MSN virus *really bad*

I got the MSN virus on Monday (the one with the "look at this pic of us"). It stated to send it to everyone on my contact list. I ran adware but the virus wont let me do much else. I cant Google "virus", it will shut down Firefox. I cant install firewall or anything like that.

Now, I can't get to my login screen on my laptop. It will stat with my "Toshiba, in touch with tomorrow" and the press f2 or f12, then after that, my keyboard goes dead and windows xp loads like it always does....then i see my mouse pointer, then it does and my screen goes black and I cant get into in login screen.

Ive tried a system restore in safemode to the day before, but that didn't work.

Any ideas on what I can do? My laptop is only a month old, and I cant afford to buy another

 

This is my hijack this log

~ INLINE HJT LOG REMOVED ~ SPD
Read Me first not run, HJT not installed per instructions.

 

Follow the directions posted by Halo. Do not skip any steps. Post all logs as attachments.

You have a couple of infections that need to be removed; and until you follow the instructions given, we will not know what needs to be removed.

 

I had an error with CounterSpy, it went through the scan, but when I clicked to save my log it shut down or something. Anyway, I didn't get it.

Bitdefender had an update error but worked ok

and runkeys had a "cmd.exe" failure saying that dll do something. I ignored the error and the program worked

Here are my logs

 

The other logs...

 

Download
- Pocket Killbox

You are using MsConfig to prevent several items from loading at Windows start. MsConfig is a diagnostic tool, and not intended to be used in the manner you are using MsConfig. Enable everthing you used MsConfig to disable. If you are recieving error messages, related to these items, at system start; we can fix this without using MsConfig.

Windows Messeger is running in the background on this computer, and represents a security risk. Disable Windows Messenger by running Shoot The Messenger. If you are using this as your IM client then replace it with MSN Messenger.

Using Add or Remove Programs in the Control Panel; uninstall the following:

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 6 available from Sun Microsystems. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

Close Notepad.

Run HijackThis, choose "Open the Misc Tools Section", choose "Process Manager", Highlight:

Choose Kill Process. Click on the "Back" Button

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log and a new GetRunKey log.

 

Were do I find the download for Pocket Killbox?

 

never mind, i found it, thanks

 

new HJD and the other one

 

You are still using MSCONFIG to prevent several items from running at system start. MSCONFIG is a diagnotic tool it is not meant to be used in teh manner you are using it. Enable everthing you have disabled. It is important that eeverything load at system start. If you are recieving error messages on some of these items then that can be corrected with out using MSCONFIG.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

* Delete on Reboot
* then Click on the All Files button.
* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

* Return to Killbox, go to the File menu, and choose Paste from Clipboard.
* Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.