Help, not sure what is wrong
460 views
Skip to first unread message
racing88nut
Jan 3, 2012, 8:10:20 PM1/3/12
to FreeFixer User Forum
Ok, I had a virus. Thought I had gotten it all off, but computer is
having pop ups saying this program and that program isn't working,
when they are. I know something is not right.
I did the scan from freefixer, and it is below.
Thanks for any help.
FreeFixer v0.60 log
http://www.freefixer.com/
Operating system: Windows Vista Service Pack 1
Log dated 2012-01-03 18:56
AppInit_DLLs (1 whitelisted)
C:\Windows\system32\avgrssta.dll
TCP/IP settings
HKLM\..\Interfaces\{A4E21433-30FF-433A-A2CA-C9295CDF5DB1}, NameServer
= 68.94.156.1,68.94.157.1
Namespace service providers (6 whitelisted)
{B600E6E9-553B-4A19-8696-335E5C896153} - C:\Program Files (x86)\Bonjour
\mdnsNSP.dll
Browser Helper Objects (1 whitelisted)
{AA58ED58-01DD-4d91-8333-CF10577473F7}, Google Toolbar Helper, C:
\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}, Google Toolbar Notifier BHO, C:
\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll
Internet Explorer toolbars (1 whitelisted)
HKLM\..\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google
Toolbar - C:\Program Files (x86)\Google\Google Toolbar
\GoogleToolbar_64.dll
HKCU\..\Toolbar\WebBrowser\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - -
(no file specified)
HKCU\..\Toolbar\WebBrowser\{724D43A0-0D85-11D4-9908-00400523E39A} - -
(no file specified)
Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.nascar.com/
HKLM\..\Main, Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
HKLM\..\Main, Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
HKCU\..\Desktop\General, Wallpaper = C:\Windows\Web\Wallpaper
\img24.jpg
Registry Startups (9 whitelisted)
HKCU\..\Run, RoboForm = "C:\Program Files (x86)\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe"
HKCU\..\Run, swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe"
HKCU\..\Run, Google Update = "C:\Users\Char\AppData\Local\Google\Update
\GoogleUpdate.exe" /c
HKCU\..\Run, winupd = C:\Users\Char\AppData\Local\Temp:winupd.exe
Processes (66 whitelisted)
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\AmazonGSDownloaderService.exe
C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Users\Char\AppData\Local\Temp:winupd.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Common Files\aol\1238008209\ee\aolsoftware.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\AmazonGSDownloaderTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check
\HPHC_Service.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\FreeFixer\freefixer.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Services (70 whitelisted)
Amazon Download Agent, Amazon Download Agent, c:\program files
(x86)\amazon\amazon games & software downloader
\amazongsdownloaderservice.exe
AOL ACS, AOL Connectivity Service, c:\program files (x86)\common files
\aol\acs\aolacsd.exe
Bonjour Service, ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##,
c:\program files (x86)\bonjour\mdnsresponder.exe
gupdate, Google Update Service (gupdate), c:\program files (x86)\google
\update\googleupdate.exe
HP Health Check Service, HP Health Check Service, c:\program files
(x86)\hewlett-packard\hp health check\hphc_service.exe
Lavasoft Ad-Aware Service, Lavasoft Ad-Aware Service, c:\program files
(x86)\lavasoft\ad-aware\aawservice.exe
LightScribeService, LightScribeService Direct Disc Labeling Service, c:
\program files (x86)\common files\lightscribe\lssrvc.exe
McciCMService, McciCMService, c:\program files (x86)\common files
\motive\mccicmservice.exe
McciCMService64, McciCMService64, c:\program files\common files\motive
\mccicmservice.exe
ProtexisLicensing, ProtexisLicensing, c:\windows
\syswow64\psiservice.exe
Drivers (45 whitelisted)
SmartDefragDriver, SmartDefragDriver, C:\Windows\system32\drivers
\smartdefragdriver.sys
Recently created/modified files (18 whitelisted)
51 minutes, c:\Program Files\FreeFixer\Uninstall.exe
52 minutes, c:\Users\Char\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\BAB7OKGK\freefixersetup[1].exe
1 hour, c:\Users\Char\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\GBQ32QGU\mbam-setup-1.60.0.1800[1].exe
Failed to calculate hash for 'c:\Users\Char\AppData\Local\Microsoft
\Windows\Temporary Internet Files\Content.IE5\GBQ32QGU\mbam-
setup-1.60.0.1800[1].exe' using 'CryptCATAdminCalcHashFromFileHandle'
while verifying trust. System error message: %1 is not a valid Win32
application. Error code: -2147024703.
