b4182c0d16f6efadeb8081e8d36 C:\windows\System32\Drivers\ksecdd.sys

MD5: d30159ac9237519fbc62c6ec247d2d46 C:\windows\System32\Drivers\ksecpkg.sys

MD5: 6adab14d7ad12b35bdc665b35278099b C:\windows\system32\DRIVERS\LPCFilter.sys

MD5: fc8771f45ecccfd89684e38842539b9b C:\windows\System32\drivers\mountmgr.sys

MD5: cf105ee42e3f71e648cebb3f666e1cf0 C:\windows\system32\DRIVERS\MpFilter.sys

MD5: 2d699fb6e89ce0d8da14ecc03b3edfe0 C:\windows\system32\drivers\mpio.sys

MD5: a5888c609efcc07b060dd823fa3d474a C:\windows\system32\drivers\mqac.sys

MD5: ceb46ab7c01c9f825f8cc6babc18166a C:\windows\system32\drivers\mrxdav.sys

MD5: 5d16c921e3671636c0eba3bbaac5fd25 C:\windows\system32\DRIVERS\mrxsmb.sys

MD5: 6d17a4791aca19328c685d256349fefc C:\windows\system32\DRIVERS\mrxsmb10.sys

MD5: b81f204d146000be76651a50670a5e9e C:\windows\system32\DRIVERS\mrxsmb20.sys

MD5: 012c5f4e9349e711e11e0f19a8589f0a C:\windows\system32\drivers\msahci.sys

MD5: 55055f8ad8be27a64c831322a780a228 C:\windows\system32\drivers\msdsm.sys

MD5: cb7a9abb12b8415bce5d74994c7ba3ae C:\windows\system32\drivers\msiscsi.sys

MD5: 8c9c922d71f1cd4def73f186416b7896 C:\windows\system32\drivers\ndis.sys

MD5: d8a65dafb3eb41cbb622745676fcd072 C:\windows\system32\DRIVERS\ndisuio.sys

MD5: 38fbe267e7e6983311179230facb1017 C:\windows\system32\DRIVERS\ndiswan.sys

MD5: 280122ddcf04b378edd1ad54d71c1e54 C:\windows\System32\DRIVERS\netbt.sys

MD5: 832e098bca8235436fe2d8ae50ac3718 C:\windows\system32\DRIVERS\NisDrvWFP.sys

MD5: b3e25ee28883877076e0e1ff877d02e0 C:\windows\system32\drivers\nvraid.sys

MD5: 4380e59a170d88c4f1022eff6719a8a4 C:\windows\system32\drivers\nvstor.sys

MD5: 3f34a1b4c5f6475f320c275e63afce9b C:\windows\System32\drivers\partmgr.sys

MD5: 673e55c3498eb970088e812ea820aa8f C:\windows\system32\drivers\pci.sys

MD5: 1b5011dd8d57f53aed31ff0f7d635802 C:\windows\system32\DRIVERS\pgeffect.sys

MD5: 226baacbfa1ba1a4937935dbc23cb1cd C:\windows\system32\DRIVERS\point32.sys

MD5: d24dfd16a1e2a76034df5aa18125c35d C:\windows\system32\DRIVERS\psi_mf.sys

MD5: d528bc58a489409ba40334ebf96a311b C:\windows\system32\DRIVERS\rdbss.sys

MD5: 23dae03f29d253ae74c44f99e515f9a1 C:\windows\System32\DRIVERS\RDPCDD.sys

MD5: 518395321dc96fe2c9f0e96ac743b656 C:\windows\System32\drivers\rdyboost.sys

MD5: 906dcfc5ebf4ec0433f8d4fffb0ba334 C:\windows\system32\DRIVERS\RMCAST.sys

MD5: bcebd5d1aabce4efb7597635e347c44b C:\windows\system32\DRIVERS\Rt86win7.sys

MD5: 72a5515a2031d458dd38e9336594184b C:\windows\system32\drivers\RtHDMIV.sys

MD5: 810ad686e0c342817b24a631f734850c C:\windows\system32\drivers\RTKVHDA.sys

MD5: 8327c64e9a4d052339c16499d08f7d6c C:\windows\system32\DRIVERS\rtl8192se.sys

MD5: 83f7a29b659771e60cd71999ef57aa0c C:\windows\System32\Drivers\RtsUStor.sys

MD5: 05d860da1040f111503ac416ccef2bca C:\windows\system32\drivers\sbp2port.sys

MD5: 0693b5ec673e34dc147e195779a4dcf6 C:\windows\System32\DRIVERS\scfilter.sys

MD5: 6d4ccaedc018f1cf52866bbbaa235982 C:\windows\system32\drivers\sffp_sd.sys

MD5: e4c2764065d66ea1d2d3ebc28fe99c46 C:\windows\System32\DRIVERS\srv.sys

MD5: 03f0545bd8d4c77fa0ae1ceedfcc71ab C:\windows\System32\DRIVERS\srv2.sys

MD5: be6bd660caa6f291ae06a718a4fa8abc C:\windows\System32\DRIVERS\srvnet.sys

MD5: 6da97d6b6de6326eba8ab8291ab41a09 C:\windows\system32\DRIVERS\SynTP.sys

MD5: 7c0507d2391af5933600cbced799f277 C:\windows\System32\drivers\tcpip.sys

MD5: 3eebd3bd93da46a26e89893c7ab2ff3b C:\windows\System32\drivers\tcpipreg.sys

MD5: 4084ea00d50c858d6f9038f86ae2e2d0 C:\windows\system32\DRIVERS\tdcmdpst.sys

MD5: 1cb91b2bd8f6dd367dfc2ef26fd751b2 C:\windows\system32\drivers\tdpipe.sys

MD5: 2c2c5afe7ee4f620d69c23c0617651a8 C:\windows\system32\drivers\tdtcp.sys

