atieclxx csrss and winlogon cant access or remove; please analyse my log
166 views
Skip to first unread message
TI in KL
Jan 5, 2012, 11:33:12 AM1/5/12
to FreeFixer User Forum
hi, happy new year!
can you please help me with the above problems. i foolishly clicked on
a .jpeg file even though i checked it w Microsoft Anti Virus and too
late i realised i should have checked it for an .exe extension...
i have been at it for months but no success despite trying all manner
of antivirus, spyware etc. cant get rid of the above 3 files...
the log is as follows:
FreeFixer v0.60 log
http://www.freefixer.com/
Operating system: Windows 7 Service Pack 1
Log dated 2012-01-06 00:29
BootExecute (1 whitelisted)
C:\Windows\system32\C:\PROGRA~2\AVG\AVG2012\avgrsa.exe (file is
missing)
KnownDlls
DllDirectory32=%SystemRoot%\syswow64 is missing
msacm32=msacm32.dll
shimeng=shimeng.dll
uxtheme=uxtheme.dll
Transport service providers (3 whitelisted)
{707847FD-3062-49AA-9CF4-05CE30B65BBE} - C:\Program Files
(x86)\JiangMin\AntiVirus\VistaSpi64.dll
{5E68A514-C79C-4DAA-84D9-88AE7010DC99} - C:\Program Files
(x86)\JiangMin\AntiVirus\VistaSpi64.dll
{26EA5ED9-850F-4839-97A7-6137B86B5F5E} - C:\Program Files
(x86)\JiangMin\AntiVirus\VistaSpi64.dll
Registry Startups (2 whitelisted)
HKCU\..\Run, Advanced SystemCare 5 = "D:\Program Files (x86)\IObit
\Advanced SystemCare 5\ASCTray.exe" /AutoStart
Autostart shortcuts
TP-LINK Wireless Utility.lnk, , C:\Program Files (x86)\TP-LINK\Common
\TWCU.exe
Processes (56 whitelisted)
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
D:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
C:\Program Files (x86)\TP-LINK\Common\RaRegistry.exe
C:\Program Files (x86)\TP-LINK\Common\RaRegistry64.exe
C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\TP-LINK\Common\TWCU.exe
C:\Program Files (x86)\JiangMin\AntiVirus\KVSrvXP.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Google Talk Plugin
\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\FreeFixer\freefixer.exe
Application modules (97 whitelisted)
C:\Program Files (x86)\JiangMin\AntiVirus\VistaSpi64.dll
Services (59 whitelisted)
AdvancedSystemCareService5, Advanced SystemCare Service 5, d:\program
files (x86)\iobit\advanced systemcare 5\ascservice.exe
gupdate, Google Update Service (gupdate), c:\program files (x86)\google
\update\googleupdate.exe
KSafeSvc, KSafe service, d:\program files (x86)\kingsoft\pcdoctor
\ksafesvc.exe
RalinkRegistryWriter, Ralink Registry Writer, c:\program files
(x86)\tp-link\common\raregistry.exe
RalinkRegistryWriter64, Ralink Registry Writer 64, c:\program files
(x86)\tp-link\common\raregistry64.exe
SpyHunter 4 Service, SpyHunter 4 Service, c:
\progra~1\enigma~1\spyhun~1\sh4ser~1.exe
UMVPFSrv, , c:\program files (x86)\common files\logishrd\lvmvfm
\umvpfsrv.exe
{1325186C-35EA-489D-9514-5652DE1FF081}, KVSrvXP-
{1325186C-35EA-489D-9514-5652DE1FF081}, c:\program files (x86)\jiangmin
\antivirus\kvsrvxp.exe
Svchost.exe Modules (255 whitelisted)
C:\Program Files (x86)\JiangMin\AntiVirus\VistaSpi64.dll
Explorer.exe Modules (214 whitelisted)
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
d:\Program files (x86)\Kingsoft\PCDoctor\ksafemenu64.dll
C:\Program Files\7-Zip\7-zip.dll
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll
Drivers (52 whitelisted)
ElRawDisk, ElRawDisk, c:\windows\system32\drivers\elrawdsk.sys
