Thaitobbe
2010-02-20, 15:11
Hey,all
I have a very slow computer and a black rectangel on upper left desktop.
I have followed your advice to run different programs as
Ad-Aware
a-squared
gmer
ewido
malwarebytes anti-malware
I have a number of logs here that these programs have made
I hope it reveals something from these logs
I present the logs when you wish to see them
Where should I start,please help.
I ran a-squared this afternoon and this program found
Trojan.Win32.Genome, daay! A2 and HTML.Rce!IK
a-squared deleted Trojan.Win32.Genome, daay! A2 and HTML.Rce!IK
but it seems that many of these [bleep]-stuff installed again automatically
a-squared seems to be a top program, I run a trail that you recommended on this page.
I continue to try to solve this problem because I still have the annoying
black rectangles at top left on my desktop,
it would be nice if a pro-assisted me soon, I need my computer soo bad. please help!
ad-aware log:
Logfile created: 19/2/2553 13:47:26
Lavasoft Ad-Aware version: 8.1.4
User performing scan: tb
*********************** Definitions database information ***********************
Lavasoft definition file: 149.157
Genotype definition file version: 2010/02/12 11:23:47
******************************** Scan results: *********************************
Scan profile name: Smart genomsökning (ID: smart)
Objects scanned: 8112
Objects detected: 6
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 6
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Scan and cleaning complete: Finished correctly after 34 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Smart genomsökning
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sun Feb 14 14:00:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sun Feb 14 20:00:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sun Feb 14 02:00:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sun Feb 14 08:00:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sun Feb 14 14:00:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: sv, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: TRUEFAST-76D845
Processor name: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
Processor identifier: x86 Family 15 Model 35 Stepping 2
Processor speed: ~2188MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 8962, number of processors 2, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 1374679040 bytes
Physical memory total: 2145890304 bytes
Virtual memory available: 1974992896 bytes
Virtual memory total: 2147352576 bytes
Memory load: 35%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 328 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 412 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 436 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 480 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 492 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 648 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 704 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 744 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 852 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 880 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 996 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1108 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1228 name: C:\Program Files\a-squared Free\a2service.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1264 name: C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1316 name: C:\Program Files\ewido anti-malware\ewidoctrl.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1336 name: C:\Program Files\ewido anti-malware\ewidoguard.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1388 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1420 name: C:\Program Files\Spyware Doctor\pctsAuxs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1464 name: C:\Program Files\Spyware Doctor\pctsSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1656 name: C:\Program Files\Spyware Doctor\pctsTray.exe owner: tb domain: TRUEFAST-76D845
PID: 1704 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1152 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1180 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1552 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2272 name: C:\Program Files\Spyware Doctor\TFEngine\TFService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2636 name: C:\WINDOWS\system32\WgaTray.exe owner: tb domain: TRUEFAST-76D845
PID: 2732 name: C:\WINDOWS\Explorer.EXE owner: tb domain: TRUEFAST-76D845
PID: 3148 name: C:\WINDOWS\VistaDrive\VistaDrive.exe owner: tb domain: TRUEFAST-76D845
PID: 3204 name: C:\Program Files\Unlocker\UnlockerAssistant.exe owner: tb domain: TRUEFAST-76D845
PID: 3216 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: tb domain: TRUEFAST-76D845
PID: 3260 name: C:\Program Files\LClock\LClock.exe owner: tb domain: TRUEFAST-76D845
PID: 3772 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: tb domain: TRUEFAST-76D845