MD5: b459575348c20e8121d6039da063c704 C:\windows\system32\DRIVERS\tdx.sys

MD5: 04dbf4b01ea4bf25a9a3e84affac9b20 C:\windows\system32\drivers\termdd.sys

MD5: 969377943fe7284609babbab4e06b93c C:\windows\system32\DRIVERS\tos_sps32.sys

MD5: 254bb140eee3c59d6114c1a86b636877 C:\windows\System32\DRIVERS\tssecsrv.sys

MD5: fd1d6c73e6333be727cbcc6054247654 C:\windows\system32\drivers\tsusbflt.sys

MD5: b2fa25d9b17a68bb93d58b0556e8c90d C:\windows\system32\DRIVERS\tunnel.sys

MD5: fc24015b4052600c324c43e3a79c0664 C:\windows\system32\DRIVERS\TVALZ_O.SYS

MD5: 866462f5ae3f375ef83ef9dce436031c C:\windows\system32\DRIVERS\TVALZFL.sys

MD5: ee43346c7e4b5e63e54f927babbb32ff C:\windows\system32\DRIVERS\udfs.sys

MD5: d295bed4b898f0fd999fcfa9b32b071b C:\windows\system32\DRIVERS\umbus.sys

MD5: bd9c55d7023c5de374507acc7a14e2ac C:\windows\system32\DRIVERS\usbccgp.sys

MD5: f92de757e4b7ce9c07c5e65423f3ae3b C:\windows\system32\drivers\usbehci.sys

MD5: 8dc94aec6a7e644a06135ae7506dc2e9 C:\windows\system32\DRIVERS\usbhub.sys

MD5: e185d44fac515a18d9deddc23c2cdf44 C:\windows\system32\drivers\usbohci.sys

MD5: f991ab9cc6b908db552166768176896a C:\windows\system32\DRIVERS\USBSTOR.SYS

MD5: 68df884cf41cdada664beb01daf67e3d C:\windows\system32\drivers\usbuhci.sys

MD5: 45f4e7bf43db40a6c6b4d92c76cbc3f2 C:\windows\System32\Drivers\usbvideo.sys

MD5: 5461686cca2fda57b024547733ab42e3 C:\windows\system32\drivers\vhdmp.sys

MD5: 4c63e00f2f4b5f86ab48a58cd990f212 C:\windows\system32\drivers\volmgr.sys

MD5: f497f67932c6fa693d7de2780631cfe7 C:\windows\system32\drivers\volsnap.sys

MD5: 3c3c78515f5ab448b022bdf5b8ffdd2e C:\windows\system32\DRIVERS\wanarp.sys

MD5: a840213f1acdcc175b4d1d5aaeac0d7a C:\windows\system32\drivers\Wdf01000.sys

MD5: a67e5f9a400f3bd1be3d80613b45f708 C:\windows\system32\DRIVERS\WinUsb.sys

MD5: 06e6f32c8d0a3f66d956f57b43a2e070 C:\windows\system32\drivers\WudfPf.sys

MD5: 867c301e8b790040ae9cf6486e8041df C:\windows\system32\DRIVERS\WUDFRd.sys

MD5: ee29fcc244c8033e2f748d863dcbf378 C:\windows\System32\drt.dll

MD5: aa3b91b70e79bce70ad3b190789b9574 C:\windows\System32\drttransport.dll

MD5: 497e59d9f01c6f247e72222a61835119 C:\windows\system32\dwmcore.dll

MD5: 754afc50022c95da7c86b7020db78136 C:\windows\system32\dwmredir.dll

MD5: 4277f5164de9b7c665bb928b9145bee0 C:\windows\system32\DWrite.dll

MD5: d4f264fe23f8953d840904418220c15e C:\windows\system32\dxgi.dll

MD5: addb05c93272a62606599b24730bd645 C:\windows\system32\dxp.dll

MD5: 9a892b3439884c62b04718f0303a49e9 C:\windows\system32\eapphost.dll

MD5: 91f434ff6606ed9bdc6a05d651b69553 C:\windows\system32\efslsaext.dll

MD5: 1060d60cca69a8136a87dbe3c8f4a467 C:\windows\system32\EhStorAPI.dll

MD5: 8444a7364d6877922049e99bf4b78c5c C:\windows\system32\elscore.dll

MD5: 02a2ed8497f437ea200df3aced255afe C:\windows\system32\ElsLad.dll

MD5: 5c3f9dba818cd93379d1a0f215270374 C:\windows\system32\ESENT.dll

MD5: 5c957c6898566af9e2ab990e71447f47 C:\windows\System32\evntagnt.dll

MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\windows\system32\EXPLORERFRAME.dll

MD5: 1e8d06aae74fed674c1156b3fea911c2 C:\windows\system32\faultrep.dll

MD5: f34cfada6c48daa41b996d24c7d8d3ca C:\Windows\system32\fdPnp.dll

MD5: 674611721264013db169ec12afc9c3b6 C:\Windows\system32\fdssdp.dll

MD5: de6f4b7e62fde776f3de8e5fb5a05c48 C:\Windows\system32\fdwsd.dll

MD5: e12c4928b32ace04610259647f072635 c:\windows\system32\fntcache.dll

MD5: d0481fb85beedd30a0884be327880f80 C:\windows\System32\framedynos.dll

MD5: e6d90dc604f407b3b5e0fd285e46b2a0 C:\windows\system32\FVEAPI.dll

MD5: c87f28a34b3840f4b40011d170b1a159 C:\windows\system32\FVECERTS.dll

MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\windows\System32\fwpuclnt.dll

