I can no longer log onto my homepage unless it is in safe mode.

I have a number of windows come up one which says

The instruction at '0x000000' referenced memory at '0x000000' the memory could not be written. click ok to terminate, click cancel to debug.
Another I have is
This shutdown window was initiated by NT AUTHORITY/SYSTEM
C:WINDOWS/System32/Services.exe'
status code 1073741819
it then counts down from 59 and then my computer shutsdown

also I have the window saying
windows has closed Services and controller app
I have run Spybot, and ewindo and also done another of your scans recomended.

Before this happend I kept having amaena.com pop up window coming up every time I was online.

Please can someone help me with this

KLaura

just guessing here... restart your puter, when in windows the countdown will start, so go Start > run, and type
shutdown -a
Then control panel, folder options, view tab and select "show hidden files and folders"; uncheck "hide protected opsys files".
Right. now go into C:\windows\system32\drivers and see if you have a file sysbus32.sys - here i am guessing...
post back the answer.....

C:\.. or the root of the drive where windows is installed..

Done that and no I dont have sysbus32.sys.

Have managed though to log into my area without it shuting down this time not sure how but I keep getting amanea and drivercleaner come up every few minutes

it was a long shot. ok, go to this link, download the file into its own folder [ i suggest a folder in C: alongside program files]. Be in an administrator login, close everything, all applications etc and open the folder, dclick hijackthis.exe, close the explorer window and then click the "scan and save a logfile" button.
When it finishes a notepad with the log results will open; post it here.

http://216.180.233.162/~merijn/files/HijackThis.exe

klaura, i just looked down the list and saw an earlier post by you - am examining that log now.

Do you recognise these three entries?

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B05B66B-D653-469F-A3A8-467C148C0BC2}: NameServer = 205.188.146.145

basically i am asking what is this file:- C:\APPS\IE\offline\uk.htm
and do you know this IP :- 205.188.146.145 -is it anything to do with your office network?

This is my home computer so its nothing to do with office network. I am on wireless at home. But I dont recognise any of the entries but then I wouldnt I'm a bit of a computer alien

Logfile of HijackThis v1.99.1
Scan saved at 15:45:34, on 15/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1146088720\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\APPS\skype\phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AOL 9.0b\aoltray.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\common files\aol\1146088720\ee\services\antiSpywareApp\ver2_0_31_1\AOLSP Scheduler.exe
C:\WINDOWS\explorer.exe
c:\program files\common files\aol\1146088720\ee\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\Kaye\Desktop\spyware tools\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146088720\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\APPS\skype\phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-GB\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B05B66B-D653-469F-A3A8-467C148C0BC2}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Sorry for the delay, but sleeping must be done.
kaye, run HT again and then check those three entries i posted above and fix them.
I would like you to download CCleaner from http://www.ccleaner.com/ and put it in a new folder. You should aim to keep this one for general use. I set it using the install checkboxes to only open from the recycle bin. It's just a neater thing.
Run it by dclicking recycle bin icon and clicking on CCleaner.
[Investigate its options and settings... then perhaps keep it with altered settings for general cleanup work, to empty temp files, the recycle bin, clearing cookies, histories... you choose.]
Finally try this scan online:- http://www.pandasoftware.com/products/activescan? Give them some details, and follow the scan buttons. If it finds anything then post the log here.
Btw, get Adaware SE Personal from http://www.lavasoft.de/software/adaware/
- install it. Update it. Explore what settings you can change in it [via the cogwheel icon up top, if you are comfortable with that... you won't hurt anything]. Put an icon on your desktop for regular use. It's a very competent scan that you can run every 2 weeks or so, or whenever you suspect foul play.
Cheers.

Here the pandascan details
Thanks for helping me

Incident Status Location

Adware:adware program Not disinfected c:\windows\ss3unstl.exe
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Alex\Cookies\alex@drivecleaner[1].txt
Spyware:Cookie/Statcounter Not disinfected D:\Documents and Settings\Alex\Cookies\alex@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Alex\Cookies\alex@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected D:\Documents and Settings\Alex\Cookies\alex@stats1.reliablestats[2].txt
Spyware:Cookie/Toplist Not disinfected D:\Documents and Settings\Alex\Cookies\alex@toplist[1].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Alex\Cookies\alex@www.drivecleaner[2].txt
Spyware:Cookie/2o7 Not disinfected D:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt
Spyware:Cookie/Doubleclick Not disinfected D:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Guest\Cookies\guest@drivecleaner[1].txt
Spyware:Cookie/Mediaplex Not disinfected D:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected D:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Guest\Cookies\guest@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Guest\Cookies\guest@www.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor Not disinfected D:\Documents and Settings\Guest\Cookies\guest@www.systemdoctor[1].txt
Spyware:Cookie/Adrevolver Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@adrevolver[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@atwola[1].txt
Spyware:Cookie/Cgi-bin Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@cgi-bin[2].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@drivecleaner[1].txt
Spyware:Cookie/Serving-sys Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@serving-sys[1].txt
Spyware:Cookie/Servlet Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@servlet[1].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@stats.drivecleaner[2].txt
Spyware:Cookie/Toplist Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@toplist[1].txt
Spyware:Cookie/Tribalfusion Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@tribalfusion[1].txt
Spyware:Cookie/DriveCleaner Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@www.drivecleaner[2].txt
Spyware:Cookie/Systemdoctor Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@www.systemdoctor[1].txt
Spyware:Cookie/Xiti Not disinfected D:\Documents and Settings\Kaye\Cookies\kaye@xiti[1].txt