google redirection problem

[toobs]

Hello,

Please would you help me fix the "google redirection problem" I'm having?

In FireFox after google results are returned, some of the links do not take me to the correct web sites. More often than not, it's the first google result link. If I open the same link a second time it goes to the correct site.
Most times, avast or comodo recognises that the site is bad and prevents it from opening.

I've followed the instructions and downloaded ERUNT and made a backup of registry.
I've downloaded DDS and here are the results:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mark at 14:59:36 on 2011-08-11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.1150 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\proxomitron\Proxomitron.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\T-Mobile\web'n'walk USB manager\web'n'walk USB manager.exe
C:\WINDOWS\Explorer.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
mSearch Page =
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uInternet Settings,ProxyServer = http=localhost:8080;https=localhost:8080
uInternet Settings,ProxyOverride = http://www.firstdirect;ww1.banking;w...alplanner7.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0d73dbfb-d09a-6b90-843b-498840ec499d} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.9.24.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: 2nd &Speech Center: {cfe40ed8-564e-4693-a9d9-80db70c8e460} - c:\progra~1\2nd speech center\tts4ie.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [AshSnap] c:\program files\ashampoo\ashampoo snap 4\ashsnap.exe
uRun: [Google Update] "c:\documents and settings\mark\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mark\startm~1\programs\startup\proxom~1.lnk - c:\program files\proxomitron\Proxomitron.exe
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 01000000
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute\vrie.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.9.24.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302272398843
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302272377156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: Interfaces\{EC4DCF54-3F0E-4F9E-BF5C-FC6699221ED3} : NameServer = 149.254.230.7 149.254.192.126
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\bo31sp82.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\bo31sp82.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\mark\application data\mozilla\firefox\profiles\bo31sp82.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\mark\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\mark\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
FF - Ext: Fancy Numbered Tabs: {602E0D2D-7710-4d47-A32C-998398DB993D} - %profile%\extensions\{602E0D2D-7710-4d47-A32C-998398DB993D}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: Zoom toolbar: {FBFB7597-9E32-46b4-A500-8B6B0412777F} - %profile%\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - %profile%\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
FF - Ext: Bulk Image Downloader: {524B8EF8-C312-11DB-8039-536F56D89593} - %profile%\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: flickr original: flickr@jzlabs.com - %profile%\extensions\flickr@jzlabs.com
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: IE Tab Plus: ietab@ip.cn - %profile%\extensions\ietab@ip.cn
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XULRunner: {E172B369-8BE7-442D-9303-0B88D0FDC4AD} - c:\documents and settings\mark\local settings\application data\{E172B369-8BE7-442D-9303-0B88D0FDC4AD}
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-10-20 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-10-20 5248]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-2 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-3 309848]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 29400]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-8-21 38976]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-3 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-2 42184]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1793712]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-9-6 14976]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-7-14 231424]
R3 SscRdBus;Virtual bus device (SuperSpeed Software, Inc.);c:\windows\system32\drivers\SscRdBus.sys [2008-1-10 36608]
R3 SscRdFdo;RAM Disk (SuperSpeed Software, Inc.);c:\windows\system32\drivers\SscRdFdo.sys [2008-1-10 19200]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2006-3-30 140416]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-6 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-6 3072]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2008-7-8 31712]
S4 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\belkin\belkin wireless network utility\WLService.exe [2006-3-30 49152]
S4 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2007-10-18 258048]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2008-8-6 216032]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-08-04 10:59:47 -------- d-----w- c:\program files\COMODO
2011-08-04 10:58:14 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-08-04 10:56:51 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-08-04 10:53:23 -------- d-----w- c:\windows\Internet Logs
2011-08-02 10:43:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-02 10:43:30 40112 ----a-w- c:\windows\avastSS.scr
2011-08-02 10:43:15 -------- d-----w- c:\program files\AVAST Software
2011-08-02 10:42:48 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-07-19 14:46:17 -------- d-----w- c:\program files\BASS.NET
.
==================== Find3M ====================
.
2011-07-13 14:40:26 6776 ----a-w- C:\backup.bat
2011-06-30 12:49:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-30 08:38:14 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38:14 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38:12 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-27 14:45:19 356352 ----a-w- c:\windows\eSellerateEngine.dll
2011-05-29 18:12:06 0 ----a-w- c:\windows\Qtaguqecuzo.bin
2011-05-26 15:00:47 3407 ----a-w- C:\backup2.bat
.
============= FINISH: 15:02:50.90 ===============

Many thanks

[Blade81]

Hello,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
BitComet
eMule
Kazaa
LimeWire


I'd like you to read this thread.