kmodurl, kmodurl, d:\program files (x86)\kingsoft\pcdoctor
\kmodurl64.sys
Csrss.exe virtual memory files (219 whitelisted)
d:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
d:\Program files (x86)\Kingsoft\PCDoctor\fwproxy.dll
d:\Program files (x86)\Kingsoft\PCDoctor\kispublic.dll
C:\Windows\SysWOW64\KVInstall.dll
C:\Windows\system32\RAIHV.dll
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files (x86)\JiangMin\WebEngine\ScanPage.dll
C:\Program Files (x86)\JiangMin\AntiVirus\FileGuard.dll
C:\Program Files (x86)\TP-LINK\Common\RaRegistry.exe
C:\Program Files (x86)\TP-LINK\Common\RaRegistry64.exe
C:\Program Files (x86)\JiangMin\AntiVirus\NetGuard.dll
C:\Program Files (x86)\JiangMin\common\KvTrustInit.dll
C:\Program Files (x86)\JiangMin\Antivirus\FPFlush.exe
C:\Program Files (x86)\JiangMin\Antivirus\KvDump.exe
C:\Program Files (x86)\JiangMin\common\KvTrustService.dll
C:\Program Files (x86)\JiangMin\Antivirus\KVAddrDb.dll
C:\Program Files (x86)\JiangMin\common\ErrorReport.dll
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\JiangMin\common\Upload.dll
C:\Program Files (x86)\JiangMin\Kernel\EngFace.dll
C:\Program Files (x86)\JiangMin\AntiVirus\KVRun.exe
C:\Program Files (x86)\JiangMin\Install\KVUpd.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS
\StatusStrings.dll
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS
\xerces-c_2_7.dll
C:\Windows\system32\KVInstall64.dll
C:\Program Files (x86)\JiangMin\Install\KVOL.exe
C:\Program Files (x86)\AVG\AVG2012\HTMLayout.dll
D:\Program Files (x86)\IObit\Advanced SystemCare 5\AutoCare.exe
D:\Downloads\freefixersetup.exe
C:\Program Files (x86)\JiangMin\Antivirus\KVPopup.exe
d:\Program files (x86)\Kingsoft\PCDoctor\ksafemenu64.dll
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
C:\Windows\SysWOW64\RaCertMgr.dll
C:\Users\user\Desktop\Awakening_TheGoblinKingdom.exe
C:\Program Files (x86)\Real\RealUpgrade\plugins\upgrade.dll
C:\Program Files (x86)\TP-LINK\Common\CiscoEapFast.dll
C:\Program Files (x86)\JiangMin\Antivirus\KVOffice.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
C:\Users\user\AppData\Local\Google\Google Talk Plugin
\googleadapter.dll
C:\Users\user\AppData\Local\Google\Update
\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Google\Chrome\Application
\16.0.912.63\chrome.dll
C:\Users\user\AppData\Local\Google\Google Talk Plugin
\googletalkplugin.exe
C:\Users\user\AppData\Local\Google\Google Talk Plugin
\googletalkplugin.dll
C:\Program Files (x86)\TP-LINK\Common\RaWLAPI.dll
C:\Program Files (x86)\bfgclient\bfgclient.exe
C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Real\RealPlayer\realplay.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Essentials Codec Pack\MPC\mpc-hc64.exe
C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe
C:\Users\user\AppData\Local\Apps\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\JiangMin\Antivirus\lang\KVOffice0409.lng
C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets
\HelpMain\launchershortcut.exe
C:\Program Files (x86)\Google\Chrome\Application
\16.0.912.63\ppGoogleNaClPluginChrome.dll
C:\Program Files (x86)\Calibre2\calibre.exe
C:\Program Files\FreeFixer\freefixer.exe
C:\Program Files (x86)\JiangMin\common\SysCheck.dll
C:\Program Files (x86)\JiangMin\Antivirus\Embed.dll
C:\Program Files\7-Zip\7zG.exe
D:\Kies\Kies.exe
