Solved Problem solved thank you, but please check.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 27/08/2004 15:18:26
System Uptime: 30/03/2009 17:55:44 (3 hours ago)

Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 39.255 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891043&REV_01\4&1C660DD6&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D891043&REV_01\4&1C660DD6&0&08F0
Service:

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: NERO IMAGEDRIVE SCSI Controller
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer: Ahead AG
Name: NERO IMAGEDRIVE SCSI Controller
PNP Device ID: ROOT\SCSIADAPTER\0000
Service: Imagedrv

==== System Restore Points ===================

RP1: 29/03/2009 06:04:52 - System Checkpoint
RP2: 29/03/2009 06:57:48 - ComboFix created restore point
RP3: 29/03/2009 07:20:24 - RegCure Backup
RP4: 29/03/2009 07:20:30 - RegCure Backup
RP5: 29/03/2009 07:22:58 - RegCure Backup
RP6: 29/03/2009 07:23:16 - RegCure Backup
RP7: 29/03/2009 09:00:44 - Software Distribution Service 3.0
RP8: 29/03/2009 11:37:46 - Software Distribution Service 3.0
RP9: 30/03/2009 01:02:17 - RegCure Backup
RP10: 30/03/2009 16:52:55 - Installed Java(TM) 6 Update 13
RP11: 30/03/2009 16:55:43 - Removed J2SE Runtime Environment 5.0 Update 9
RP12: 30/03/2009 16:57:12 - Removed Java(TM) 6 Update 5
RP13: 30/03/2009 16:57:54 - Removed Java(TM) 6 Update 7
RP14: 30/03/2009 17:22:21 - Removed Java(TM) 6 Update 13
RP15: 30/03/2009 17:23:07 - Installed Java(TM) 6 Update 13

==== Installed Programs ======================


Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player 11
Ahead ImageDrive
ArcSoft PhotoImpression
ArcSoft VideoImpression 2
AV Capture
AVS DVD Player version 2.4
BroadJump Client Foundation
BufferChm
Choice Guard
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
D1400
D1400_Help
Dell ResourceCD
Desktop Puddle Screensaver v1.0 Registered Version
DeviceDiscovery
DeviceManagementQFolder
DiMAGE Messenger 2.0
DiMAGE Viewer
DivX Codec
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
Driver Genius Professional Edition 2007
DVD Decrypter (Remove Only)
eSupportQFolder
FinePixViewer Ver.4.2
FUJIFILM USB Driver
GearDrivers
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
ImageMixer VCD2 for FinePix
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 13
Media Library Management Wizard
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office Publisher 2003
Microsoft Office XP Professional with FrontPage
Microsoft Office XP Standard for Students and Teachers
Microsoft Protection Service
Microsoft USB Flash Drive Manager
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Word 2002
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Music Manager
Nero Digital
Nero OEM
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS CAMEDIA Master 4.1
PanoStandAlone
PaperPort 7.02
PC Connectivity Solution
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
PowerDVD
PSSWCORE
PX Engine
QuickTime
RegCure 1.5.0.1
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Segoe UI
Serif PhotoManager 1.0
Skype 3.0
Skype™ 4.0
SolutionCenter
Something Fishy: 3D Desktop Aquarium Screen Saver v1.1DX Full Version
Sound Blaster Live!
SoundMAX
SpyZooka
Status
Toolbox
TrayApp
UnloadSupport
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (SM1)
VideoToolkit01
Visioneer 4800 USB
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Bonus Pack for Windows XP
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Support Tools
Windows XP Service Pack 3
Winferno Registry Power Cleaner
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