MD5: 126f8331bd023178c7f0ef2f5ede16b3 C:\windows\System32\FXSMON.DLL

MD5: 967ea5b213e9984cbe270205df37755b C:\windows\system32\fxssvc.exe

MD5: 64e211e0fdfce4d186df58bb7d0503bc C:\Windows\System32\gameux.dll

MD5: e87f5393f7d8ce2facc4dff703531392 C:\windows\system32\GDI32.dll

MD5: e897eaf5ed6ba41e081060c9b447a673 c:\windows\system32\gpsvc.dll

MD5: c7952d0a4c43a965a1741916bb134751 C:\windows\System32\hgcpl.dll

MD5: f059eb4c9c256f62f196eaa439e28f74 C:\windows\system32\hgprint.dll

MD5: e2f6cc0d191361ee94fea3957653f531 C:\windows\system32\hidphone.tsp

MD5: 4e4ffe2f117dcc665b08b9ecf6b7f8cc C:\windows\System32\hostmib.dll

MD5: 7319102526bd11b45fd66335cf90ca12 C:\windows\System32\HotStartUserAgent.dll

MD5: 8cd1dee212e52b9c22e66dba44991d32 c:\windows\system32\HTTPAPI.dll

MD5: 9dc23acf360aea7df55ad7a8d3fbf4e6 C:\windows\System32\IdListen.dll

MD5: 0f44172a5b34e8f208cd0f209edd4a73 C:\Windows\System32\ieapfltr.dll

MD5: 0b6118058942961d504aaea04fecb116 C:\Windows\System32\ieframe.dll

MD5: b5dec0d4cbbc333ca99fe10b06d4747e C:\windows\system32\iertutil.dll

MD5: 90f785f7594e3af23d4392677042be9a C:\windows\system32\IEUI.dll

MD5: ee88cadd249395cc12741d88eea3bc35 C:\windows\system32\IisRTL.DLL

MD5: f95622f161474511b8d80d6b093aa610 c:\windows\system32\ikeext.dll

MD5: b2db6aba2e292235749b80a9c3dfa867 C:\windows\system32\imagehlp.dll

MD5: 2d11bc8b460957e62e4420373a0d8bda C:\Windows\system32\imapi2.dll

MD5: 4a8e2f20809cc161107faa94f6cf2685 C:\windows\system32\IMM32.DLL

MD5: bf7ddbe14fa4b68aab6a3c78ef5c96b8 C:\windows\System32\inetmib1.dll

MD5: d27dde7e0444c7f1819f958469eb7d93 C:\windows\System32\inetpp.dll

MD5: b7f06015281a0c5039e7bb3450e1efd6 C:\windows\system32\inetsrv\abocomp.dll

MD5: d1af38fbac0dc7e6d796b0ed01707ee0 c:\windows\system32\inetsrv\apphostsvc.dll

MD5: e158556d5efd0a29db72d911c10b816a C:\windows\system32\inetsrv\COADMIN.dll

MD5: 0885a500383a7909449107e931eb8089 C:\windows\system32\inetsrv\ftpmib.dll

MD5: 8ae9edbbc50d07f05f38c5ea6191c3fa c:\windows\system32\inetsrv\ftpsvc.dll

MD5: 630da5a6fcc8f4571f60e6303236c155 C:\windows\system32\inetsrv\httpmib.dll

MD5: f28fed8361102ed9bd5e96687d89842c C:\windows\system32\inetsrv\iisadmin.dll

MD5: 62c5969251c778edba113af7b621fc7e C:\windows\system32\inetsrv\IISCFG.DLL

MD5: 03f4bcdba6aaa50590681ccbe9f7142c c:\windows\system32\inetsrv\IISRES.DLL

MD5: 098634437fff35e945219ed7c9ad32bb c:\windows\system32\inetsrv\IISUTIL.dll

MD5: 57c8c20bfa5bef6bd851ebac67a8ced0 c:\windows\system32\inetsrv\iisw3adm.dll

MD5: fc9735b66850cf8aebbc1e207ecb2ad8 C:\Windows\System32\inetsrv\inetinfo.exe

MD5: 6841eda8f95105970f7d6889e61393a5 C:\windows\system32\inetsrv\metadata.dll

MD5: cbc511f9601c1a73e750ce9ca39822f0 c:\windows\system32\inetsrv\nativerd.dll

MD5: 7e744c3c2f90e3a19ec964db8d61311c C:\windows\system32\inetsrv\rpcref.dll

MD5: f8ee73f542afd1f9324a21376370e92b C:\windows\system32\inetsrv\svcext.dll

MD5: e64f2b50867ca6f463c8de6793e41186 c:\windows\system32\inetsrv\W3TP.dll

MD5: cde28dc62a760847f843603709a2a72a C:\windows\system32\inetsrv\wamreg.dll

MD5: e7cc66d614963b739458add580bf5bc6 C:\windows\system32\inetsrv\wbhstipm.dll

MD5: 768eb4cf354b061dfd38c5569abf4c59 C:\windows\system32\inetsrv\wmsvc.exe

MD5: a90dc9abd65db1a8902f361103029952 C:\windows\system32\IPHLPAPI.DLL

MD5: 58f67245d041fbe7af88f4eaf79df0fa c:\windows\system32\iphlpsvc.dll

MD5: 53946b69ba0836bd95b03759530c81ec C:\windows\System32\ipsecsvc.dll

MD5: 6ef6b6eacca13dd6131624e0dd5c14a3 C:\windows\system32\jscript.dll

MD5: 9b59687619b27cda24638cdc3af079fb C:\windows\System32\jscript9.dll

MD5: bda0b954a30498b5a7edc6204cba07ed C:\windows\system32\kerberos.DLL

MD5: ae09b85158c66e2c154c5c9b3c0027b3 C:\windows\system32\kernel32.dll

MD5: ad88d390c9417c959e08f8bf6f2b8154 C:\windows\system32\KERNELBASE.dll

MD5: af75dba674e55221b7a055b0a4345f16 C:\windows\system32\keyiso.dll

MD5: f3fb146cdbdd26fcd0cf7941c547bee4 C:\windows\system32\kmddsp.tsp

MD5: 196b4e3f4cccc24af836ce58facbb699 C:\windows\system32\kmsvc.dll

MD5: c1585eaa67c37a05bf6f93726fafc069 c:\windows\system32\l2gpstore.dll

MD5: 6658f4404de03d75fe3ba09f7aba6a30 c:\windows\system32\listsvc.dll

MD5: 55ca01ba19d0006c8f2639b6c045e08b c:\windows\system32\lmhsvc.dll

MD5: 281d2ab35c2de2b4ad083d491b4c5606 C:\windows\System32\lmmib2.dll

MD5: 74af6aa2e8b3180aadae5fe8813cb1cd C:\windows\System32\localspl.dll

MD5: 8ea53101ff2b15bdff934b62a8fb326d C:\windows\system32\LOGONCLI.DLL

MD5: c95ca687d32ddab1c91e1122e80d5e16 C:\windows\system32\lsasrv.dll

MD5: 81951f51e318aecc2d68559e47485cc4 C:\Windows\System32\lsass.exe

MD5: 8aea9a37c1a3565a204d37c5e72ab791 C:\Windows\System32\lsm.exe

MD5: 9d8f3b5e2facdaf0183caa834aad7171 C:\windows\system32\Macromed\Flash\Flash32_11_7_700_169.ocx

MD5: 479901c99fa62d1c3261b7acb1228dad C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

MD5: f7e72d3a281f922bacec1a71a826d4c2 C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll

