PLZ.help.keyoard.wot.eve.work.aymore.

Unknown
edited July 2007 in Spyware & Virus Removal
I have this huge virus o my pc where most keys wot eve work aymore. For spacear I had to copy ad paste the space for every word

pleassePLEASE help me im dyig here...the virus is huge ad it's killig me

ive attached my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:01:20 PM, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\thorlakl\lsass.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\thorlakl\lsass.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\thorlakl\lsass.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: lsass.lnk = ?
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)






WIERD thig is that everytime i ope the hijack this program it automatically shuts it dow for some reaso...... I had to attempt a sca aout 10 times

please help me

Comments

  • TroganTrogan London, UK
    edited July 2007
    Hi thrasher0250,

    Looks like you have a nasty infection there.

    1. I need you to get a file analysed please:
    • Go to VirusTotal
    • Copy and paste the following file path into the Search Box at the top of the page:
      • C:\WINDOWS\system32\thorlakl\lsass.exe
    • Click on the Send button
    • Save a copy of the results and post them in your next reply.
    2. Open HijackThis
    - Click the Do a system scan only button
    - Check the following entries (below)

    O1 - Hosts: 1.1.1.1 f-secure.com
    O1 - Hosts: 1.1.1.1 www.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.f-secure.com
    O1 - Hosts: 1.1.1.1 ftp.sophos.com
    O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
    O1 - Hosts: 1.1.1.1 customer.symantec.com
    O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
    O1 - Hosts: 1.1.1.1 download.mcafee.com
    O1 - Hosts: 1.1.1.1 rads.mcafee.com
    O1 - Hosts: 1.1.1.1 mast.mcafee.com
    O1 - Hosts: 1.1.1.1 my-etrust.com
    O1 - Hosts: 1.1.1.1 www.my-etrust.com
    O1 - Hosts: 1.1.1.1 nai.com
    O1 - Hosts: 1.1.1.1 www.nai.com
    O1 - Hosts: 1.1.1.1 networkassociates.com
    O1 - Hosts: 1.1.1.1 secure.nai.com
    O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
    O1 - Hosts: 1.1.1.1 service1.symantec.com
    O1 - Hosts: 1.1.1.1 sophos.com
    O1 - Hosts: 1.1.1.1 www.sophos.com
    O1 - Hosts: 1.1.1.1 support.microsoft.com
    O1 - Hosts: 1.1.1.1 symantec.com
    O1 - Hosts: 1.1.1.1 www.symantec.com
    O1 - Hosts: 1.1.1.1 update.symantec.com
    O1 - Hosts: 1.1.1.1 updates.symantec.com
    O1 - Hosts: 1.1.1.1 us.mcafee.com
    O1 - Hosts: 1.1.1.1 vil.nai.com
    O1 - Hosts: 1.1.1.1 viruslist.com
    O1 - Hosts: 1.1.1.1 www.viruslist.com
    O1 - Hosts: 1.1.1.1 grisoft.com
    O1 - Hosts: 1.1.1.1 www.grisoft.com
    O1 - Hosts: 1.1.1.1 free.grisoft.com
    O1 - Hosts: 1.1.1.1 trendmicro.com
    O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
    O1 - Hosts: 1.1.1.1 www.trendmicro.com
    O1 - Hosts: 1.1.1.1 pandasoftware.com
    O1 - Hosts: 1.1.1.1 www.pandasoftware.com
    O1 - Hosts: 1.1.1.1 usa.kaspersky.com
    O1 - Hosts: 1.1.1.1 ewido.net
    O1 - Hosts: 1.1.1.1 www.ewido.net
    O1 - Hosts: 1.1.1.1 zonelabs.com
    O1 - Hosts: 1.1.1.1 www.zonelabs.com
    O1 - Hosts: 1.1.1.1 bitdefender.com
    O1 - Hosts: 1.1.1.1 www.bitdefender.com
    O1 - Hosts: 1.1.1.1 download.bitdefender.com
    O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
    O1 - Hosts: 1.1.1.1 spywareinfo.com
    O1 - Hosts: 1.1.1.1 www.spywareinfo.com
    O1 - Hosts: 1.1.1.1 merijn.org
    O1 - Hosts: 1.1.1.1 www.merijn.org
    O1 - Hosts: 1.1.1.1 sysinternals.com
    O1 - Hosts: 1.1.1.1 www.sysinternals.com
    O1 - Hosts: 1.1.1.1 onguardonline.gov
    O1 - Hosts: 1.1.1.1 www.onguardonline.gov
    O1 - Hosts: 1.1.1.1 avast.com
    O1 - Hosts: 1.1.1.1 www.avast.com
    O1 - Hosts: 1.1.1.1 safety.live.com
    O1 - Hosts: 1.1.1.1 www.paretologic.com
    O1 - Hosts: 1.1.1.1 paretologic.com
    O1 - Hosts: 1.1.1.1 virusscan.jotti.org
    O1 - Hosts: 1.1.1.1 services.google.com
    O1 - Hosts: 1.1.1.1 www.webroot.com
    O1 - Hosts: 1.1.1.1 webroot.com