Please go and uninstall the programs listed above (in red). Post fresh dds logs when done.

[toobs]

Hello,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
BitComet
eMule
Kazaa
LimeWire


I'd like you to read this thread.

Please go and uninstall the programs listed above (in red). Post fresh dds logs when done.

Okay, Removed as requested

new DDS log

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Mark at 10:11:56 on 2011-08-18
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.1314 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\NetWorx\networx.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\proxomitron\Proxomitron.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
mSearch Page =
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
uInternet Settings,ProxyServer = http=localhost:8080;https=localhost:8080
uInternet Settings,ProxyOverride = http://www.firstdirect;ww1.banking;w...alplanner7.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {0d73dbfb-d09a-6b90-843b-498840ec499d} - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.9.24.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: 2nd &Speech Center: {cfe40ed8-564e-4693-a9d9-80db70c8e460} - c:\progra~1\2nd speech center\tts4ie.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [TrueCrypt] "c:\program files\truecrypt\TrueCrypt.exe" /q preferences /a logon
uRun: [AshSnap] c:\program files\ashampoo\ashampoo snap 4\ashsnap.exe
uRun: [Google Update] "c:\documents and settings\mark\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mark\startm~1\programs\startup\proxom~1.lnk - c:\program files\proxomitron\Proxomitron.exe
uPolicies-explorer: StartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 01000000
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute\vrie.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - {E7A829CC-671F-4C3D-B590-8C0AEA72E6B2} - c:\program files\bitcomet\tools\BitCometBHO_1.1.9.24.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302272398843
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1302272377156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\bo31sp82.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\bo31sp82.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\mark\application data\mozilla\firefox\profiles\bo31sp82.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\mark\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\mark\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\progra~1\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Autofill Forms: autofillForms@blueimp.net - %profile%\extensions\autofillForms@blueimp.net
FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
FF - Ext: Fancy Numbered Tabs: {602E0D2D-7710-4d47-A32C-998398DB993D} - %profile%\extensions\{602E0D2D-7710-4d47-A32C-998398DB993D}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
FF - Ext: Cache Status: cache@status.org - %profile%\extensions\cache@status.org
FF - Ext: Clear Cache Button: {563e4790-7e70-11da-a72b-0800200c9a66} - %profile%\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: Zoom toolbar: {FBFB7597-9E32-46b4-A500-8B6B0412777F} - %profile%\extensions\{FBFB7597-9E32-46b4-A500-8B6B0412777F}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - %profile%\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
FF - Ext: Bulk Image Downloader: {524B8EF8-C312-11DB-8039-536F56D89593} - %profile%\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}
FF - Ext: Download Manager Tweak: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB} - %profile%\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
FF - Ext: flickr original: flickr@jzlabs.com - %profile%\extensions\flickr@jzlabs.com
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: IE Tab Plus: ietab@ip.cn - %profile%\extensions\ietab@ip.cn
FF - Ext: Cookie Monster: {45d8ff86-d909-11db-9705-005056c00008} - %profile%\extensions\{45d8ff86-d909-11db-9705-005056c00008}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: XULRunner: {E172B369-8BE7-442D-9303-0B88D0FDC4AD} - c:\documents and settings\mark\local settings\application data\{E172B369-8BE7-442D-9303-0B88D0FDC4AD}
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-10-20 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-10-20 5248]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-2 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-3 309848]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2006-4-3 14949]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 29400]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2009-8-21 38976]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-3 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-2 42184]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1793712]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-9-6 14976]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2008-7-14 231424]
R3 SscRdBus;Virtual bus device (SuperSpeed Software, Inc.);c:\windows\system32\drivers\SscRdBus.sys [2008-1-10 36608]
R3 SscRdFdo;RAM Disk (SuperSpeed Software, Inc.);c:\windows\system32\drivers\SscRdFdo.sys [2008-1-10 19200]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;c:\windows\system32\drivers\rt2500usb.sys [2006-3-30 140416]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-6 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-6 3072]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2008-7-8 31712]
S4 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\belkin\belkin wireless network utility\WLService.exe [2006-3-30 49152]
S4 Franson GpsGate 2.0;Franson GpsGate 2.0;c:\program files\franson\gpsgate 2.0\GpsGateService.exe [2007-10-18 258048]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2008-8-6 216032]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-08-14 09:17:35 -------- d-----w- C:\dll_save
2011-08-04 10:59:47 -------- d-----w- c:\program files\COMODO
2011-08-04 10:58:14 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-08-04 10:56:51 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-08-04 10:53:23 -------- d-----w- c:\windows\Internet Logs
2011-08-02 10:43:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-02 10:43:30 40112 ----a-w- c:\windows\avastSS.scr
2011-08-02 10:43:15 -------- d-----w- c:\program files\AVAST Software
2011-08-02 10:42:48 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-07-19 14:46:17 -------- d-----w- c:\program files\BASS.NET
.
==================== Find3M ====================
.
2011-07-13 14:40:26 6776 ----a-w- C:\backup.bat
2011-06-30 12:49:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-30 08:38:14 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38:14 242600 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38:12 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-27 14:45:19 356352 ----a-w- c:\windows\eSellerateEngine.dll
2011-05-29 18:12:06 0 ----a-w- c:\windows\Qtaguqecuzo.bin
2011-05-26 15:00:47 3407 ----a-w- C:\backup2.bat
.
============= FINISH: 10:16:18.65 ===============