MD5: bfb9ee8ee977efe85d1a3105abef6dd1 C:\windows\system32\Mcx2Svc.dll

MD5: dc6612a9ee015a36ba2a27bc9cc12537 C:\windows\system32\MFC42.DLL

MD5: 243974ec02f7ae49e4179c54624143ab c:\windows\system32\MMDevAPI.DLL

MD5: 4eaf682e27490a3d45c0ebb6537ee6a8 C:\windows\system32\modemui.dll

MD5: d4191efab91e00fc09257aa5ebaf503b C:\windows\System32\MPRAPI.dll

MD5: 9835584e999d25004e1ee8e5f3e3b881 c:\windows\system32\mpssvc.dll

MD5: cea9ebd7944949be2fa9251d702fa43f C:\windows\system32\MqLogMgr.dll

MD5: ca757ee65990da2cd3adcae7735df818 C:\windows\system32\MQQM.dll

MD5: b6775ea1e6847ac8428bf8b872bec79b C:\windows\system32\mqrt.dll

MD5: 9fd897381edadf3143a6fa5c553b95b8 C:\windows\system32\mqsec.dll

MD5: e582b9e88ef4980c3b76276620fe667b C:\Windows\System32\mqsvc.exe

MD5: 9cced9b5ad63bece2f8bc75a5e04cdab C:\Windows\System32\mqtgsvc.exe

MD5: 6daecdadea292ae26765c2f29d1b1044 C:\windows\system32\mqtrig.dll

MD5: d131c503c67f5f726fb5e87dd23bde77 C:\windows\system32\mqutil.dll

MD5: 938f39b50bafe13d6f58c7790682c010 C:\windows\system32\MSASN1.dll

MD5: 7f8678c59f188528d60104e697c2361e C:\windows\system32\mscms.dll

MD5: d83947a58613e9091b4c9cc0f1546a8d C:\windows\system32\MSCOREE.DLL

MD5: 7069aab8536f29ed7323140973a2894b C:\windows\system32\msdmo.dll

MD5: 3a16ea01fcfaab40882db5bfee632322 C:\windows\system32\MsftEdit.dll

MD5: d017bf8d92938eeb9b3a1d1c53fda152 C:\windows\system32\MSHTML.dll

MD5: a6c29db53eca94fa8591c5388d604b82 C:\windows\system32\msi.dll

MD5: eee470f2a771fc0b543bdeef74fceca0 C:\windows\system32\msiexec.exe

MD5: c225e5307d8d4982a1687f2702c37c78 C:\windows\system32\msls31.dll

MD5: cbbd4d79eec3ef5a4adae9697944c6b9 C:\Windows\System32\msmpeg2enc.dll

MD5: 387a8a473ecc5ba02cf453277c1f3274 c:\windows\system32\mspatcha.dll

MD5: c90878913df3dc504790282043db5f4c C:\windows\system32\msprivs.DLL

MD5: 87e71f2a83681f41b796ca685818ef2d C:\windows\system32\MSRATING.dll

MD5: 0241cb16136b9a4939ca0395768ae286 C:\windows\system32\MSSRCH.DLL

MD5: 56ceed370508f69a1ba04939bd1badda C:\windows\system32\MSUTB.dll

MD5: 4c1e16b9a53102c8d6fba587cbcb95de C:\windows\system32\msv1_0.DLL

MD5: ab09ce954c647f3c2b4328b57d519996 C:\windows\system32\MSVCP110.dll

MD5: 80e987dbe08677e2ec09615cd4358607 C:\windows\system32\MSVCR110.dll

MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\windows\system32\msvcrt.dll

MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\windows\system32\MSWSOCK.DLL

MD5: 1cdea9188899e76d4ffd54c9d512ccdb C:\windows\System32\msxml3.dll

MD5: eaadd6e47ed2a7003ace1793b98cf63f C:\windows\System32\msxml6.dll

MD5: 8b57a1ad493653bb57f281fe75dd175b C:\windows\System32\NaturalLanguage6.dll

MD5: 45d9f6cd2469cdb6a640dd4bd2b01471 C:\windows\system32\NCI.dll

MD5: a4cc7227a452c4909f9499d91b184364 C:\windows\system32\NCObjAPI.DLL

MD5: bf6d6ed5fadceee885bd0144ecf1ba27 C:\windows\system32\ncrypt.dll

MD5: 140d9f911182357626165ea0beb98c4f c:\windows\system32\ncsi.dll

MD5: aa11a26692e0db2996caefe9ec61f61f C:\windows\system32\ndptsp.tsp

MD5: 6dcfaec6d1334aa6cdf8961db4633cbf C:\windows\system32\negoexts.DLL

MD5: 2fca0d2c59a855c54bafa22aa329df0f C:\windows\system32\NETAPI32.dll

MD5: 1ff7e4f548c7c372c804938f0d5b36ae C:\Windows\system32\netcfgx.dll

MD5: e343cabbd8d600abaf3f11625d33b3d0 C:\windows\system32\netjoin.dll

MD5: c1809b9907adedaf16f50c894100883b C:\windows\system32\netlogon.DLL

MD5: eab975db4c2805927fe5bd047d05c9aa C:\windows\System32\netshell.dll

MD5: 20b3934db73eaba2b49b7177873cb81f C:\windows\system32\netutils.dll

MD5: 3d57ffbad3ed16b63de3879bab0fb56f C:\windows\system32\NetworkExplorer.dll

MD5: 50e0dd0a5b8d8bc353578f2f73926697 C:\windows\System32\nlaapi.dll

MD5: 374071043f9e4231ee43be2bb48dd36d c:\windows\system32\nlasvc.dll

MD5: 28caaa8b3dac4604b6871f311c6b9f49 C:\windows\System32\NLSData0000.dll

MD5: 61b33014f2d2a4f9553f6ef64fb82e31 C:\windows\System32\NLSData000c.dll

MD5: d8f67ccccf4de5ebd0e1f79121afa79e C:\windows\System32\NLSData0010.dll

MD5: 8133ea1a6258d0f536ec51be0a67855a C:\windows\System32\NLSData0013.dll

MD5: d0e2272a41640708f630258101e96e15 C:\windows\System32\NLSData001d.dll

MD5: 816fa57475ce5032e063bf69bfcd4c85 C:\windows\System32\NLSData0021.dll

MD5: 420db712b24607220c11fc08a9f9371c C:\windows\System32\NLSData0416.dll

MD5: ac7d0114246661b1e29a0939039157c5 C:\windows\System32\NLSLexicons000c.dll

MD5: 8ea11b7df3200d72d10fb7d33f750ef4 C:\windows\System32\NLSLexicons0010.dll

MD5: 1ab5b6ec4981d49a0d04dee0e1085bec C:\windows\System32\NLSLexicons0013.dll

MD5: 7ad593a3bf85a6ccb279374c16c83054 C:\windows\System32\NLSLexicons001d.dll

MD5: 5003adec6ff342d5c0bbab94b76fe5e0 C:\windows\System32\NLSLexicons0021.dll

MD5: d4bd9f86123c87eca570418b69326f99 C:\windows\system32\npDeployJava1.dll

MD5: d2a937964199f647b1c3bc435712e5d9 c:\windows\system32\nrpsrv.DLL

MD5: ba387e955e890c8a88306d9b8d06bf17 c:\windows\system32\nsisvc.dll

MD5: c30a91ade8c9cb91e4281ec83c4500c6 C:\windows\SYSTEM32\ntdll.dll

MD5: d7b7159bc8374e87d8c45a30377a3440 C:\windows\System32\ntlanman.dll

MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\windows\system32\ntshrui.dll

MD5: 7d34af98a706230cc2dedfe0cabf87ab C:\windows\system32\ODBC32.dll

MD5: 928cf7268086631f54c3d8e17238c6dd C:\windows\system32\ole32.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\windows\system32\OLEACC.dll

MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\windows\system32\OLEAUT32.dll

