Major Problem - browser hijacked, cannot get rid of routing.exe, wserving.exe

[jholland1964]

For the moment you shouldn't be downloading ANY .exe files. What were you trying to download?
I see by your combofix log that you have several P2P file sharing programs on the computer. This is very likely HOW your computer became infected in the first place ESPECIALLY since you were not running an anti-virus program or a firewall. I should have been "clued in" when you said

eventually found a .rar combofix

. I did my own search for this, only ones I could find were on P2P sites.
Another thing I question is this;
You say you downloaded AVG...from where? Because then you say you cannot access the AVG website to update. If you got it from the Grisoft website then you should still have been able to update the program.
then you also say that you

couldn't attach the AVG scan log as its in excel format.

There is no reason for this to be in excel format, it should have been shown to you and saved as a text file.
Frankly none of this makes a lot of sense.

Now you say the AVG found Win32/Parite which is a family of polymorphic file infectors that targets computers running Microsoft Windows. You also have the Troj/NtRootK-DR on the computer.
You need to run SDFix to remove this but if you cannot download it I am not certain how you can get other than download it to another computer and bring it to yours via a disk.
Definitely NOT from a file sharing website!
Here is the link and instructions, see what you can do;

SDFix Instructions:

1. Please print these instructions as they will be needed later when Internet access is not available.
2. Logon to your computer with an account that has Administrator privileges.
3. Download SDFix.exe from the following link and save it to your desktop:
   
   SDFix Download Link

Confirm that the file SDFix.exe now resides on your desktop, but do not double-click on the icon as of yet. We will use it in later steps. The icon will look like the one below:

1. Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
2. A window will open asking where you would like to install SDFix to.

Do not change anything and press the Install button. This will install the program into the default location of C:\SDFix. At this point, you should not run SDFix, but instead continue to the next step where you will reboot into safe mode.

1. Next, please reboot your computer into Safe Mode by doing the following:
   
   1. Restart your computer
   2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
   3. Instead of Windows loading as normal, a menu should appear
   4. Select the first option, to run Windows in Safe Mode.
   5. When you are at the logon prompt, log in as the same user that you had performed the previous steps as.
   
   
2. When your computer has started in safe mode, and you see the desktop, close all open Windows.
3. Click on the Start button, click on the Run menu option, and type the following into the Open: field:
   
   C:\SDFix\RunThis.bat
   
   Then press the OK button.

The SDFix window will open containing some brief info and a disclaimer on the use of the tool.
If you want to continue, please press the Y key on your keyboard and then press enter. Otherwise, you can press the N key to exit the program.

SDFix will now start scanning your computer for known infections.
This process can take a while, so you may want to do something else and periodically check back on the status of SDFix. As the scanning process continues you will continue to see new messages on the screen.
When the scanning process has finished you will see a new screen stating that you need to restart your computer in order to continue.
At this point you should press any key on your computer's keyboard in order to restart the computer.

When your computer reboots, you will be presented with a screen stating that SDFix has finished.
At this point you should press any key on your computer's keyboard in order to continue to your desktop.

When you are back at your Windows desktop, the SDFix log will automatically be opened in notepad.
Copy/Paste that log back here.

[floppsybunny]

the only .exe files or anything that i've tried downloading in the past few days have been from links posted here on this board, or where i have had to go and find them elsewhere, mostly from cnet (download.com) whom i trust are safe. the combofix.rar comes from some other website, not p2p, but don't ask me to find it again, i think it was written in arabic (maybe that wasn't smart). the AVG comes from cnet, and i still can't update it, though it did do a productive scan and is running. i have since also downloaded from cnet and installed comodo firewall.

i am working on downloading the SDFix link, i get 404 if i open in new window and 'unknown error' when i right click on it. it's also not on cnet. so i'm going to try dusting off my old compaq armada, and see if i can download it that way.

i will let you know if i can run sdfix as instructed.

thanks again for all your help here. really appreciate it.

[floppsybunny]

i did manage to download sdfix from my laptop, and transfer it to my computer, but i can't restart my computer in safe mode! every time it loads and lists the drivers, it gets as far as system32\drivers\mup.sys and crashes, restarts.

don't know what to do.