thanks for helping

[Blade81]

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[toobs]

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Hi,

While combofix.exe was running and at approx stage 27 I got the blue screen of death - plug and play detected an error most likely caused by a faulty driver, message. stating it was dumping.

There was no disk activity and after 5 minutes I turned it off and back on.

Windows loaded as expected but there in no combofix.txt file in c:\ (root) or on desktop.

During the process, it did not find Windows recovery console and attempted to download it from Microsoft, despite seeing upload and small download data, it eventually gave up and started the scan.

I have XP CD but no instructions on how to get it from CD onto computer as How to use ComboFix text at beepingcomuters page does detail it. I can off course download if required?

please advise?

thanks
Mark

[toobs]

UPDATE:

I've installed Windows Recovery Console (from the OS CD) and it now appears on the windows boot screen as an option.

I ran Combofix again and this time (probably due to re-boot) it finished. Found new folders one of which was "c:\combofix" which contained the log below:

ComboFix 11-08-18.02 - Mark 18/08/2011 15:47:56.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.1471 [GMT 1:00]
Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Mark\Application Data\EurekaLog
C:\Documents and Settings\Mark\Application Data\EurekaLog\EurekaLog.ini
C:\Documents and Settings\Mark\WINDOWS
C:\Program Files\AskSearch\bin\DefaultSearch.dll
C:\WINDOWS\daemon.dll
C:\WINDOWS\system\PHONETIC.FON
C:\WINDOWS\system32\ccrpTmr6.dll
C:\WINDOWS\system32\delete.bat
C:\WINDOWS\system32\encapi32.dll
C:\WINDOWS\system32\Ijl11.dll
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\XSxS


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETH
-------\Legacy_NET_MESSAGE_SERVICE


((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))