Startup items:
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: nltide_3
imagepath: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Name: ShowDeskFix
imagepath: regsvr32 /s /n /i:u shell32
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: VistaDrive
imagepath: C:\WINDOWS\VistaDrive\VistaDrive.exe
Name: UnlockerAssistant
imagepath: C:\Program Files\Unlocker\UnlockerAssistant.exe -H
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: PHIME2002ASync
imagepath: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Name: PHIME2002A
imagepath: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Name: LClock
imagepath: C:\Program Files\LClock\LClock.exe
Name: IMJPMIG8.1
imagepath: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Name: ISTray
imagepath: "C:\Program Files\Spyware Doctor\pctsTray.exe"
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: a2free
displayname: a-squared Free Service
Name: ALG
displayname: Application Layer Gateway Service
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Browser Defender Update Service
displayname: Browser Defender Update Service
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: ewido security suite control
displayname: ewido security suite control
Name: ewido security suite guard
displayname: ewido security suite guard
Name: helpsvc
displayname: Help and Support
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: LanmanServer
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: sdAuxService
displayname: PC Tools Auxiliary Service
Name: sdCoreService
displayname: PC Tools Security Service
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: TapiSrv
displayname: Telephony
Name: Themes
displayname: Themes
Name: ThreatFire
displayname: ThreatFire
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration
ewido Scan report_20100219
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 14:00:08, 19/2/2553
+ Report-Checksum: A8FB884E
+ Scan result:
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\45e6b0a6 -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\45e6b0a6\1 -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\45e6b0a6\1\InvertDependencies -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Spyware.BaiDu : Cleaned with backup
::Report End
Gmer log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-19 13:22:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\tb\Local Settings\Temp\kfaoraob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
---- EOF - GMER 1.0.15 ----
a-squared:
a-squared Free - Version 4.5
Last update: 16/2/2010 18:02:12
Scan settings:
Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\, I:\
Scan archives: On
Heuristics: Off
ADS Scan: On
Scan start: 16/2/2010 18:02:59
Value: HKEY_CLASSES_ROOT\CLSID\{51131DA7-1D24-40E5-AE07-5E3750F5DE3C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Internet Cleanup 5.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51131DA7-1D24-40E5-AE07-5E3750F5DE3C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Internet Cleanup 5.0!A2
C:\Documents and Settings\tb\Cookies\tb@com[1].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\tb\Cookies\tb@doubleclick[1].txt detected: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\tb\Cookies\tb@fastclick[1].txt detected: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\tb\Cookies\tb@mediaplex[2].txt detected: Trace.TrackingCookie.mediaplex!A2
C:\Program Files\System\CPL Bonus\vcdrom.exe detected: Trojan.Win32.Genome.daay!A2
C:\WINDOWS\inf\XPSP3Upd.inf detected: HTML.Rce!IK
D:\adobe\Adobe After Effects 7.0\Support Files\Plug-ins\Professional\Panopticum New Year Toy v1.0\Panopticum New Year Toy v1.0\toy1Aft.exe detected: Trojan.Generic!IK
Scanned
Files: 124820
Traces: 699336
Cookies: 39
Processes: 32
Found
Files: 3
Traces: 2
Cookies: 4
Processes: 0
Registry keys: 0
Scan end: 16/2/2010 18:54:18
Scan time: 0:51:19
D:\adobe\Adobe After Effects 7.0\Support Files\Plug-ins\Professional\Panopticum New Year Toy v1.0\Panopticum New Year Toy v1.0\toy1Aft.exe Quarantined Trojan.Generic!IK
C:\WINDOWS\inf\XPSP3Upd.inf Quarantined HTML.Rce!IK
C:\Program Files\System\CPL Bonus\vcdrom.exe Quarantined Trojan.Win32.Genome.daay!A2
C:\Documents and Settings\tb\Cookies\tb@mediaplex[2].txt Quarantined Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\tb\Cookies\tb@fastclick[1].txt Quarantined Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\tb\Cookies\tb@doubleclick[1].txt Quarantined Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\tb\Cookies\tb@com[1].txt Quarantined Trace.TrackingCookie.com!A2
Quarantined
Files: 3
Traces: 6
Cookies: 4
I have a very slow computer and a black rectangel on upper left desktop.
I have followed your advice to run different programs as
Ad-Aware
a-squared
gmer
ewido
malwarebytes anti-malware
I have a number of logs here that these programs have made
I hope it reveals something from these logs
I present the logs when you wish to see them
Where should I start,please help.
