I have this huge virus o my pc where most keys wot eve work aymore. For spacear I had to copy ad paste the space for every word

pleassePLEASE help me im dyig here...the virus is huge ad it's killig me

ive attached my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:01:20 PM, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\thorlakl\lsass.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\thorlakl\lsass.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\thorlakl\lsass.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: lsass.lnk = ?
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)






WIERD thig is that everytime i ope the hijack this program it automatically shuts it dow for some reaso...... I had to attempt a sca aout 10 times

please help me

Hi thrasher0250,

Looks like you have a nasty infection there.

1. I need you to get a file analysed please:
Go to VirusTotal (http://www.virustotal.com/)
Copy and paste the following file path into the Search Box at the top of the page:
C:\WINDOWS\system32\thorlakl\lsass.exe
Click on the Send button
Save a copy of the results and post them in your next reply.2. Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)

O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com (http://www.f-secure.com)
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com (http://www.my-etrust.com)
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com (http://www.nai.com)
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com (http://www.sophos.com)
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com (http://www.symantec.com)
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com (http://www.viruslist.com)
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com (http://www.grisoft.com)
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com (http://www.trendmicro.com)
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com (http://www.pandasoftware.com)
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net (http://www.ewido.net)
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com (http://www.zonelabs.com)
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com (http://www.bitdefender.com)
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com (http://www.spywareinfo.com)
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org (http://www.merijn.org)
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com (http://www.sysinternals.com)
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov (http://www.onguardonline.gov)
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com (http://www.avast.com)
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com (http://www.paretologic.com)
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com (http://www.webroot.com)
O1 - Hosts: 1.1.1.1 webroot.com

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis

3. Post the VirusTotal results, along with a new HijackThis log.

Ty.so.much.for.ur.help.really.appreciate.your.time.ad.cosideratio.

ok.here.are.the.logs...thigs.seem.to.e.gettig.a.it.etter

Logfile of HijackThis v1.99.1
Scan saved at 6:49:52 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)










_________________________________________________________________



Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.27 TR/MsnZombie.Z
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.27 Win32:SdBot-3439
AVG 7.5.0.476 2007.07.27 -
BitDefender 7.2 2007.07.27 -
CAT-QuickHeal 9.00 2007.07.26 (Suspicious) - DNAScan
ClamAV 0.91 2007.07.28 -
DrWeb 4.33 2007.07.27 -
eSafe 7.0.15.0 2007.07.24 Suspicious Trojan/Worm
eTrust-Vet 31.1.5010 2007.07.28 Win32/Nochod.BC
Ewido 4.0 2007.07.27 -
FileAdvisor 1 2007.07.28 -
Fortinet 2.91.0.0 2007.07.27 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.27 -
Ikarus T3.1.1.8 2007.07.27 Trojan-PWS.Win32.LdPinch.bjx
Kaspersky 4.0.2.24 2007.07.28 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.27 Worm:Win32/VB.AT
NOD32v2 2426 2007.07.27 probably a variant of Win32/Spy.VB.LO
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.27 Trj/MsnZombie.Z
Rising 19.33.42.00 2007.07.27 Trojan.Win32.MsnZombie.z
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.26 VIPRE.Suspicious
Symantec 10 2007.07.27 Backdoor.Trojan
TheHacker 6.1.7.155 2007.07.27 -
VBA32 3.12.2.1 2007.07.27 -
VirusBuster 4.3.26:9 2007.07.27 -
Webwasher-Gateway 6.0.1 2007.07.27 Trojan.MsnZombie.Z
Additional information
File size: 80896 bytes
MD5: 58358fa44d9cc65170f4feb03ffd6875
SHA1: 5dd864c313d7b2991ea48b1dc1eb2926b82de6d7
packers: PECompact
packers: PECOMPACT
packers: PecBundle, PECompact
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

You have a nasty infection on your computer, however, the HijackThis entries that were present in your first log are no longer there. Can you tell me what you have done since my last post please?

And was your last HijackThis log taken in Safe Mode?

Yeah!it.was.take.i.safe.mode.cuz.it.wo/\/t.let.me.ope/\/.hijack.this.i/\/./\/ormal.mode...its..really.addd

i.o/\/ly.restarted.my.comp.a/\/d.did.the.sca/\/.i/\/.safe.mode...so.hard.to.do.a/\/ythi/\/g.with.this.virus.whats.should.i.do?

Does your keyboard work? Let me know and then we can try and fix this.

Yeah.The.Followi/\/g.letters.do/\/t.work

/\/

8...like.8ee

space.ar

...is.the.keyoard.thi/\/g.a.part.of.the.virus??

What scan did you run? And are you getting help from any other forum?

i.didt.try.aother.forum.i.heard.good.thigs.aout.this.1.so.i.came.here


i.ra.VirusTotal...the/\/...hijack.this.i/\/.safe.mode...am.i.totally.screwed.ma/\/??

