Please analyze my free fixer log

30 views
Skip to first unread message

Amer

unread,
Oct 9, 2011, 9:39:19 PM10/9/11
to FreeFixer User Forum
FreeFixer v0.59 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 3
Log dated 2011-10-09 21:37


BootExecute (1 whitelisted)
C:\WINDOWS\system32\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe (file is
missing)
C:\WINDOWS\system32\C:\PROGRA~1\AVG\AVG10\avgrsx.exe (file is missing)
C:\WINDOWS\system32\lsdelete.exe

Winlogon Notify (10 whitelisted)
!SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll

Browser Helper Objects (9 whitelisted)
{30F9B915-B755-4826-820B-08FBA6BD249D}, Conduit Engine , C:\Program
Files\ConduitEngine\prxConduitEngine.dll
{326E768D-4182-46FD-9C16-1449A49795F4}, DivX Plus Web Player HTML5
<video>, C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}, DivX HiQ, C:\Program Files\DivX
\DivX Plus Web Player\npdivx32.dll
{91da5e8a-3318-4f8c-b67e-5964de3ab546}, ZoneAlarm Security Toolbar, C:
\Program Files\ZoneAlarm_Security\tbZone.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}, FDMIECookiesBHO Class, C:
\Program Files\Free Download Manager\iefdm2.dll
Error getting translation table with 'VerQueryValue' for the file 'C:
\Program Files\Free Download Manager\iefdm2.dll'. cbTranslate: 0. Data
size: 188. System error message: Le type de ressource spécifié ne peut
être trouvé dans le fichier image. Error code: 1813.
{f0381dbd-e018-4e07-ae40-d96ab15083f0}, AF-HSS Toolbar, C:\Program
Files\AF-HSS\prxtbAF-0.dll

Internet Explorer toolbars (4 whitelisted)
HKLM\..\Toolbar\{91da5e8a-3318-4f8c-b67e-5964de3ab546} - ZoneAlarm
Security Toolbar - C:\Program Files\ZoneAlarm_Security\tbZone.dll
HKLM\..\Toolbar\{f0381dbd-e018-4e07-ae40-d96ab15083f0} - AF-HSS
Toolbar - C:\Program Files\AF-HSS\prxtbAF-0.dll
HKLM\..\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit
Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll
HKCU\..\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} - -
(no file specified)

Basic Internet Explorer settings
HKCU\..\Main, Start Page = www.google.com
HKCU\..\Desktop\General, Wallpaper = C:\WINDOWS\web\wallpaper\Colline
verdoyante.bmp

Registry Startups (13 whitelisted)
HKLM\..\Run, IntelZeroConfig = "C:\Program Files\Intel\WiFi\bin
\ZCfgSvc.exe"
HKLM\..\Run, IntelWireless = "C:\Program Files\Fichiers communs\Intel
\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
HKLM\..\Run, BrMfcWnd = C:\Program Files\Brother\Brmfcmon
\BrMfcWnd.exe /AUTORUN
HKLM\..\Run, ControlCenter3 = C:\Program Files\Brother
\ControlCenter3\brctrcen.exe /autorun
HKLM\..\Run, DivXUpdate = "C:\Program Files\DivX\DivX Update
\DivXUpdate.exe" /CHECKNOW
HKLM\..\Run, QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -
atboottime
HKLM\..\Run, Nuance PDF Reader-reminder = "C:\Program Files\Nuance\PDF
Reader\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users
\Application Data\Nuance\PDF Reader\Ereg\Ereg.ini"
HKCU\..\Run, Google Update = "C:\Documents and Settings\amer\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKCU\..\Run, SpybotSD TeaTimer = C:\Program Files\Spybot - Search &
Destroy2\TeaTimer.exe

Autostart shortcuts (1 whitelisted)
PalTalk.lnk, , C:\Program Files\Paltalk Messenger\paltalk.exe (file is
missing)
Ralink Wireless Utility.lnk, , C:\Program Files\Ralink\Common\RaUI.exe
MagicDisc.lnk, , C:\Program Files\MagicDisc\MagicDisc.exe (file is
missing)

Processes (50 whitelisted)
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
C:\Program Files\Ralink\Common\RaUI.exe
C:\Program Files\adobs\msats.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
C:\Documents and Settings\All Users\Application Data\UltraVNC
\winvnc.exe
C:\Documents and Settings\All Users\Application Data\UltraVNC
\winvnc.exe
C:\Program Files\FreeFixer\freefixer.exe

Services (49 whitelisted)
Ati HotKey Poller, , c:\windows\system32\ati2evxx.exe
EvtEng, Intel(R) PROSet/Wireless Event Log, c:\program files\intel\wifi
\bin\evteng.exe
Lavasoft Ad-Aware Service, Lavasoft Ad-Aware Service, c:\program files
\lavasoft\ad-aware\aawservice.exe
Log Events, Log Events, c:\program files\adobs\msats.exe
RalinkRegistryWriter, Ralink Registry Writer, c:\program files\ralink
\common\raregistry.exe
RegSrvc, Intel(R) PROSet/Wireless Registry Service, c:\program files
\fichiers communs\intel\wirelesscommon\regsrvc.exe
S24EventMonitor, Intel(R) PROSet/Wireless WiFi Service, c:\program
files\intel\wifi\bin\s24evmon.exe
uvnc_service, UltraVNC Server, c:\documents and settings\all users
\application data\ultravnc\winvnc.exe

Explorer.exe Modules (97 whitelisted)
C:\WINDOWS\system32\netprovcredman.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

Winlogon.exe Modules (79 whitelisted)
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\WINDOWS\system32\Ati2evxx.dll

