[Cookiegal]

Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.

To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
• Scroll down to where it says " Java Runtime Environment (JRE) 6 Update 5. The Java SE Runtime Environment (JRE) allows end-users to run Java applications (the fourth one in the list).".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start - Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.

How are things with your system now?

[sup2a]

thanks for that, the computer seems fine i was just wondering could any of these infections steal passwords usernames ect? one of the people on the computer said they got an email claiming their facebook is under threat also ive noticed a major increase in download usage could any of the infections cause any of this? and is there any better way to protect my computer? and once again thanks.

[Cookiegal]

One of the infections sends information from your computer home but it's not known to be passwords but rather browsing habits. However, I would recommend that you change all passwords for log-in and financial transactions as a precaution as it may have been compromised.

I'm not sure I understand what you mean by "download usage". Can you please explain in more detail?

[sup2a]

sorry it was late i have a download/upload limit on my broadband, 5gigs, normally that has been enough but when i had the infections it brought me down to dialup speed (happens when i go over) even when i no longer play online games and i wasn't using the internet as much

[Cookiegal]

Yes, that can happen with malware. Is it still happening?

[sup2a]

not too sure now, im monitoring usage closely right now

[Cookiegal]

Run it for a couple of days and then let me know. Please come back though as I will have some final instructions for you that will need to be done.

[sup2a]

seems to be fine now after a few days only a few megs used rather than 100 a day

[Cookiegal]

Here are some final instructions for you.

The following program will remove the tools we've used and their associated files and backups and then it will delete itself.

Please download OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Make sure you have an Internet Connection.
• Double-click OTMoveIt.exe to run it. (Vista users, please right-click on OTMoveIt2.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• A list of tool components used in the cleanup of malware will be downloaded.
• If your firewall or real-time protection attempts to block OTMoveIt2 to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application which will delete itself.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.

In the System Restore wizard, select Create a restore point and click the Next button.

Type a name for your new restore point then click on Create.


I also recommend downloading SPYWAREBLASTER for added protection.

Read here for info on how to tighten your security.


Delete Temporary Files:

Go to Start - Run and type in cleanmgr and click OK.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.


***

You should trim down your start-ups (these show as the 04 entries in your HijackThis log) as there are too many running. You can research them at these sites and if they aren’t required at start-up then you can uncheck them in msconfig via Start - Run - type msconfig click OK and then click on the start-up tab.

http://castlecops.com/StartupList.html
http://www.bleepingcomputer.com/startups/
http://www.windowsstartup.com/wso/index.php

[sup2a]

cleared up my statup and installed spywareblaster but i was unable to download OTmoveIt im going to try with another browser

[sup2a]

thanks a lot for helping me out everything seems to be running smoothly now, thanks again youve been a real help might as well mark this one solved

[Cookiegal]

It's my pleasure.