Google keeps re-directing me to advertment sites

john1

Wife to be

Not sure if this will help you but I use Sophos they concentrate on the business community. However they do have a free download tool to check a single computer http://www.sophos.com/products/free-tools/sophos-threat-detection-test.html

I haven’t tested it personally as currently using Sophos



Good luck hope you sort out the problem

aliEnRIK

TheAmazingMeatMan wrote: »

Unfortunately, some Trojans bypass even the most sophisticated of anti-virus software, so you need to take it to someone who knows how to remove this stuff.

Yes cos, we dont have a clue do we..............

TimothyEBaldwin

Coopdivi wrote: »

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5555

This is a baddie

Or perhaps it's some security software, I've seen AVG do similar tricks with email. Microsoft have a guide on how to identify the program, you are looking for port 5555.

The problem could also be on the network rather than on your PC. Try running the commands:

nslookup www.google.co.uk
nslookup www.google.com

Then check if the resulting IP address belongs to google using a whois search.

Try the new secure Google web search, that will stop any network based meddling with your connection to Google, but will not help with the rest of the Internet.

wife_to_be

just to let you guys know that im still trying to solve this problem. As i said before im not really into all the terminology so im gonna wait until my son has time (he knows a little more than me) and we are gonna try and work it together with the advice given.

Thanks in the meantime.

wife to be

The_Grandmaster

aliEnRIK wrote: »

Download HostsXpert
http://www.softpedia.com/progDownload/Hoster-Download-27041.html
and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program


.....................................................................



Please run COMBOFIX
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Shut down your anti virus
Follow the simple instructions it gives
Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out

If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
(If no log comes up or you lose it, COMBOFIX.TXT can be found in C drive)

Think following alienRIK is the best option

wife_to_be

Ive done the first bit of softpedia. yeah.

Then my internet went down so i could not do the other combofix part.

We are gonna do that bit tonight and then i will post the results, if thats okay.

thanks for all help so far i really appreciate it.

wife_to_be

ive done combofix scan and here are my results

i look forward to further help and advise.

thanks a lot



ComboFix 10-05-23.08 - Shaun 24/05/2010 17:19:03.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.658 [GMT 1:00]
Running from: c:\documents and settings\Shaun\Desktop\qwerty.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Shaun\Local Settings\Temporary Internet Files\mcc17.tmp
c:\documents and settings\Shaun\Local Settings\Temporary Internet Files\mcc1C.tmp
c:\documents and settings\Shaun\Local Settings\Temporary Internet Files\mcc34.tmp
c:\documents and settings\Shaun\Local Settings\Temporary Internet Files\mccA.tmp
.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.
2010-05-22 12:20 . 2010-05-22 12:20 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-22 12:20 . 2010-05-22 12:20

---

d

---

w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-22 12:20 . 2010-05-22 12:20

---

d

---

w- c:\program files\Hitman Pro 3.5
2010-05-22 11:20 . 2010-05-22 11:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-22 11:08 . 2010-05-22 11:08

---

d

---

w- c:\windows\system32\wbem\Repository
2010-05-21 13:48 . 2010-05-21 13:48

---

d

---

w- c:\documents and settings\All Users\Application Data\SITEguard
2010-05-21 13:48 . 2010-05-21 13:48 16384 ---ha-w- C:\SZKGFS.dat
2010-05-21 13:47 . 2010-05-21 13:47

---

d

---

w- c:\program files\Common Files\iS3
2010-05-21 13:47 . 2010-05-22 11:00

---

d

---

w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-21 07:25 . 2010-05-21 07:26

---

d

---

w- C:\rsit
2010-05-20 15:41 . 2010-05-22 11:01

---

d

---

w- c:\program files\Trend Micro
2010-05-20 13:37 . 2010-05-20 13:37

---

d

---

w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-20 07:57 . 2010-05-20 07:57

---

d

---

w- C:\$AVG
2010-05-20 07:57 . 2010-05-20 08:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-18 21:21 . 2010-05-22 11:04

---

d

---

w- c:\documents and settings\All Users\Application Data\avg9(2)
2010-04-28 16:27 . 2010-04-28 16:27

---

d

---

w- c:\program files\uTorrent
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 11:21 . 2009-04-17 11:06

---

d

---

w- c:\program files\Alwil Software
2010-05-22 11:07 . 2009-04-17 11:23

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2010-05-22 11:07 . 2009-04-17 11:20

---

d

---

w- c:\program files\Spybot - Search & Destroy
2010-05-22 11:07 . 2009-04-17 11:20

---

d

---

w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-21 07:24 . 2010-05-22 10:58 143022 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-05-20 14:31 . 2009-04-17 11:18