MD5: f748f53fe09d21d8ecbb6421e6792024 c:\windows\system32\OneX.DLL

MD5: 08df1b8c9c0754a7069e80a986373f52 C:\windows\System32\P2P.dll

MD5: 1b0ec94520cab89a9ce1b2da405166af C:\windows\System32\P2PCOLLAB.dll

MD5: 1372e8e8fd066002131e3d509275e697 c:\windows\system32\P2PGRAPH.dll

MD5: 487f44b08efeaf5ad087878357b9403d C:\windows\system32\pdh.dll

MD5: 7e82616bee76bf5eaa5b30f681414e21 C:\windows\system32\perftrack.dll

MD5: 37cc990d4e2cdfae12ac47f6b620fc13 C:\windows\system32\pku2u.DLL

MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\windows\system32\pla.dll

MD5: 3d6f22551d422f97aacb0bb927e4c846 C:\windows\System32\pnidui.dll

MD5: e98278865e8daba21cfe5fe4be34210a C:\windows\system32\PortableDeviceApi.dll

MD5: c693e642acfbdd76433af6be3c3eee6f C:\Windows\System32\portabledeviceconnectapi.dll

MD5: 03cf941d031f30272d3063e5a4d686f5 C:\windows\System32\PrintIsolationProxy.dll

MD5: c8333f1f77a1b2e25f2202e892caf634 C:\windows\system32\prnfldr.dll

MD5: cadefac453040e370a1bdff3973be00d c:\windows\system32\profsvc.dll

MD5: 12c45e3cb6d65f73209549e2d02eca7a c:\windows\system32\PROPSYS.dll

MD5: dbc02d918fff1cad628acbe0c0eaa8e8 c:\windows\system32\provsvc.dll

MD5: 02530b0b7e048dd5ac8d52daeacaeb2b C:\windows\System32\QAgent.dll

MD5: 61d57a5d7c6d9afe10e77dae6e1b445e C:\windows\system32\qagentRT.dll

MD5: e585445d5021971fae10393f0f1c3961 C:\windows\System32\qmgr.dll

MD5: 63b282fb2550893724647a359ba2323f C:\windows\system32\query.dll

MD5: bd626ef05967d14c772b8096292731a3 C:\windows\System32\QUtil.dll

MD5: 7ffd52d73352806969d424ef327d10a7 C:\windows\system32\radardt.dll

MD5: 207cf171b1c6b8ae50c1fbf87363eebc C:\windows\System32\raschap.dll

MD5: cb9e04dc05eacf5b9a36ca276d475006 c:\windows\system32\rasmans.dll

MD5: 67f9b5c7e215b48f9256757e9cc09a7b C:\windows\system32\rasppp.dll

MD5: b2e1e4a16edd02396f451f915fa3cbfa C:\windows\system32\rastapi.DLL

MD5: 432be6cf7311062633459eef6b242fb5 C:\windows\system32\regsvr32.exe

MD5: 2af094c822bd6094f14a8e85fb51d52a C:\windows\system32\RESUTILS.DLL

MD5: 6400774e903729add0a62a24a334ee56 C:\windows\system32\RPCRT4.dll

MD5: 5997d769cdb108390dcfaebf442bf816 C:\windows\system32\RpcRtRemote.dll

MD5: 7660f01d3b38aca1747e397d21d790af c:\windows\system32\rpcss.dll

MD5: 9ecc4447e144444f26fc64727818bc15 C:\windows\system32\RTCOM\RtkCfg.dll

MD5: 247d206bbf8829aef3ed8b960f68d8f6 C:\windows\system32\RtkAPO.dll

MD5: 0d7692b1a2bdea98f460358d7ffe4f73 C:\windows\system32\RtkHDMI.dll

MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\windows\System32\rtutils.dll

MD5: 68ecca523ed760aafc03c5d587569859 C:\windows\system32\SAMCLI.DLL

MD5: 245f4691314f42d4d1bc06442f0b2086 C:\windows\system32\SAMSRV.dll

MD5: 8124944ec89d6a1815e4e53f5b96aaf4 C:\windows\system32\scecli.DLL

MD5: 250aa41de690561af1282d598914564c C:\windows\system32\SCESRV.dll

MD5: 3369d021265e369d57317d61fa86dd79 C:\windows\system32\scext.dll

MD5: 3d3cbd1847f980fb03343a63671e7886 C:\windows\system32\schannel.DLL

MD5: a04bb13f8a72f8b6e8b4071723e4e336 c:\windows\system32\schedsvc.dll

MD5: 08236c4bce5edd0a0318a438af28e0f7 c:\windows\system32\sdrsvc.dll

MD5: a6cd6b3f71e13e2e45b727fb8a47ea87 C:\Windows\System32\SearchFilterHost.exe

MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\System32\SearchIndexer.exe

MD5: e1ac89f6c5252057e6062843e36a6701 C:\Windows\System32\SearchProtocolHost.exe

MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\windows\system32\Secur32.dll

MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6 C:\Windows\System32\services.exe

MD5: 4ae380f39a0032eab7dd953030b26d28 C:\windows\system32\sessenv.dll

MD5: 10fb16b50affda6d44588f3c445dc273 C:\windows\system32\SETUPAPI.dll

MD5: f14a9b1778376d0b1788e402ac1f831a C:\windows\System32\shacct.dll

MD5: be247ae996a9fde007a27b51413a6c79 C:\windows\System32\shdocvw.dll

MD5: 29e9794708df51db5dc89fb2e903a0f6 C:\windows\system32\SHELL32.dll

MD5: 8cc3c111d653e96f3ea1590891491d71 C:\windows\system32\SHLWAPI.dll

MD5: 414da952a35bf5d50192e28263b40577 c:\windows\system32\shsvcs.dll

MD5: 75261edcabcc010b2cb4291f742d8fae C:\windows\system32\simptcp.dll

MD5: de91dcc7bc55e940979097e98f743205 C:\Windows\System32\smss.exe

MD5: 2cfa4569350b7f84f815e9ec34e85766 C:\windows\system32\SndVolSSO.DLL

MD5: 8f5171c837e64ff0ac48f0a29dd9e180 C:\Windows\System32\snmp.exe

MD5: 6b88ba0d5087f644d25cb2b56b0f2638 C:\windows\System32\snmpmib.dll

MD5: 053a5647034e7f7447ec2584d5ceed34 C:\windows\system32\spool\PRTPROCS\W32X86\CNMPD9F.DLL

MD5: cd72c6406ba561bed6d42cb145e55307 C:\windows\system32\spool\PRTPROCS\W32X86\winprint.dll