29/03/2009 06:07:44, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imagedrv
29/03/2009 06:07:34, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The system cannot find the file specified.
29/03/2009 06:07:34, error: Service Control Manager [7001] - The OneCare Firewall service depends on the MSFWDrv service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
29/03/2009 06:07:34, error: Service Control Manager [7003] - The MSFWDrv service depends on the following nonexistent service: msfwhlpr
29/03/2009 06:07:34, error: Service Control Manager [7023] - The COM+ Event System service terminated with the following error: The system cannot find the file specified.
29/03/2009 06:07:34, error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: The system cannot find the file specified.
29/03/2009 06:07:34, error: Service Control Manager [7000] - The OneCare AntiSpyware and AntiVirus service failed to start due to the following error: The system cannot find the path specified.
28/03/2009 18:49:08, error: Dhcp [1002] - The IP address lease 82.19.146.100 for the Network Card with network address 0007E9479F06 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
28/03/2009 17:28:56, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The system cannot find the file specified.
28/03/2009 15:45:01, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
28/03/2009 15:44:56, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
28/03/2009 15:44:54, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
28/03/2009 14:07:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
28/03/2009 14:07:27, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips Imagedrv intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss StarOpen Tcpip
28/03/2009 14:07:27, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2009 14:07:27, error: Service Control Manager [7001] - The OneCare Firewall service depends on the MSFWDrv service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2009 14:07:27, error: Service Control Manager [7001] - The MSFWDrv service depends on the IP Traffic Filter Driver service which failed to start because of the following error: The dependency service or group failed to start.
28/03/2009 14:07:27, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2009 14:07:27, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2009 14:07:27, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2009 14:07:27, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2009 14:07:27, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2009 14:07:27, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2009 14:07:27, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
28/03/2009 14:07:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
28/03/2009 14:06:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
28/03/2009 12:26:38, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
28/03/2009 17:06:32, information: Windows File Protection [64001] - File replacement was attempted on the protected system file iedw.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.2995, the version of the system file is 5.1.2600.5512.
28/03/2009 17:05:14, information: Windows File Protection [64001] - File replacement was attempted on the protected system file extmgr.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.2995, the version of the system file is 6.0.2900.5512.

==== End Of File ===========================

 

Welcome back


In your first post you mentioned you had tried using ComboFix?

If you still have ComboFix on desktop continue with the below.

If you have deleted let me know so I can give you the links to install again.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

File:: 
c:\docume~1\john\locals~1\temp\idrmkl.sys
Driver::
idrmkl
DDS::
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mPolicies-explorer: <NO NAME> = 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



In your next reply post:
ComboFix.txt



How's your computer now?

 

Hi Juliet,
It is ticking over fine now, prior to all this it made the usual working noise, but it sounded as though it were a car engine ticking over on 2 cylinders.
now there is no background noise, it is totally quiet and surfing the net has greatly improved, rather like channel hopping on the TV.
I have spyzooka installed I havent a clue how to disable that though apart from switching everything off.
regards,
John

 

This is actually an application we don't recommend.

Glad the computer is running well now.


Can you post theComboFix log?

I think we're near ready for closing and final clean up.

 

Hi Juliet,
I think I have got this last bit right, I do hope so.
ComboFix 09-03-29.04 - john 2009-03-31 0:57:02.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.234 [GMT 1:00]
Running from: c:\documents and settings\john\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\john\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\docume~1\john\locals~1\temp\idrmkl.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IDRMKL
-------\Service_idrmkl