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    - Close ALL open windows (especially Internet Explorer!)
    - Click Fix Checked
    Close HiajckThis

    3. Post the VirusTotal results, along with a new HijackThis log.
  • thrasher0250
    edited July 2007
    Ty.so.much.for.ur.help.really.appreciate.your.time.ad.cosideratio.

    ok.here.are.the.logs...thigs.seem.to.e.gettig.a.it.etter

    Logfile of HijackThis v1.99.1
    Scan saved at 6:49:52 PM, on 7/27/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
    O4 - HKCU\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)










    _________________________________________________________________



    Antivirus Version Last Update Result
    AhnLab-V3 2007.7.28.0 2007.07.27 -
    AntiVir 7.4.0.50 2007.07.27 TR/MsnZombie.Z
    Authentium 4.93.8 2007.07.27 -
    Avast 4.7.997.0 2007.07.27 Win32:SdBot-3439
    AVG 7.5.0.476 2007.07.27 -
    BitDefender 7.2 2007.07.27 -
    CAT-QuickHeal 9.00 2007.07.26 (Suspicious) - DNAScan
    ClamAV 0.91 2007.07.28 -
    DrWeb 4.33 2007.07.27 -
    eSafe 7.0.15.0 2007.07.24 Suspicious Trojan/Worm
    eTrust-Vet 31.1.5010 2007.07.28 Win32/Nochod.BC
    Ewido 4.0 2007.07.27 -
    FileAdvisor 1 2007.07.28 -
    Fortinet 2.91.0.0 2007.07.27 -
    F-Prot 4.3.2.48 2007.07.27 -
    F-Secure 6.70.13030.0 2007.07.27 -
    Ikarus T3.1.1.8 2007.07.27 Trojan-PWS.Win32.LdPinch.bjx
    Kaspersky 4.0.2.24 2007.07.28 -
    McAfee 5085 2007.07.27 -
    Microsoft 1.2704 2007.07.27 Worm:Win32/VB.AT
    NOD32v2 2426 2007.07.27 probably a variant of Win32/Spy.VB.LO
    Norman 5.80.02 2007.07.27 -
    Panda 9.0.0.4 2007.07.27 Trj/MsnZombie.Z
    Rising 19.33.42.00 2007.07.27 Trojan.Win32.MsnZombie.z
    Sophos 4.19.0 2007.07.26 -
    Sunbelt 2.2.907.0 2007.07.26 VIPRE.Suspicious
    Symantec 10 2007.07.27 Backdoor.Trojan
    TheHacker 6.1.7.155 2007.07.27 -
    VBA32 3.12.2.1 2007.07.27 -
    VirusBuster 4.3.26:9 2007.07.27 -
    Webwasher-Gateway 6.0.1 2007.07.27 Trojan.MsnZombie.Z
    Additional information
    File size: 80896 bytes
    MD5: 58358fa44d9cc65170f4feb03ffd6875
    SHA1: 5dd864c313d7b2991ea48b1dc1eb2926b82de6d7
    packers: PECompact
    packers: PECOMPACT
    packers: PecBundle, PECompact
    Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
  • TroganTrogan London, UK
    edited July 2007
    You have a nasty infection on your computer, however, the HijackThis entries that were present in your first log are no longer there. Can you tell me what you have done since my last post please?