I ran a-squared this afternoon and this program found
Trojan.Win32.Genome, daay! A2 and HTML.Rce!IK
a-squared deleted Trojan.Win32.Genome, daay! A2 and HTML.Rce!IK
but it seems that many of these [bleep]-stuff installed again automatically
a-squared seems to be a top program, I run a trail that you recommended on this page.
I continue to try to solve this problem because I still have the annoying
black rectangles at top left on my desktop,
it would be nice if a pro-assisted me soon, I need my computer soo bad. please help!
ad-aware log:
Logfile created: 19/2/2553 13:47:26
Lavasoft Ad-Aware version: 8.1.4
User performing scan: tb
*********************** Definitions database information ***********************
Lavasoft definition file: 149.157
Genotype definition file version: 2010/02/12 11:23:47
******************************** Scan results: *********************************
Scan profile name: Smart genomsökning (ID: smart)
Objects scanned: 8112
Objects detected: 6
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 6
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Scan and cleaning complete: Finished correctly after 34 seconds
*********************************** Settings ***********************************
Scan profile:
ID: smart, enabled:1, value: Smart genomsökning
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sun Feb 14 14:00:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sun Feb 14 20:00:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sun Feb 14 02:00:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sun Feb 14 08:00:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sun Feb 14 14:00:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: sv, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: TRUEFAST-76D845
Processor name: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
Processor identifier: x86 Family 15 Model 35 Stepping 2
Processor speed: ~2188MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 8962, number of processors 2, processor features: [MMX,SSE,SSE2,3DNow]
Physical memory available: 1374679040 bytes
Physical memory total: 2145890304 bytes
Virtual memory available: 1974992896 bytes
Virtual memory total: 2147352576 bytes
Memory load: 35%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 328 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 412 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 436 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 480 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 492 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 648 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 704 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 744 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 852 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 880 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 996 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1108 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1228 name: C:\Program Files\a-squared Free\a2service.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1264 name: C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1316 name: C:\Program Files\ewido anti-malware\ewidoctrl.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1336 name: C:\Program Files\ewido anti-malware\ewidoguard.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1388 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1420 name: C:\Program Files\Spyware Doctor\pctsAuxs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1464 name: C:\Program Files\Spyware Doctor\pctsSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1656 name: C:\Program Files\Spyware Doctor\pctsTray.exe owner: tb domain: TRUEFAST-76D845
PID: 1704 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1152 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1180 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1552 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2272 name: C:\Program Files\Spyware Doctor\TFEngine\TFService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2636 name: C:\WINDOWS\system32\WgaTray.exe owner: tb domain: TRUEFAST-76D845
PID: 2732 name: C:\WINDOWS\Explorer.EXE owner: tb domain: TRUEFAST-76D845
PID: 3148 name: C:\WINDOWS\VistaDrive\VistaDrive.exe owner: tb domain: TRUEFAST-76D845
PID: 3204 name: C:\Program Files\Unlocker\UnlockerAssistant.exe owner: tb domain: TRUEFAST-76D845
PID: 3216 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: tb domain: TRUEFAST-76D845
PID: 3260 name: C:\Program Files\LClock\LClock.exe owner: tb domain: TRUEFAST-76D845
PID: 3772 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: tb domain: TRUEFAST-76D845
Startup items:
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: nltide_3
