[Solved] The worst virus I've ever encountered

Mazrim · Mar 22, 2011

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player 10.2.152.32
Adobe Reader X (10.0.1)
Mozilla Firefox (3.6.15)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````

Mazrim · Mar 22, 2011

QuickScan Beta 32-bit v0.9.9.80
-------------------------------
Scan date: Tue Mar 22 23:37:23 2011
Machine ID: 407849C6

No infection found.
-------------------

Processes
---------
(unsigned) Catalyst Control Centre 1364 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(unsigned) Catalyst Control Centre 656 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(unsigned) Dell Memory Card Manager 612 C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
(unsigned) DellDevice Monitor 600 C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
(unsigned) HDeck Application 512 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(unsigned) TeaTimer.exe 3896 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(verified) AntiVir Desktop 520 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) AntiVir Desktop 2088 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(verified) AntiVir Desktop 2136 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(verified) AntiVir Desktop 1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe
(verified) ATI External Event Utility for Windows 984 C:\WINDOWS\system32\ati2evxx.exe
(verified) ATI External Event Utility for Windows 1568 C:\WINDOWS\system32\ati2evxx.exe
(verified) CommandService Application 2160 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
(verified) Firefox 3644 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Microsoft® Windows Live ID 2328 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(verified) Microsoft® Windows Live ID 2596 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(verified) Microsoft® Windows® Operating System 200 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3744 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 668 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 768 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 620 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1548 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 1000 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1080 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1176 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1332 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1408 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1828 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2284 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 708 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 2668 C:\WINDOWS\system32\wscntfy.exe
(verified) Monitor Application 552 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(verified) Printer Communication System 2960 C:\WINDOWS\system32\dlcdcoms.exe

Network activity
----------------
Process firefox.exe (3644) connected on port 80 (HTTP) --> 96.17.72.123
Process firefox.exe (3644) connected on port 80 (HTTP) --> 184.85.232.74
Process firefox.exe (3644) connected on port 80 (HTTP) --> 209.85.225.139
Process firefox.exe (3644) connected on port 80 (HTTP) --> 209.85.225.139
Process firefox.exe (3644) connected on port 80 (HTTP) --> 74.125.225.27
Process firefox.exe (3644) connected on port 80 (HTTP) --> 96.17.151.64
Process firefox.exe (3644) connected on port 80 (HTTP) --> 184.85.85.115
Process firefox.exe (3644) connected on port 80 (HTTP) --> 69.63.189.16

Process svchost.exe (1080) listens on ports: 135 (RPC)

Autoruns and critical files
---------------------------
(unsigned) ATI Customer Care C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
(unsigned) Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(unsigned) Dell Memory Card Manager C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
(unsigned) DellDevice Monitor C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
(unsigned) HDeck Application C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(unsigned) QuickTime C:\Program Files\QuickTime\qttask.exe
(unsigned) TeaTimer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(verified) Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
(verified) ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Monitor Application C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(verified) Steam C:\Program Files\Steam\Steam.exe
(verified) Timer DLL C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins
---------------
(unsigned) BitDefender QuickScan C:\Documents and Settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(unsigned) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
(unsigned) Nexon Game Controller C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) RadioWMPCore.dll C:\Documents and Settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
(unsigned) RadioWMPCore.dll C:\Documents and Settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
(unsigned) Zylom Plugin C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
(unsigned) Zylom Plugin C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

(verified) 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
(verified) AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) Conduit Toolbar c:\program files\conduitengine\conduitengine.dll
(verified) Conduit Toolbar c:\program files\utorrentbar\tbutor.dll
(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
(verified) Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) Google Update C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
(verified) Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
(verified) RadioWMPCoreGecko19.dll C:\Documents and Settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
(verified) RadioWMPCoreGecko19.dll C:\Documents and Settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
(verified) sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
(verified) Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Missing files
-------------
File not found: C:\ComboFix\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\WINDOWS\system32\drivers\EagleNT.sys
--> HKLM\System\ControlSet001\services\EagleNT\"ImagePath"