    And was your last HijackThis log taken in Safe Mode?
  • thrasher0250
    edited July 2007
    Yeah!it.was.take.i.safe.mode.cuz.it.wo/\/t.let.me.ope/\/.hijack.this.i/\/./\/ormal.mode...its..really.addd

    i.o/\/ly.restarted.my.comp.a/\/d.did.the.sca/\/.i/\/.safe.mode...so.hard.to.do.a/\/ythi/\/g.with.this.virus.whats.should.i.do?
  • TroganTrogan London, UK
    edited July 2007
    Does your keyboard work? Let me know and then we can try and fix this.
  • thrasher0250
    edited July 2007
    Yeah.The.Followi/\/g.letters.do/\/t.work

    /\/

    8...like.8ee

    space.ar

    ...is.the.keyoard.thi/\/g.a.part.of.the.virus??
  • TroganTrogan London, UK
    edited July 2007
    What scan did you run? And are you getting help from any other forum?
  • thrasher0250
    edited July 2007
    i.didt.try.aother.forum.i.heard.good.thigs.aout.this.1.so.i.came.here


    i.ra.VirusTotal...the/\/...hijack.this.i/\/.safe.mode...am.i.totally.screwed.ma/\/??
  • TroganTrogan London, UK
    edited July 2007
    If you want to get help here, then request to close your threads in the other forum(s). Seeking help in multiple forums only causes confusion and wastes the helpers valuable time.

    Secondly, do the following...

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
  • thrasher0250
    edited July 2007
    tha/\/k.you.agai/\/

    here.are.my.logs:


    SDFix: Version 1.94

    Run by Emanuel on 27/07/2007 at 08:02 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix\SDFix

    Safe Mode:
    Checking Services:

    Name:
    ntio256

    ImagePath:
    \??\C:\WINDOWS\System32\ntio256.sys

    ntio256 - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Documents and Settings\Emanuel\Start Menu\Programs\Startup\lsass.lnk - Deleted
    C:\Documents and Settings\Emanuel\Application Data\Install.dat - Deleted
    C:\WINDOWS\system32\taskkill.com - Deleted
    C:\WINDOWS\system32\vx.tll - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:

    Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Documents and Settings\Emanuel\My Documents\EasyFileSearch.com-Pamela Anderson 500+pix\Thumbs.db
    C:\Program Files\Steam\SteamApps\houndofh3ll@hotmail.com\counter-strike\cstrike\radial.cdb
    C:\WINDOWS\system32\thorlakl\lsass.exe
    C:\WINDOWS\system32\config\system.tmp.LOG
    C:\WINDOWS\system32\config\software.tmp.LOG
    C:\WINDOWS\system32\config\default.tmp.LOG

    Finished

    Logfile of HijackThis v1.99.1
    Scan saved at 8:09:49 PM, on 27/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • TroganTrogan London, UK
    edited July 2007
    Please do the following...

    1. Make sure you can view hidden files and folders:
    • Click Start.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Uncheck the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
    2. Find and delete the follwoing Folder in RED:

    C:\WINDOWS\system32\thorlakl

    If you can't delete it, try in Safe Mode.

    3. Download this file to your Desktop - combofix.exe
    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    4. I need to see another log from HijackThis.
    • Run Hijackthis.
    • Click on Open the Misc Tools section.
    • Next click on Open uninstall manager.
    • Press the Save list button.
    • Save the file to your desktop, with the default name of uninstall_list
    • Copy & Paste the entire contents of that file in your in your next post.
    5. Please post the following...

