Ralfmeister

DDS (Ver_09-10-13.01) - NTFSx86
Run by Rasmus at 18:30:20,89 on 2009-10-17
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1311 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\DAEMON Tools\daemon.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\uTorrent\uTorrent.exe
C:\Documents and Settings\Rasmus\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.apberget.se/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools] "c:\program\daemon tools\daemon.exe" -lang 1033
mRun: [SunJavaUpdateSched] c:\program\java\j2re1.4.2_05\bin\jusched.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Ad-Watch] c:\program\lavasoft\ad-aware\AAWTray.exe
mRun: [egui] "c:\program\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
AppInit_DLLs: c:\docume~1\rasmus\lokala~1\temp\846828621mxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rasmus\applic~1\mozilla\firefox\profiles\v1x5owo6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=2&q=
FF - component: c:\documents and settings\rasmus\application data\mozilla\firefox\profiles\v1x5owo6.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\rasmus\application data\mozilla\firefox\profiles\v1x5owo6.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program\google\picasa3\npPicasa3.dll
FF - plugin: c:\program\java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program\java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program\java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program\java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program\java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program\java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program\java\j2re1.4.2_05\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-16 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 ekrn;ESET Service;c:\program\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]

=============== Created Last 30 ================

2009-10-15 22:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2009-10-15 19:47 <DIR> --d----- c:\program\World of Warcraft
2009-10-15 19:47 <DIR> --d----- c:\program\delade filer\Blizzard Entertainment
2009-10-15 18:41 515,416 a------- c:\windows\system32\XAudio2_5.dll
2009-10-15 18:41 238,936 a------- c:\windows\system32\xactengine3_5.dll
2009-10-15 18:41 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll
2009-10-15 18:41 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll
2009-10-15 18:41 235,344 a------- c:\windows\system32\d3dx11_42.dll
2009-10-15 18:41 453,456 a------- c:\windows\system32\d3dx10_42.dll
2009-10-15 18:41 1,892,184 a------- c:\windows\system32\D3DX9_42.dll
2009-10-15 18:41 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-10-15 18:41 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-10-15 18:41 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-10-15 18:37 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-10-13 14:16 <DIR> --d----- c:\program\Trend Micro
2009-10-12 17:03 <DIR> --d----- c:\docume~1\rasmus\applic~1\Malwarebytes
2009-10-12 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-12 16:11 <DIR> --d----- c:\program\Spybot - Search & Destroy
2009-10-12 16:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-09 19:46 <DIR> --d----- C:\Users
2009-10-04 13:53 <DIR> --d----- c:\program\Microsoft
2009-09-20 18:24 682,280 a------- c:\windows\system32\pbsvc.exe
2009-09-20 18:21 <DIR> --d----- c:\program\EA Games

==================== Find3M ====================

2009-10-09 21:18 190,160 a------- c:\windows\system32\PnkBstrB.exe
2009-10-09 20:52 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-10-09 20:52 139,456 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-08 12:50 22,328 a------- c:\docume~1\rasmus\applic~1\PnkBstrK.sys
2009-09-25 07:58 662,528 a------- c:\windows\system32\wininet.dll
2009-09-25 07:58 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-21 12:56 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-11 16:37 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-04 22:47 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 17:44 69,464 a------- c:\windows\system32\XAPOFX1_3.dll
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-26 10:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-09 15:29 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2009-08-09 15:28 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2009-08-05 11:08 205,312 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 19:07 2,137,088 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 19:07 2,016,768 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll

============= FINISH: 18:30:38,79 ===============

i also have acces to my windows CD

Attached Files

ark.zip (4.8 KB, 1 views)

Glaswegian

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.

Ralfmeister

Have now searched the computor with combofix and here is the combofix.txt

ComboFix 09-10-19.01 - Rasmus 2009-10-20 11:51.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1598 [GMT 2:00]
Körs från: c:\documents and settings\Rasmus\Skrivbord\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Troligen infekterade webbplatser -----

hxxp://speedytorrents.net
.
(((((((((((((((((((((((( Filer Skapade från 2009-09-20 till 2009-10-20 ))))))))))))))))))))))))))))))
.

