Cannot load any search engine websites in any of my browsers

Resolved
By ga41
Sep 23, 2011
Topic Status:
Not open for further replies.
  1. Hello there, i was wondering if you can provide some help with my problem. Before we begin i'd like to say that English is not my first language and i apologise in advance if i dont make myself clear at any point.

    The last 2 days i've had a few problems on my computer at work. The office is owned by me and we do not have a dedicated IT guy but my PC's are all with all the latest Windows updates and with updated A/V software.

    The problem i've had is that my Internet browsers wouldn't load any search engine websites like http://www.google.com or http://www.bing.com. All other websites worked fine. I tried them in Opera (my main browser), Chrome and Firefox. All updated to their latest versions. Opera has a feature called Opera Turbo which essentially routes all traffic through their servers for faster browsing on slow connections, if i used Opera Turbo i could load search engines normally. If i turned it off but was already on google.com for example i could still use it and search but if i tried to type the URL manually again it wouldn't load.

    On a possibly related note my work software which requires a Java based secure VPN client to work wouldn't connect either. Our helpdesk for that program told me to delete all files (including the Hosts file) in here C:\WINDOWS\system32\drivers\etc That fixed that problem but i still couldn't load the websites mentioned above.

    I have Microsoft's Security Essentials on my PC which is always updated and which performs a scheduled quick scan daily. After my problem i scanned my PC with full scans using Malwarebytes Anti-malware, Spybot Search & Destroy (which i also use to immunize the PC weekly) and my antivirus, they did not find anything apart from a couple of tracking cookies in Spybot and the problem persisted.

    After searching a bit i discovered this forum and through reading here i also downloaded SUPERAntispyware and ComboFix and scanned with those too, SUPERAntispyware found only one entry, i then booted in Safe Mode and scanned again with both SUPERAntispyware and Security Essentials, SUPERAntispyware found 1 entry again and Security Essentials nothing.

    When i rebooted again it seemed everything was OK, all search engines could be accessed fine, that was 2 days ago, yesterday all was well throughout the day but this morning the problem returned. I scanned once more with ComboFix and that seemed to do the trick but i'm worried that the problem might return again.

    I've now followed the 6 step instructions and here are my logs:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7780

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    23/09/2011 12:02:38
    mbam-log-2011-09-23 (12-02-38).txt

    Scan type: Quick scan
    Objects scanned: 209802
    Time elapsed: 6 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-23 12:04:43
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e Hitachi_HDS721616PLA380 rev.P22OABBA
    Running: wj7ur0pe.exe; Driver: C:\DOCUME~1\Sabre\LOCALS~1\Temp\pxtdqpow.sys


    ---- System - GMER 1.0.15 ----

    Code \??\C:\DOCUME~1\Sabre\LOCALS~1\Temp\catchme.sys pIofCallDriver

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:120] 8A75111D
    Thread System [4:380] 8A4A2B90