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-30 17:23 . 2009-03-30 17:23 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-30 16:38 . 2009-03-30 16:38 <DIR> d-------- C:\_OTMoveIt
2009-03-29 06:31 . 2009-03-29 06:31 <DIR> d-------- c:\program files\Trend Micro
2009-03-28 15:12 . 2009-03-28 15:12 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-03-28 15:10 . 2009-03-28 15:10 <DIR> d-------- c:\windows\ERUNT
2009-03-28 15:02 . 2009-03-28 15:59 <DIR> d-------- C:\SDFix
2009-03-28 13:04 . 2009-03-31 00:56 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-28 11:34 . 2009-03-28 11:45 <DIR> d-------- c:\program files\NoAdware
2009-03-28 10:17 . 2009-03-28 10:17 <DIR> d-------- c:\documents and settings\john\Application Data\Yahoo!
2009-03-28 10:17 . 2009-03-28 10:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-03-28 10:15 . 2009-03-28 10:16 <DIR> d--h-c--- c:\windows\ie8
2009-03-27 16:54 . 2009-03-30 22:34 <DIR> d-------- c:\documents and settings\john\Application Data\Spyzooka
2009-03-27 16:31 . 2009-03-30 20:47 <DIR> d-------- c:\program files\SpyZooka
2009-03-23 16:57 . 2009-03-23 16:57 3,072 --ahs---- C:\Thumbs.db
2009-03-23 01:10 . 2009-03-27 16:43 <DIR> d-------- c:\program files\ParetoLogic
2009-03-23 01:10 . 2009-03-23 01:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-03-23 01:10 . 2009-03-27 16:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-03-20 17:54 . 2009-03-20 17:54 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-20 17:54 . 2009-03-20 17:55 <DIR> d-------- c:\program files\Windows Live
2009-03-18 23:33 . 2009-03-18 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winferno
2009-03-17 22:32 . 2009-03-17 22:32 <DIR> d-------- c:\program files\Winferno
2009-03-17 22:32 . 2009-03-17 22:32 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-03-17 17:06 . 2009-03-17 17:06 <DIR> d-------- c:\documents and settings\john\Application Data\iScreensaver
2009-03-15 19:00 . 2009-03-16 23:52 <DIR> d-------- c:\documents and settings\john\Application Data\Samsung
2009-03-15 18:52 . 2006-05-03 23:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-15 18:49 . 2009-03-15 19:59 5,632 --a--c--- c:\windows\system32\drivers\StarOpen.sys
2009-03-15 18:41 . 2005-08-28 21:51 766 --a--c--- c:\windows\system32\Uninstall.ico
2009-03-15 12:04 . 2009-03-15 12:04 <DIR> d-------- c:\windows\system32\runtime
2009-03-15 09:26 . 2006-11-07 22:01 66,048 --a--c--- c:\windows\ieResetIcons.exe
2009-03-14 21:20 . 2009-03-14 21:21 <DIR> d-------- c:\program files\iTunes
2009-03-14 21:20 . 2009-03-14 21:20 <DIR> d-------- c:\program files\iPod
2009-03-14 21:20 . 2009-03-14 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-14 21:11 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-13 22:16 . 2007-11-06 11:51 126,464 --a--c--- c:\windows\system32\MadCHook.dll
2009-03-13 21:26 . 2009-03-23 00:40 <DIR> d-------- c:\documents and settings\Administrator
2009-03-13 00:12 . 2009-03-13 00:12 <DIR> d--hs---- c:\documents and settings\john\IECompatCache
2009-03-13 00:11 . 2009-03-13 00:11 <DIR> d--hs---- c:\documents and settings\john\PrivacIE
2009-03-13 00:11 . 2009-03-13 00:11 <DIR> d--hs---- c:\documents and settings\john\IETldCache
2009-03-11 21:36 . 2009-03-11 21:36 <DIR> d-------- c:\program files\Windows Installer Clean Up
2009-03-10 22:34 . 2009-03-10 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-08 15:22 . 2009-03-08 15:22 49,152 -----c--- c:\windows\system32\msrating.dll.mui
2009-03-08 15:22 . 2009-03-08 15:22 2,560 -----c--- c:\windows\system32\mshta.exe.mui
2009-03-08 15:21 . 2009-03-08 15:21 4,096 -----c--- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 15:20 . 2009-03-08 15:20 81,920 -----c--- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 05:34 . 2009-03-08 05:34 236,544 -----c--- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 05:34 . 2009-03-08 05:34 109,568 -----c--- c:\windows\system32\dllcache\occache.dll
2009-03-08 05:34 . 2009-03-08 05:34 105,984 -----c--- c:\windows\system32\dllcache\url.dll
2009-03-07 13:56 . 2009-03-07 16:11 <DIR> d-------- C:\ProgramData
2009-03-05 23:51 . 2009-03-05 23:51 1,922 --a------ C:\ups.exe
2009-03-05 23:44 . 2009-03-05 23:48 1,922 --a------ C:\pidhi.exe
2009-03-05 17:38 . 2009-03-05 17:38 <DIR> d-------- c:\windows\SxsCaPendDel
2009-03-04 22:54 . 2009-03-29 06:59 <DIR> dr-hs---- C:\RESTORE
2009-02-24 18:02 . 2009-02-24 18:02 <DIR> d-------- c:\program files\Common Files\Skype
2009-02-12 23:20 . 2009-02-12 23:20 5,630 -----c--- c:\windows\system32\IE8Eula.rtf
2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a--c--- c:\windows\system32\sirenacm.dll
2009-02-02 19:13 . 2009-02-03 08:15 <DIR> d-------- c:\documents and settings\john\Application Data\LimeWire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 16:23 --------- d-----w c:\program files\Java
2009-03-28 17:28 --------- d-----w c:\program files\Microsoft Plus! Digital Media Edition