    Uninstall list
    ComboFix log
    New HijackThis log
  • thrasher0250
    edited July 2007
    ty.so.much.for.ur.help.ur.a.freakig.ST.

    cat.elive.u.foud.the.lsass.exe.folder....ur.awesome.

    here.are.the.logs:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:44:11 PM, on 28/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    Adobe Acrobat 4.0
    Adobe Flash Player 9 ActiveX
    Adobe Shockwave Player
    Ares 1.9.8
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Control Panel
    ATI Display Driver
    ATI HYDRAVISION
    AudibleManager
    AVG Anti-Spyware 7.5
    Azureus
    BitDefender 9 Professional Plus
    CleanUp!
    Creative Removable Disk Manager
    Creative System Information
    Creative ZEN V Series (R2)
    DivX Web Player
    DVD X Player 4.0 Professional
    FIFA 07
    HijackThis 1.99.1
    HijackThis 1.99.1
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Logitech Gaming Software
    Microsoft .NET Framework 1.1
    Microsoft Office XP Professional with FrontPage
    Mozilla Firefox (2.0.0.2)
    Mozilla Firefox (2.0.0.4)
    MSN Music Assistant
    NBFree MP3 to WMA Converter v2
    Nero 7 Premium
    NHL07
    NVIDIA Drivers
    QuickTime
    Realtek AC'97 Audio
    Scientific Atlanta DPX2100 USB Cable Modem
    Sony Ericsson PC Suite
    SoulSeek Client 157 test 8
    SpywareBlaster v3.5.1
    Starcraft
    Steam
    Tiger Gaming
    VideoLAN VLC media player 0.8.6-test2
    Winamp (remove only)
    Windows Live Messenger
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix - KB895316
    Windows XP Service Pack 2
    WinRAR archiver
    WinZip
    Yahoo! Internet Mail
    Yahoo! Messenger
    ZENcast Organizer

    "Emanuel" - 2007-07-28 14:39:39 - ComboFix 07-07-23.6 - Service Pack 2 FAT32


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\Emanuel\Desktop.\internet explorer.lnk
    C:\WINDOWS\system32\components
    C:\WINDOWS\system32\drivers\UNDPX2A.EXE
    C:\WINDOWS\system32\drivers\UNDPX2K.EXE


    ((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))


    2007-07-28 14:39 51,200 --a
    C:\WINDOWS\nircmd.exe
    2007-07-27 20:02 <DIR> d
    C:\WINDOWS\ERUNT
    2007-07-27 19:25 <DIR> d--hs---- C:\FOUND.045
    2007-07-27 12:51 <DIR> d
    C:\Program Files\SpywareBlaster
    2007-07-25 10:32 <DIR> d
    C:\Program Files\MSN Messenger
    2007-07-18 18:58 <DIR> d--hs---- C:\FOUND.044
    2007-07-11 03:03 <DIR> d
    C:\Program Files\SUPERAntiSpyware
    2007-07-11 03:03 <DIR> d
    C:\DOCUME~1\Emanuel\APPLIC~1\SUPERAntiSpyware.com
    2007-07-11 03:03 <DIR> d
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-06-28 11:31 <DIR> d--hs---- C:\FOUND.043


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-09-11 06:41:08 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2007-07-28 18:40:22 14 ----a-w C:\WINDOWS\system32\getfile.dat
    2007-07-10 19:31:04 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2007-05-11 10:12:52 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
    2007-05-11 10:12:52 249,856
    w C:\WINDOWS\Setup1.exe
    2007-05-06 01:27:04 1,302 ----a-w C:\WINDOWS\mozver.dat


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NWEReboot"="" []
    "SoundMan"="SOUNDMAN.EXE" [2004-06-18 04:31 C:\WINDOWS\SOUNDMAN.EXE]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
    "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2005-10-11 11:28]
    "BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 17:53]
    "BDNewsAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe" [2005-06-09 10:28]
    "BDSwitchAgent"="C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" [2005-04-06 13:09]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="" []
    "msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56]
    "CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "<NO NAME>"=
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=sockspy.dll

