Computer virus and spyware

Hello,
I have just finished all of the steps in evil fantasies guide to getting started. I am using a "HP pavillion a1600n" with "amd athlon 64 x 2 dual core processor 3800+ ",  1024MB memory. I am using "Windows XP Media Centre Edition 2005" Here are the three logs requested.
Thankyou for your help.

[recovering disk space -- attachment deleted by admin]

I am not sure my attachments came through.  When I viewed my posting I could not see them. Is that normal or do I have to repost
Thanks

[Malware Removal Specialist]

They're there.

[Malware Removal Specialist]

Open Hijackthis and select

Do a system scan only.

Place a check mark next to the following entries: (if there)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\HP_Administrator\Application Data\WinButler\WinButler.exe

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis and restart the computer.

----------

Download OTMoveIt2 by OldTimer

• Save it to your desktop.

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the codebox below.

Code: [Select]

[kill explorer]
C:\Documents and Settings\HP_Administrator\Application Data\WinButler\WinButler.exe
EmptyTemp
[start explorer]

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

.
----------

Next post add the OTMoveIt2 log and let me know how everything is now.

here is th last log

[recovering disk space -- attachment deleted by admin]

[Malware Removal Specialist]

Download Deckard's System Scanner (DSS) to your Desktop.
Note: You must be logged onto an account with administrator privileges.
Vista users Right click DSS and Run as Administrator.

• Close all applications and windows.
  
• Double-click on dss.exe to run it, and follow the prompts.
  
• When the scan is complete, two text files will open.
• main.txt <- this one will be maximized
  
• extra.txt <- this one will be minimized
• Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply.

Here are the two most recent logs you requested

[recovering disk space -- attachment deleted by admin]

I am not sure my attachments came through.  When I viewed my posting I could not see them. Is that normal or do I have to repost
Thanks

FYI - You need to be logged in to see attachments.

Good luck.

[Malware Removal Specialist]

Go to add/remove programs and uninstall J2SE Runtime Environment 5.0 Update 6

Update your Mozilla Firefox Browser
Recently there have been vulnerabilities detected in older versions of Mozilla Firefox.
It is strongly suggested that you update to the current version.
Mozilla Firefox 2.0.0.16
You can update it by clicking Help > Check for updates...

I still see WinButler in add/remove programs, try to uninstall it. If it gives you any problems let me know.

How everything is now?

[Malware Removal Specialist]

If your browser tries to get you to download Firefox 3.0 and you don't want to then go here for the new version of 2.0 http://www.mozilla.com/en-US/firefox/all-older.html

J2Se and Winbutler both uninstalled successfully.
Everything seems to be fine.  I am having problems with my email not sending but I believe it has to do with my provider. Thank you very much for your help. You are very thorough and I can't express enough how gratefull I am not just for my sake but that you give so much of your time to help others.   You deserve a medal
Thanks

[Malware Removal Specialist]

Thanks for the kind words

A few more things to do.

Final steps and advice.

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Important: You Need to Update Windows and Internet Explorer regularly to protect your computer from the malware and other security threats that are on the Internet. Go to Microsoft Windows Update and get all critical updates.

If you are running any Microsoft Office version go to the Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

----------

Make sure all of your security programs are up to date and run scans with them regularly. Turn on the automatic updates in all of them. Do scans once or twice a week minimum. I can not stress how important it is to keep your antivirus, antispyware and firewall up to date.

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

I am having problems after running the secunia software inspector. It tells me

"This installation of Macromedia Flash Player 7.x is insecure and potentially exposes your system to security threats!"

and   "This installation of Macromedia Flash Player 8.x is insecure and potentially exposes your system to security threats!


I have downloaded the updates and have the new flashplayer. I can not find anything in add or remove programs .

I reran the scan and the results come back the same

[Malware Removal Specialist]

Flash Player can be a pain when it comes to updating. It doesn't overwrite the old version completely and leaves old useless files around that Secunia see.

Do this.

Download the Flash Player Uninstaller and save it to your desktop.

Run the uninstaller program and then reboot your computer to complete the uninstall.

Download and install the latest version of Flash Player

the advice on flashplayer worked great.
I now have a lot of programs on my computor that I did not have before. should I leave them all?

[Malware Removal Specialist]

Which ones? There should be HJT, MBAM and SAS. You can uninstall HJT but keep MBAM and SAS and run scans with them occasionally.

here is a list,  Software inspecter,  Malware bytes,  Moa2008use.exe, Superantispyware,  Windowsxp-kb884020-x86-enu.exe,  software inspector,  Tinsetup, CCleaner,  Noscript. 
Another strange thing is happening. When I go to "MEDIA CENTRE" and then close it I end up with a MSN messenger icon on the bottom right which says not signed in when I put the cursor on it. If I log off and back on it is gone. I was having trouble with email but now is OK. I am prevented from using youtubr and similar sites

[Malware Removal Specialist]

You can use the online Software inspecter so you don't need to have it installed.

Malware bytes & Superantispyware - Keep and run a scan occasionally, every two weeks or more if you think you need to. Remember to update before scanning.

That is an installer for something, but not anything I had you use I don't think. Delete it.

Windowsxp-kb884020-x86-enu.exe - Is an update for Windows XP Service Pack 2 (KB884020) - Did you already install it?

Tinsetup - I don't have a clue what this is. Nothing we use here.

Noscript - That is a Firefox add-on. Where do you see it at?

----------

Run this Disable/Remove Windows Messenger to the Desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the Desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the Desktop.

See if that takes care of the Messenger pop-up in Media Center.

----------

I am prevented from using youtubr and similar sites

How are you prevented? What exactly happens?

the tinsetup ia winpatrol.
I have avast antivirus will any of these other programs malwarebytes or superantispyware conflict.

This is the message I get. I know I have the latest version of flash player.

 Sorry This is the message I get  "Hello, you either have JavaScript turned off or an old version of Adobe's Flash Player. "

I have the problem under control now. Everything seems to be fine It was the firefox no script. I had to learn how to allowstuff. Thanks again. You have been awsome . I am telling people good things about this site.
Have a great life

[Malware Removal Specialist]

the tinsetup ia winpatrol.
I have avast antivirus will any of these other programs malwarebytes or superantispyware conflict.

If you have any old setup files on the desktop you can safely delete them.

The programs will not conflict with Avast!.

Everything is still good. Thanks so much.