2009-03-28 09:17 --------- d-----w c:\program files\Yahoo!
2009-03-27 15:55 645,664 -csha-w c:\windows\system32\drivers\fidbox2.dat
2009-03-27 15:55 61,604 -csha-w c:\windows\system32\drivers\fidbox2.idx
2009-03-27 15:55 383,780 -csha-w c:\windows\system32\drivers\fidbox.idx
2009-03-27 15:55 28,575,264 -csha-w c:\windows\system32\drivers\fidbox.dat
2009-03-19 22:04 --------- d-----w c:\program files\Support Tools
2009-03-17 17:02 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 17:02 --------- d-----w c:\program files\ArcSoft
2009-03-17 16:50 --------- d-----w c:\program files\InterActual
2009-03-17 15:48 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-16 23:26 --------- d-----w c:\program files\Microsoft
2009-03-16 23:24 --------- d-----w c:\program files\Microsoft Works
2009-03-16 23:03 --------- d-----w c:\documents and settings\john\Application Data\Sony
2009-03-16 18:52 42,768 -c--a-w c:\documents and settings\john\Application Data\wklnhst.dat
2009-03-15 17:29 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-14 20:20 --------- d-----w c:\program files\Common Files\Apple
2009-03-14 20:17 --------- d-----w c:\program files\Bonjour
2009-03-14 20:16 --------- d-----w c:\program files\QuickTime
2009-03-13 20:37 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-13 20:37 --------- d-----w c:\program files\Shockwave.com
2009-03-13 20:37 --------- d-----w c:\program files\RegCure
2009-03-11 20:36 --------- d-----w c:\program files\MSECACHE
2009-03-05 23:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-28 22:02 --------- d-----w c:\documents and settings\john\Application Data\Skype
2009-02-28 16:01 --------- d-----w c:\documents and settings\john\Application Data\skypePM
2009-02-24 17:02 --------- d-----r c:\program files\Skype
2009-02-24 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-11-25 21:38 130,104 -c--a-w c:\documents and settings\john\Application Data\GDIPFONTCACHEV1.DAT
2007-01-21 00:01 299 -c--a-w c:\documents and settings\john\Application Data\internaldb6500.dat
2006-12-18 06:00 299 -c--a-w c:\documents and settings\john\Application Data\internaldb292.dat
2006-10-16 18:20 337 -c--a-w c:\documents and settings\john\Application Data\internaldb1942.dat
2006-10-16 18:01 13,046 -c--a-w c:\documents and settings\john\Application Data\internaldb5436.dat
2006-10-16 18:01 0 -c--a-w c:\documents and settings\john\Application Data\internaldb4604.dat
2006-10-15 22:40 0 -c--a-w c:\documents and settings\john\Application Data\internaldb8253.dat
2006-10-15 22:40 0 -c--a-w c:\documents and settings\john\Application Data\internaldb6334.dat
2006-10-15 22:40 0 -c--a-w c:\documents and settings\john\Application Data\internaldb3902.dat
2006-10-15 22:40 0 -c--a-w c:\documents and settings\john\Application Data\internaldb2391.dat
2006-10-15 22:40 0 -c--a-w c:\documents and settings\john\Application Data\internaldb153.dat
2005-05-30 22:56 774,144 -c--a-w c:\program files\RngInterstitial.dll
2003-08-27 13:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPWebCap "= "c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe" [2001-08-10 40960]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NBJ "= "c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent "= "c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"BJCFD "= "c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancesPage "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5} "= "c:\progra~1\SpyZooka\spyguard.dll" [2005-05-07 173568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3 "= c:\windows\System32\ctmp3.acm
"VIDC.SP40 "= SP40_32.DLL
"VIDC.SP41 "= SP4X_32.DLL
"VIDC.SP42 "= SP4X_32.DLL
"VIDC.SP43 "= SP4X_32.DLL
"VIDC.SP44 "= SP4X_32.DLL
"VIDC.SP45 "= SP4X_32.DLL
"VIDC.SP46 "= SP4X_32.DLL
"VIDC.SP47 "= SP4X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ 43}\RP2253\snapshot\DRMData._Pe C: scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2007-03-11 21:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\WINDOWS\\system32\\dpnsvr.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\system32\\HPZipm12.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\iPod\\bin\\iPodService.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\WINDOWS\\system32\\spoolsv.exe "=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe "=
"c:\\WINDOWS\\system32\\dwwin.exe "=
"c:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\WINDOWS\\system32\\LEXPPS.EXE "=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe "=
"c:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe "=
"c:\\Program Files\\SpyZooka\\SpyZookaLdr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)
"AllowInboundTimestampRequest "= 1 (0x1)
"AllowInboundMaskRequest "= 1 (0x1)
"AllowInboundRouterRequest "= 1 (0x1)
"AllowOutboundDestinationUnreachable "= 1 (0x1)
"AllowOutboundSourceQuench "= 1 (0x1)
"AllowOutboundParameterProblem "= 1 (0x1)
"AllowOutboundTimeExceeded "= 1 (0x1)
"AllowRedirect "= 1 (0x1)
"AllowOutboundPacketTooBig "= 1 (0x1)