    R2 FILESpy;FILESpy;\??\C:\Program Files\Softwin\BitDefender9\filespy.sys
    R2 REGSpy;REGSpy;\??\C:\Program Files\Softwin\BitDefender9\regspy.sys
    R3 ALCXSENS;Service for WDM 3D Audio Driver;C:\WINDOWS\system32\drivers\ALCXSENS.SYS
    R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
    R3 QCDonner;Logitech QuickCam Express;C:\WINDOWS\system32\DRIVERS\OVCD.sys
    R3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;C:\WINDOWS\system32\DRIVERS\sacmxp.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-28 14:41:29
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-28 14:42:01
    C:\ComboFix-quarantined-files.txt ... 2007-07-28 14:42

    --- E O F ---



    ty.so.much.4.ur.time.agai
  • TroganTrogan London, UK
    edited July 2007
    Hi,
    ty.so.much.for.ur.help.ur.a.freakig.ST.

    cat.elive.u.foud.the.lsass.exe.folder....ur.awesom e.
    You're welcome! Try another keyboard as yours is obviously broken.

    Please do the following...

    1. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement."
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
      • J2SE Runtime Environment 5.0 Update 6
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.
    2. Need to have a file scanned:
    • Go to VirusTotal
    • Copy and paste the following file path into the Search Box at the top of the page:
      • C:\WINDOWS\system32\bdod.bin
    • Click on the Send button
    • Save a copy of the results and post them in your next reply.
    Post the results back here.
  • thrasher0250
    edited July 2007
    wow.lol.i.feel.so.dum.you're.right.i.gotta.get.a.keyoard.
    I.ordered.1.&.It'll.e.here.2morrow.

    Here.is.the.log.from.the.sca/\/.from.virustotal:

    File bdod.bin received on 07.29.2007 18:56:08 (CET)
    Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


    Loading server information...
    Your file is queued in position: 2.
    Estimated start time is between 46 and 66 seconds.
    Do not close the window untill scan is complete.
    The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
    If you are waiting for more than five minutes you have to resend your file.
    Your file is being scanned by VirusTotal in this moment,
    results will be shown as they're generated.
    Compact Print results
    Your file has expired or do not exists.
    Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

    You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
    Email:


    Antivirus Version Last Update Result
    AhnLab-V3 2007.7.28.0 2007.07.27 -
    AntiVir 7.4.0.50 2007.07.28 -
    Authentium 4.93.8 2007.07.27 -
    Avast 4.7.997.0 2007.07.29 -
    AVG 7.5.0.476 2007.07.28 -
    BitDefender 7.2 2007.07.29 -
    CAT-QuickHeal 9.00 2007.07.28 -
    ClamAV 0.91 2007.07.29 -
    DrWeb 4.33 2007.07.29 -
    eSafe 7.0.15.0 2007.07.29 -
    eTrust-Vet 31.1.5010 2007.07.28 -
    Ewido 4.0 2007.07.29 -
    FileAdvisor 1 2007.07.29 -
    Fortinet 2.91.0.0 2007.07.29 -
    F-Prot 4.3.2.48 2007.07.27 -
    F-Secure 6.70.13030.0 2007.07.29 -
    Ikarus T3.1.1.8 2007.07.29 -
    Kaspersky 4.0.2.24 2007.07.29 -
    McAfee 5085 2007.07.27 -
    Microsoft 1.2704 2007.07.29 -
    NOD32v2 2427 2007.07.28 -
    Norman 5.80.02 2007.07.27 -
    Panda 9.0.0.4 2007.07.29 -
    Prevx1 V2 2007.07.29 -
    Rising 19.33.62.00 2007.07.29 -
    Sophos 4.19.0 2007.07.26 -
    Sunbelt 2.2.907.0 2007.07.28 -
    Symantec 10 2007.07.29 -
    TheHacker 6.1.7.156 2007.07.29 -
    VBA32 3.12.2.1 2007.07.29 -
    VirusBuster 4.3.26:9 2007.07.28 -
    Webwasher-Gateway 6.0.1 2007.07.29 -
    Additional information
    File size: 81984 bytes
    MD5: f0f6ad959fba0ed42cebd73b4150545e
    SHA1: e0e9bce0cd280ac1d80c3f1e27ab35262425686d