MD5: 629181c26a78eb66b0b4e774e5ac2882 C:\windows\System32\SPOOLSS.DLL

MD5: 9aea093b8f9c37cf45538382caba2475 C:\Windows\System32\spoolsv.exe

MD5: 971a36c4827ad1ae2a54e6407478921a C:\windows\system32\SPP.dll

MD5: cf87a1de791347e75b98885214ced2b8 C:\windows\system32\sppsvc.exe

MD5: b0180b20b065d89232a78a40fe56eaa6 C:\windows\system32\sppuinotify.dll

MD5: ce292c4c10b8db6070f262ea2733f0dc c:\windows\system32\sqmapi.dll

MD5: 674b0c0f6a448eb185caab9c51d44032 C:\windows\System32\srchadmin.dll

MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\windows\system32\srvcli.dll

MD5: d64af876d53eca3668bb97b51b4e70ab c:\windows\system32\srvsvc.dll

MD5: 89e783711af91af09e1ef30ef3107446 C:\windows\system32\SSCORE.DLL

MD5: 4a054c853031616d161a84becf281f47 C:\windows\system32\SspiCli.dll

MD5: e361ae3010ea4b3123dab5bdae21798f C:\windows\system32\SspiSrv.dll

MD5: ad6db3f85d329aba90eaf7b2d8a2eea9 C:\windows\system32\ssText3d.scr

MD5: 912649a1b3f9e6acb3899fbdaba2ed5f C:\windows\system32\stobject.dll

MD5: dd7596a0bc60affcceb07e64f876fb59 C:\windows\system32\sxproxy.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\windows\system32\SXS.DLL

MD5: 9bf7bdbd1ec69d44ea8d9be222fc93bb c:\windows\system32\SXSHARED.dll

MD5: 364455805e64882844ee9acb72522830 C:\windows\system32\sxssrv.DLL

MD5: 2ddea2c345da5bc589efd398f220db0e C:\windows\System32\SyncCenter.dll

MD5: d23e615e0969aecc1134e372b0b295d1 C:\windows\system32\SYNCENG.dll

MD5: e6672e0040c1513f88330c119fe052e9 C:\windows\system32\SynCOM.dll

MD5: 20a20a911cd79a6f6839167149a05668 C:\windows\system32\syncui.dll

MD5: 0589d1838a3feb12248ca547e7964abd C:\windows\system32\SynTPAPI.dll

MD5: 36650d618ca34c9d357dfd3d89b2c56f c:\windows\system32\sysmain.dll

MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e C:\windows\system32\SYSNTFY.dll

MD5: 6b140b1382f1fe04ba57b196aeb19725 C:\windows\system32\T2EMBED.DLL

MD5: 763fecdc3d30c815fe72dd57936c6cd1 C:\windows\System32\TabSvc.dll

MD5: 613bf4820361543956909043a265c6ac c:\windows\system32\tapisrv.dll

MD5: 1c3e8371377e988b683797a132effe1b C:\windows\system32\taskcomp.dll

MD5: 4f2659160afcca990305816946f69407 C:\Windows\System32\taskeng.exe

MD5: 72e953215cade1a726c04aafdf6b463d C:\Windows\System32\taskhost.exe

MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\system32\taskschd.dll

MD5: eafc149cd3bd78c443e31bb157841197 C:\windows\system32\tbs.dll

MD5: b390c1d825c7687493bede237c6c2f25 C:\windows\System32\tcpmon.dll

MD5: f5aaa8cdda25b6387af590d676d25bad C:\Windows\System32\TCPSVCS.EXE

MD5: 382c804c92811be57829d8e550a900e2 C:\windows\System32\termsrv.dll

MD5: 7e9917d5309a90e7576653bfe39f80d8 C:\windows\system32\timedate.cpl

MD5: ce92b84ed806f1c5c340a51dfd3e49bc C:\windows\System32\tlntsvr.exe

MD5: fe65d33b7d4ff07dd1d29526a48df810 C:\Windows\System32\TODDSrv.exe

MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\windows\system32\TQUERY.DLL

MD5: d29e45078cf4020ce0aac82ec652d1ea C:\windows\system32\tspkg.DLL

MD5: c9708c9f3dba3dbfb1d2fee1e9dabad0 C:\windows\system32\twext.dll

MD5: 7222995615bf93b628dcea4bd6ccacf7 C:\windows\system32\UBPM.dll

MD5: 230ea9abbc3432cde388f4891e76e867 C:\windows\system32\udhisapi.dll

MD5: 8b285bdab7735fdfb18e6f7122923b77 C:\windows\System32\UIAnimation.dll

MD5: d33e95c0a2754061233b58dc41f8094c C:\Windows\system32\umb.dll

MD5: ec7bc28d207da09e79b3e9faf8b232ca c:\windows\system32\umpnpmgr.dll

MD5: f87d30e72e03d579a5199ccb3831d6ea c:\windows\system32\umpo.dll

MD5: 377f0c1ddbfa6a43cb7e7568bc0eced0 C:\windows\system32\unimdm.tsp

MD5: 53ca6bf58658815fcb472205291dd953 C:\windows\system32\unimdmat.dll

MD5: e675de8cf57d8814218733b3dae896d7 C:\windows\system32\uniplat.dll

MD5: 954ea9b34f155c844b11f4047a8f6f89 C:\windows\system32\upnp.dll

MD5: 69cb1a65b835ee6adf9e16ed6d443072 C:\windows\system32\urlmon.dll

MD5: 923cdd30092db73ec4a0ebcddd16c686 C:\windows\System32\usbmon.dll

MD5: f1dd3acaee5e6b4bbc69bc6df75cef66 C:\windows\system32\USER32.dll

MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\windows\system32\USERENV.dll

MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe

MD5: b7230010d97787af3d25e4c82f2b06b9 C:\windows\system32\USP10.dll

MD5: a12829e9974f57e9b5dbfea7c93190f6 C:\windows\system32\UXINIT.dll

MD5: c3cd30495687c2a2f66a65ca6fd89be9 C:\windows\System32\vds.exe

MD5: 80b562b5b59ed850c328dd75f964f3d8 C:\windows\system32\vpnike.dll

MD5: 13337a3fb17f2242487fd45488ed0485 C:\windows\system32\VSSAPI.DLL

MD5: 209a3b1901b83aeb8527ed211cce9e4c C:\windows\system32\vssvc.exe

MD5: cb67c2b94302dc94bc15ed6553a5c1c7 C:\windows\system32\wbem\cimwin32.dll

MD5: 5ae88135c6a86fcd67ba16afbb1c8389 C:\windows\system32\wbem\esscli.dll

MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\windows\system32\wbem\fastprox.dll

