Problem with Virtumonde

Do this

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    [kill explorer]
C:\Documents and Settings\Justin Grubbs\My Documents\Nero 8 Ultra Edition 8.2.8.0+Keygens WORKS 100%
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
 
Here is the log:

Explorer killed successfully
< C:\Documents and Settings\Justin Grubbs\My Documents\Nero 8 Ultra Edition 8.2.8.0+Keygens WORKS 100% >
File/Folder C:\Documents and Settings\Justin Grubbs\My Documents\Nero 8 Ultra Edition 8.2.8.0+Keygens WORKS 100% not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04122008_215127
 
Ok, do this

Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


Code: 
@echo off
dir "C:\Documents and Settings\Justin Grubbs\My Documents">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.
 
Here is the output file:

Volume in drive C has no label.
Volume Serial Number is 548B-316D

Directory of C:\Documents and Settings\Justin Grubbs\My Documents

04/13/2008 02:12 PM <DIR> .
04/13/2008 02:12 PM <DIR> ..
09/27/2006 09:41 PM 11,931 06091449.cab
12/03/2003 02:32 AM 30,208 06091449.dot
09/27/2006 09:50 PM 12,150 06368485.cab
10/30/2003 06:12 AM 29,696 06368485.dot
09/27/2006 09:50 PM 12,334 06369264.cab
12/03/2003 02:32 AM 25,088 06369264.dot
08/05/2007 01:45 PM 367,432 200212101113238901_SD-616T_F306.ZIP
10/29/2005 05:55 PM 481,612 2006-Bugatti-Veyron-W16-Engine-Cutaway-1920x1440.jpg
10/07/2003 05:39 PM 651 6 Months of AOL Included.lnk
09/13/2006 10:59 PM 2,855,080 aawsepersonal.exe
12/12/2004 02:28 AM 841 Ad-Aware SE Personal.lnk
12/13/2003 07:27 PM <DIR> Ad-aware.6.Pro.Build.181 + Extras
06/26/2004 11:53 PM 2,150,574 adaware6181.exe
10/07/2003 07:17 PM 16,251,072 AdbeRdr60_enu_full.exe
10/07/2003 07:18 PM 1,740 Adobe Reader 6.0.lnk
09/11/2005 12:28 AM 1,740 Adobe Reader 7.0.lnk
02/23/2005 09:51 PM 1,495,016 ahead - 2 nero 6 dvd-video plugin.exe
09/12/2004 01:46 AM 4,465,296 AIM 5.9 update.exe
10/30/2003 02:46 AM 199,104 album_pic.jpg
10/07/2003 05:38 PM 1,597 AOL Computer Check-Up.lnk
10/07/2003 05:38 PM 1,615 AOL Spyware Protection.lnk
08/29/2006 10:54 AM 1,005,136 aolsetup.exe
10/07/2003 05:38 PM 2,392,932 AOL_Quick_Reference_Guide.pdf
06/28/2004 03:52 PM 39,936 apa guide.doc
04/03/2006 05:14 PM 20,992 april06kungfuschedule.doc
05/07/2007 01:32 AM 2,090,016 aresregular209_installer.exe
07/13/2006 09:57 PM 980,350 armbreaking.wmv
10/19/2004 11:27 PM 30,720 arthistorypaperassignment.doc
07/14/2004 06:13 PM 25,600 Assign-Reading the Constitution.doc
11/10/2003 02:26 AM 2,860,328 AthleteScrnSvrpc.zip
07/19/2006 12:36 AM 1,651,200 AWorkshopinTwoParts.doc
09/13/2005 06:45 PM 30,699 badassmp3rock.nri
03/17/2005 04:01 PM 73,260,407 band in a box 2004 megapak.exe
12/20/2007 02:57 AM 1,684,480 Banquet[1].doc
11/26/2005 02:43 PM 28,268 BillOfSaleFord.pdf
01/09/2005 08:10 PM 4,990 black album.nra