D:\Downloads\RealPlayer.exe
D:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
D:\Downloads\plant-this_s1_l1_gF2771T1L1_d1348816355.exe
D:\Games\Ubisoft\The Adventures of Tintin\TINTIN.exe
D:\Games\Orcs Must Die!\Build\release\OrcsMustDie.exe
D:\Downloads\supercow_s1_l1_gF2164T1L1_d1530234827.exe
D:\Downloads\world-of-goo_s1_l1_gF5079T1L1_d1447752466.exe
D:\Downloads\media.player.codec.pack.v3.9.9.setup.exe
D:\Downloads\supercow_s1_l1_gF2164T1L1_d1530235112.exe
D:\Downloads\supercow_s1_l1_gF2164T1L1_d1530234845.exe
D:\Downloads\cnet2_RegpairSetup_exe.exe
D:\Downloads\avira_antivirus_premium_en.exe
D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe
D:\Program Files (x86)\iTunes\Hobbyist Software\PhotoScape
\PhotoScape.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\Suc12_Uninstal.exe
D:\Downloads\airport-mania-2-wild-
trips_s1_l1_gF6110T1L1_d1299290720.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll
D:\Downloads\ballville-the-beginning_s1_l1_gF6095T1L1_d1293911450.exe
D:\Downloads\tasty-planet-back-for-
seconds_s1_l1_gF6050T1L1_d1299290448.exe
D:\Downloads\hotel-dash-suite-success_s1_l1_gF5303T1L1_d1530245153.exe
D:\Downloads\SuperCow 2008 + crack\SuperCow 2008 + crack
\SuperCowHUN.exe
D:\Downloads\SuperCow 2008 + crack\SuperCow 2008 + crack
\supercowsetup.exe
D:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe
D:\Program Files (x86)\Kingsoft\PCDoctor\KSafe.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\datastate.dll
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
D:\Downloads Completed\Plants vs. Zombies\PlantsVsZombies.exe
D:\Games\Jurassic Park The Game\GameData\JurassicPark100.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTooltips.exe
D:\Program Files (x86)\Rovio\Angry Birds Rio\AngryBirdsRio.exe
D:\Program Files (x86)\Defense Grid - The Awakening\DefenseGrid.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1298232735.exe
D:\Downloads\mplayerc.exe
D:\Downloads Completed\Spirits of Mystery Amber Maiden Collector's
Edition\Spirits of Mystery - Amber Maiden Collector's Edition.exe
D:\DOWNLO~2\SUPERC~1.EXE
D:\Downloads\Evernote_4.4.2.4912.exe
D:\Downloads\PhotoScapeSetup_V3.5.exe
D:\Downloads\SecurityTaskManager_Setup.exe
D:\Downloads\BitDefender_Uninstall_Tool.exe
D:\Downloads\SpheraFocusTest_download.exe
D:\Games\Mini Robot Wars\MRW.exe
D:\Downloads\wonderland-adventure-mysteries-of-fire-
island_s1_l1_gF2847T1L1_d1299297048.exe
D:\Downloads\wonderland-adventure-mysteries-of-fire-
island_s1_l1_gF2847T1L1_d1299292846.exe
D:\Downloads\wonderland-adventure-mysteries-of-fire-
island_s1_l1_gF2847T1L1_d1299292352.exe
D:\Games\Warhammer 40,000 Space Marine 2\Warhammer 40,000 Space Marine
\spacemarine.exe
D:\Downloads\Kies_2.0.0.11032_12_9.exe
D:\Downloads\Sigil-0.3.4b-Windows-x64-Setup.exe
D:\Downloads\SolveigMM_AVI_Trimmer_2_0_1108_18.exe
D:\Program Files (x86)\Ares\Ares.exe
D:\Games\Trine 2\trine2_launcher.exe
D:\Downloads\wonderlandsecretwo_s1_l1_gF406T1L1_d1299292176.exe
D:\Downloads\QloudServer_v2.2.exe
D:\Downloads\STOPzilla_Setup.exe
D:\Downloads\vlc-1.1.11-win32.exe
D:\Downloads\VLCStreamerSetup.exe
D:\Downloads\veetle-0.9.18.exe
D:\Downloads\amddriverdownloader.exe
C:\Users\user\AppData\Local\Roblox\Versions\version-9d8ee47fdc21422e
\Roblox.exe
D:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic
