Solved Have a lot of virus problems!

[Bobbye]

About ask.com: Neither Spybot or I would recommend you having any Ask.com on the system. You can make any site on the internet your home page:
Open the browser> Go to the site you want for the Homepage> go to Tools> Internet Options> General tab> Homepage section> Click on Use current> Click on Apply> OK.

Did you copy all of the text in the code box and run it? Some entries aren't showing up.

 

[tpw]

yes i did i copy and paste it into notepad save it to my desktop with other program and added but when my restart to spybot starting up but disable it as it was scaning again when it restart if you want me to i can do it again.

 

[Bobbye]

i did i copy and paste it into notepad save it to my desktop with other program but when my restart to spybot starting up but disable it as it was scaning again when it restart

It is most likely TeaTimer running and causing the problem: To disable:

• Right click the TeaTimer icon in the system Tray
  
• Then click Exit Spybot-S&D Resident
• (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

Now run the script again and follow the directions >>
Referring to the picture above, drag CFScript into ComboFix.exe

 

[tpw]

Yeah I did that before and when it restart spybot run at startup but I hurry and exit out here the new log.

 

[Bobbye]

Please tell me what malware problem remain- what problems are you experiencing now, if any?

 

[tpw]

non i was just following you i notice my computer slow but when i had it reformated it seem slower than so i dont think it virus or maleware i use runingregular xp now i have xp proffesional if that would make my computer slower.

 

[Bobbye]

The should help to speed you up:
Please print the following. you will need to list of programs to take off of startup and modify the Service Startup Type:

Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Close all Windows except HijackThis and click on "Fix All"

Boot into Safe Mode:

• Reboot the computer.
• After the logo loads, begin tapping the F8 key
• When you get the "Windows Advanced Options Menu" use the Arrow keys to move to "Safe Mode" and press your Enter key.

Click on Start> Run> type in services.msc> scroll to each of the Services below and set as directed:

1. Apple Mobile Device - Set to Manual Startup
2. Bonjour Service - Set to Manual Startup
3. iPod Service - Set to Manuakl Startup.
4. JavaQuickStarterService) - Set Startup to Disabled.
5. NVIDIA Display Driver Service (NVSvc) - Set to Manual Startup.
6. YahooAUService- Set to Manual startup.

Exit Services when through

Click on Start> Run> type in msconfig> enter> Selective Startup> Startup tab:
Find each entry for the list of processes you stopped in HijackThis and uncheck it.
Click on Apply> OK when finished.

Reboot. NOTE: On the first reboot after using'msconfig', you will get a nag message that you can ignore and close after checking 'don't show this message again.' You must stay in Selective Startup to keep the changes.

I'm changing computers. Will be back to have you remove the cleaning tools.

 

[Bobbye]

Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin

Let me know if you have any more questions.

 

[tpw]

Printer not working right now can i copy and paste it to notepad the list and save it to desktop.

 

[Bobbye]

That's fine- as long as you have something to refer to. It's for your convenience.

 

[tpw]

I been busy havent had time to do this do you mean on hijack click fix selected because i dont see fix all button just making sure.

 

[Bobbye]

After 'do system scan and save logfile':

After checking boxes, click on "Fix Checked" lower left.

 

[tpw]

I still dont see fix selected i just see fix check so is ok do just select the one you told and click fix selected.

 

[Bobbye]

Actually, I said "Close all Windows except HijackThis and click on "Fix All"

The screen shot actually says "Fix Checked". Do that.
It will only fix those entries which you have 'selected' by putting the check in the box.