    ---- EOF - GMER 1.0.15 ----




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27
    Run by Sabre at 12:05:45 on 2011-09-23
    Microsoft Windows XP Professional 5.1.2600.3.1253.30.1033.18.2038.1268 [GMT 3:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\SABRE\Apps\OADP\Oadp.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\system32\Pelmiced.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\KeePass Password Safe\KeePass.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\SABRE\Apps\OADP\OadpUtil.exe
    C:\WINDOWS\sabserv.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Iomega StorCenter\retrospect\retrospect.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.msn.com
    mStart Page = hxxp://www.msn.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: {D79559E8-9991-41C5-AA2B-A96EC766F43F} - No File
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [KeePass Password Safe 2] "c:\program files\keepass password safe\KeePass.exe"
    mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    mRun: [Mouse Suite 98 Daemon] ICO.EXE
    mRun: [RetroExpress] c:\progra~1\iomega~1\retros~1\RetroExpress.exe /h
    mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe\KeePass.exe" --preload
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [MobileBroadband] c:\program files\vodafone\vodafone mobile broadband\bin\MobileBroadband.exe /silent
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\documents and settings\sabre\start menu\programs\startup\CleanupNortelVPN.bat
    StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sabre\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\opera.lnk - c:\program files\opera\opera.exe
    StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\outloo~1.lnk - c:\windows\installer\{90120000-0011-0000-0000-0000000ff1ce}\outicon.exe
    StartupFolder: c:\docume~1\sabre\startm~1\programs\startup\sabrer~1.lnk - c:\program files\sabre red workspace\profiles\t252_9114\mysabre.exe
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Iomega StorCenter.lnk.disabled
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\oadput~1.lnk - c:\sabre\apps\oadp\OadpUtil.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sabrep~1.lnk - c:\sabre\Sabstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sabres~1.lnk - c:\windows\sabserv.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: agentware.net\sabre-ds2
    Trusted Zone: sabre.com
    Trusted Zone: sabre.com\my
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226583171046
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.13/TSWeb.cab
    DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\sabre\application data\mozilla\firefox\profiles\p1wgld9n.default\
    FF - prefs.js: browser.startup.homepage - hxxp://home.live.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 58586
    FF - prefs.js: network.proxy.type - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
    R1 MpKsl3af437c8;MpKsl3af437c8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd692024-b02a-4351-a6e3-d0d7e4802cdf}\MpKsl3af437c8.sys [2011-9-23 28752]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-12-17 47640]
    R2 SabrePrint;Sabre Printing Module;c:\sabre\apps\oadp\Oadp.exe [2009-12-18 512000]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S1 MpKsl1ac233c6;MpKsl1ac233c6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{181b85ea-3007-4f50-8cac-046597edc401}\mpksl1ac233c6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{181b85ea-3007-4f50-8cac-046597edc401}\MpKsl1ac233c6.sys [?]
    S1 MpKslcffc1fbb;MpKslcffc1fbb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{514988c4-e1d6-4f72-9357-5fd756d135f7}\mpkslcffc1fbb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{514988c4-e1d6-4f72-9357-5fd756d135f7}\MpKslcffc1fbb.sys [?]
    S2 CfgSrvc;Config Service Helper;c:\windows\system32\CfgSrvc.exe [2007-8-9 55296]
    S2 gupdate1c98697a6707e86;Google Update Service (gupdate1c98697a6707e86);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]
    S2 HsspConfig;HSSP Configuration Module;c:\windows\system32\CfgSrvc.exe [2007-8-9 55296]
    S2 SDMan;Sabre Device Manager;c:\windows\sdman.exe [2009-12-18 106496]
    S2 VmbService;Υπηρεσία Vodafone Mobile Broadband;c:\program files\vodafone\vodafone mobile broadband\bin\VmbService.exe [2010-8-18 8704]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2010-10-16 30312]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-9-22 114432]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-10-16 36640]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-4 133104]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2151640]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
    S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2008-12-8 9040]
    S3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [2008-12-8 19408]
    S3 SASENUM;SASENUM;\??\c:\docume~1\sabre\locals~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\sabre\locals~1\temp\sas_selfextract\SASENUM.SYS [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-10-16 96488]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2010-10-16 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2010-10-16 121576]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2010-10-16 98152]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-09-23 08:44:59 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd692024-b02a-4351-a6e3-d0d7e4802cdf}\MpKsl3af437c8.sys
    2011-09-23 08:44:55 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd692024-b02a-4351-a6e3-d0d7e4802cdf}\offreg.dll
    2011-09-23 08:44:50 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cd692024-b02a-4351-a6e3-d0d7e4802cdf}\mpengine.dll