10/03/2003 03:13 PM 1,671 Burn CDs & DVDs with RecordNow!.lnk
10/20/2006 08:41 PM 1,496,208 ccsetup134.exe
10/20/2006 09:03 PM 386,547 cc_20061020_2102.reg
10/29/2006 03:19 AM 25,524 cc_20061029_0219.reg
10/29/2006 03:20 AM 325 cc_20061029_0220.reg
12/29/2006 06:38 PM 22,287 cc_20061229_1738.reg
03/01/2007 01:22 AM 8,029 cc_20070301_0021.reg
09/18/2004 07:32 PM 3,080 CDBIDXL.DAT
04/25/2005 01:47 PM 23,040 chapter 26 eco terms.doc
04/25/2005 03:44 PM 22,528 chapter 28 eco terms.doc
02/17/2005 02:40 AM 28,672 chapter 4 eco terms.doc
04/26/2006 09:38 PM 57,555 chuck norris stuff.txt
07/13/2004 09:53 PM 22,016 claimofvalueonwork.doc
05/14/2006 11:31 PM 7,051 classic rock vol.1.nra
05/14/2006 11:35 PM 8,716 classic rock vol.2.nra
08/31/2005 12:10 AM 26,664 collegehumor.thatguy.jpg
02/18/2006 05:32 PM 31,135 collegehumorbanana.jpg
06/09/2006 06:04 PM 4,368 coltranejazz.nra
01/09/2007 04:16 PM 220,302 Contract2Hire.pdf
05/11/2004 04:42 AM <DIR> Corel User Files
04/09/2005 07:51 PM 210,083 corvette.jpg
03/27/2007 08:34 AM 110 criminal_history.url
08/05/2007 02:25 PM 1,677,824 CrystalPro.exe
10/26/2003 01:11 AM 3,651,752 csmg.exe
10/26/2003 12:54 AM 1,375,408 csmp.exe
10/25/2003 10:36 PM 4,775,136 csnbg.exe
02/23/2005 12:37 PM <DIR> CyberLink
05/28/2006 02:39 PM 965,343 danica_patrick_6.jpg
04/27/2005 10:25 PM 72,068 death.jpg
10/03/2003 03:16 PM 1,751 Dell Jukebox by musicmatch.lnk
06/27/2002 11:17 AM 603 Dell Picture Studio.lnk
10/03/2003 03:12 PM 1,859 Dell Support.lnk
10/28/2003 12:31 PM 85,424 destruction_1280.jpg
08/27/2007 06:56 PM 9,326,468 devcpp-4.9.9.2_setup.exe
08/08/2006 05:35 PM 25,703 Disco and Funk.nri
12/26/2007 03:05 AM 806 DivX Converter.lnk
12/26/2007 03:06 AM 1,265 DivX Movies.lnk
12/26/2007 03:05 AM 795 DivX Player.lnk
10/10/2003 02:06 AM 5,313,488 DivX51Bundle.exe
08/25/2007 09:19 PM 3,679,430 dlgsetup11_win.zip
04/28/2006 01:01 AM 9,038 doobieccr.nra
08/27/2004 01:22 AM 7,856,812 doom3.wmv
01/25/2004 05:02 PM <DIR> download
11/11/2003 07:27 PM 2,614 drag racer save.txt
07/30/2007 07:47 PM <DIR> Driver update for RADEON 9800 PRO
07/30/2007 07:45 PM <DIR> Driver update for RADEON 9800 PRO - Secondary
12/02/2003 01:35 AM 76,009 DSC_2730.jpg
02/23/2005 04:13 PM 1,221,050 dvd to divx vcd ripper v3 0 0 3+serial.exe
02/23/2005 04:14 PM 660 DVD TO DIVX VCD RIPPER.lnk
03/09/2005 11:56 PM 22,016 eco ch21 questions.doc
03/22/2005 02:49 AM 33,280 eco chapter 5 and 6 terms.doc
03/03/2005 01:14 AM 26,112 eco Chapter 6 Notes.doc
09/02/2006 12:54 PM 86,016 ee-flowchart.doc
03/09/2005 06:25 PM 10,752 Effectiveness of Prisons.ppt
10/28/2003 12:29 PM 25,474 elite_640.jpg
01/17/2005 01:54 AM 7,829 eminem encore1.nra
01/17/2005 01:55 AM 1,167 eminem encore2.nra
12/09/2003 03:19 AM 29,696 english-causal analysis.doc
10/30/2003 02:10 AM 27,136 english-informative essay.doc
09/03/2007 10:47 AM 3,748,544 ephpod277.exe
07/03/2003 04:21 PM 764,859 e_zwt.exe