If you want to get help here, then request to close your threads in the other forum(s). Seeking help in multiple forums only causes confusion and wastes the helpers valuable time.

Secondly, do the following...

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

tha/\/k.you.agai/\/

here.are.my.logs:


SDFix: Version 1.94

Run by Emanuel on 27/07/2007 at 08:02 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:

Name:
ntio256

ImagePath:
\??\C:\WINDOWS\System32\ntio256.sys

ntio256 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\Emanuel\Start Menu\Programs\Startup\lsass.lnk - Deleted
C:\Documents and Settings\Emanuel\Application Data\Install.dat - Deleted
C:\WINDOWS\system32\taskkill.com - Deleted
C:\WINDOWS\system32\vx.tll - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\fir ewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\fir ewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Emanuel\My Documents\EasyFileSearch.com-Pamela Anderson 500+pix\Thumbs.db
C:\Program Files\Steam\SteamApps\houndofh3ll@hotmail.com\counter-strike\cstrike\radial.cdb
C:\WINDOWS\system32\thorlakl\lsass.exe
C:\WINDOWS\system32\config\system.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\default.tmp.LOG

Finished


--------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:09:49 PM, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Please do the following...

1. Make sure you can view hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.2. Find and delete the follwoing Folder in RED:

C:\WINDOWS\system32\thorlakl

If you can't delete it, try in Safe Mode.

3. Download this file to your Desktop - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

4. I need to see another log from HijackThis.
Run Hijackthis.
Click on Open the Misc Tools section.
Next click on Open uninstall manager.
Press the Save list button.
Save the file to your desktop, with the default name of uninstall_list
Copy & Paste the entire contents of that file in your in your next post.5. Please post the following...

Uninstall list
ComboFix log
New HijackThis log

ty.so.much.for.ur.help.ur.a.freakig.ST.

cat.elive.u.foud.the.lsass.exe.folder....ur.awesome.

here.are.the.logs:

Logfile of HijackThis v1.99.1
Scan saved at 2:44:11 PM, on 28/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

------------------------------------------------------------------------

Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
Ares 1.9.8
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
AudibleManager
AVG Anti-Spyware 7.5
Azureus
BitDefender 9 Professional Plus
CleanUp!
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
DivX Web Player
DVD X Player 4.0 Professional
FIFA 07
HijackThis 1.99.1
HijackThis 1.99.1
iTunes
J2SE Runtime Environment 5.0 Update 6
Logitech Gaming Software
Microsoft .NET Framework 1.1
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (2.0.0.2)
Mozilla Firefox (2.0.0.4)
MSN Music Assistant
NBFree MP3 to WMA Converter v2
Nero 7 Premium
NHL07
NVIDIA Drivers
QuickTime
Realtek AC'97 Audio
Scientific Atlanta DPX2100 USB Cable Modem
Sony Ericsson PC Suite
SoulSeek Client 157 test 8
SpywareBlaster v3.5.1
Starcraft
Steam
Tiger Gaming
VideoLAN VLC media player 0.8.6-test2
Winamp (remove only)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows XP Service Pack 2
WinRAR archiver
WinZip
Yahoo! Internet Mail
Yahoo! Messenger
ZENcast Organizer

--------------------------------------------------------------------------

"Emanuel" - 2007-07-28 14:39:39 - ComboFix 07-07-23.6 - Service Pack 2 [b]FAT32


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Emanuel\Desktop.\internet explorer.lnk
C:\WINDOWS\system32\components
C:\WINDOWS\system32\drivers\UNDPX2A.EXE
C:\WINDOWS\system32\drivers\UNDPX2K.EXE


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))


2007-07-28 14:39 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 20:02 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-27 19:25 <DIR> d--hs---- C:\FOUND.045
2007-07-27 12:51 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-25 10:32 <DIR> d-------- C:\Program Files\MSN Messenger
2007-07-18 18:58 <DIR> d--hs---- C:\FOUND.044
2007-07-11 03:03 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-11 03:03 <DIR> d-------- C:\DOCUME~1\Emanuel\APPLIC~1\SUPERAntiSpyware.com
2007-07-11 03:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-28 11:31 <DIR> d--hs---- C:\FOUND.043


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-11 06:41:08 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-07-28 18:40:22 14 ----a-w C:\WINDOWS\system32\getfile.dat
2007-07-10 19:31:04 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-05-11 10:12:52 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-05-11 10:12:52 249,856 ------w C:\WINDOWS\Setup1.exe
2007-05-06 01:27:04 1,302 ----a-w C:\WINDOWS\mozver.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"="" []
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 04:31 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-10-11 11:28]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53]
"BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28]
"BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 13:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender9\filespy.sys
R2 REGSpy;REGSpy;\??\C:\Program Files\Softwin\BitDefender9\regspy.sys
R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 QCDonner;Logitech QuickCam Express;C:\WINDOWS\system32\DRIVERS\OVCD.sys
R3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\sacmxp.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-28 14:41:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-28 14:42:01
C:\ComboFix-quarantined-files.txt ... 2007-07-28 14:42

--- E O F ---



ty.so.much.4.ur.time.agai

Hi,

ty.so.much.for.ur.help.ur.a.freakig.ST.

cat.elive.u.foud.the.lsass.exe.folder....ur.awesom e.You're welcome! Try another keyboard as yours is obviously broken.