Scan
----
(unsigned) MD5: 6d657abadf217dbb17cf0a0af44a7e29 C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
(unsigned) MD5: fc5866f7793af2cbcd425cc4b8d32a9e C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
(unsigned) MD5: 34c084b321ea0308c58eed1cf6b5fb02 C:\Documents and Settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
(unsigned) MD5: 34c084b321ea0308c58eed1cf6b5fb02 C:\Documents and Settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
(unsigned) MD5: 04d1724431472792224002ca40382d0d C:\Documents and Settings\Ed.KIDS\Application Data\Mozilla\Firefox\Profiles\jnvd4nmb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(unsigned) MD5: d310f0cc161799ea3b08bd6288261ee5 C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
(unsigned) MD5: d68018aebb6226bca5103da8b66a57d6 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\32\wbhelp2.dll
(unsigned) MD5: 37dd2de06de7b1e87f0eaa5d1a92fc8d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
(unsigned) MD5: 086464851b2c0c4c475123a55d8325c7 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
(unsigned) MD5: 509523c650ac4b66164ae2b0cf4e84a1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
(unsigned) MD5: 4eb1611897e6e1ff2d44fa323d87b8a4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
(unsigned) MD5: e6efdf86e8f887b3537f5030dc79d609 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
(unsigned) MD5: 927aeb2214abb145ce9fe59665bbc28d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
(unsigned) MD5: 1bc38e2bd5b8e29c159d3c1d4ec4860b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
(unsigned) MD5: 8ba740c56eff6b76a94edc9ada44fc16 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
(unsigned) MD5: 6800abc7d51d8a428368db471442a624 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
(unsigned) MD5: cc7cb4dc57d5fbdb148a33b51f4ed1e7 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
(unsigned) MD5: 7544eb0ebd3779bed681df5ddcd37390 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
(unsigned) MD5: b7ab0ca6414823d3e3236ae1231b3d01 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
(unsigned) MD5: 6c396b52d2e73b190d800c2c3cbd1054 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
(unsigned) MD5: f9989abc016bf8799cdfa7a7ebb99f5a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
(unsigned) MD5: 736ac875d81cdcd51abe6b58e21ab393 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ATIDEMGX.dll
(unsigned) MD5: ee850c95ed088e8835f2425ee551296f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
(unsigned) MD5: cd632a9274e7e85b9f37f84c91595c27 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
(unsigned) MD5: 74ef310fac89341ce2897b7f2c4a7b0f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(unsigned) MD5: 6d4cac485907165b363561501c48f2f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
(unsigned) MD5: 74bbb690c33bc251a90aade03401d958 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
(unsigned) MD5: 79c0dbbdf4b650b11f4a2147b005d859 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
(unsigned) MD5: c3f909ad509cf439eda3786807f72926 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
(unsigned) MD5: 8b7ac320474de8aec986efb2f8242c8b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
(unsigned) MD5: 550831861947e70ec7fcc62789519072 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
(unsigned) MD5: ea99fd84683819c081a3fcfc368e8b8b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
(unsigned) MD5: f276d6a5296594560b257306e2558cc0 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Shared.dll
(unsigned) MD5: 1c9838de151803766650850b863cec4e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
(unsigned) MD5: b75ad210cd9b80475dcb93ba83783099 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
(unsigned) MD5: 03f18c94e006d616a2cb0b98b76970ef C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
(unsigned) MD5: f686e4e1bb3618fa8c1adef9e8297dda C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
(unsigned) MD5: bae28a11965502aaa87839cf8bd02b7e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
(unsigned) MD5: fec288d55d2520dac469994e0db9273e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
(unsigned) MD5: 9b21bfb330bc3e412443e01a56e6e3c5 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
(unsigned) MD5: 8cc97261393c032cacfd2e79d94d3d37 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.Shared.dll
(unsigned) MD5: 86e22c493f2592fb3923110b2658b4df C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
(unsigned) MD5: b448e0e2f4b135cf54b328831dc38ebf C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
(unsigned) MD5: 7d3fd7af57ffcc216d5cf9fa5c4e8c9b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
(unsigned) MD5: 006b3d28c9801aa4761c4bf4c0d1a027 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
(unsigned) MD5: 2116d96b5f1ed1a288b0ca40eda9dc5b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
(unsigned) MD5: cc036e7ed096506d890b3a6296a00f2d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
(unsigned) MD5: 3f832ffb094e06a9ee912218c4660717 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
(unsigned) MD5: 2b059ad3f31a6661148000f31890baae C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
(unsigned) MD5: 1c10f2e136e00ad6ce4a0ec8613e2448 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
(unsigned) MD5: e7fe88366d3d9afd43128c09b57339f6 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
(unsigned) MD5: 395811a8b2d359a314d4096d8de08534 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
(unsigned) MD5: fb6205b17e32d2f67aa57d43af28f5a3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
(unsigned) MD5: c9cc7707c884e1aed48c8d89e7f73993 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
(unsigned) MD5: 4b43aabf3a1a6403e794c021791a8161 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
(unsigned) MD5: db74bafdbe75ff63ea5d8da60744f1ac C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
(unsigned) MD5: c1080f3e9b5d1c78e9b7f000545fed99 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Wizard.dll
(unsigned) MD5: ecd7649d45d2106d27100d131ac0a189 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
(unsigned) MD5: f68519ad0bd05fa7f5ea945eb5743f7a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll
