Please download OTMoveIt2 by OldTimer: http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

1. Save it to your desktop.
2. Please double-click OTMoveIt.exe to run it.
3. Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
4. This step removes the files, folders, and shortcuts created by the tools I had you download and run.
5. Run ATF Cleaner, and checkmark "Empty Recycle Bin", click "Empty Selected" and exit the program.

• Accept the Terms of Use and press Start button;
  
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
  
• Enable (check) the Remove found threats option, and run the scan.
  
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
  Look at contents of this file using Notepad or Wordpad.
  
  The Frequently Asked Questions for ESET Online Scanner can be viewed here
  http://www.eset.com/onlinescan/cac4.php?page=faq
  
  
  • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
    Otherwise the scan will take twice as long to do:
    everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    
    
  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Hello,

Checking in with you, and want to see How things are?
and if you had a chance to see my last reply?

Yes, I'm just getting back home & going to start here directly. I will do this & get back with a new HJT log. Thanks.

I did the cleanup with OTMoveIt2. I immediately asked me to reboot & I did & when I came back there was nothing in the recycle bin. After it ran, it did have several things on right that said: Several file deletes failed & some not found. Does that mean I have some more stuff leftover that I should find & delete? And then I did the ESET scan & the results are good it seems. Both that & the new HJT logs will be below. I still have the folders: SDFix (which is empty) & the SDFix_First_Run still on my computer & it is 20.3MB's. How do I get rid of it? And Can I safely delete what is Quarrantined in Malwarebytes yet? And in Avast, can I delete what is in the Avast chest? The 3 infected files in the system files part & the (now 21) in the Infected section of the chest? The Thumbs.db is also still in my pictures & is 708kb & says it's a database file, can I delete it? I know these are alot of questions but I just don't know exactly how to act on each particular problem. Anyways, all went ok & here are the logs.

ESET log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3225 (20080629)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=3163b49342b40c42a9d5e71362f42e37
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-06-30 03:05:57
# local_time=2008-06-29 11:05:57 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=132474
# found=0
# scan_time=522

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:19 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/?ui=1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212888432531
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3995 bytes

Hello,

I'm going to answer your questions. I would ask a favor of you: When you have multiple issues, use paragraph breaks to separate each issue. That makes it much easier to read and to digest. Thanks.

Hi, I went & did all that & I did leave the thumbs.db right in my pictures. Yes, it is only 708kb, I just don't want to accidentally delete it if it's important, I frequently work in my pictures editing, tranferring to flash or deleting & that is my concern as far as the thumbs.db. I just wish I knew where it went & I'd try to put it there.

I'm so glad that the logs results were good now. I didn't mention it in my last reply but my PC was only blurry for like 2 days then suddenly was all back to normal. That turned out Great.

I was re-reading alot of the steps I did & am wondering if I should return to my Folder options & re-check hidden folders or that extensions?

But yes, the original issues are gone, I have no wierd behavior & my PC is acting great now.

Now how do I go about the windows updates? I was reading about XP SP3 & it really sounds like there are alot of failed installs of it. But I do know now that it's important to keep updated so when or if I'm ready I will do updates & just cross my fingers lol.
Thanks

You certainly may reset your My Computer {Windows Explorer} Folder Options to your liking (as they were from before).

On XP Service Pack 3, I would highly recommend the suggestions offered by my colleagues
http://aumha.net/viewtopic.php?f=62&t=34358

Note that Malwarebytes' Anti Malware {MBAM} (link given way earlier) is a very handy program, and you may certainly get it and use it as part of your anti-malware tools. I would strongly urge you to use it on a regular basis.

• Run ATF Cleaner, and checkmark "Empty Recycle Bin", click "Empty Selected" and exit the program. You can delete or keep this utility as you wish.
  
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
  
• Check in at Windows Update and install any Critical Updates offered.
  
  
• Download and Install Windows Defender by Microsoft (free) if you do not already have it:
  http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D
  
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in WinXP:
  http://support.microsoft.com/kb/306525
• Download and install Comodo BOClean (free): http://www.comodo.com/boclean/CBO_download.html
  
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  Kaspersky Webscan Online Virus Scanner
  
  ESET Online Scanner
  
  Panda ActiveScan
  
  Trend Micro Housecall
  
  F-Secure Online Scanner
  
  
• Read Tony Klein's article How Did I Get Infected In The First Place
  
  
• Never, ever download free games, free tools, smileys, or anything free unless you can be absolutely sure the source is safe !
  
  Finally, spend some time reading about how to keep your computer safe on the Internet: http://www.bleepingcomputer.com/tutorials/tutorial82.html

Ok I am doing most of these now & definetly am keeping malwarebytes as well, & Thanks! I'm going to do the sp3 tomorrow. Again, Thanks!

You're welcome. All the best to you.

Just 1 reminder: prior to applying (getting) XP Service Pack 3, temporarily disable your antivirus and anti-malware programs.
This is all covered in the link I gave you, but well worth reminding you.

I am locking this thread since the issue is resolved. If you need it reopened, please private message a Moderator and we will unlock it for you.