Heroes VI.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1300480369.exe
D:\Downloads\farmers-market_s1_l1_gF5976T1L1_d1299288652.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1300480215.exe
D:\Downloads\diegosdinosauradve_s1_l1_gF1001T1L1_d1299289087.exe
D:\Downloads\fairway-solitaire_s1_l1_gF2246T1L1_d1298150898.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1298234613.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1300480225.exe
D:\Downloads\diner-dash-5-boom_s1_l1_gF5458T1L1_d1299290176.exe
D:\Downloads\nicktoons-hoverzone_s1_l1_gF2653T1L1_d1447753691.exe
D:\Downloads\cnet2_Windows7FirewallControl-Setup-x64_exe.exe
D:\Downloads\diegosdinosauradve_s1_l1_gF1001T1L1_d1299289166.exe
D:\Downloads\ccsetup312.exe
D:\Downloads\SystemLook.exe
D:\Downloads\CuteWriter.exe
D:\Downloads\WECPSetup.exe
D:\Downloads\tvp.exe
D:\Downloads\Setup243.exe
D:\Downloads\trj682.exe
D:\Downloads\MBRCheck.exe
Failed to calculate hash for 'D:\Downloads\MBRCheck.exe' using
'CryptCATAdminCalcHashFromFileHandle' while verifying trust. System
error message: %1 is not a valid Win32 application. Error code:
-2147024703.
The following errors occurred during the scan:
An unexpected exception occurred in the Recently Modified Files
Plugin:
Failed to duplicate handle using 'DuplicateHandle'. System error
message: Access is denied. Error code: 5.
End of FreeFixer log
can you please help me with the above problems. i foolishly clicked on
a .jpeg file even though i checked it w Microsoft Anti Virus and too
late i realised i should have checked it for an .exe extension...
i have been at it for months but no success despite trying all manner
of antivirus, spyware etc. cant get rid of the above 3 files...
the log is as follows:
FreeFixer v0.60 log
http://www.freefixer.com/
Operating system: Windows 7 Service Pack 1
Log dated 2012-01-06 00:29
BootExecute (1 whitelisted)
C:\Windows\system32\C:\PROGRA~2\AVG\AVG2012\avgrsa.exe (file is
missing)
KnownDlls
DllDirectory32=%SystemRoot%\syswow64 is missing
msacm32=msacm32.dll
shimeng=shimeng.dll
uxtheme=uxtheme.dll
Transport service providers (3 whitelisted)
{707847FD-3062-49AA-9CF4-05CE30B65BBE} - C:\Program Files
(x86)\JiangMin\AntiVirus\VistaSpi64.dll
{5E68A514-C79C-4DAA-84D9-88AE7010DC99} - C:\Program Files
(x86)\JiangMin\AntiVirus\VistaSpi64.dll
{26EA5ED9-850F-4839-97A7-6137B86B5F5E} - C:\Program Files
(x86)\JiangMin\AntiVirus\VistaSpi64.dll
Registry Startups (2 whitelisted)
HKCU\..\Run, Advanced SystemCare 5 = "D:\Program Files (x86)\IObit
\Advanced SystemCare 5\ASCTray.exe" /AutoStart
Autostart shortcuts
TP-LINK Wireless Utility.lnk, , C:\Program Files (x86)\TP-LINK\Common
\TWCU.exe
Processes (56 whitelisted)
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
D:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
C:\Program Files (x86)\TP-LINK\Common\RaRegistry.exe
C:\Program Files (x86)\TP-LINK\Common\RaRegistry64.exe
C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\TP-LINK\Common\TWCU.exe
C:\Program Files (x86)\JiangMin\AntiVirus\KVSrvXP.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Google Talk Plugin
\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\FreeFixer\freefixer.exe
Application modules (97 whitelisted)
C:\Program Files (x86)\JiangMin\AntiVirus\VistaSpi64.dll
Services (59 whitelisted)
AdvancedSystemCareService5, Advanced SystemCare Service 5, d:\program