08/18/2007 11:40 AM 1,604,958 fall07schedule.bmp
09/28/2004 10:48 AM 134,548 fall2004PKTroster.jpg
10/19/2004 11:26 PM 30,720 familyresearchassign2.doc
02/07/2005 03:59 PM 38,912 Fax.doc
02/03/2007 08:31 PM 31,744 FebruaryKungFuSchedule.doc
02/01/2008 04:14 PM 23,552 February_schedule_2008.doc
06/06/2005 07:36 PM 1,836 fg1.nri
06/06/2005 07:38 PM 1,225 fg10.nri
06/06/2005 07:38 PM 1,267 fg11.nri
06/06/2005 07:36 PM 1,666 fg2.nri
06/06/2005 07:37 PM 1,249 fg3.nri
06/06/2005 07:37 PM 1,419 fg4.nri
06/06/2005 07:37 PM 1,633 fg5.nri
06/06/2005 07:37 PM 1,238 fg6.nri
06/06/2005 07:37 PM 1,470 fg7.nri
06/06/2005 07:37 PM 1,849 fg8.nri
06/06/2005 07:38 PM 1,448 fg9.nri
11/12/2006 05:47 PM <DIR> filelib
03/18/2006 11:24 PM 5,175,696 Firefox Setup 1.5.0.1.exe
01/26/2007 12:56 AM 5,971,432 Firefox Setup 2.0.0.1.exe
10/30/2007 07:33 AM 1,606,584 FLVPlayer4Free_Setup.exe
11/24/2004 07:44 PM 1,512,609 FramePkg.exe
10/31/2003 07:37 PM 1,743,281 Game.zip
03/21/2003 02:33 PM 1,539 Get High Speed Internet!.lnk
01/16/2005 03:56 PM 6,242 godsmack.nra
11/13/2003 12:58 AM 451,136 GoogleToolbarInstaller.exe
03/28/2007 12:54 AM 22,528 gpaplan.doc
06/28/2005 10:18 PM 74,306 GwSetup.zip
10/28/2003 12:31 PM 445,350 h2earth_1280.jpg
10/28/2003 12:34 PM 218,740 h2_e3_06.jpg
10/28/2003 12:35 PM 205,803 h2_e3_07.jpg
10/28/2003 12:31 PM 163,022 halo2_trailer_1280.jpg
11/06/2005 02:00 AM 31,411 hardrockmp3.nri
12/04/2006 05:03 PM 51,200 HCC_Unofficial_Transcript.doc
08/11/2007 08:52 PM 23,773 hester.nri
09/13/2007 02:56 PM 47,104 HoustonScheduleupdateSept.2007.doc
09/28/2006 08:25 PM 492,782 image001.zip
10/16/2003 02:12 AM 25,088 Informative and Surprising Essay.doc
01/13/2004 11:35 PM 1,059,460 InstallLan2P076.exe
01/06/2004 12:36 AM 3,130,328 Install_AIM.exe
09/24/2004 03:04 PM 1,127,424 Install_SimUAid.exe
02/19/2005 01:19 PM 5,982,107 iPodder1.1.4.exe
01/19/2005 01:16 AM 41,204,592 iPodSetup.exe
10/22/2006 02:05 PM 12,188 ipod_1st_gen.jpg
08/05/2007 12:19 AM 50,005,304 iTunesSetup.exe
02/01/2005 01:54 AM 2,412 jack2.jpg
01/18/2004 02:27 AM 4,612 james_icon.gif
01/07/2006 06:15 PM 20,480 JanuarySchedule2006.doc
06/18/2006 11:47 PM 21,504 June06schedule.doc
12/09/2003 03:46 AM 27,648 justin essay.doc
01/11/2008 10:20 AM 29,696 Justin_Grubbs_resume.doc
03/20/2004 02:42 PM 4,056 kicker.gif
07/31/2007 06:46 PM 20,992 KungFuScheduleAugust.doc
07/04/2007 05:18 PM 20,992 KungFuSchedulejuly2007.doc
06/08/2007 01:31 PM 24,064 KungFuSchedulejune2007.doc
11/04/2006 12:14 PM 27,648 KungFuscheduleNov.doc
11/09/2007 11:16 AM 23,040 KungFuScheduleNov2007.doc
10/09/2007 10:16 PM 23,040 KungFuScheduleOct1st.doc
05/20/2007 02:45 PM 24,064 KungFuScheduleRemainingofMay07.doc
12/13/2001 08:43 AM 1,645 Learn XP.LNK
10/14/2003 02:57 PM 26,112 Letterofapology.doc
09/16/2006 08:34 PM 31,232 Level 3 test question answers.doc
03/24/2008 10:17 PM <DIR> LimeWire