9 hours, c:\Windows\Temp\UDDC928.tmp
20 hours, c:\Users\Public\Documents\19792079
21 hours, c:\Program Files (x86)\Westward III Gold Rush\AGCS
\RAW_003.wdt
21 hours, c:\Program Files (x86)\Westward III Gold Rush
\Westward_III.RWG
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\FlashAsset\Flash Asset.x32
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\SWA\SWASTRM.X32
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\SWA\swadcmpr.x32
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\SoundControl\Sound Control.x32
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\DirectSound\DirectSound.x32
Csrss.exe virtual memory files (222 whitelisted)
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
c:\Program Files (x86)\Hewlett-Packard\HP Health Check
\hphc_service.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\AmazonGSDownloaderService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Resources.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\lavalicense.dll
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSCUpdate.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\lavamessage.dll
C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\utility.dll
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\SSLEAY32.dll
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\LIBEAY32.dll
C:\Users\Char\AppData\Local\Microsoft\Windows\Temporary Internet Files
\Content.IE5\BAB7OKGK\freefixersetup[1].exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\SBTE.dll
C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\viprebridge.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\ceapi.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\Vipre.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\softwareUpdate\ver3_1_8_2\stic.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\notification\ver7_1_1_1\Notify.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\localStorage\ver8_1_1_1\clsSvc.dll
c:\program files (x86)\common files\aol\1238008209\ee\services\miniXML
\ver2_1_1_1\XMLMini.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\aolsystrayservice\ver4_1_1_2\AOLSysTrayService.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\authentication\ver7_1_6_1\authenticationshadow.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\preferences\ver6_1_1_1\preferences.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\authentication\ver7_1_6_1\authentication.dll
c:\program files (x86)\common files\aol\1238008209\ee\services\osInfo
\ver2_1_1_1\OSInfo.dll
c:\program files (x86)\common files\aol\1238008209\ee\services\metrics
\ver4_1_11_1\cmls.dll
c:\program files (x86)\common files\aol\1238008209\ee\services\bfts
\ver3_1_3_1\bfts.dll
C:\Program Files (x86)\Google\Google Toolbar\Component
\GoogleToolbarDynamic_32_9F5D286FA37B7450.dll
C:\Program Files (x86)\Shutterfly\Shutterfly Express Uploader
\Shutterfly Express Uploader.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe
C:\Program Files (x86)\Common Files\aol\uninstaller.exe
C:\Users\Char\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\FinalMediaPlayer\unins000.exe
C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\threatwork.exe
C:\Games\Tradewinds 2\Uninstall.exe
C:\Program Files (x86)\Common Files\aol\1238008209\ee\AOLSvcMgr.dll
C:\Program Files (x86)\InstallShield Installation Information\
{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\LTIMGEFX15U.DLL
C:\Program Files (x86)\FinalMediaPlayer\FinalMediaPlayer.exe
C:\Program Files (x86)\Games downloaded\Age Of Japan\unins000.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\rfwipeout.exe
C:\Program Files (x86)\Games downloaded\Age Of Japan\AgeOfJapan.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\LTIMGCOR15U.DLL
C:\Program Files (x86)\Lexmark 5600-6600 Series\LTIMGSFX15U.DLL
C:\Program Files (x86)\Westward Kingdoms\Westward Kingdoms.exe
C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
C:\Program Files (x86)\Electronic Arts\EADM\EADMUninstall.exe
C:\Program Files (x86)\Common Files\aol\1238008209\ee\xprt6.dll
C:\Program Files (x86)\Games downloaded\Deep Voyage\uninst.exe
C:\PROGRA~2\HEWLET~1\KBD\sct.dll
C:\PROGRA~2\HEWLET~1\KBD\osd.dll
