We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Google keeps re-directing me to advertment sites

Options
123578

Comments

  • john1
    john1 Posts: 433 Forumite
    Part of the Furniture 100 Posts
    Wife to be

    Not sure if this will help you but I use Sophos they concentrate on the business community. However they do have a free download tool to check a single computer http://www.sophos.com/products/free-tools/sophos-threat-detection-test.html

    I haven’t tested it personally as currently using Sophos



    Good luck hope you sort out the problem
  • aliEnRIK
    aliEnRIK Posts: 17,741 Forumite
    Part of the Furniture Combo Breaker
    Unfortunately, some Trojans bypass even the most sophisticated of anti-virus software, so you need to take it to someone who knows how to remove this stuff.

    Yes cos, we dont have a clue do we..............
    :idea:
  • TimothyEBaldwin
    TimothyEBaldwin Posts: 445 Forumite
    Part of the Furniture Combo Breaker
    edited 23 May 2010 at 8:26AM
    Coopdivi wrote: »
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555

    This is a baddie

    Or perhaps it's some security software, I've seen AVG do similar tricks with email. Microsoft have a guide on how to identify the program, you are looking for port 5555.

    The problem could also be on the network rather than on your PC. Try running the commands:
    nslookup www.google.co.uk
    nslookup www.google.com
    
    Then check if the resulting IP address belongs to google using a whois search.

    Try the new secure Google web search, that will stop any network based meddling with your connection to Google, but will not help with the rest of the Internet.
  • wife_to_be
    wife_to_be Posts: 64 Forumite
    just to let you guys know that im still trying to solve this problem. As i said before im not really into all the terminology so im gonna wait until my son has time (he knows a little more than me) and we are gonna try and work it together with the advice given.

    Thanks in the meantime.

    wife to be
  • The_Grandmaster
    The_Grandmaster Posts: 1,424 Forumite
    Part of the Furniture Combo Breaker
    aliEnRIK wrote: »
    Download HostsXpert
    http://www.softpedia.com/progDownload/Hoster-Download-27041.html
    and then follow the below steps.

    * Unzip HostsXpert.zip
    * It will create a folder named HostsXpert in whatever folder you extract it to.
    * Run HostsXpert.exe by double clicking on it.
    * click the Make Writeable? button.
    * click Restore Microsoft's Hosts File and then click OK.
    * Click the X to exit the program


    .....................................................................



    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
    (If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)

    Think following alienRIK is the best option
  • wife_to_be
    wife_to_be Posts: 64 Forumite
    Ive done the first bit of softpedia. yeah.

    Then my internet went down so i could not do the other combofix part.

    We are gonna do that bit tonight and then i will post the results, if thats okay.

    thanks for all help so far i really appreciate it.
  • wife_to_be
    wife_to_be Posts: 64 Forumite
    ive done combofix scan and here are my results

    i look forward to further help and advise.