(unsigned) MD5: 21c427bcd3cd0f4c837bf2238306e688 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
(unsigned) MD5: 68d9d34ea9dc236709b0bc766b14d933 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
(unsigned) MD5: 5988a6779e1d3909705d012d02f799f8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
(unsigned) MD5: 7a739cb50a29b874c8e4ff02b1a18ac8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
(unsigned) MD5: a9342e356ec6c5ff46cc9210706e56a9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
(unsigned) MD5: f5133a3d0c138f969aa20d3df0051336 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
(unsigned) MD5: 5553c93bc92ac03d8b38210b256a7295 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Shared.dll
(unsigned) MD5: eddef5419f0a228926502893cb1ebdec C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
(unsigned) MD5: 6bb480dc318e3c209291178bdf4c77d9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.VPURecover.Graphics.Runtime.dll
(unsigned) MD5: 2f9b174309566d96bb2ab62d7c4b9616 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.VPURecover.Graphics.Shared.dll
(unsigned) MD5: 617074f8598e27aa642e0ddfb9eb89ac C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.Dashboard.dll
(unsigned) MD5: 801e3a0f0d178ad426a48f6bb47fd51b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.Runtime.dll
(unsigned) MD5: c78a4273c5a42ab156f32502fa679d33 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Welcome.Graphics.Shared.dll
(unsigned) MD5: 5c770ec7ef15450d0093a346e7e646a1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
(unsigned) MD5: d832c59ed8b9e76d2eecdc27f6cb50da C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
(unsigned) MD5: 721b4b2c1efaeb71055939c2ec6c4642 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
(unsigned) MD5: 19e4331ce190aeadbe37d6d7509dbdcf C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
(unsigned) MD5: 414bd7e81968c5a7909ac325d4a54a49 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
(unsigned) MD5: 37ba2fc356c1a8fa4302cc3aede3df1e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Wizard.dll
(unsigned) MD5: 99049ccef8dfe034e4e90d2cdbd6e7f5 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Wizard.Shared.dll
(unsigned) MD5: 05331563f20fa85d4b1b3152aac52bd3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
(unsigned) MD5: 851ac757f54d0514d3c29f3e928ad715 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
(unsigned) MD5: 7303eb0fdfe7c46ce959e4b75622d631 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
(unsigned) MD5: a93390c7dcbca77a3d33ae63903b9633 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Wizard.dll
(unsigned) MD5: 0bc31dcec507fddb4e2f0310cbe4e511 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
(unsigned) MD5: b9e8e63cab8b5c01ee42668176000bb9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
(unsigned) MD5: fa3671739ae1ba1571faaf2478f876b8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
(unsigned) MD5: edef99209de33c4a9824bd848c6e1c88 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
(unsigned) MD5: ad4172403c1c7bc20e8545f43d469aba C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
(unsigned) MD5: fa03af1cf290ba728f6d31350d624238 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
(unsigned) MD5: 92620db3de55c715df5d8150daffa345 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
(unsigned) MD5: 35d290c4a4e4a237c68ab8bcdbd77504 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
(unsigned) MD5: 1fbce447cc5c1a17931c8a3cda5e004c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
(unsigned) MD5: e01a12798866819f099d722de0875138 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.SkinFactory.dll
(unsigned) MD5: 3046019605543cce528c45f0c4753e33 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Systemtray.dll
(unsigned) MD5: dd57a4104640e41e5d08e9eabf4dae25 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.dll
(unsigned) MD5: 49508e300e2b5935c389a6babd51d4cd C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.dll
(unsigned) MD5: 6a8b2f94ae2f5d0a78a8ce0e1c939b11 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.Private.dll
(unsigned) MD5: 3ece5045f150405850f79a4db22d238d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
(unsigned) MD5: 95434231716bd705bb016dccd9a5599e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
(unsigned) MD5: 4b56c5434a51b3822a26550cd85fd871 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
(unsigned) MD5: bdbc72b396a524bcef23f0db4870c4f8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(unsigned) MD5: ce08601dcf3d89bccc73502e7d8c4cae C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
(unsigned) MD5: 0deab952a0a36abcb6270fe45d3cace1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0703.dll
(unsigned) MD5: 2e7fab502a8615b1aab0eab35afbca3b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
(unsigned) MD5: 40261429e4139a04d27bc9489f3ed7eb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
(unsigned) MD5: 5c281ffe91b8639a7448fcec5754e123 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
(unsigned) MD5: 7f9a009e33940087fde0fa25d8aa5706 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
(unsigned) MD5: 0386fad4fee556be7c263dd397d30e75 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
(unsigned) MD5: acfd0d2cd67c478673f2eab1cb4d9d79 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
(unsigned) MD5: 258c457aed786e5f6360a8472bf6c176 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
(unsigned) MD5: 9e897687058f8a8d95ce888ac6835ad7 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
(unsigned) MD5: 1bf1820b86f4921d42d74c922044ac18 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\Interop.WBOCXLib.dll
(unsigned) MD5: 226c3cc3d87a0a2fc7a38fea7d0de7f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
(unsigned) MD5: 58d4342ca6a3777dfa31d2a128c5b7f9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
(unsigned) MD5: e524f19fdcd0eb37a2afb9ad6b53ca24 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
(unsigned) MD5: 5643579b46d669d2e7b217fa34f99f8a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