    2011-09-23 08:16:50 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-22 12:36:51 -------- d-----w- c:\documents and settings\sabre\application data\FLEXnet
    2011-09-22 12:30:25 114432 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
    2011-09-22 12:30:18 102912 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
    2011-09-22 12:29:29 -------- d-----w- c:\documents and settings\sabre\application data\Vodafone
    2011-09-22 12:28:37 -------- d-----w- c:\documents and settings\all users\application data\Vodafone
    2011-09-22 12:28:23 -------- d-----w- c:\program files\Vodafone
    2011-09-22 12:28:00 -------- d-----w- c:\documents and settings\sabre\local settings\application data\{11814DDC-A01D-4672-A4EE-313C63070E35}
    2011-09-22 06:33:13 -------- d-sha-r- C:\cmdcons
    2011-09-22 06:30:52 98816 ----a-w- c:\windows\sed.exe
    2011-09-22 06:30:52 518144 ----a-w- c:\windows\SWREG.exe
    2011-09-22 06:30:52 256000 ----a-w- c:\windows\PEV.exe
    2011-09-22 06:30:52 208896 ----a-w- c:\windows\MBR.exe
    2011-09-21 10:21:31 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-09-21 09:40:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-09-13 14:18:53 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-09-13 14:18:52 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
    .
    ==================== Find3M ====================
    .
    2011-09-23 08:16:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-31 14:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-17 05:17:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-11 10:06:38 385099 ----a-w- c:\windows\emuapi.dll
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-06 13:32:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-07-06 13:32:36 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2011-07-06 13:32:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2011-07-06 13:32:28 29568 ----a-w- c:\windows\system32\LMIport.dll
    .
    ============= FINISH: 12:06:39.70 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 09/08/2007 17:39:36
    System Uptime: 22/09/2011 09:43:47 (1 hours ago)
    .
    Motherboard: LENOVO | | LENOVO
    Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | LGA 775 | 1594/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 145 GiB total, 112.599 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetLink (TM) Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_169A&SUBSYS_300B17AA&REV_02\4&360A6DE&0&00E1
    Manufacturer: Broadcom
    Name: Broadcom NetLink (TM) Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_169A&SUBSYS_300B17AA&REV_02\4&360A6DE&0&00E1
    Service: b57w2k
    .
    ==== System Restore Points ===================
    .
    RP1: 22/09/2011 09:31:04 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    Adobe Shockwave Player 11.5
    Bing Maps 3D
    CCleaner
    Critical Update for Windows Media Player 11 (KB959772)
    Dropbox
    Epson Easy Photo Print 2
    EPSON Scan
    EPSON Stylus SX100_TX100 Manual
    EPSON SX100 Series Printer Uninstall
    EPSON Web-To-Page
    Foxit PDF Editor
    Foxit PDF Preview Handler for XP
    Foxit Reader
    Free Extended Task Manager
    GIMP 2.6.10
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Iomega StorCenter
    Java Auto Updater
    Java(TM) 6 Update 25
    KeePass Password Safe 2.16
    Live Mesh Remote Desktop Service
    LogMeIn
    MagicDisc 2.7.105
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MFC RunTime files
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Greek) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works 6-9 Converter
    Mouse Suite
    Mozilla Firefox 6.0.2 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySabre
    OGA Notifier 2.0.0048.0
    Open Systems Client
    Opera 11.51
    PDFCreator
    Picasa 3
    QT Lite 3.1.0
    Retrospect Express HD 2.5
    Revo Uninstaller 1.92
    Sabre Device Manager
    Sabre Print Module
    Sabre VPN
    SAMSUNG USB Driver for Mobile Phones
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype™ 5.3
    Smart Defrag 1.20
    SoundMAX
    Spybot - Search & Destroy
    SUPERAntiSpyware
    System Update
    ThinkVantage Technologies Welcome Message
    Tweak UI
    Unlocker 1.8.7
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office InfoPath 2007 Help (KB957243)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB957249)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Script Editor Help (KB957253)
    Update for Microsoft Windows (KB971513)
    Update for Outlook 2007 Junk Email Filter (KB2553110)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 1.1.5
    Wallpapers
    WebEx
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    XP Themes
    YNAB 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    22/09/2011 10:18:43, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    22/09/2011 09:42:05, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
    22/09/2011 09:35:33, error: Service Control Manager [7034] - The Sabre Device Manager service terminated unexpectedly. It has done this 1 time(s).
    22/09/2011 09:35:33, error: Service Control Manager [7034] - The HSSP Configuration Module service terminated unexpectedly. It has done this 1 time(s).
    22/09/2011 09:35:33, error: Service Control Manager [7034] - The Config Service Helper service terminated unexpectedly. It has done this 1 time(s).
    22/09/2011 09:32:41, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    21/09/2011 15:40:51, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    21/09/2011 10:18:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SASDIFSV SASKUTIL
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll help you sort through this problem:

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    I'd like to get some description of what's happening:

    Cannot load any search engine websites
    Do you mean that you have no search box on any of the browsers?
    Do you mean that is you put a word in a search box and press enter that nothing comes up/
    Do you mean that when the sites do come up on the search page and you choose a site that a different site come up?
    Do you mean that when you choose a site from a search that it doesn't load-or-you get a message like 'server no found-or-just see an hour glass with nothing happening?
    ===================================
  3. ga41

    ga41 Newcomer, in training Topic Starter

    Hello Bobbye, thank you for the reply.

    To answer your questions:

    1) I had all search boxes in all my browsers.

    2) If i put a search term in one of the browser search boxes it would not load the result page, it would try to load it for a few minutes and then display a "Server could not be found" type message. The same thing would happen if i manually typed www.google.com or www.bing.com in the address bar.

    3) No i did not get redirected to different sites than the ones displayed because i couldn't get results anyway.

    4) As above.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This is a connection problem.

    When you launch your browser, does it load with your homepage?
  5. ga41

    ga41 Newcomer, in training Topic Starter

    All other websites loaded fine, only ones which wouldn't load either when typing the address manually or when doing a search from a browser search box were search engine websites like google.com. I could ping www.google.com from cmd but i could still not load it in any of my browsers.
  6. ga41

    ga41 Newcomer, in training Topic Starter

    Back in the office this morning and it appears that whatever i did to repair this issue gets undone after a restart... I booted the computer and trying to access www.google.com or its subdomains results in this message in Chrome (Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.)

    All other websites work as normal, i also checked my Hosts file and there doesnt seem to be any funny lines in there.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thank you for giving me the error message- that makes my job a lot easier!

    All below are offered from Google Support:
    Causes: The majority of the time, they have to do with your own system configuration/setup or 3rd party programs that you install and are therefore outside of our control. For these cases, we provide the following suggestions:

    Resolutions:
    If this problem is still occurring for you and is only specific to Google Chrome, can you try clearing your browsing data
    To clear your browsing data, follow these steps:
    • Click the Wrench menu in the upper right corner
    • Select 'Clear browsing data'
    • Ensure that check boxes for 'Clear browsing history' and 'Empty the cache' are selected
    • Click 'Clear browsing data'

    Check settings:
    • Check your Internet connection.
    • Restart any router, modem, or other network devices you may be using.
    • Add Chrome as a permitted program in your firewall or antivirus software's settings.
    • If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
    • If you use a proxy server, check your proxy settings or contact your network administrator to make sure the proxy server is working.
    • If proxy isn't needed, reset as follows:
      [o]Go to the wrench menu > Options > Under the Hood > Change proxy settings
      [o] LAN Settings> uncheck Use a proxy server for your LAN

    It appears that this is a fairly common error. Please let me know if one of these options worked for you.

    You did not mention having a problem running Malwarebytes, but on some occasions the malware will not allow a direct download of Mbam, but if it is first downloaded to a flash drive, then run on the problem computer, the scan will run.
  8. ga41

    ga41 Newcomer, in training Topic Starter

    The problem is that it does not do this only in Chrome. It does this in Opera, Internet Explorer and Firefox too. All these browsers are their latest versions.

    I've also cleaned the browsing data in all of them previously without any effect.

    All other websites work fine apart from www.bing.com and www.google.com and other search engines.

    I've also checked my connection settings several times and they are normal.

    Other PC's in the office which are on the same network and using the same Internet connection can access the above websites without issues. It's only mine that is unable to.

    I also have no problems opening and using Malwarebytes and i've scanned with it several times already (although no scans of any kind since i posted the thread!).

    For reference these are the error messages in the other browsers:

    Firefox:

    The connection was reset
    The connection to the server was reset while the page was loading.


    Opera:

    Connection closed by remote server


    Internet Explorer:

    Internet Explorer cannot display the webpage

    This problem can be caused by a variety of issues, including:

    Internet connectivity has been lost.
    The website is temporarily unavailable.
    The Domain Name Server (DNS) is not reachable.
    The Domain Name Server (DNS) does not have a listing for the website's domain.
    There might be a typing error in the address.
    If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thanks for your patience. I got behind last weekend and am trying to catch up.

    Any or most of these can be the problem. But it indicates a system problem rather that malware.

    Let's work on the protocol settings first:

    For Internet Explorer:
    Open Internet Options through Control Panel or Tools in IE> Advanced tab> Security section at bottom> Make sure all three of these are checked:
    SSL 2.0
    SSL 3.0
    TLS 1.0
    Click on Apple> OK when done.

