thanks,

i'll give it a blast when i get home from work.

For your info - i copied another screenshot which shows the file path better.

is it simple enough for me to delete these files, i'm sure i now where they are saved, will this help?
but i'll also complete the scan as requested.

 kasp_2.ppt ( 259.5K ) Number of downloads: 8

Yes, go ahead and delete all those infected music files.

Don't worry about the files already in quarantine, they cannot harm the computer...that will be cleaned out when we do our final cleanup.

Please run the other scan, just to be certain.

Include a fresh DDS log as well, describe how your computer is running now and if there are any outstanding issues.

Thanks

CB

this is the copy to clipboard option list from the eset online scan webpage.

C:\Qoobox\Quarantine\C\Windows\System32\MSIVXjdwgjuktwlhntiepwjaufsralupidndp.dll.vir a variant of Win32/Kryptik.SQ trojan
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXvwnlkcaxjnwioxpsmimrigbtayvhrane.dll.vir a variant of Win32/Kryptik.SQ trojan
C:\Users\Kelly\Music\iTunes\iTunes Music\Diana Ross & the Supremes - Baby love.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Kelly\Music\iTunes\iTunes Music\Elton John & Kiki Dee - True love.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Kelly\Music\iTunes\iTunes Music\watchin freemason.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\Shared\07 Track 7.wma WMA/TrojanDownloader.Wimad.D trojan
D:\Shared\Fleetwood Mac - Bare Trees.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\Shared\high school musical melody HIT TOP50.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
D:\Shared\Ne-Yo - Year Of The Gentleman - 07 - So You Can Cry.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

this is the lor.txt file in the eset online scanner folder. there is not a lot too it?


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

i forgot to delete the music files before the start of the scan, im about to do it now.

need to go out ill do the fressh dds log shortly

hello.

i've attached the attach.txt file, its zipped a previous request.

 Attach.zip ( 3.98K ) Number of downloads: 7



also below is the dds.txt log.

my pc i running alot better than when i first email yourself. it is not crashing unexpectedly on me and is running faster/smoother but think that may have something to do with uninstalling virgin media pc guard.

once i install one of the virus programs you suggested will my machine slow down again?

if so can you suggest any tips or hints to speed the pc up, once on the net or itunes etc. after the pc has loaded is fine, it is the initial start up when i turn the pc on that takes forever to get going?

i also deleted the music files from the eset scan successfully



DDS (Ver_09-06-26.01) - NTFSx86
Run by Mickey at 21:16:32.93 on 03/07/2009
Internet Explorer: 7.0.6000.16851
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.44.1033.18.447.168 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\alg.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kelly\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [PCMService] "c:\acer\empowering technology\emode\pcm\PCMService.exe"
mRun: [WarReg_PopUp] c:\acer\wr_popup\WarReg_PopUp.exe
mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [Broadbandadvisor.exe] "c:\program files\virgin broadband\advisor\Broadbandadvisor.exe" /AUTORUN
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\zdwlan~1.lnk - c:\program files\zydas technology corporation\zydas_802.11g_utility\ZDWlan.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

============= SERVICES / DRIVERS ===============

R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\drivers\athru6.sys [2007-7-5 873472]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768]

=============== Created Last 30 ================

2009-07-03 17:47 <DIR> --d----- c:\program files\ESET
2009-07-02 19:54 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-01 21:04 161,792 a------- c:\windows\SWREG.exe
2009-07-01 21:04 155,136 a------- c:\windows\PEV.exe
2009-07-01 21:04 98,816 a------- c:\windows\sed.exe
2009-07-01 19:25 <DIR> --ds---- C:\Combo-Fix
2009-06-27 16:51 <DIR> --d----- c:\program files\iPod
2009-06-17 22:48 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-17 22:48 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-17 22:39 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-17 22:39 <DIR> --d----- c:\program files\iTunes
2009-06-17 22:39 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-17 20:17 <DIR> --d-h--- c:\windows\PIF
2009-06-16 19:52 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-06-16 19:52 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-06-16 19:47 <DIR> --d----- c:\users\mickey\appdata\roaming\SUPERAntiSpyware.com
2009-06-15 22:26 <DIR> --d----- c:\users\mickey\appdata\roaming\Malwarebytes
2009-06-15 22:02 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 22:02 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-15 22:02 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-15 22:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 22:02 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-14 22:13 <DIR> --d----- C:\1fd72c35818bff34e24c1e4c14831d0f
2009-06-14 12:58 89,680,784 a------- c:\windows\MEMORY.DMP
2009-06-11 19:28 2,028,032 a------- c:\windows\system32\win32k.sys
2009-06-11 19:27 696,832 a------- c:\windows\system32\localspl.dll
2009-06-11 19:22 788,992 a------- c:\windows\system32\rpcrt4.dll

==================== Find3M ====================

2009-06-28 10:06 51,200 a------- c:\windows\inf\infpub.dat
2009-06-28 10:06 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-28 10:06 86,016 a------- c:\windows\inf\infstor.dat
2009-04-24 17:22 827,392 a------- c:\windows\system32\wininet.dll
2009-04-24 17:14 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-24 17:14 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 17:14 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-04-24 17:11 72,704 a------- c:\windows\system32\admparse.dll
2009-04-24 14:53 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-24 13:25 48,128 a------- c:\windows\system32\mshtmler.dll
2008-12-10 23:59 174 a--sh--- c:\program files\desktop.ini
2008-12-01 21:07 0 a------- c:\users\mickey\appdata\roaming\wklnhst.dat
2008-06-14 16:45 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-22 19:30 1,206,366 a------- c:\users\mickey\wrar371.exe
2008-01-25 23:53 1,758,506 a------- c:\users\mickey\bitcomet.exe
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-10-22 23:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-10-22 23:07 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-10-22 23:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 21:17:43.30 ===============

Hi,

Go ahead and install the antivirus of your choice now Avira and Avast are light on resources - so they should not slow your system down.

There is an article HERE on what to do if your computer is running slowly.

Your log is clean, time to do some final housekeeping.

Please do the following:

Please download JavaRa to your desktop and unzip it to its own folder.

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button.
• Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 14)

NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.1)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Follow these steps to uninstall Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

NEXT

Now to remove the rest of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  
  
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
  WOT has an addon available for both Firefox and IE
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

hello,

i have managed to donwload all the programes yuo suggested apart from the 'no script' one. didnt seem to agree on letting me download.


so can you confirm ths for me?;

i have antivir - to scan for viruses.
antimalwarebyte - ?
spyguard ? for spyware. I have on my vista pc, windows defende, think this comes with the pc, shall i keep both or remove one?
spyblaster ?

managed to get the pther downloaded successfully. just need to remember how each works to keep on top of them.

read the articles attached, quite informative.

i hope, i say i hope, we have managed to clear all the doginess out of my pc, i certainly is running pretty much as it was prevoulsly before the problems.

so thank you for the support
if you could update me on the questions above, i would then say we can closed this post as resolved.

Yes, you have done a good job

You should be fine with the programs you have installed now, keep what you have, just be careful where you visit and what you download.

stay safe

~CB

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.