2011-08-14 09:17:35 . 2011-08-14 09:19:21 -------- d-----w- C:\dll_save
2011-08-04 10:59:47 . 2011-08-04 10:59:47 -------- d-----w- C:\Program Files\COMODO
2011-08-04 10:58:14 . 2011-08-04 11:33:37 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Comodo
2011-08-04 10:56:51 . 2011-08-04 10:58:13 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2011-08-04 10:53:23 . 2011-08-04 10:53:23 -------- d-----w- C:\WINDOWS\Internet Logs
2011-08-02 10:48:13 . 2011-08-02 10:48:13 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\IETldCache
2011-08-02 10:43:54 . 2011-07-04 11:36:43 441176 ----a-w- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-08-02 10:43:30 . 2011-07-04 11:43:53 40112 ----a-w- C:\WINDOWS\avastSS.scr
2011-08-02 10:43:15 . 2011-08-02 10:43:15 -------- d-----w- C:\Program Files\AVAST Software
2011-08-02 10:42:48 . 2011-08-02 10:42:48 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVAST Software
2011-08-02 10:23:33 . 2011-08-02 10:23:33 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-07-13 14:40:26 . 2005-01-03 17:41:45 6776 ----a-w- C:\backup.bat
2011-07-04 11:43:51 . 2006-12-15 14:41:10 199304 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2011-07-04 11:36:32 . 2008-04-03 08:56:49 309848 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-04 11:35:23 . 2006-12-15 14:41:18 43608 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-04 11:35:12 . 2006-12-15 14:41:15 102616 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-04 11:35:09 . 2006-12-15 14:41:15 96344 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-04 11:32:32 . 2006-12-15 14:41:18 25432 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-04 11:32:13 . 2006-12-15 14:41:17 30808 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-04 11:32:12 . 2008-04-03 08:56:49 19544 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-06-30 12:49:23 . 2011-06-30 12:49:23 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-06-30 08:38:16 . 2011-06-30 08:38:16 97504 ----a-w- C:\WINDOWS\system32\drivers\inspect.sys
2011-06-30 08:38:14 . 2011-06-30 08:38:14 29400 ----a-w- C:\WINDOWS\system32\drivers\cmdhlp.sys
2011-06-30 08:38:14 . 2011-06-30 08:38:14 242600 ----a-w- C:\WINDOWS\system32\drivers\cmdGuard.sys
2011-06-30 08:38:12 . 2011-06-30 08:38:12 17416 ----a-w- C:\WINDOWS\system32\drivers\cmderd.sys
2011-06-30 08:37:26 . 2011-06-30 08:37:26 285256 ----a-w- C:\WINDOWS\system32\guard32.dll
2011-06-27 14:45:19 . 2011-06-27 14:45:19 356352 ----a-w- C:\WINDOWS\eSellerateEngine.dll
2011-05-26 15:00:47 . 2009-02-07 13:52:48 3407 ----a-w- C:\backup2.bat


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2007-11-19 13:19:32 . DE891AD282E856ACFD40990094A63B6F . 359808 . . [5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)] . . C:\WINDOWS\system32\dllcache\tcpip.sys
[-] 2007-11-19 13:19:32 . DE891AD282E856ACFD40990094A63B6F . 359808 . . [5.1.2600.2892 (xpsp_sp2_gdr.060420-0254)] . . C:\WINDOWS\system32\drivers\tcpip.sys
[7] 2006-04-20 12:18:35 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892 (xpsp.060420-0256)] . . C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07:08 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827 (xpsp.060112-2213)] . . C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 02:28:14 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827 (xpsp_sp2_gdr.060112-1653)] . . C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[7] 2005-05-25 19:07:12 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685 (xpsp.050525-1029)] . . C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 19:04:02 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685 (xpsp_sp2_gdr.050525-1028)] . . C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 08:00:00 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43:46 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

C:\Documents and Settings\Mark\Start Menu\Programs\Startup\
Proxomitron.exe.lnk - C:\Program Files\proxomitron\Proxomitron.exe [2003-6-1 295424]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-9-30 57344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2006-01-12 19:52:32 483328 ----a-w- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-05-04 10:59:40 794624 ----a-w- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-09-16 07:43:06 274432 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iWareV3]
2007-12-08 04:35:02 471040 ----a-w- C:\Program Files\MouseDriver\OfficeMouse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2003-07-21 18:21:10 1753088 ----a-w- C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50:42 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-06-10 17:08:01 155648 ----a-w- C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48:33 479232 ----a-w- C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Belkin 54g Wireless USB Network Adapter Service"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPodService"=3 (0x3)
"CCALib8"=2 (0x2)
"AcrSch2Svc"=2 (0x2)
"ReflectService"=2 (0x2)
"TUWinStylerThemeSvc"=3 (0x3)
"TermService"=3 (0x3)
"Irmon"=2 (0x2)
"gusvc"=3 (0x3)
"Franson GpsGate 2.0"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"MDM"=2 (0x2)
"UPS"=3 (0x3)
"mnmsrvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"LiveUpdate"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\KaZaA\\kazaa.exe"=
"C:\\Program Files\\KaZaA NEW\\kazaa.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\wjview.exe"=
"C:\\Program Files\\WinHTTrack\\WinHTTrack.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\Mark\\My Documents\\usr\\pics\\tmp\\utorrent.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\BitComet old\\BitComet.exe"=
"C:\\Program Files\\Hewlett-Packard\\AiO\\hp officejet g series\\Bin\\hpoavn07.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"C:\\Program Files\\Proximodo\\Proximodo.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 4\\Dreamweaver.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24652:TCP"= 24652:TCP:BitComet 24652 TCP
"24652:UDP"= 24652:UDP:BitComet 24652 UDP
"15958:TCP"= 15958:TCP:BitComet 15958 TCP
"15958:UDP"= 15958:UDP:BitComet 15958 UDP
"17207:TCP"= 17207:TCP:BitComet 17207 TCP
"17207:UDP"= 17207:UDP:BitComet 17207 UDP