    thanks a lot



    ComboFix 10-05-23.08 - Shaun 24/05/2010 17:19:03.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.658 [GMT 1:00]
    Running from: c:\documents and settings\Shaun\Desktop\qwerty.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Shaun\Local Settings\Temporary Internet Files\mcc17.tmp
    c:\documents and settings\Shaun\Local Settings\Temporary Internet Files\mcc1C.tmp
    c:\documents and settings\Shaun\Local Settings\Temporary Internet Files\mcc34.tmp
    c:\documents and settings\Shaun\Local Settings\Temporary Internet Files\mccA.tmp
    .
    ((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
    .
    2010-05-22 12:20 . 2010-05-22 12:20 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-05-22 12:20 . 2010-05-22 12:20
    d
    w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2010-05-22 12:20 . 2010-05-22 12:20
    d
    w- c:\program files\Hitman Pro 3.5
    2010-05-22 11:20 . 2010-05-22 11:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-22 11:08 . 2010-05-22 11:08
    d
    w- c:\windows\system32\wbem\Repository
    2010-05-21 13:48 . 2010-05-21 13:48
    d
    w- c:\documents and settings\All Users\Application Data\SITEguard
    2010-05-21 13:48 . 2010-05-21 13:48 16384 ---ha-w- C:\SZKGFS.dat
    2010-05-21 13:47 . 2010-05-21 13:47
    d
    w- c:\program files\Common Files\iS3
    2010-05-21 13:47 . 2010-05-22 11:00
    d
    w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2010-05-21 07:25 . 2010-05-21 07:26
    d
    w- C:\rsit
    2010-05-20 15:41 . 2010-05-22 11:01
    d
    w- c:\program files\Trend Micro
    2010-05-20 13:37 . 2010-05-20 13:37
    d
    w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-05-20 07:57 . 2010-05-20 07:57
    d
    w- C:\$AVG
    2010-05-20 07:57 . 2010-05-20 08:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-18 21:21 . 2010-05-22 11:04
    d
    w- c:\documents and settings\All Users\Application Data\avg9(2)
    2010-04-28 16:27 . 2010-04-28 16:27
    d
    w- c:\program files\uTorrent
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-22 11:21 . 2009-04-17 11:06
    d
    w- c:\program files\Alwil Software
    2010-05-22 11:07 . 2009-04-17 11:23
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-22 11:07 . 2009-04-17 11:20
    d
    w- c:\program files\Spybot - Search & Destroy
    2010-05-22 11:07 . 2009-04-17 11:20
    d
    w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-21 07:24 . 2010-05-22 10:58 143022 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
    2010-05-20 14:31 . 2009-04-17 11:18
    d
    w- c:\program files\CCleaner
    2010-05-18 18:43 . 2009-04-19 10:32
    d
    w- c:\program files\Common Files\Java
    2010-05-12 10:21 . 2009-10-02 15:58 221568
    w- c:\windows\system32\MpSigStub.exe
    2010-05-09 12:48 . 2009-04-19 10:26
    d
    w- c:\program files\Messenger Plus! Live
    2010-05-06 20:59 . 2009-04-17 11:06 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-05-06 20:59 . 2009-04-17 11:06 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-05-06 20:39 . 2009-04-17 11:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-05-06 20:39 . 2009-04-17 11:06 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-05-06 20:34 . 2009-04-17 11:06 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-05-06 20:33 . 2009-04-17 11:06 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-05-06 20:33 . 2009-04-17 11:06 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-05-06 20:33 . 2009-04-17 11:06 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-05-06 20:33 . 2009-04-17 11:06 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-04-26 17:51 . 2009-04-19 10:30
    d
    w- c:\program files\FrostWire
    2010-04-04 10:59 . 2010-04-04 10:57
    d
    w- c:\documents and settings\All Users\Application Data\DivX
    2010-04-04 10:59 . 2010-04-04 10:59 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-04-04 10:59 . 2010-04-04 10:58
    d
    w- c:\program files\DivX
    2010-04-04 10:59 . 2010-04-04 10:59 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
    2010-04-04 10:58 . 2010-04-04 10:58 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-04-04 10:58 . 2010-04-04 10:58 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-04-04 10:58 . 2010-04-04 10:58 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-04-04 10:58 . 2010-04-04 10:58
    d
    w- c:\program files\Common Files\DivX Shared
    2010-04-04 10:58 . 2010-04-04 10:58 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-04-04 10:57 . 2010-04-04 10:59 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-04-04 10:57 . 2010-04-04 10:59 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-03-29 23:46 . 2009-04-17 11:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 23:45 . 2009-04-17 11:23 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-11 12:38 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-08 21:04 . 2010-02-04 18:31 256 ----a-w- c:\windows\system32\pool.bin
    2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    .
    ((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-05-16_15.29.54"]SnapShot@2010-05-16_15.29.54[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
    + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
    + 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
    + 2010-05-24 16:16 . 2010-05-24 16:16 16384 c:\windows\Temp\Perflib_Perfdata_dc.dat
    + 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
    + 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2010-05-22 11:20 . 2010-05-22 11:19 153376 c:\windows\system32\javaws.exe
    - 2009-12-24 13:44 . 2009-10-11 04:17 145184 c:\windows\system32\javaw.exe
    + 2010-05-22 11:20 . 2010-05-22 11:19 145184 c:\windows\system32\javaw.exe
    - 2009-12-24 13:44 . 2009-10-11 04:17 145184 c:\windows\system32\java.exe
    + 2010-05-22 11:20 . 2010-05-22 11:19 145184 c:\windows\system32\java.exe
    + 2010-05-22 11:20 . 2010-05-22 11:20 180224 c:\windows\Installer\8d285.msi
    + 2010-05-22 11:19 . 2010-05-22 11:19 576000 c:\windows\Installer\8d27f.msi
    + 2010-05-22 11:18 . 2010-05-22 11:18 219648 c:\windows\Installer\8d1e4.msi
    + 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
    + 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
    + 2009-06-24 11:26 . 2010-05-22 11:08 9928756 c:\windows\system32\Restore\rstrlog.dat
    + 2009-06-08 14:53 . 2010-05-22 11:17 3485696 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-06-08 14:53 . 2009-06-08 14:53 3485696 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-04-17 11:30 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
    + 2009-04-17 11:30 . 2010-04-30 10:51 32058312 c:\windows\system32\MRT.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
    "QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Intelligent Wireless Utility.lnk - c:\program files\Intelligent\Common\RaUI.exe [2009-4-17 1110016]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
    "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/04/2009 12:06 164048]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/04/2009 12:06 19024]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2009 20:16 135664]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 19:16]
    2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 19:16]
    2010-05-24 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
    .
    .
    Supplementary Scan
    .
    uInternet Settings,ProxyOverride = <local>
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    Trusted Zone: motive.com\pbttbc.bt
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-05-24 17:26
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x864F9CEC]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf7656f28
    \Driver\ACPI -> ACPI.sys @ 0xf74e9cb8
    \Driver\atapi -> atapi.sys @ 0xf74a1852
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
    ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    NDIS: Intel(R) PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf739abb0
    PacketIndicateHandler -> NDIS.sys @ 0xf7389a0d
    SendHandler -> NDIS.sys @ 0xf739db40
    user & kernel MBR OK
    **************************************************************************
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(692)
    c:\windows\system32\WININET.dll
    - - - - - - - > 'lsass.exe'(752)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-05-24 17:30:10
    ComboFix-quarantined-files.txt 2010-05-24 16:30
    ComboFix2.txt 2010-05-16 15:33
    Pre-Run: 60,300,341,248 bytes free
    Post-Run: 60,456,718,336 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    - - End Of File - - 564D035013B9C7EE0991E3929A34322D
  • ukwomble
    ukwomble Posts: 40 Forumite
    Recently had this problem myself,tried all the malware programs etc,nothing worked.I then decided to try a "system restore" back to before problem started,and it fixed it!Maybe try this also
    Be ALERT - The world needs more LERTS
  • wife_to_be
    wife_to_be Posts: 64 Forumite
    edited 24 May 2010 at 11:27PM
    omg.....

    im now having to use a laptop to ask for help.

    I did a drweb scan on my computer and when it went to re start i have no mouse. have i mega broken computer. im upset with myself now and my son is cross with me.

    we have tried using keyboard to get onto control panel to see if its there but it wont let me move across or down when i get on control panel.


    please help
  • wife_to_be
    wife_to_be Posts: 64 Forumite
    just bumping this thread please.

    have i done anything wrong by doing a drweb scan.

    any help please
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.8K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.