03/24/2008 10:15 PM 4,559,800 LimeWireWin.exe
01/31/2005 10:27 PM 9,736 mactitle1.jpg
08/29/2006 10:54 AM 1,752 main.ini
11/29/2005 07:37 PM 13,060 martial arts movies.nri
07/04/2007 01:40 PM 27,648 MartialartsSeminarwithMasterBennyMengJuly07.doc
02/13/2005 09:28 PM <DIR> mcafee
11/07/2006 12:02 AM <DIR> McAfee Personal Firewall Plus 2004
02/13/2005 02:20 AM 5,683,455 mcafee personal firewall plus 2004.exe
02/13/2005 02:31 AM 22,441,617 mcafee.exe
12/03/2003 06:19 AM 1,654,354 mgv3_1.exe
07/29/2004 12:52 AM 451,072 Mi Abuelo.ppt
03/12/2006 06:44 PM 6,719 momsuckrock.nra
08/26/2005 09:49 PM 38,912 mom_fax_cover.doc
08/26/2005 09:27 PM 41,984 mom_resume.doc
08/18/2007 03:01 AM 2,223,653 mpc2kxp6490.zip
09/03/2002 08:55 AM 1,750 MSN Explorer.lnk
11/18/2007 09:05 PM <DIR> MultiSIM
09/10/2007 03:53 PM <DIR> My eBooks
10/10/2007 01:08 AM <DIR> My Music
03/02/2008 05:05 AM <DIR> My Pictures
07/31/2007 06:50 PM <DIR> My Videos
06/04/2004 01:28 PM 46,080 Myrel Courtney-Business Plan.ppt
02/17/2007 11:43 AM 153,088 Myrel Resume 09-06.doc
04/08/2007 05:36 PM 1,013,585 myrel UofH.zip
04/08/2007 06:32 PM 36,431 myrel.zip
01/19/2007 07:27 PM <DIR> MyTIData
12/21/2003 12:48 PM 2,360 NECDB.DAT
02/23/2005 09:42 PM <DIR> NeroVision
04/23/2004 12:55 PM 5,101 NETRKDB.DAT
02/13/2005 02:57 AM 5,677,288 network associates - 6 02 1063 - mcafee privacy service.exe
06/04/2006 04:34 PM 508,647 norris.gif
11/25/2007 02:46 PM <DIR> office xp
02/17/2005 01:53 PM 8,985 Offspring, RHCP, Big Tymers.nra
03/19/2008 09:40 AM 74,480 OPD-Justin P Grubbs.pdf
06/08/2004 04:01 PM 21,504 participant observation study.doc
10/13/2006 07:26 PM 255,488 PascoFall2006justinedit.xls
10/05/2004 05:17 PM 29,696 philosophyhume.doc
11/24/2004 09:42 PM 25,600 philosophypaper2.doc
04/12/2008 10:18 PM <DIR> pics
02/13/2005 02:41 AM 67,224 PlgSetup.exe
09/13/2006 11:02 PM 564,390 pltweakse.exe
08/12/2004 01:46 AM 1,622 PokerStars.LNK
08/12/2004 01:44 AM 3,284,224 PokerStarsInstall.exe
08/17/2005 01:44 AM 4,496,272 PokerStarsInstallTEST.exe
10/26/2003 06:06 PM 1,756 Pop-Up Control Center.lnk
10/26/2003 06:06 PM 809 Pop-Up Stopper Free Edition.lnk
02/23/2005 12:30 PM <DIR> Power DVD 5.0
02/23/2005 12:32 PM 1,684 PowerDVD.lnk
04/10/2007 10:56 PM 235,742 promissarynote41007.pdf
12/31/2003 02:29 AM 614,120 pxEngine507.exe
10/08/2003 05:30 PM 423,040 q812989.exe
02/09/2004 02:00 AM 1,237,888 qstp.exe
06/02/2005 10:15 PM 724 QuickTime Player.lnk
02/06/2005 03:57 AM 7,809 rammstein.nra
09/18/2004 09:27 PM 5,028 rap mom.nra
06/10/2006 04:19 PM 9,525 rapmp3.nri
01/15/2007 02:04 PM 96,455 RCDDposition.pdf
10/03/2003 03:17 PM 707 RealOne Player.lnk
02/01/2005 02:37 AM 10,479,136 RealPlayer10-5GOLD.exe
07/14/2004 12:11 AM 3,932,214 record.bmp
01/09/2005 05:20 PM 6,026 redlightdistrict.nra
09/27/2006 11:05 PM 29,184 resume cover letter.doc
10/03/2006 07:59 AM 38,912 resume-Grubbs_Justin_EE.doc