MD5: f148865e4ac4f715e322ea06e6e21d84 C:\windows\system32\wbem\ncprov.dll

MD5: 371e3b05894549113d07cd3081ed55ef C:\windows\system32\wbem\repdrvfs.dll

MD5: 585eb475e7af55c9065256e8ffb751a1 C:\windows\system32\wbem\wbemcore.dll

MD5: b350509b6c9296529bc464c60feeaef1 C:\windows\system32\wbem\wbemess.dll

MD5: 701c9eb15e1e23d22f7c7184c0506673 C:\windows\system32\wbem\wmidcprv.dll

MD5: c6b0509aa89f656247694e2d6abf7255 C:\windows\system32\wbem\wmiprov.dll

MD5: 3cde2911462fec80064a409c07710c06 C:\windows\system32\wbem\wmiprvsd.dll

MD5: 4fb491ac8d46aaf22ba8bc5c73dabef7 C:\Windows\System32\wbem\WmiPrvSE.exe

MD5: 704314fd398c81d5f342caa5df7b7f21 C:\windows\system32\wbemcomn.dll

MD5: 691e3285e53dca558e1a84667f13e15a C:\windows\system32\wbengine.exe

MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\windows\System32\wcncsvc.dll

MD5: f0016853fa3f38f55fd868ff74c0359b C:\windows\system32\wdiasqmmodule.dll

MD5: a399514d3b28c9a3453a486bbaaff1c7 c:\windows\system32\WDSCORE.dll

MD5: a9d880f97530d5b8fee278923349929d C:\windows\System32\webclnt.dll

MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\windows\system32\webio.dll

MD5: db846eeca70ee9d2e2ff31147c57b0f4 C:\Windows\system32\webservices.dll

MD5: 590d5c506044fe02ff7643e32ff9bdac C:\windows\System32\wer.dll

MD5: 1869bd251211fb6275067372a45682d6 C:\windows\System32\werconcpl.dll

MD5: 241e015dd809cfb23242f890b1fc575b c:\windows\system32\wevtsvc.dll

MD5: 019c372b1a9da73a22d0d35a4d40f5c9 C:\windows\system32\wfapigp.dll

MD5: e2d56ae1d40e3725084054cd8e9cfbb1 C:\windows\system32\wiarpc.dll

MD5: e1fb3706030fb4578a0d72c2fc3689e4 c:\windows\system32\wiaservc.dll

MD5: 52cca2e9ffd0653caced1e808aade4b6 C:\windows\System32\win32spl.dll

MD5: 3bcecd87ab4e6743bfb45b352ad1a529 C:\windows\system32\WindowsCodecs.dll

MD5: 62a6eb5771580cae445804389f3f7432 C:\windows\system32\windowscodecsext.dll

MD5: ca9f7888b524d8100b977c81f44c3234 C:\windows\system32\WINHTTP.dll

MD5: cfe0cee587f9cea4c29deec6d85fc91c C:\windows\system32\wininet.dll

MD5: b5c5dcad3899512020d135600129d665 C:\Windows\System32\wininit.exe

MD5: 6d13e1406f50c66e2a95d97f22c47560 C:\Windows\System32\winlogon.exe

MD5: d5aefad57c08349a4393d987df7c715d C:\windows\system32\WINMM.dll

MD5: 81c0fa250ef6dc1c6b3fa2bce81d6c2e C:\windows\system32\WinSATAPI.dll

MD5: 9419abf3163b6f0e3ad3dd2b381c879f c:\windows\system32\WinSCard.dll

MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\windows\system32\WINSPOOL.DRV

MD5: 1f5f07091d50244f17dd8d5147a628cc C:\windows\system32\winsrv.DLL

MD5: 418e881201583a3039d81f43e39e6c78 C:\windows\system32\WINSTA.dll

MD5: 17448af0bba9e7ab5ec955af93f271bd C:\windows\system32\WINTRUST.dll

MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\windows\system32\wkscli.dll

MD5: 58405e4f68ba8e4057c6e914f326aba2 c:\windows\system32\wkssvc.dll

MD5: 3c9035085141162416a0dd34dbf3f3c1 c:\windows\system32\WLANMSM.DLL

MD5: 20c06a50dfc097e134bc6fa8444ca9bc c:\windows\system32\WLANSEC.dll

MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\windows\system32\WLDAP32.dll

MD5: 749f9795f01c35eebe100a87d82b9681 c:\windows\system32\wlgpclnt.dll

MD5: 633c2c060cf857099f6c4f8d75c952b1 C:\windows\system32\wls0wndh.dll

MD5: 5cf15474ffdb5005e54958df6edd97ab C:\windows\system32\wmdrmdev.dll

MD5: 907281ed4ad35d41b29ffdc211ebad80 c:\windows\system32\WMI.dll

MD5: 1957d49a9613faad1c73b508cce02aa5 C:\windows\system32\wmp.dll

MD5: 0fbc74aa20fe0ae6884279f893169c60 C:\windows\system32\wmploc.dll

MD5: 7b97346ce563b74bbcc120fc83e5a6d9 C:\windows\system32\wmpmde.dll

MD5: 3f2b83695e5bf11930c16af50e991f96 C:\Windows\System32\wmpps.dll

MD5: d412b1b72c5ab020218e9a047d90ca05 C:\windows\system32\WMsgAPI.dll

MD5: aa53356d60af47eacc85bc617a4f3f66 C:\windows\system32\wpdbusenum.dll

MD5: 735263da17bf5baf9ccd483843bf9d5a C:\windows\system32\wpdshserviceobj.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\windows\system32\WS2_32.dll

MD5: a8cdf3768604ff95b54669e20053d569 C:\windows\system32\wscapi.dll

MD5: 7fd5532c142db6c9cc47aa4dcf71fdec C:\windows\System32\wscui.cpl

MD5: 73f6c5223f7e9b5780dd4a6c30fcf569 C:\Windows\system32\wsdapi.dll

MD5: a8eb761de499242becf153b2b34f020e C:\windows\System32\WSDMon.dll

MD5: 81f08948a0f1475894c99d4d19a158a8 C:\windows\System32\wshqos.dll

MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\windows\system32\WsmSvc.dll

MD5: 6357e2b68753a1f5cf4a68a25c4fd14a C:\windows\System32\wsnmp32.dll

MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\windows\system32\WTSAPI32.dll

MD5: 1a617835452eee5060976c9b9f5fe635 C:\Windows\system32\wuapi.dll

MD5: fc3ec24fce372c89423e015a2ac1a31e c:\windows\system32\wuaueng.dll

MD5: fe47b7bc8ea320c2d9b5e5bf6e303765 C:\windows\System32\WUDFSvc.dll

MD5: edf2a5e96bec469da3f64e9bdd386111 C:\windows\system32\XmlLite.dll

MD5: 5b3d1c528cd6674ff6bd1f6720f5a686 C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\cbscore.dll

MD5: 4ccf86aad1b67168fb51a477307ec288 C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\DrUpdate.dll

MD5: 8896ef6deba34c5507a488729a1d3af2 C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wcp.dll

MD5: c9b89e87cb6d87fa4cc3f04ebc9f3d1c C:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wrpint.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL

MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

MD5: d34a527493f39af4491b3e909dc697ca C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll

MD5: 352b3dc62a0d259a82a052238425c872 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll

MD5: 7717f84f483002815490033bf069dabd C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll

No file uploaded.