(unsigned) MD5: e7704cbf568815c1caa6e513387bd3f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(unsigned) MD5: 546e0bc0752a84ffc93dafd721d33a78 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
(unsigned) MD5: 17eba9050789d35aeed8f8759b228757 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
(unsigned) MD5: 225708bb6251312fd4f70ccfc3890901 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
(unsigned) MD5: 703b2e6e15f1b7d335b92c9a841504b9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
(unsigned) MD5: 19d1219e7e2321ed94c49d89ec05ec30 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
(unsigned) MD5: 9b5e7eff0485f39a9663314667d97049 C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
(unsigned) MD5: afff0fff53ae04747c340868ab1cfa27 C:\Program Files\Avira\AntiVir Desktop\aecore.dll
(unsigned) MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
(unsigned) MD5: e567556d03a0b22b21eef77879de5dd4 C:\Program Files\Avira\AntiVir Desktop\aegen.dll
(unsigned) MD5: 3bcdffbf6f488524abb81c9af96ee18f C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
(unsigned) MD5: 36c8a0c6b94dfcac251c47a15b36911e C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
(unsigned) MD5: 424eaa2bee337c4152850e3753aa4fdf C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
(unsigned) MD5: 21f8d04c3f8d0895d195903d337e68df C:\Program Files\Avira\AntiVir Desktop\aepack.dll
(unsigned) MD5: 550bfbf0aa0e45374c2c122663adb1e8 C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
(unsigned) MD5: bd8e5b4b16db2a53709ea74df7b22282 C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
(unsigned) MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files\Avira\AntiVir Desktop\aescn.dll
(unsigned) MD5: 1bee87a4dcfea2bd0bfd5dd6a9998bc1 C:\Program Files\Avira\AntiVir Desktop\aescript.dll
(unsigned) MD5: 100caaf3542fb51feca9c09db1cb940d C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
(unsigned) MD5: ddf0d660e994d0bb912f37dca7afe8f7 C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll
(unsigned) MD5: dc4075c135ef78f6bc8674bb4c87e0b5 C:\Program Files\Avira\AntiVir Desktop\avgio.dll
(unsigned) MD5: 92ea86876dfde3b9f6b4b6443c8b11fb C:\Program Files\Avira\AntiVir Desktop\avpref.dll
(unsigned) MD5: 7488bce9f9c852f0931d29b0d76292bd C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
(unsigned) MD5: e65e277c50bd5967b5e92c7744dba7bc C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
(unsigned) MD5: 54ceee9d7aa46f3311d247bf57bbee36 C:\Program Files\Avira\AntiVir Desktop\cclic.dll
(unsigned) MD5: 400ab97179f05ba68b755d8971f262f2 C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
(unsigned) MD5: 7d541c5e5cdfb46d68ac60012c5d7acd C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
(unsigned) MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
(unsigned) MD5: 92d9eb35797530fedc07b1d75533f68e C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll
(unsigned) MD5: 7464c6694036b42ba237eb723a34d0f4 C:\Program Files\Avira\AntiVir Desktop\rcimage.dll
(unsigned) MD5: 13a86ff71b5e57da8c9a6e2316ce1eaa C:\Program Files\Avira\AntiVir Desktop\schedr.dll
(unsigned) MD5: d5fe428fcdd7665144fb180591844e3c C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
(unsigned) MD5: 5acff2a6a1285662dacba6cb4181a38b C:\Program Files\Dell Photo AIO Printer 944\dlcdscw.dll
(unsigned) MD5: 71036317066b096e54c7e35d752ed257 C:\Program Files\Dell Photo AIO Printer 944\ltdis13n.dll
(unsigned) MD5: 69945a86c2eb4793c77fd6a4e22f99a5 C:\Program Files\Dell Photo AIO Printer 944\ltfil13n.dll
(unsigned) MD5: 4f38da02009d830ca4770b28390c5f0b C:\Program Files\Dell Photo AIO Printer 944\ltkrn13n.dll
(unsigned) MD5: ecb8f2840cc6f7087a72a8444a15b3ed C:\Program Files\Dell Photo AIO Printer 944\ltwvc13n.dll
(unsigned) MD5: 1726e22ab7bc33e00ac0e67befdb6e05 C:\Program Files\Dell Photo AIO Printer 944\memcard.dll
(unsigned) MD5: 470e4f72aace75a02a00a597535afebb C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
(unsigned) MD5: 71ad9ea933ace083add86bbe4f265d8b C:\Program Files\Dell Photo AIO Printer 944\mfc42.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) MD5: d29bcce0c694dedb17ec0c0aff2182c8 C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\ScoutPlushDeviceHook.dll
(unsigned) MD5: 696bf318435610c3e32313ca3867185c C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
(unsigned) MD5: e9c91e24407eddc21f55016061ffc7cc C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
(unsigned) MD5: 45bda3d349da131faf7192c3c6124d3b C:\Program Files\Mozilla Firefox\freebl3.dll
(unsigned) MD5: 3d92a3102a75d75cf165bb2503db2d05 C:\Program Files\Mozilla Firefox\nssdbm3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
(unsigned) MD5: fc5866f7793af2cbcd425cc4b8d32a9e C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
(unsigned) MD5: 9fc405765fabe03d708ddd2909e6fc70 C:\Program Files\Mozilla Firefox\softokn3.dll
(unsigned) MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe
(unsigned) MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(unsigned) MD5: 290d597f0b5315f704f8cb9f296613a1 C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(unsigned) MD5: 0be92b27dc8c7b6035a5ec373fc2b619 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\32\wbocx.ocx
(unsigned) MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
(unsigned) MD5: f9cf798592b87a2831987b815f0d8521 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\5ffa548547613dbc5a92f2c5b7cad196\Accessibility.ni.dll
(unsigned) MD5: 5780e648b6b4147d0435bbff49ec05a1 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
(unsigned) MD5: 6df4c7b4eb81855f19f9ec3f6e15ff24 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
(unsigned) MD5: 5063b2a1b90b9214bdab3339e980b37c C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
(unsigned) MD5: efda6e6d7e673a273d79d628c6df49c6 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\41f436dae3c8146752d06130f7331527\System.Web.ni.dll
(unsigned) MD5: 8ee2fea7aa39e3ec526925a666d4056b C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
(unsigned) MD5: f4292307eb1000ac4779fdccd1c08906 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
(unsigned) MD5: 3f64539841a4e243c93f415d3044afcd C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
(unsigned) MD5: 5002991ada7920b35e46e7ea80c134fe C:\WINDOWS\Downloaded Program Files\isusweb.dll