files (x86)\iobit\advanced systemcare 5\ascservice.exe
gupdate, Google Update Service (gupdate), c:\program files (x86)\google
\update\googleupdate.exe
KSafeSvc, KSafe service, d:\program files (x86)\kingsoft\pcdoctor
\ksafesvc.exe
RalinkRegistryWriter, Ralink Registry Writer, c:\program files
(x86)\tp-link\common\raregistry.exe
RalinkRegistryWriter64, Ralink Registry Writer 64, c:\program files
(x86)\tp-link\common\raregistry64.exe
SpyHunter 4 Service, SpyHunter 4 Service, c:
\progra~1\enigma~1\spyhun~1\sh4ser~1.exe
UMVPFSrv, , c:\program files (x86)\common files\logishrd\lvmvfm
\umvpfsrv.exe
{1325186C-35EA-489D-9514-5652DE1FF081}, KVSrvXP-
{1325186C-35EA-489D-9514-5652DE1FF081}, c:\program files (x86)\jiangmin
\antivirus\kvsrvxp.exe
Svchost.exe Modules (255 whitelisted)
C:\Program Files (x86)\JiangMin\AntiVirus\VistaSpi64.dll
Explorer.exe Modules (214 whitelisted)
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
d:\Program files (x86)\Kingsoft\PCDoctor\ksafemenu64.dll
C:\Program Files\7-Zip\7-zip.dll
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll
Drivers (52 whitelisted)
ElRawDisk, ElRawDisk, c:\windows\system32\drivers\elrawdsk.sys
kmodurl, kmodurl, d:\program files (x86)\kingsoft\pcdoctor
\kmodurl64.sys
Csrss.exe virtual memory files (219 whitelisted)
d:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
d:\Program files (x86)\Kingsoft\PCDoctor\fwproxy.dll
d:\Program files (x86)\Kingsoft\PCDoctor\kispublic.dll
C:\Windows\SysWOW64\KVInstall.dll
C:\Windows\system32\RAIHV.dll
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files (x86)\JiangMin\WebEngine\ScanPage.dll
C:\Program Files (x86)\JiangMin\AntiVirus\FileGuard.dll
C:\Program Files (x86)\TP-LINK\Common\RaRegistry.exe
C:\Program Files (x86)\TP-LINK\Common\RaRegistry64.exe
C:\Program Files (x86)\JiangMin\AntiVirus\NetGuard.dll
C:\Program Files (x86)\JiangMin\common\KvTrustInit.dll
C:\Program Files (x86)\JiangMin\Antivirus\FPFlush.exe
C:\Program Files (x86)\JiangMin\Antivirus\KvDump.exe
C:\Program Files (x86)\JiangMin\common\KvTrustService.dll
C:\Program Files (x86)\JiangMin\Antivirus\KVAddrDb.dll
C:\Program Files (x86)\JiangMin\common\ErrorReport.dll
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\JiangMin\common\Upload.dll
C:\Program Files (x86)\JiangMin\Kernel\EngFace.dll
C:\Program Files (x86)\JiangMin\AntiVirus\KVRun.exe
C:\Program Files (x86)\JiangMin\Install\KVUpd.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS
\StatusStrings.dll
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS
\xerces-c_2_7.dll
C:\Windows\system32\KVInstall64.dll
C:\Program Files (x86)\JiangMin\Install\KVOL.exe
C:\Program Files (x86)\AVG\AVG2012\HTMLayout.dll
D:\Program Files (x86)\IObit\Advanced SystemCare 5\AutoCare.exe
D:\Downloads\freefixersetup.exe
C:\Program Files (x86)\JiangMin\Antivirus\KVPopup.exe
d:\Program files (x86)\Kingsoft\PCDoctor\ksafemenu64.dll
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll
C:\Windows\SysWOW64\RaCertMgr.dll
C:\Users\user\Desktop\Awakening_TheGoblinKingdom.exe
C:\Program Files (x86)\Real\RealUpgrade\plugins\upgrade.dll
C:\Program Files (x86)\TP-LINK\Common\CiscoEapFast.dll
C:\Program Files (x86)\JiangMin\Antivirus\KVOffice.dll
C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
C:\Users\user\AppData\Local\Google\Google Talk Plugin