C:\PROGRA~2\HEWLET~1\KBD\msg.dll
C:\PROGRA~2\HEWLET~1\KBD\ps2.dll
C:\Program Files (x86)\Games downloaded\Hidden Expedition - Everest
\Uninstall.exe
C:\Program Files (x86)\Google\Google Toolbar\Component
\GoogleToolbarDynamic_mui_en_D2FF6916F564B6F7.dll
C:\Program Files (x86)\HP Games\onplay\onplay.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducomx.dll
C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumonr.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltkrn15u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducomc.dll
C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltwvc215u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltimgclr15u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltfil15u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltimgutl15u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltdis15u.dll
C:\Program Files (x86)\Disney\Disney Online\ToontownOnline
\ToontownLauncher.exe
C:\Program Files (x86)\Games downloaded\Ozzy Bubbles\unins000.exe
C:\Program Files (x86)\Playrix Entertainment\Fishdom\unins000.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\LTEFX15U.DLL
C:\Program Files (x86)\OpenOffice.org 3\program\simpress.exe
C:\Program Files (x86)\Games downloaded\Westward\Uninstall.exe
C:\Program Files (x86)\Games downloaded\Turtle Odyssey\unins000.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\uninst
\unins000.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Disney\Disney Online\ToontownOnline\uninst.exe
C:\Program Files (x86)\Common Files\aol\1238008209\ee\aolsoftware.exe
C:\Program Files (x86)\Common Files\LightScribe
\LightScribeControlPanel.exe
C:\Program Files (x86)\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
C:\Program Files (x86)\Games downloaded\The Rise of Atlantis
\unins000.exe
C:\Program Files (x86)\Games downloaded\Defender of the Crown
\Uninstall.exe
C:\ProgramData\KingsIsle Entertainment\Wizard101\Bin\BugReporter.exe
C:\Program Files (x86)\LightScribe Template Labeler
\TemplateLabeler.exe
C:\Users\Char\AppData\Local\Google\Update
\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Playrix Entertainment\Potion Bar\PotionBar.exe
C:\Program Files (x86)\Playrix Entertainment\Potion Bar\unins000.exe
C:\Program Files (x86)\Games downloaded\Ozzy Bubbles\OzzyBubbles.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUPMBLauncher.exe
C:\Program Files (x86)\Playrix Entertainment\Atlantis Quest
\unins000.exe
C:\Program Files (x86)\SMINST\Restore7.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
C:\Program Files (x86)\OpenOffice.org 3\program\sdraw.exe
C:\Program Files (x86)\Amazon\MP3 Downloader\Uninstall.exe
C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe
C:\Program Files (x86)\OpenOffice.org 3\program\sbase.exe
C:\Program Files (x86)\OpenOffice.org 3\program\smath.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
C:\Program Files (x86)\Westward Kingdoms\unins000.exe
C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
C:\Program Files (x86)\Games downloaded\Prism\Uninstall.exe
C:\Program Files (x86)\Secunia\PSI\psires.dll
C:\PROGRA~2\HEWLET~1\KBD\cfg.dll
C:\PROGRA~2\HEWLET~1\KBD\onl.dll
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUImporterLauncher.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\Music Transfer
\PPMusicTransfer.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUVolumeWatcher.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUBrowser.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUAnnounce.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUInit.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\SMINST\CD Creator.exe
C:\Program Files\FreeFixer\freefixer.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\bfgclient\bfgclient.exe
The following errors occurred during the scan:
Problems opening folder 'c:\Windows\System32\LogFiles\WMI\RtBackup' to
enumerate files. FindFirstFile failed. System error message: Access is
denied. Error code: 5.
End of FreeFixer log
having pop ups saying this program and that program isn't working,
when they are. I know something is not right.
I did the scan from freefixer, and it is below.
Thanks for any help.