S3 AVC1100;Adaptec AVC-1100 Video Capture;c:\windows\system32\drivers\CA506AV.SYS [2004-08-27 175042]
S3 ca506aaf;Adaptec USB Audio Filter Driver (WDM);c:\windows\system32\drivers\ca506aaf.sys [2004-08-27 14273]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-31 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 22:21]

2009-03-30 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 22:21]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://uk.yahoo.com/
uLocal Page = \blank.htm
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 01:02:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1284227242-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{114866E9-7C82-20F7-16C3063A4CAB25A4}\{3FC78BFC-C5A7-A764-C3D11931F655D68A}\{CA848313-C322-9D26-10260A1412DD57C5}*]
"UI35JDKU3F4654CZZ6JMFZCVPE1 "=hex:01,00,01,00,00,00,00,00,df,de,40,72,9a,1f,5e,
ef,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PAStiSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-31 1:08:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-31 00:08:00
ComboFix2.txt 2009-03-29 06:09:54

Pre-Run: 42,097,635,328 bytes free
Post-Run: 42,176,425,984 bytes free

264 --- E O F --- 2009-03-29 10:38:19

 

Good deal.....we're ready to close this bad boy out.


Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below







NEXT**

Next open OTMoveIt, then click on "CleanUp! ".
If you receive a warning from your Firewall please allow...In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present.

They are not needed anymore, so OTMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.




I think your good to go, good job!



Please take the time to read over a few of my preventive tips.


Please navigate to Microsoft Windows Updates and download all the "Critical Updates " for Windows.


Firefox 3
The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 2, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

How to prevent Malware: Created by Miekiemoes

Here are some additional utilities that will further enhance your safety.
# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)


Read this article 'Safe Computing Practices'.
So how did I get infected in the first place.

Secure My Computer: A Layered Approach

Strong passwords: How to create and use them

Free Antivirus-AntiSpyware-Firewall Software
Slow Computer May Not Be Malware Related, Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html


PC Safety and Security--What Do I Need?
http://www.techsupportforum.com/sec...115548-pc-safety-security-what-do-i-need.html

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
This site offers people who have been (or are) victims of malware the opportunity to document their story.

Extra note:
Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

 

thanks for all this I have just followed all the instructions and visited various sites, sadly the IM programmes dont seem to cover windows live, however have downloaded the free spywareblaster, firefox 3 and the add ons.
The computer seems to be a real beauty now,
I will be back on tomorrow I have had a rather busy day in court today and absolutely shattered,
Thank you very much,
regards,
John

 

Good deal.


Safe Surfing

 

to all the team at BBS, specifically Juliet.
I would like to thank you all for the help I have received in restoring my computer to a near original state.
I was fearful that I may have to get a new one, something that I cannot afford in my present position, but now it seems to be ticking over just fine...
I dont know how I found this site, but I am glad I did, you will certainly be recommended to others by me, the service you provide is outstanding, the instructions very clear and concise, easy to understand and follow, specifically for the number one windows dummy (me) once again thank you very much indeed
kind Regards,
John McConnell uk