imagepath: rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Name: ShowDeskFix
imagepath: regsvr32 /s /n /i:u shell32
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: VistaDrive
imagepath: C:\WINDOWS\VistaDrive\VistaDrive.exe
Name: UnlockerAssistant
imagepath: C:\Program Files\Unlocker\UnlockerAssistant.exe -H
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: PHIME2002ASync
imagepath: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
Name: PHIME2002A
imagepath: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
Name: LClock
imagepath: C:\Program Files\LClock\LClock.exe
Name: IMJPMIG8.1
imagepath: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Name: ISTray
imagepath: "C:\Program Files\Spyware Doctor\pctsTray.exe"
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: a2free
displayname: a-squared Free Service
Name: ALG
displayname: Application Layer Gateway Service
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Browser Defender Update Service
displayname: Browser Defender Update Service
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: dmserver
displayname: Logical Disk Manager
Name: Dnscache
displayname: DNS Client
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: ewido security suite control
displayname: ewido security suite control
Name: ewido security suite guard
displayname: ewido security suite guard
Name: helpsvc
displayname: Help and Support
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: LanmanServer
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: sdAuxService
displayname: PC Tools Auxiliary Service
Name: sdCoreService
displayname: PC Tools Security Service
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: TapiSrv
displayname: Telephony
Name: Themes
displayname: Themes
Name: ThreatFire
displayname: ThreatFire
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration
ewido Scan report_20100219
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 14:00:08, 19/2/2553
+ Report-Checksum: A8FB884E
+ Scan result:
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\45e6b0a6 -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\45e6b0a6\1 -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7f3aad1e\45e6b0a6\1\InvertDependencies -> Spyware.NavExcel : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86} -> Spyware.BaiDu : Cleaned with backup
::Report End
Gmer log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-19 13:22:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\tb\Local Settings\Temp\kfaoraob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
---- EOF - GMER 1.0.15 ----
a-squared:
a-squared Free - Version 4.5
Last update: 16/2/2010 18:02:12
Scan settings:
Scan type: Deep Scan
Objects: Memory, Traces, Cookies, C:\, D:\, I:\
Scan archives: On
Heuristics: Off
ADS Scan: On
Scan start: 16/2/2010 18:02:59
Value: HKEY_CLASSES_ROOT\CLSID\{51131DA7-1D24-40E5-AE07-5E3750F5DE3C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Internet Cleanup 5.0!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51131DA7-1D24-40E5-AE07-5E3750F5DE3C}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Internet Cleanup 5.0!A2
C:\Documents and Settings\tb\Cookies\tb@com[1].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\tb\Cookies\tb@doubleclick[1].txt detected: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\tb\Cookies\tb@fastclick[1].txt detected: Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\tb\Cookies\tb@mediaplex[2].txt detected: Trace.TrackingCookie.mediaplex!A2
C:\Program Files\System\CPL Bonus\vcdrom.exe detected: Trojan.Win32.Genome.daay!A2
C:\WINDOWS\inf\XPSP3Upd.inf detected: HTML.Rce!IK
D:\adobe\Adobe After Effects 7.0\Support Files\Plug-ins\Professional\Panopticum New Year Toy v1.0\Panopticum New Year Toy v1.0\toy1Aft.exe detected: Trojan.Generic!IK
Scanned
Files: 124820
Traces: 699336
Cookies: 39
Processes: 32
Found
Files: 3
Traces: 2
Cookies: 4
Processes: 0
Registry keys: 0
Scan end: 16/2/2010 18:54:18
Scan time: 0:51:19
D:\adobe\Adobe After Effects 7.0\Support Files\Plug-ins\Professional\Panopticum New Year Toy v1.0\Panopticum New Year Toy v1.0\toy1Aft.exe Quarantined Trojan.Generic!IK
C:\WINDOWS\inf\XPSP3Upd.inf Quarantined HTML.Rce!IK
C:\Program Files\System\CPL Bonus\vcdrom.exe Quarantined Trojan.Win32.Genome.daay!A2
C:\Documents and Settings\tb\Cookies\tb@mediaplex[2].txt Quarantined Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\tb\Cookies\tb@fastclick[1].txt Quarantined Trace.TrackingCookie.fastclick!A2
C:\Documents and Settings\tb\Cookies\tb@doubleclick[1].txt Quarantined Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\tb\Cookies\tb@com[1].txt Quarantined Trace.TrackingCookie.com!A2
Quarantined
Files: 3
Traces: 6
Cookies: 4