FreeFixer v0.60 log
http://www.freefixer.com/
Operating system: Windows Vista Service Pack 1
Log dated 2012-01-03 18:56
AppInit_DLLs (1 whitelisted)
C:\Windows\system32\avgrssta.dll
TCP/IP settings
HKLM\..\Interfaces\{A4E21433-30FF-433A-A2CA-C9295CDF5DB1}, NameServer
= 68.94.156.1,68.94.157.1
Namespace service providers (6 whitelisted)
{B600E6E9-553B-4A19-8696-335E5C896153} - C:\Program Files (x86)\Bonjour
\mdnsNSP.dll
Browser Helper Objects (1 whitelisted)
{AA58ED58-01DD-4d91-8333-CF10577473F7}, Google Toolbar Helper, C:
\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}, Google Toolbar Notifier BHO, C:
\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll
Internet Explorer toolbars (1 whitelisted)
HKLM\..\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google
Toolbar - C:\Program Files (x86)\Google\Google Toolbar
\GoogleToolbar_64.dll
HKCU\..\Toolbar\WebBrowser\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - -
(no file specified)
HKCU\..\Toolbar\WebBrowser\{724D43A0-0D85-11D4-9908-00400523E39A} - -
(no file specified)
Basic Internet Explorer settings
HKCU\..\Main, Start Page = http://www.nascar.com/
HKLM\..\Main, Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
HKLM\..\Main, Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
HKCU\..\Desktop\General, Wallpaper = C:\Windows\Web\Wallpaper
\img24.jpg
Registry Startups (9 whitelisted)
HKCU\..\Run, RoboForm = "C:\Program Files (x86)\Siber Systems\AI
RoboForm\RoboTaskBarIcon.exe"
HKCU\..\Run, swg = "C:\Program Files (x86)\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe"
HKCU\..\Run, Google Update = "C:\Users\Char\AppData\Local\Google\Update
\GoogleUpdate.exe" /c
HKCU\..\Run, winupd = C:\Users\Char\AppData\Local\Temp:winupd.exe
Processes (66 whitelisted)
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\AmazonGSDownloaderService.exe
C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\SysWOW64\PSIService.exe
C:\Users\Char\AppData\Local\Temp:winupd.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Common Files\aol\1238008209\ee\aolsoftware.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\AmazonGSDownloaderTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check
\HPHC_Service.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\FreeFixer\freefixer.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Services (70 whitelisted)
Amazon Download Agent, Amazon Download Agent, c:\program files
(x86)\amazon\amazon games & software downloader
\amazongsdownloaderservice.exe
AOL ACS, AOL Connectivity Service, c:\program files (x86)\common files
\aol\acs\aolacsd.exe
Bonjour Service, ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##,
c:\program files (x86)\bonjour\mdnsresponder.exe
gupdate, Google Update Service (gupdate), c:\program files (x86)\google
\update\googleupdate.exe
HP Health Check Service, HP Health Check Service, c:\program files
(x86)\hewlett-packard\hp health check\hphc_service.exe
Lavasoft Ad-Aware Service, Lavasoft Ad-Aware Service, c:\program files
(x86)\lavasoft\ad-aware\aawservice.exe
LightScribeService, LightScribeService Direct Disc Labeling Service, c:
\program files (x86)\common files\lightscribe\lssrvc.exe
McciCMService, McciCMService, c:\program files (x86)\common files
\motive\mccicmservice.exe
McciCMService64, McciCMService64, c:\program files\common files\motive
\mccicmservice.exe
ProtexisLicensing, ProtexisLicensing, c:\windows
\syswow64\psiservice.exe
Drivers (45 whitelisted)
SmartDefragDriver, SmartDefragDriver, C:\Windows\system32\drivers
\smartdefragdriver.sys
Recently created/modified files (18 whitelisted)
51 minutes, c:\Program Files\FreeFixer\Uninstall.exe
52 minutes, c:\Users\Char\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\BAB7OKGK\freefixersetup[1].exe
1 hour, c:\Users\Char\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\GBQ32QGU\mbam-setup-1.60.0.1800[1].exe
Failed to calculate hash for 'c:\Users\Char\AppData\Local\Microsoft
\Windows\Temporary Internet Files\Content.IE5\GBQ32QGU\mbam-
setup-1.60.0.1800[1].exe' using 'CryptCATAdminCalcHashFromFileHandle'
while verifying trust. System error message: %1 is not a valid Win32
application. Error code: -2147024703.