---

d

---

w- c:\program files\CCleaner
2010-05-18 18:43 . 2009-04-19 10:32

---

d

---

w- c:\program files\Common Files\Java
2010-05-12 10:21 . 2009-10-02 15:58 221568

---

w- c:\windows\system32\MpSigStub.exe
2010-05-09 12:48 . 2009-04-19 10:26

---

d

---

w- c:\program files\Messenger Plus! Live
2010-05-06 20:59 . 2009-04-17 11:06 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-04-17 11:06 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-04-17 11:06 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-04-17 11:06 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-04-17 11:06 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-04-17 11:06 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-04-17 11:06 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-04-17 11:06 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-04-17 11:06 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-26 17:51 . 2009-04-19 10:30

---

d

---

w- c:\program files\FrostWire
2010-04-04 10:59 . 2010-04-04 10:57

---

d

---

w- c:\documents and settings\All Users\Application Data\DivX
2010-04-04 10:59 . 2010-04-04 10:59 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-04 10:59 . 2010-04-04 10:58

---

d

---

w- c:\program files\DivX
2010-04-04 10:59 . 2010-04-04 10:59 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-04-04 10:58 . 2010-04-04 10:58 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-04-04 10:58 . 2010-04-04 10:58 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-04-04 10:58 . 2010-04-04 10:58 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-04 10:58 . 2010-04-04 10:58

---

d

---

w- c:\program files\Common Files\DivX Shared
2010-04-04 10:58 . 2010-04-04 10:58 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-04-04 10:57 . 2010-04-04 10:59 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-04-04 10:57 . 2010-04-04 10:59 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-29 23:46 . 2009-04-17 11:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-04-17 11:23 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 12:38 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:04 . 2010-02-04 18:31 256 ----a-w- c:\windows\system32\pool.bin
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((( [EMAIL="SnapShot@2010-05-16_15.29.54"]SnapShot@2010-05-16_15.29.54[/EMAIL] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-05-24 16:16 . 2010-05-24 16:16 16384 c:\windows\Temp\Perflib_Perfdata_dc.dat
+ 2009-07-11 23:02 . 2009-07-11 23:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 23:05 . 2009-07-11 23:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-05-22 11:20 . 2010-05-22 11:19 153376 c:\windows\system32\javaws.exe
- 2009-12-24 13:44 . 2009-10-11 04:17 145184 c:\windows\system32\javaw.exe
+ 2010-05-22 11:20 . 2010-05-22 11:19 145184 c:\windows\system32\javaw.exe
- 2009-12-24 13:44 . 2009-10-11 04:17 145184 c:\windows\system32\java.exe
+ 2010-05-22 11:20 . 2010-05-22 11:19 145184 c:\windows\system32\java.exe
+ 2010-05-22 11:20 . 2010-05-22 11:20 180224 c:\windows\Installer\8d285.msi
+ 2010-05-22 11:19 . 2010-05-22 11:19 576000 c:\windows\Installer\8d27f.msi
+ 2010-05-22 11:18 . 2010-05-22 11:18 219648 c:\windows\Installer\8d1e4.msi
+ 2009-07-11 23:02 . 2009-07-11 23:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 23:02 . 2009-07-11 23:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-06-24 11:26 . 2010-05-22 11:08 9928756 c:\windows\system32\Restore\rstrlog.dat
+ 2009-06-08 14:53 . 2010-05-22 11:17 3485696 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-06-08 14:53 . 2009-06-08 14:53 3485696 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-04-17 11:30 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
+ 2009-04-17 11:30 . 2010-04-30 10:51 32058312 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 344064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 1584640]
"QuickTime Task"="c:\program files\MpcStar\Codecs\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intelligent Wireless Utility.lnk - c:\program files\Intelligent\Common\RaUI.exe [2009-4-17 1110016]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/04/2009 12:06 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/04/2009 12:06 19024]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/12/2009 20:16 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 19:16]
2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-16 19:16]
2010-05-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.

---

Supplementary Scan

---

.
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: motive.com\pbttbc.bt
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 17:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x864F9CEC]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7656f28
\Driver\ACPI -> ACPI.sys @ 0xf74e9cb8
\Driver\atapi -> atapi.sys @ 0xf74a1852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf739abb0
PacketIndicateHandler -> NDIS.sys @ 0xf7389a0d
SendHandler -> NDIS.sys @ 0xf739db40
user & kernel MBR OK
**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\WININET.dll
.
Completion time: 2010-05-24 17:30:10
ComboFix-quarantined-files.txt 2010-05-24 16:30
ComboFix2.txt 2010-05-16 15:33
Pre-Run: 60,300,341,248 bytes free
Post-Run: 60,456,718,336 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 564D035013B9C7EE0991E3929A34322D

ukwomble

Recently had this problem myself,tried all the malware programs etc,nothing worked.I then decided to try a "system restore" back to before problem started,and it fixed it!Maybe try this also

wife_to_be

omg.....

im now having to use a laptop to ask for help.

I did a drweb scan on my computer and when it went to re start i have no mouse. have i mega broken computer. im upset with myself now and my son is cross with me.

we have tried using keyboard to get onto control panel to see if its there but it wont let me move across or down when i get on control panel.


please help

wife_to_be

just bumping this thread please.

have i done anything wrong by doing a drweb scan.

any help please