Scan finished - communication took 7 sec

Total traffic - 0.03 MB sent, 2.68 KB recvd

Scanned 1111 files and modules - 55 seconds

==============================================================================

Link to post
Share on other sites

Doctor Web.evtx - Shortcut.zipNot sure if this the DrWeb scan, but it was the only one I found ....

EXTRA - I have just done a MiniToolBox scan for Host files and the area is empty, as I first thought -

It seems that there was / is a (minor or major?) infection that deleted this area .......

I often scan with these tools since I use them on other forums, and need to know what I am looking at.

NEXT -

Sorry, but I did not mention a very important item that I had only just remembered -

2 weeks ago I opened a topic with M/soft forums, since my MSE was showing "Not Scanning" and the taskbar icon was turning Orange or even Red after a few days, even though it was updating all the time - This seems to have now cleared up, but the remains may exist somewhere, or may have been Win/32Small.CA

Link to post
Share on other sites

What I got from the zip file was only a "shortcut link". What I only need is the last set of summary lines from the DrWeb Cure-it log.

Did you tell me if DrWeb detected something?

The Bitdefender Quickscan detected nothing.

As to your Hosts file, are you saying that it is the "default" one ??

Are you still getting a message referencing "Win32/Small.CA " ?

Link to post
Share on other sites

Your questions in reverse to being asked -

There is no longer a message showing Win32/Small.CA is present -

This shows no Hosts file present ..................

MiniToolBox by Farbar Version:05-03-2013

Ran by John (administrator) on 19-04-2013 at 16:35:20

Running from "C:\Users\John\Desktop"

Windows 7 Home Premium Service Pack 1 (X86)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= Hosts content: =================================

This area should have the hosts file listed ...........

========================= IP Configuration: ================================

Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)

DrWeb showed exactly what was in your "sample" picture in the instructions.

When I looked for a report after the "forced reboot" it was nowhere to be found -

I have located another Quarantine file and attached it -

CureIt Quarantine - Shortcut.zip

Also another, what seems to be Quarantine file that will not open or attach ??

Link to post
Share on other sites

Let's forget the Cure-It log. This zip file, also, is only just a lnk (link) file to "your" drweb and is not the log.

Never mind that.

Use Notepad and visually verify the contents of your Hosts file at C:\windows\system32\drivers\etc\Hosts

IF you wish to use the MVP Hosts file or another, do let me know.

I know that Win8's Windows Defender will bark about a non-standard Hosts file. And perhaps MSE on your system "may" have the analogous "issue".

Other than that, if you are no longer getting exception messages by your security apps, we can likely close this case.

Link to post
Share on other sites

The item Win32/Small.CA virus is no longer being flagged as present.

The only problem I now seem to have is that my Hosts file was removed in some manner.

This leaves me with only wanting to replace the Hosts file

A screen shot of C:\windows\system32\drivers\etc

post-4124-0-61525900-1366410141.jpg

There are items listed at the given location, but I do not know if they are active -

Apart from the standard Hosts file, these all date back 4 years, and I have not had the computer that long.

The standard Hosts file is listed as only 2 days old and I have not reset these -

As an extra -

Your email was redirected by Spam filter, and I have never put MBAM emails in spam -

Link to post
Share on other sites

Your (current) Hosts if the very 1st one in this screenshot.

a) If you want the "standard" ms hosts:

How can I reset the Hosts file back to the default

http://support.microsoft.com/kb/972034

OR b) If you'd rather want the MVP hosts file:

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:

1) Download and SAVE the zip file to a temporary folder

2) Unzip (extract the contents) in the same folder

3) Temporarily disable your antivirus program. Some antivirus apps will block changes to the Hosts file; so turn it off.

4) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides

typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________

¦ +---+¦

¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦

¦ +---+¦

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Previous version saved and renamed to HOSTS.MVP

Press any key to continue . . .

Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts

The latter is the same folder that had mvps.bat

5) Re-enable your antivirus app.

The MVP Hosts file is updated from time to time. See http://msmvps.com/blogs/hostsnews

for information. And you can also sign-up for email notice when Mike publishes updates.

In any event, set your MSE to "exclude" (trust) the Hosts file, as per the last line in my MSE screen example below

MBAM-WIN8_zps07390804.gif

As to why yours was "reset", we can only guess.

Maybe by your antivirus "fix".

Maybe if you used MiniToolbox

Maybe if you had run some sort of cleaner.....maybe CCleaner ?

Link to post
Share on other sites

Hi -

There has always been recent updated Hosts file installed and MVP was updated recently -

"Maybe if you used MiniToolbox" < < This is a tool like DDS and only reads your system.

I have stopped using CCleaner since I started posting here (first instruction).

This email also ended up in my Spam box, and I just looked in there to check if there was any other redirects.

I will check your reply as I have reset the Spam File to not accept MBAM email and send them to Normal email accounts.

I will use the links you have left to install MVP that I know I had updated.

As I searched I found HostsExpert was also installed, but seemed inactive so I removed it for now.

Your picture also reminds me that I must exclude Chameleon, as I was not able to run this earlier in the week.

I will post back after all is completed -

Thanks -

Link to post
Share on other sites

All steps above are now completed, and HOSTS is also excluded from MSE.

This (HOSTS) was always running since, I use IE9 or 10 most times and I never got even Tracking cookies from a SAS scan.

I think I must be one of the few that uses I.E. as my main browser, but it works for me. For this reason I always made sure Hosts were updated, and Antivirus is updated -

I can also add that some of the other minor problems that I was having are now not there -

Link to post
Share on other sites

OK, John.

Cleanup time.

Delete the tools we used:

DDS

MS Safety scanner

DrWeb Cure-it

Use Control Panel > Programs and Features & uninstall BitDefender Quickscan.

Use Windows's System restore applet and create (save) a fresh restore point.

If you did not have one before, create a "system repair disc" for your Windows 7 either to a CD, DVD, or new USB-flash-thumb drive {if your hardware can boot from USB}.

The following is a reference page at Microsoft and also has a link to a how-to-video.

Create a Windows 7 system repair disc

This "repair disc" is a very handy tool that one may use when and IF you are not able to start Windows 7 normally.

This "repair disc" or "rescue disc" is not intended as a replacement for having the Windows 7 operating system DVD.

Make a rescue disc, put a label on it, store it away for a "rainy day".

I am sure you are familiar with safer pc practices, so I'll not repeat here.

I do wish you well.

Cheers.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.