    DAM.Right.It's.All.Aout.Roo/\/ey.8rother
  • TroganTrogan London, UK
    edited July 2007
    Thanks for the logs! Hope you like your new keyboard.

    You may wish to Print or Save the following instructions, as the internet will not be available once in Safe Mode!

    Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
    http://www.ewido.net/en/download/
    • Install AVG Anti-Spyware by double clicking the installer.
    • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.
    Once in Safe Mode:

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Do not automatically generate reports
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
        scanavgjk2.jpg
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes
    . Reboot back into Normal Mode, and post a new HJT log, along with the AVG anti-spyware log.
  • thrasher0250
    edited July 2007
    Sorry.it.took.me.so.lo/\/g.to.sca/\/.I.Just.left.my.PC.o/\/.a/\/d.we/\/t.out

    here.are.the.logs.you.requested:
    AVG Anti-Spyware - Scan Report

    + Created at: 9:06:29 PM 29/07/2007

    + Scan result:



    :mozilla.124:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.125:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.126:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.127:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.128:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.132:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.133:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.134:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.135:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.144:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.261:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.286:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\Emanuel\Cookies\emanuel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.228:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    :mozilla.230:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Emanuel\Cookies\emanuel@com[1].txt -> TrackingCookie.Com : Cleaned.
    :mozilla.317:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.318:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.319:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.221:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
    :mozilla.115:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Fortunecity : Cleaned.
    :mozilla.325:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.326:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.56:C:\FOUND.043\FILE0001.CHK -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.57:C:\FOUND.043\FILE0001.CHK -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.69:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.70:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.562:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Information : Cleaned.
    :mozilla.114:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
    :mozilla.19:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
    :mozilla.49:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
    :mozilla.586:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Paypal : Cleaned.
    C:\Documents and Settings\Emanuel\Cookies\emanuel@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
    :mozilla.277:C:\FOUND.043\FILE0001.CHK -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.307:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.308:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
    C:\Documents and Settings\Emanuel\Cookies\emanuel@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
    :mozilla.122:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.123:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.125:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.126:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.127:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.129:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.130:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.131:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.229:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.231:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.232:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.233:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.234:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.283:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies-1.txt -> TrackingCookie.Revsci : Cleaned.
    :mozilla.97:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.98:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
    :mozilla.56:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.57:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.210:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.211:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.212:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.214:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.215:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.189:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
    :mozilla.24:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.25:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.26:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.27:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.28:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.34:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.36:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.37:C:\Documents and Settings\Emanuel\Application Data\Mozilla\Firefox\Profiles\nndcw3om.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Emanuel\Cookies\emanuel@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end


    Logfile of HijackThis v1.99.1
    Scan saved at 9:16:16 PM, on 29/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • TroganTrogan London, UK
    edited July 2007
    Good job! Everything looks good.

    How is the computer?
  • thrasher0250
    edited July 2007
    feels.great.tha/\/k.you.very.much.for.your.help

    hopefully.i.ca/\/.retur/\/.the.favor.o/\/e.day

    you.saved.me.days.of.headache.

    Tha/\/k.you!
  • TroganTrogan London, UK
    edited July 2007
    You're welcome!

    You can delete SDFix and ComboFix now as they are not needed.

    Any questions or can we archive this thread?
  • thrasher0250
    edited July 2007
    that's.it.for.me.tha/\/ks.agai/\/.for.all.of.your.help!
  • TroganTrogan London, UK
    edited July 2007
    Alright then! Thread archived.
This discussion has been closed.