Drivers (51 whitelisted)
aksfridge, aksfridge, c:\windows\system32\drivers\aksfridge.sys (file
is missing)
Haspnt, Haspnt, c:\windows\system32\drivers\haspnt.sys
s24trans, Transport RLAN, C:\WINDOWS\system32\drivers\s24trans.sys
SASDIFSV, SASDIFSV, c:\program files\superantispyware\sasdifsv.sys
SASKUTIL, SASKUTIL, c:\program files\superantispyware\saskutil.sys
Scutum50, Scutum50 NDIS Protocol Driver, C:\WINDOWS\system32\drivers
\scutum50.sys
Sentinel, Sentinel, C:\WINDOWS\system32\drivers\sentinel.sys
UnlockerDriver5, , c:\program files\unlocker\unlockerdriver5.sys

Windows XP Firewall authorized apps (19 whitelisted)
C:\Documents and Settings\amer\Local Settings\Application Data\Google
\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\TightVNC\vncviewer.exe
C:\Program Files\Nortel Networks\Extranet.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ma-config.com\maconfservice.exe

Recently created/modified files (27 whitelisted)
1 hour, c:\Program Files\FreeFixer\Uninstall.exe
3 hours, c:\Program Files\PC Tools Security\BDT\Firefox\platform
\WINNT_x86-msvc\components\libheuristic.dll
3 hours, c:\Program Files\PC Tools Security\BDT\DbgHelp.dll

Csrss.exe virtual memory files (38 whitelisted)
C:\Documents and Settings\amer\Application Data\Mozilla\Firefox
\Profiles\8be48iwx.default\extensions\ff...@bandoo.com\components
\FFPlugin.dll
C:\Program Files\Fichiers communs\Intel\WirelessCommon
\CustomUIResource.DLL
C:\Documents and Settings\amer\Local Settings\Application Data\Google
\Update\GoogleUpdate.exe
C:\Documents and Settings\amer\Application Data\Mozilla\Firefox
\Profiles\8be48iwx.default\extensions\ff...@bandoo.com\components
\ffpluginv6.dll
C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
C:\Program Files\FreeFixer\freefixer.exe
C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\netprovcredman.dll

History
-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!
SASWinLogon
-C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
-HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
\AtiExtEvent
-C:\WINDOWS\system32\Ati2evxx.dll (on reboot)
-C:\WINDOWS\system32\Ati2evxx.exe (on reboot)
-C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
-C:\WINDOWS\system32\Ati2evxx.exe
-C:\Program Files\Intel\WiFi\bin\EvtEng.exe (on reboot)
-C:\Program Files\CDBurnerXP\NMSAccessU.exe
-C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe
-C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (on reboot)
-C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
+HKCU\SOFTWARE\Microsoft\Internet Explorer\Main, Search Page =
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
+HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
+HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\General, Wallpaper
=
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, IntelZeroConfig
-C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, IntelWireless
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ATICustomerCare
-C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AtiPTA
-C:\WINDOWS\system32\atiptaxx.exe
-HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SpybotSD TeaTimer
-C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (on reboot)
-HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser,
{32099AAC-C132-4136-9E9A-4E364A424E17}
-HKLM\SYSTEM\CurrentControlSet\Services\Ati HotKey Poller
-HKLM\SYSTEM\CurrentControlSet\Services\ATI Smart
-c:\windows\system32\ati2sgag.exe
-HKLM\SYSTEM\CurrentControlSet\Services\EvtEng
-c:\program files\intel\wifi\bin\evteng.exe
-HKLM\SYSTEM\CurrentControlSet\Services\NMSAccessU
-HKLM\SYSTEM\CurrentControlSet\Services\RegSrvc
-HKLM\SYSTEM\CurrentControlSet\Services\S24EventMonitor
-HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters
\FirewallPolicy\StandardProfile\AuthorizedApplications\List, C:
\Program Files\ma-config.com\maconfservice.exe
-C:\Program Files\ma-config.com\maconfservice.exe
-C:\Documents and Settings\amer\Application Data\Mozilla\Firefox
\Profiles\8be48iwx.default\extensions\{20a82645-
c095-46ed-80e3-08825760534b}\install.rdf
-C:\Documents and Settings\amer\Application Data\Mozilla\Firefox
\Profiles\8be48iwx.default\extensions\{B17C1C5A-04B1-11DB-9804-
B622A1EF5492}\install.rdf
+HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell =
Explorer.exe
-C:\WINDOWS\system32\netprovcredman.dll (on reboot)
-C:\WINDOWS\system32\Ati2evxx.dll (on reboot)
-C:\WINDOWS\system32\netprovcredman.dll (on reboot)
-C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

The following errors occurred during the scan:
An unexpected exception occurred in the Firefox Extension Plugin:
Error when using the FindFirstFile system call.
The error occured when opening a find file handle. Initial file/
folder: C:\Documents and Settings\amer\Application Data \Mozilla
\Firefox\Profiles\

System error message: Le chemin d'accès spécifié est introuvable.
Error code: 3.

End of FreeFixer log



Merci beacoup

Roger Karlsson

unread,
Oct 10, 2011, 4:07:59 PM10/10/11
to freefix...@googlegroups.com
Hello Amer,

Thank you for your log. The following file looks suspicious:

c:\program files\adobs\msats.exe

Please upload it to http://www.virustotal.com and post the link to the
scan report in your reply.

/Roger

End of FreeFixer log

Merci beacoup

--
You received this message because you are subscribed to the Google
Groups "FreeFixer User Forum" group. To post to this group, send email
to freefix...@googlegroups.com. To unsubscribe from this group,
send email to freefixer-for...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freefixer-forum?hl=en.

Reply all
Reply to author
Forward
0 new messages