09/11/2006 05:53 PM 38,912 resume.doc
03/10/2005 11:07 PM 59,406 resume.pdf
09/13/2004 11:36 PM 3,683 Resume1.htm
10/24/2003 09:17 AM 8,405,533 RicochetSetup.exe
11/29/2005 12:02 PM 20,559 rock.nri
02/07/2005 03:30 PM 388,246 scan2.zip
09/05/2006 10:50 PM 26,624 September06Specialclasses.doc
09/11/2007 10:12 PM 21,504 SeptemberSchedule.doc
08/17/2007 10:09 AM 6,829,271 Setup_FreeConverter.exe
11/15/2006 05:43 PM 1,661,440 SifuBday.doc
06/09/2006 06:00 PM 8,689 softjazz.nra
10/03/2003 03:07 PM 1,681 Solution Center.lnk
05/03/2006 12:47 AM <DIR> sound card new drivers
01/30/2004 07:35 PM 452 spider.sav
10/07/2004 05:45 AM 945 Spybot - Search & Destroy.lnk
10/07/2004 05:44 AM 4,354,084 spybotsd13.exe
03/24/2008 02:38 AM 9,723,880 spybotsd152.exe
01/09/2005 05:42 PM 4,484 st. anger.nra
06/19/2004 02:47 AM 10,441,734 standardsetup.exe
05/01/2005 08:52 PM 201,893 stewie 1.jpg
05/01/2005 08:57 PM 95,257 stewie 2.jpg
05/01/2005 08:59 PM 497,390 stewie 3.jpg
04/02/2006 04:33 PM 19,968 subwoofer rebuild.doc
12/06/2005 07:22 PM 51,349 t4 poster.jpg
12/06/2005 07:23 PM 76,821 t4 poster2.JPG
09/18/2004 07:32 PM 2,056 TDBIDXL.DAT
01/10/2005 02:24 PM 8,034 tenacious-d.nra
08/12/2004 04:30 AM 22,528 terrorism.doc
07/27/2004 08:00 PM 22,528 Texas constitution.doc
01/19/2007 07:19 PM 18,725,888 TIConnectV1.6.exe
07/01/2004 09:47 AM 33,280 trail of tears paper.doc
02/14/2005 02:09 AM <DIR> Turbo Lister
11/24/2006 10:34 PM <DIR> Turbo Lister Backup
03/17/2006 09:41 PM 106,518 twinturbotang.jpg
04/06/2008 10:43 PM <DIR> UH
05/21/2003 03:21 PM 605 UHVPN.pcf
10/20/2004 12:27 AM 4,478,349 UHVPN_Client_Win.zip
11/01/2006 04:56 PM 10,526,056 uhvpn_client_win_46.exe
06/09/2006 06:08 PM 7,458 upbeatjazz.nra
12/27/2007 03:36 AM 46,080 Updatedscheduledecjan08.doc
12/13/2003 09:15 PM 1,058,011 vlc-0.4.1-win32.exe
03/04/2007 04:14 PM <DIR> Voyage
03/23/2007 10:27 PM 22,528 weightloss.xls
03/24/2007 12:12 AM 64,512 WeightWatch.xls
02/10/2004 12:17 AM 6,908,823 winamp502_snowpatrol.exe
08/25/2007 09:38 PM 4,458,698 WinDLG.zip
06/06/2005 10:43 AM 2,077,424 WindowsXP-KB894391-x86-ENU.exe
04/11/2005 02:57 AM 2,435 wingchun.JPG
04/11/2005 02:49 AM 3,832 wing_c1.jpg
02/09/2008 11:36 PM 186 WirelessSettings.txt
11/04/2006 12:24 PM 1,650,688 WomenselfdefenseHareKrishnaTemple(3)[1].doc
11/04/2006 12:29 PM 1,752,064 Womenselfdefenseladiesworkoutexpress.doc
02/11/2005 03:19 AM 8,911,456 wxp-w2k-8-10-050119a-020581c.exe
11/25/2005 02:14 PM 7,042,540 x-video-converter-cnet.exe
05/13/2005 06:37 PM 208,595 xbox360_wallpaper_1024x768.jpg
11/26/2005 05:41 PM 868 Xilisoft 3GP Video Converter.lnk
08/05/2007 02:21 PM 366,650 XviD-1.1.2-01022007.exe
08/18/2007 02:35 AM 1,142,832 zp403std.exe
02/10/2004 01:51 AM 196,234 [ CD and DVD Appz ] Nero MPEG2 Video Codec Plugin.exe
257 File(s) 468,345,826 bytes
27 Dir(s) 26,686,758,912 bytes free
 