Please do the following...

1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u2 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
J2SE Runtime Environment 5.0 Update 6
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.2. Need to have a file scanned:
Go to VirusTotal (http://www.virustotal.com/)
Copy and paste the following file path into the Search Box at the top of the page:
C:\WINDOWS\system32\bdod.bin
Click on the Send button
Save a copy of the results and post them in your next reply.Post the results back here.

wow.lol.i.feel.so.dum.you're.right.i.gotta.get.a.keyoard.
I.ordered.1.&.It'll.e.here.2morrow.

Here.is.the.log.from.the.sca/\/.from.virustotal:

File bdod.bin received on 07.29.2007 18:56:08 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window untill scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.7.28.0 2007.07.27 -
AntiVir 7.4.0.50 2007.07.28 -
Authentium 4.93.8 2007.07.27 -
Avast 4.7.997.0 2007.07.29 -
AVG 7.5.0.476 2007.07.28 -
BitDefender 7.2 2007.07.29 -
CAT-QuickHeal 9.00 2007.07.28 -
ClamAV 0.91 2007.07.29 -
DrWeb 4.33 2007.07.29 -
eSafe 7.0.15.0 2007.07.29 -
eTrust-Vet 31.1.5010 2007.07.28 -
Ewido 4.0 2007.07.29 -
FileAdvisor 1 2007.07.29 -
Fortinet 2.91.0.0 2007.07.29 -
F-Prot 4.3.2.48 2007.07.27 -
F-Secure 6.70.13030.0 2007.07.29 -
Ikarus T3.1.1.8 2007.07.29 -
Kaspersky 4.0.2.24 2007.07.29 -
McAfee 5085 2007.07.27 -
Microsoft 1.2704 2007.07.29 -
NOD32v2 2427 2007.07.28 -
Norman 5.80.02 2007.07.27 -
Panda 9.0.0.4 2007.07.29 -
Prevx1 V2 2007.07.29 -
Rising 19.33.62.00 2007.07.29 -
Sophos 4.19.0 2007.07.26 -
Sunbelt 2.2.907.0 2007.07.28 -
Symantec 10 2007.07.29 -
TheHacker 6.1.7.156 2007.07.29 -
VBA32 3.12.2.1 2007.07.29 -
VirusBuster 4.3.26:9 2007.07.28 -
Webwasher-Gateway 6.0.1 2007.07.29 -
Additional information
File size: 81984 bytes
MD5: f0f6ad959fba0ed42cebd73b4150545e
SHA1: e0e9bce0cd280ac1d80c3f1e27ab35262425686d



DAM.Right.It's.All.Aout.Roo/\/ey.8rother

Thanks for the logs! Hope you like your new keyboard.

You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Do not automatically generate reports
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot back into Normal Mode, and post a new HJT log, along with the AVG anti-spyware log.

Sorry.it.took.me.so.lo/\/g.to.sca/\/.I.Just.left.my.PC.o/\/.a/\/d.we/\/t.out

here.are.the.logs.you.requested:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:06:29 PM 29/07/2007

+ Scan result:



:mozilla.124:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.125:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.126:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.127:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.128:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.132:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.133:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.134:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.135:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.144:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.261:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.286:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Emanuel\Cookies\emanuel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.228:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.230:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Emanuel\Cookies\emanuel@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.317:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.318:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.319:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.221:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.115:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.325:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.326:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.56:C:\FOUND.043\FILE0001.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.57:C:\FOUND.043\FILE0001.CHK -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.69:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.70:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.562:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Information : Cleaned.
:mozilla.114:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.19:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.49:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.586:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Emanuel\Cookies\emanuel@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.277:C:\FOUND.043\FILE0001.CHK -> TrackingCookie.Realmedia : Cleaned.
:mozilla.307:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.308:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Emanuel\Cookies\emanuel@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.122:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.123:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.125:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.126:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.127:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.129:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.130:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.131:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.229:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.231:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.232:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.233:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.234:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.283:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.97:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.210:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.211:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.212:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.214:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.215:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.189:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.24:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Emanuel\Cookies\emanuel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:16:16 PM, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Good job! Everything looks good.

How is the computer?

feels.great.tha/\/k.you.very.much.for.your.help

hopefully.i.ca/\/.retur/\/.the.favor.o/\/e.day

you.saved.me.days.of.headache.

Tha/\/k.you!

You're welcome!

You can delete SDFix and ComboFix now as they are not needed.

Any questions or can we archive this thread?

that's.it.for.me.tha/\/ks.agai/\/.for.all.of.your.help!

Alright then! Thread archived.