R0 d347bus;d347bus;C:\WINDOWS\system32\drivers\d347bus.sys [20/10/2009 11:44:00 155136]
R0 d347prt;d347prt;C:\WINDOWS\system32\drivers\d347prt.sys [20/10/2009 11:44:00 5248]
R0 pssnap;Paramount Software Snapshot Filter;C:\WINDOWS\system32\drivers\pssnap.sys [20/05/2008 09:32:40 15328]
R1 aswSnx;aswSnx;C:\WINDOWS\system32\drivers\aswSnx.sys [02/08/2011 11:43:54 441176]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [03/04/2008 09:56:49 309848]
R1 bizVSerial;Franson VSerial;C:\WINDOWS\system32\drivers\bizVSerialNT.sys [03/04/2006 23:00:56 14949]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\WINDOWS\system32\drivers\cmdGuard.sys [30/06/2011 09:38:14 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\WINDOWS\system32\drivers\cmdhlp.sys [30/06/2011 09:38:14 29400]
R1 PSSDK42;PSSDK42;C:\WINDOWS\system32\drivers\pssdk42.sys [21/08/2009 12:14:35 38976]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [03/04/2008 09:56:49 19544]
R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\drivers\SBKUPNT.SYS [06/09/2009 16:05:42 14976]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\drivers\HSFHWATI.sys [14/07/2008 08:52:17 231424]
R3 SscRdBus;Virtual bus device (SuperSpeed Software, Inc.);C:\WINDOWS\system32\drivers\SscRdBus.sys [10/01/2008 14:02:45 36608]
R3 SscRdFdo;RAM Disk (SuperSpeed Software, Inc.);C:\WINDOWS\system32\drivers\SscRdFdo.sys [10/01/2008 14:02:46 19200]
S2 WinDefend;Windows Defender;C:\Program Files\Windows Defender\MsMpEng.exe [03/11/2006 19:19:58 13592]
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\drivers\rt2500usb.sys [30/03/2006 21:51:06 140416]
S3 epmntdrv;epmntdrv;C:\WINDOWS\system32\epmntdrv.sys [06/09/2009 16:42:25 8704]
S3 EuGdiDrv;EuGdiDrv;C:\WINDOWS\system32\EuGdiDrv.sys [06/09/2009 16:42:25 3072]
S3 PSMounter;Macrium Reflect Image Explorer Service;C:\WINDOWS\system32\drivers\psmounter.sys [08/07/2008 13:39:28 31712]
S4 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [30/03/2006 21:51:07 49152]
S4 Franson GpsGate 2.0;Franson GpsGate 2.0;C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe [18/10/2007 15:15:42 258048]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02/12/2006 07:17:54 2805000]
S4 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [06/08/2008 12:34:02 216032]

thanks
Mark

[toobs]

BTW, There was no log file by the name of "New dds log" or "dds log".

The are the names of all the files in the combofix folder:


I also checked "C:\" (root) and there have been no new files created there today. (I have hidden files shown)

[Blade81]

Hi again,

I edited the filenames out. No need to list those. To get new dds log just run the DDS again

[toobs]

Hi,

My system became unusable... I had no internet to discuss how to rectify... simple commands like msconfig and taskmanager failed to load.

After going into safe mode and system restoring as far back as I could, I got my computer to work again, but still with the re-direct problem.

I have now found out what was causing the redirect problem and have managed to identify what caused the additional problems which started happening after I contacted this forum.

Some advice for others: Removed as per FAQ

Thanks

[tashi]

As further assistance by an analyst appears to be no longer required this thread has been archived.

Best regards.