9 hours, c:\Windows\Temp\UDDC928.tmp
20 hours, c:\Users\Public\Documents\19792079
21 hours, c:\Program Files (x86)\Westward III Gold Rush\AGCS
\RAW_003.wdt
21 hours, c:\Program Files (x86)\Westward III Gold Rush
\Westward_III.RWG
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\FlashAsset\Flash Asset.x32
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\SWA\SWASTRM.X32
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\SWA\swadcmpr.x32
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\SoundControl\Sound Control.x32
3 days, c:\Users\Char\AppData\LocalLow\Adobe\Shockwave Player 11\xtras
\download\AdobeSystemsIncorporated\DirectSound\DirectSound.x32
Csrss.exe virtual memory files (222 whitelisted)
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
c:\Program Files (x86)\Common Files\LightScribe\LSLog.dll
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSProxy.dll
c:\Program Files (x86)\Hewlett-Packard\HP Health Check
\hphc_service.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\AmazonGSDownloaderService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Resources.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\lavalicense.dll
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\RPAPI.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSCUpdate.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\lavamessage.dll
C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\utility.dll
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\SSLEAY32.dll
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader
\LIBEAY32.dll
C:\Users\Char\AppData\Local\Microsoft\Windows\Temporary Internet Files
\Content.IE5\BAB7OKGK\freefixersetup[1].exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\SBTE.dll
C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\viprebridge.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\ceapi.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\Vipre.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\softwareUpdate\ver3_1_8_2\stic.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\notification\ver7_1_1_1\Notify.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\localStorage\ver8_1_1_1\clsSvc.dll
c:\program files (x86)\common files\aol\1238008209\ee\services\miniXML
\ver2_1_1_1\XMLMini.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\aolsystrayservice\ver4_1_1_2\AOLSysTrayService.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\authentication\ver7_1_6_1\authenticationshadow.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\preferences\ver6_1_1_1\preferences.dll
c:\program files (x86)\common files\aol\1238008209\ee\services
\authentication\ver7_1_6_1\authentication.dll
c:\program files (x86)\common files\aol\1238008209\ee\services\osInfo
\ver2_1_1_1\OSInfo.dll
c:\program files (x86)\common files\aol\1238008209\ee\services\metrics
\ver4_1_11_1\cmls.dll
c:\program files (x86)\common files\aol\1238008209\ee\services\bfts
\ver3_1_3_1\bfts.dll
C:\Program Files (x86)\Google\Google Toolbar\Component
\GoogleToolbarDynamic_32_9F5D286FA37B7450.dll
C:\Program Files (x86)\Shutterfly\Shutterfly Express Uploader
\Shutterfly Express Uploader.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe
C:\Program Files (x86)\Common Files\aol\uninstaller.exe
C:\Users\Char\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\FinalMediaPlayer\unins000.exe
C:\Program Files (x86)\Electronic Arts\EADM\EADMUI.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\threatwork.exe
C:\Games\Tradewinds 2\Uninstall.exe
C:\Program Files (x86)\Common Files\aol\1238008209\ee\AOLSvcMgr.dll
C:\Program Files (x86)\InstallShield Installation Information\
{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\LTIMGEFX15U.DLL
C:\Program Files (x86)\FinalMediaPlayer\FinalMediaPlayer.exe
C:\Program Files (x86)\Games downloaded\Age Of Japan\unins000.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\rfwipeout.exe
C:\Program Files (x86)\Games downloaded\Age Of Japan\AgeOfJapan.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\LTIMGCOR15U.DLL
C:\Program Files (x86)\Lexmark 5600-6600 Series\LTIMGSFX15U.DLL
C:\Program Files (x86)\Westward Kingdoms\Westward Kingdoms.exe
C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
C:\Program Files (x86)\Electronic Arts\EADM\EADMUninstall.exe
C:\Program Files (x86)\Common Files\aol\1238008209\ee\xprt6.dll
C:\Program Files (x86)\Games downloaded\Deep Voyage\uninst.exe
C:\PROGRA~2\HEWLET~1\KBD\sct.dll
C:\PROGRA~2\HEWLET~1\KBD\osd.dll
C:\PROGRA~2\HEWLET~1\KBD\msg.dll
C:\PROGRA~2\HEWLET~1\KBD\ps2.dll
C:\Program Files (x86)\Games downloaded\Hidden Expedition - Everest
\Uninstall.exe
C:\Program Files (x86)\Google\Google Toolbar\Component
\GoogleToolbarDynamic_mui_en_D2FF6916F564B6F7.dll
C:\Program Files (x86)\HP Games\onplay\onplay.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducomx.dll