\googleadapter.dll
C:\Users\user\AppData\Local\Google\Update
\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Google\Chrome\Application
\16.0.912.63\chrome.dll
C:\Users\user\AppData\Local\Google\Google Talk Plugin
\googletalkplugin.exe
C:\Users\user\AppData\Local\Google\Google Talk Plugin
\googletalkplugin.dll
C:\Program Files (x86)\TP-LINK\Common\RaWLAPI.dll
C:\Program Files (x86)\bfgclient\bfgclient.exe
C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Real\RealPlayer\realplay.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Essentials Codec Pack\MPC\mpc-hc64.exe
C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe
C:\Users\user\AppData\Local\Apps\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\JiangMin\Antivirus\lang\KVOffice0409.lng
C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets
\HelpMain\launchershortcut.exe
C:\Program Files (x86)\Google\Chrome\Application
\16.0.912.63\ppGoogleNaClPluginChrome.dll
C:\Program Files (x86)\Calibre2\calibre.exe
C:\Program Files\FreeFixer\freefixer.exe
C:\Program Files (x86)\JiangMin\common\SysCheck.dll
C:\Program Files (x86)\JiangMin\Antivirus\Embed.dll
C:\Program Files\7-Zip\7zG.exe
D:\Kies\Kies.exe
D:\Downloads\RealPlayer.exe
D:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
D:\Downloads\plant-this_s1_l1_gF2771T1L1_d1348816355.exe
D:\Games\Ubisoft\The Adventures of Tintin\TINTIN.exe
D:\Games\Orcs Must Die!\Build\release\OrcsMustDie.exe
D:\Downloads\supercow_s1_l1_gF2164T1L1_d1530234827.exe
D:\Downloads\world-of-goo_s1_l1_gF5079T1L1_d1447752466.exe
D:\Downloads\media.player.codec.pack.v3.9.9.setup.exe
D:\Downloads\supercow_s1_l1_gF2164T1L1_d1530235112.exe
D:\Downloads\supercow_s1_l1_gF2164T1L1_d1530234845.exe
D:\Downloads\cnet2_RegpairSetup_exe.exe
D:\Downloads\avira_antivirus_premium_en.exe
D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe
D:\Program Files (x86)\iTunes\Hobbyist Software\PhotoScape
\PhotoScape.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\Suc12_Uninstal.exe
D:\Downloads\airport-mania-2-wild-
trips_s1_l1_gF6110T1L1_d1299290720.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll
D:\Downloads\ballville-the-beginning_s1_l1_gF6095T1L1_d1293911450.exe
D:\Downloads\tasty-planet-back-for-
seconds_s1_l1_gF6050T1L1_d1299290448.exe
D:\Downloads\hotel-dash-suite-success_s1_l1_gF5303T1L1_d1530245153.exe
D:\Downloads\SuperCow 2008 + crack\SuperCow 2008 + crack
\SuperCowHUN.exe
D:\Downloads\SuperCow 2008 + crack\SuperCow 2008 + crack
\supercowsetup.exe
D:\Program Files (x86)\Nikon\ViewNX 2\ViewNX2.exe
D:\Program Files (x86)\Kingsoft\PCDoctor\KSafe.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\datastate.dll
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
D:\Downloads Completed\Plants vs. Zombies\PlantsVsZombies.exe
D:\Games\Jurassic Park The Game\GameData\JurassicPark100.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTooltips.exe
D:\Program Files (x86)\Rovio\Angry Birds Rio\AngryBirdsRio.exe
D:\Program Files (x86)\Defense Grid - The Awakening\DefenseGrid.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1298232735.exe
D:\Downloads\mplayerc.exe
D:\Downloads Completed\Spirits of Mystery Amber Maiden Collector's
Edition\Spirits of Mystery - Amber Maiden Collector's Edition.exe
D:\DOWNLO~2\SUPERC~1.EXE
D:\Downloads\Evernote_4.4.2.4912.exe
D:\Downloads\PhotoScapeSetup_V3.5.exe