The new Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:12 AM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Justin Grubbs\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" /bootupreg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Justin Grubbs\lsass.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Smiley District - {0418F3E3-C763-4e02-9EC5-F0AE13B54B0F} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsof.../en/x86/MuCatalogWebControl.cab?1185785550250
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120365521515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1195539745562
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10598 bytes

My PC is running like new, It seems as though I don't have any problems and from what I can tell, new .dll files aren't spontaneously appearing in my system32 folder like they were.
 
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Justin Grubbs\lsass.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Click Start > Run > Copy and paste the following in bold sc delete NTSVCMGR > Click ok



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    [kill explorer]
C:\Documents and Settings\Justin Grubbs\lsass.exe
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot and post a new HijackThis log
 
Here is the OTMoveIt2 log:

Explorer killed successfully
File/Folder C:\Documents and Settings\Justin Grubbs\lsass.exe not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04172008_222402


and the Anti-Malware log:

Malwarebytes' Anti-Malware 1.11
Database version: 646

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 161284
Time elapsed: 1 hour(s), 31 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{7961702e-4d6c-4578-982e-ddb0b0e58028} (Adware.SmileyDistrict) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0418f3e3-c763-4e02-9ec5-f0ae13b54b0f} (Adware.SmileyDistrict) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e36e190-77f9-48a1-b0f3-5698425cee9b} (Adware.SmileyDistrict) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0e010ce6-25f7-436f-baee-5a646b31b9bf} (Adware.SmileyDistrict) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\InsertSmile.DLL (Adware.SmileyDistrict) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookSmile.OutlookSmile (Adware.SmileyDistrict) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\WordSmile.WordSmile (Adware.SmileyDistrict) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{0418f3e3-c763-4e02-9ec5-f0ae13b54b0f} (Adware.SmileyDistrict) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Justin Grubbs\apache.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Justin Grubbs\My Documents\iPodder1.1.4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uninstall.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0000596.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04122008_105445\WINDOWS\gsi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Thank you.
 
My computer seems fine, I am wondering if you can still help me with preventing the system32 folder from opening on startup. The new HijackThis log file follows. Thank you.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:11 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SmileyDistrict\plugin.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Smiley District] C:\Program Files\SmileyDistrict\plugin.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\PrevxCSI\prevxcsi.exe" /bootupreg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsof.../en/x86/MuCatalogWebControl.cab?1185785550250
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120365521515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1195539745562
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10093 bytes
 
Not sure what is causing that. Few things to do

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Cleanup.png



  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top