C:\Program Files (x86)\HP Games\Totem Tribe\Totem Tribe-WT.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumonr.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltkrn15u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducomc.dll
C:\Program Files (x86)\Common Files\LightScribe\LSLauncher.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltwvc215u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltimgclr15u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltfil15u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltimgutl15u.dll
C:\Program Files (x86)\Lexmark 5600-6600 Series\Ltdis15u.dll
C:\Program Files (x86)\Disney\Disney Online\ToontownOnline
\ToontownLauncher.exe
C:\Program Files (x86)\Games downloaded\Ozzy Bubbles\unins000.exe
C:\Program Files (x86)\Playrix Entertainment\Fishdom\unins000.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\LTEFX15U.DLL
C:\Program Files (x86)\OpenOffice.org 3\program\simpress.exe
C:\Program Files (x86)\Games downloaded\Westward\Uninstall.exe
C:\Program Files (x86)\Games downloaded\Turtle Odyssey\unins000.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\uninst
\unins000.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Disney\Disney Online\ToontownOnline\uninst.exe
C:\Program Files (x86)\Common Files\aol\1238008209\ee\aolsoftware.exe
C:\Program Files (x86)\Common Files\LightScribe
\LightScribeControlPanel.exe
C:\Program Files (x86)\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
C:\Program Files (x86)\Games downloaded\The Rise of Atlantis
\unins000.exe
C:\Program Files (x86)\Games downloaded\Defender of the Crown
\Uninstall.exe
C:\ProgramData\KingsIsle Entertainment\Wizard101\Bin\BugReporter.exe
C:\Program Files (x86)\LightScribe Template Labeler
\TemplateLabeler.exe
C:\Users\Char\AppData\Local\Google\Update
\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Playrix Entertainment\Potion Bar\PotionBar.exe
C:\Program Files (x86)\Playrix Entertainment\Potion Bar\unins000.exe
C:\Program Files (x86)\Games downloaded\Ozzy Bubbles\OzzyBubbles.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUPMBLauncher.exe
C:\Program Files (x86)\Playrix Entertainment\Atlantis Quest
\unins000.exe
C:\Program Files (x86)\SMINST\Restore7.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
C:\Program Files (x86)\OpenOffice.org 3\program\sdraw.exe
C:\Program Files (x86)\Amazon\MP3 Downloader\Uninstall.exe
C:\Program Files (x86)\Hewlett-Packard\HP TCS\hptcs.exe
C:\Program Files (x86)\OpenOffice.org 3\program\sbase.exe
C:\Program Files (x86)\OpenOffice.org 3\program\smath.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
C:\Program Files (x86)\Westward Kingdoms\unins000.exe
C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe
C:\Program Files (x86)\Games downloaded\Prism\Uninstall.exe
C:\Program Files (x86)\Secunia\PSI\psires.dll
C:\PROGRA~2\HEWLET~1\KBD\cfg.dll
C:\PROGRA~2\HEWLET~1\KBD\onl.dll
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUImporterLauncher.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\Music Transfer
\PPMusicTransfer.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUVolumeWatcher.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUBrowser.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore
\SPUAnnounce.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUInit.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\SMINST\CD Creator.exe
C:\Program Files\FreeFixer\freefixer.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\bfgclient\bfgclient.exe
The following errors occurred during the scan:
Problems opening folder 'c:\Windows\System32\LogFiles\WMI\RtBackup' to
enumerate files. FindFirstFile failed. System error message: Access is
denied. Error code: 5.
End of FreeFixer log
Roger Karlsson
Jan 8, 2012, 6:24:51 AM1/8/12
to freefix...@googlegroups.com
Hello racing88nut,
Thanks for the log. I've looked through the scan result and found this
malware file:
Processes (66 whitelisted)
..
C:\Users\Char\AppData\Local\Temp:winupd.exe
Please remove this file. Did that solve the problem?
/Roger
Thanks for any help.
End of FreeFixer log
--
You received this message because you are subscribed to the Google
Groups "FreeFixer User Forum" group. To post to this group, send email
to freefix...@googlegroups.com. To unsubscribe from this group,
send email to freefixer-for...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freefixer-forum?hl=en.
Roger Karlsson
Jan 8, 2012, 2:00:07 PM1/8/12
to freefix...@googlegroups.com
Hello again racing88nut,
The following item in the log is also related to the malware:
Registry Startups (9 whitelisted)
..
HKCU\..\Run, winupd = C:\Users\Char\AppData\Local\Temp:winupd.exe
Please tick that item for removal in FreeFixer.
/Roger
-----Original Message-----
From: freefix...@googlegroups.com
[mailto:freefix...@googlegroups.com] On Behalf Of racing88nut
Sent: den 4 januari 2012 02:10
To: FreeFixer User Forum
Subject: Help, not sure what is wrong
Thanks for any help.
End of FreeFixer log
--
Reply all
Reply to author
Forward
0 new messages