possible virus

[jolie]

ok well that was all the file
a very very large log file

and my computer is working so much better now

thank you

[oldman]

Sorry about that, I didn't see that program or I would have had you uninstall it first, may have saved some copy and paste. Glad you didn't have more user's accounts, you probably are too.

I need another DSS log and you have a little fix to do to pick up the few stragglers.

Do the combofix fix first, then run DSS and post only the DSS log



Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled.

Copy and paste all the text in the quote box below into Notepad.

Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.

File::
C:\WINDOWS\system32\iakqtuqg.dll
C:\WINDOWS\system32\iwsvrhey.dll
C:\WINDOWS\system32\datvqerh.ini

This will start ComboFix again.Close  all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HJT log.

[jolie]

here is the next log for dss as a attachment cause it would not fit here

[jolie]

here are the other 2 logs
1 combofix and 1 hijackthis

[jolie]

is that is ? am i all done ?

[oldman]

Just about, if this goes well.    There will be a few clean up items to do afterwards.

Open HJT, run a system scan only, check mark the following line(s), if present

O20 - Winlogon Notify: cbxvspn - cbxvspn.dll (file missing)



I don't know where this little guy came from, it wasn't in your last log. But we'll take care of it.


Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled.

Copy and paste all the text in the quote box below into Notepad.

Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.

File::
C:\WINDOWS\system32\yccdd.tmp

This will start ComboFix again.Close  all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply and a HJT log.

Attaching if fine .

[jolie]

here is the log from combofix after i did the steps

[jolie]

and here is the hijackthis log too

[oldman]

Ok, just one file that you can manually delete.

c:\Program Files\wt3d.ini

In windows explorer set the folders options like this

Open the Folder Options in the Control Panel.  On the View tab make sure Show Hidden Files and Folders is checked and Hide Protected Operating System Files and hide known extentions are not checked.  Click OK.

find the file in bold above, right click it and delete.



To clean up the tools that we used


1.Click start button, click run, copy and paste the line below into the box, click ok

combofix /u



2.Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt2.exe to run it.
  
  Then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.
  
  
  3.Create a new restore point
  
  You must be logged on to an administrator account
  Go to Start - All Programs - Accessories - System Tools - System Restore.
  Click Create a restore point, and then click Next.
  In the text box labeled Restore Point Description, type a name for this restore point , click create
  
  Remove old restore points
  
  4.- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
  
  
  
  5.Download and run this clean up utility. You can use it regularly. When it's first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.
  
  CleanUp
  
  
  6. Update your java. out a date java can be an entry point for malware.
  
  Open an Internet Explorer (only) window and go to http://www.java.com/en/download/manual.jsp > In the middle of the page, click on the Download button to the right of Java Runtime Environment (JRE) 6u3 > If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content.
  
   You do not have to install the Java Web Start ActiveX Control
  
  
  Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u3-windows-i586-p.exe to your desktop; do not Run it.
  
  When the download is complete, Open Control Panel > Add/Remove Programs:
  
  Uninstall anything that says Sun Java, Java JRE, or similar.
  
  Close Add/Remove Programs.
  
  In Windows Explorer, navigate to C:\Program Files\Java <=this folder, if found. Delete any subfolders it may contain.
  
  Do NOT delete C:\Program Files\JavaVM <=this folder, if found!
  
  Double-click on the saved file to install the update.
  
  Delete the downloaded installation file after completing the above procedure  and reboot if not prompted to do so.
  
  Reboot your computer.
  
  
  How is everthing?
  
  
  
  
  
  
  

[jolie]

everything seems good
running very very fast now

[oldman]

Ok, just do the clean up and the update.

Take care and keep safe. 

[jolie]

thank you thank you

you are my hero
for sure

[oldman]

You're making me blush   

But you are very welcome.