D:\Downloads\SecurityTaskManager_Setup.exe
D:\Downloads\BitDefender_Uninstall_Tool.exe
D:\Downloads\SpheraFocusTest_download.exe
D:\Games\Mini Robot Wars\MRW.exe
D:\Downloads\wonderland-adventure-mysteries-of-fire-
island_s1_l1_gF2847T1L1_d1299297048.exe
D:\Downloads\wonderland-adventure-mysteries-of-fire-
island_s1_l1_gF2847T1L1_d1299292846.exe
D:\Downloads\wonderland-adventure-mysteries-of-fire-
island_s1_l1_gF2847T1L1_d1299292352.exe
D:\Games\Warhammer 40,000 Space Marine 2\Warhammer 40,000 Space Marine
\spacemarine.exe
D:\Downloads\Kies_2.0.0.11032_12_9.exe
D:\Downloads\Sigil-0.3.4b-Windows-x64-Setup.exe
D:\Downloads\SolveigMM_AVI_Trimmer_2_0_1108_18.exe
D:\Program Files (x86)\Ares\Ares.exe
D:\Games\Trine 2\trine2_launcher.exe
D:\Downloads\wonderlandsecretwo_s1_l1_gF406T1L1_d1299292176.exe
D:\Downloads\QloudServer_v2.2.exe
D:\Downloads\STOPzilla_Setup.exe
D:\Downloads\vlc-1.1.11-win32.exe
D:\Downloads\VLCStreamerSetup.exe
D:\Downloads\veetle-0.9.18.exe
D:\Downloads\amddriverdownloader.exe
C:\Users\user\AppData\Local\Roblox\Versions\version-9d8ee47fdc21422e
\Roblox.exe
D:\Program Files (x86)\Ubisoft\Might & Magic Heroes VI\Might & Magic
Heroes VI.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1300480369.exe
D:\Downloads\farmers-market_s1_l1_gF5976T1L1_d1299288652.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1300480215.exe
D:\Downloads\diegosdinosauradve_s1_l1_gF1001T1L1_d1299289087.exe
D:\Downloads\fairway-solitaire_s1_l1_gF2246T1L1_d1298150898.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1298234613.exe
D:\Downloads\puppetshow-lost-town_s1_l1_gF6649T1L1_d1300480225.exe
D:\Downloads\diner-dash-5-boom_s1_l1_gF5458T1L1_d1299290176.exe
D:\Downloads\nicktoons-hoverzone_s1_l1_gF2653T1L1_d1447753691.exe
D:\Downloads\cnet2_Windows7FirewallControl-Setup-x64_exe.exe
D:\Downloads\diegosdinosauradve_s1_l1_gF1001T1L1_d1299289166.exe
D:\Downloads\ccsetup312.exe
D:\Downloads\SystemLook.exe
D:\Downloads\CuteWriter.exe
D:\Downloads\WECPSetup.exe
D:\Downloads\tvp.exe
D:\Downloads\Setup243.exe
D:\Downloads\trj682.exe
D:\Downloads\MBRCheck.exe
Failed to calculate hash for 'D:\Downloads\MBRCheck.exe' using
'CryptCATAdminCalcHashFromFileHandle' while verifying trust. System
error message: %1 is not a valid Win32 application. Error code:
-2147024703.
The following errors occurred during the scan:
An unexpected exception occurred in the Recently Modified Files
Plugin:
Failed to duplicate handle using 'DuplicateHandle'. System error
message: Access is denied. Error code: 5.
End of FreeFixer log
Roger Karlsson
Jan 8, 2012, 4:43:52 PM1/8/12
to freefix...@googlegroups.com
Hello,
Atieclxx.exe, csrss.exe and winlogon.exe sounds like legitimate files to
me. Could you please upload these three files to http://virustotal.com
and post the links to the scan results in your reply? Just to rule out
the possibility that the malware is trying to hide by using names of
legitimate system files.
/Roger
End of FreeFixer log
--
You received this message because you are subscribed to the Google
Groups "FreeFixer User Forum" group. To post to this group, send email
to freefix...@googlegroups.com. To unsubscribe from this group,
send email to freefixer-for...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/freefixer-forum?hl=en.
Reply all
Reply to author
Forward
0 new messages