2009-10-17 17:42 . 2009-10-17 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-15 20:58 . 2009-10-15 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-10-15 17:47 . 2009-10-17 20:24 -------- d-----w- c:\program\World of Warcraft
2009-10-15 17:47 . 2009-10-15 18:15 -------- d-----w- c:\program\Delade filer\Blizzard Entertainment
2009-10-15 16:41 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-10-15 16:41 . 2009-09-04 15:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-10-15 16:41 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-10-15 16:41 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-10-15 16:41 . 2009-09-04 15:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-10-15 16:41 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-10-15 16:41 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-15 16:41 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-15 16:41 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-15 16:41 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-13 12:16 . 2009-10-13 12:16 -------- d-----w- c:\program\Trend Micro
2009-10-12 15:03 . 2009-10-12 15:03 -------- d-----w- c:\documents and settings\Rasmus\Application Data\Malwarebytes
2009-10-12 15:03 . 2009-10-12 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-12 14:11 . 2009-10-15 17:37 -------- d-----w- c:\program\Spybot - Search & Destroy
2009-10-12 14:11 . 2009-10-15 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-12 14:08 . 2009-10-12 14:08 -------- d-----w- c:\documents and settings\LocalService\Skrivbord
2009-10-09 17:46 . 2009-10-09 17:46 -------- d-----w- C:\Users
2009-10-04 11:53 . 2009-10-04 11:53 -------- d-----w- c:\program\Microsoft
2009-09-20 16:24 . 2009-10-08 10:50 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-20 16:21 . 2009-09-20 16:21 -------- d-----w- c:\program\EA Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 14:50 . 2009-07-17 19:18 -------- d-----w- c:\program\DC++
2009-10-17 17:59 . 2009-05-16 09:11 -------- d--h--w- c:\program\InstallShield Installation Information
2009-10-17 17:46 . 2009-05-16 14:15 -------- d-----w- c:\documents and settings\Rasmus\Application Data\uTorrent
2009-10-12 15:58 . 2009-05-16 10:36 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-09 19:18 . 2009-05-20 20:29 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-09 18:52 . 2009-05-20 20:29 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-09 18:52 . 2009-05-20 20:30 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-08 10:50 . 2009-05-20 20:30 22328 ----a-w- c:\documents and settings\Rasmus\Application Data\PnkBstrK.sys
2009-09-25 05:58 . 2004-08-04 12:00 662528 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:58 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-21 10:56 . 2009-06-16 19:26 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-15 19:48 . 2009-05-17 09:57 -------- d-----w- c:\documents and settings\Amanda\Application Data\Apple Computer
2009-09-15 15:08 . 2009-05-16 11:42 -------- d-----w- c:\documents and settings\Rasmus\Application Data\Apple Computer
2009-09-14 14:08 . 2009-09-14 14:07 -------- d-----w- c:\program\iTunes
2009-09-14 14:08 . 2009-09-14 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 14:07 . 2009-09-14 14:07 -------- d-----w- c:\program\iPod
2009-09-14 14:07 . 2009-05-16 11:39 -------- d-----w- c:\program\Delade filer\Apple
2009-09-14 14:05 . 2009-09-14 14:05 -------- d-----w- c:\program\QuickTime
2009-09-11 14:37 . 2004-08-04 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 15:22 . 2009-08-18 10:41 -------- d-----w- c:\program\Heroes of Newerth
2009-09-04 20:47 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 15:44 . 2009-10-15 16:40 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-28 17:42 . 2009-05-16 11:40 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 17:42 . 2009-05-16 11:40 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:38 . 2009-08-16 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-24 18:57 . 2009-08-24 18:56 -------- d-----w- c:\program\Delade filer\Adobe
2009-08-09 13:29 . 2009-05-30 20:39 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-08-09 13:28 . 2009-05-30 20:37 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-08-05 09:08 . 2004-08-04 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:07 . 2004-08-04 12:00 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:07 . 2004-08-04 01:25 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"DAEMON Tools"="c:\program\DAEMON Tools\daemon.exe" [2007-04-03 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program\Java\j2re1.4.2_05\bin\jusched.exe" [2009-05-15 32881]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"Ad-Watch"="c:\program\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"egui"="c:\program\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Amanda\Start-meny\Program\Autostart\
Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Ventrilo\\Ventrilo.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\World of Warcraft\\Launcher.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program\\DC++\\DCPlusPlus.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"=
"c:\\Program\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"=
"c:\\Program\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:WOW patch
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-05-16 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-05-14 94360]
R2 ekrn;ESET Service;c:\program\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 1028432]
.
Innehållet i mappen 'Schemalagda aktiviteter':

2009-10-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 10:56]

2009-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.apberget.se/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Rasmus\Application Data\Mozilla\Firefox\Profiles\v1x5owo6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - The Pirate Bay Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1361345&SearchSource=2&q=
FF - component: c:\documents and settings\Rasmus\Application Data\Mozilla\Firefox\Profiles\v1x5owo6.default\extensions\{a33fa729-d155-4b23-842b-2c665ecabdb6}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Rasmus\Application Data\Mozilla\Firefox\Profiles\v1x5owo6.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program\Java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program\Java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program\Java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program\Java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program\Java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program\Java\j2re1.4.2_05\bin\NPOJI610.dll

---- FIREFOX POLICY ----
c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 11:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Sluttid: 2009-10-20 11:55
ComboFix-quarantined-files.txt 2009-10-20 09:55

Före genomsökningen: 151*917*719*552 byte ledigt
Efter genomsökningen: 151*906*361*344 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 1B89D9583A541EA756A901C7F945F8B3

Glaswegian

Hi again

How is your system running? I’m not seeing anything that looks like a keylogger.


Online Scan

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:


**Note**

To optimise scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


Please post back with the Kaspersky Log.

Ralfmeister

ive now compleated the kaspersky search and here is the log

KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 21, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 20, 2009 20:53:35
Records in database: 3039242
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
L:\

Scan statistics:
Objects scanned: 61212
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 09:46:37

No threats found. Scanned area is clean.

Selected area has been scanned.

Glaswegian

Good - everything looks fine. How is your system running now?

Ralfmeister

noticably better acually, really appriciate you taking the time to help me! thank you!
any insider tips on how to avoid getting infected again?

Glaswegian

Hi there

We’ll just tidy up then and here are with my recommendations for staying safe and secure.


The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below



Click Start > Run and copy/paste, or type the following bold text into the Run box and click OK:


ComboFix /Uninstall



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


General Protection
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.



SnoopFree
SnoopFree is a real time monitor that notifies you when a programme wants to record your keystrokes or read your screen. Note that SnoopFree is only for XP systems.


MVPS Hosts File
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Chrome
Maxthon
Safari

Firewalls
A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall for XP does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use:
Comodo Personal Firewall
Sygate Personal Firewall
ZoneAlarm


Other Protection
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.


Web of Trust
WOT warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.


ERUNT & NTREGOPT
ERUNT is a programme that will create automatic backups of your Registry. These backups can be used to help restore your system in the event of a serious crash.
NTREGOPT will compact and optimise your Registry, to assist the smooth running of your system.


Additional Reading
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.
Think Prevention!

Have a look here if your PC is still running a bit slow
Is your PC running slow...?


Keep clean and safe and enjoy your computing!

Please respond to this thread one more time so we can mark this thread as resolved.