No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.07 MB sent, 1.15 KB recvd
Scanned 1255 files and modules - 22 seconds

==============================================================================

Broni · Mar 22, 2011

...and SecurityCheck...

Mazrim · Mar 22, 2011

That's post #21, at the top of this page.

Broni · Mar 22, 2011

Ooops

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

Mazrim · Mar 23, 2011

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ed
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ed.KIDS
->Temp folder emptied: 290896 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 58790558 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb

[EMPTYFLASH]

User: All Users

User: All Users.WINDOWS

User: Default User
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: ed
->Flash cache emptied: 0 bytes

User: Ed.KIDS
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 03232011_010058

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Broni · Mar 23, 2011

12. Please, let me know, how your computer is doing.

Whenever ready....

Mazrim · Mar 23, 2011

System runs like new again! No more redirects, computer runs as fast as it did when I pieced it together, desktop loads upon boot up within 30 seconds (used to take 5 minutes on avg). And so far, the system no longer hangs when I reboot. We'll see what happens when it's been shut down for the night.

Thank you for all of your help Broni.

Broni · Mar 23, 2011

Way to go!!
Good luck and stay safe

TechSpot

[Solved] The worst virus I've ever encountered

Mazrim Newcomer, in training

Mazrim Newcomer, in training

Broni Malware Annihilator

Mazrim Newcomer, in training

Broni Malware Annihilator

Mazrim Newcomer, in training

Broni Malware Annihilator

Mazrim Newcomer, in training

Broni Malware Annihilator