    For Firefox:
    Tools> Options> Advanced tab> Encryption tab> Make sure both of these are check:
    SSL 3.0
    TLS 1.0

    Chrome should have a similar section. Open Chrome and find the section, making sure any or all of these protocols are checked.

    See if that makes any difference.
  10. ga41

    ga41 Newcomer, in training Topic Starter

    No problem, i know you guys get many requests. I'm not in the office now (we're on different timezones, different continents in fact! :) ) but i'll try your suggestions tomorrow and report back.

    By the way it still did today when i was using it. I was switching between Opera Turbo back and forth whenever i needed to search for something!
  11. ga41

    ga41 Newcomer, in training Topic Starter

    Just did it now in all my browsers but no dice. Problem still persists.

    Firefox and Chrome already had them enabled, Internet Explorer only had TLS 1.0 disabled and so did Opera.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Did you enable it? After making sure all secure layers are enabled, please reboot and check to see if this makes the difference.
  13. ga41

    ga41 Newcomer, in training Topic Starter

    I enabled them, it still didn't make any difference but to be honest i don't remember if i rebooted afterwards. I'll try again on Monday and report back.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, let me know.
  15. ga41

    ga41 Newcomer, in training Topic Starter

    Just cold booted my PC now and tried to access www.google.com and www.bing.com, they did not load. Re-checked all my browsers and all security protocols are enabled...

    When it first started doing this, before i posted the thread, i noticed that after running Combofix the problem seemed to be resolved but come reboot it reverted back... Whatever Combofix did, it was cancelled out when i rebooted. Definitely strange.
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, about "After searching a bit i discovered this forum and through reading here i also downloaded SUPERAntispyware and ComboFix" and "the problem returned. I scanned once more with ComboFix "

    This forum and most others on the internet tell you specifically not to run Combofix unless being directed to do so by your helper. This is a very powerful program- it's not a program you run to 'clear things up!

    If you still have Combofix on the desktop, I'd like to see the second run log- please paste it in your next reply.

    If you do not, let me know and I will give you specific directions on what to do.
    ==========================================
    Questions:
    1. There are several processes running for LogMeIn, but the S4 LMIRfsClientNP;LMIRfsClientNP Service is stopped and disabled. Are you using this remove log in now? Did you disable this Service? If Yes, why?; [x]>

    2. Why do you have all of these on the Startup menu?
    Can't you access these as needed instead of having them start on boot, the run in the background?
    ---------------------------
    3. There is also an entry for AdAware:
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]>>Related to Lbd.sys Lavasoft Ad-Aware.
    It's stopped with no 'start' instructions and I don't see it in the installed programs. Have you uninstalled it?

    4.There are multiple entries for SABRE and SABSERV running:
    C:\SABRE\Apps\OADP\Oadp.exe???
    C:\SABRE\Apps\OADP\OadpUtil.exe
    C:\WINDOWS\sabserv.exe>> Sabreserver SABSERV.EXE
    As far as I can tell, this is Airline reservation software from Sabre. Available via Start -> Programs

    5. There is a proxy running:
    Proxy: mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
    Is that what this is? FF - prefs.js: network.proxy.http_port - 58586
    =======================================
    I'd like you to try this:
    Open Firefox> Right click on the upper toolbar> Customize> there is an entry names 'Search' with an icon> drag it up to the toolbar and drop. Does that give you the search option in Firefox?
  17. ga41

    ga41 Newcomer, in training Topic Starter

    I have not run Combofix again since i started this thread, i've just left work so if you still want to i will provide a log tomorrow.

    1) I do not remember stopping any Logmein service.

    2) The only items i manually added to the Startup folder were Outlook, Opera and Sabre Red (mysabre.exe, my work software) to save me having to click all 3 every morning. The rest were added during their installation, Dropbox for example i use regularly and would like to have running all the time and StorCenter is Iomega's utility for our NAS which does daily backups.

    3) I had installed AdAware yes but i really do not recall if i've uninstalled it or not. I dont remember doing so but again i cannot check at the moment.

    4) Yes, Sabre is our work software, i do not know what all the entries are for though.

    5) I have no knowledge of any proxy running, i had checked and did not see anything different with my connection settings, everything was in set to get the settings automatically but will check again tomorrow.

    6) All the search boxes are present and accounted for, it's just that using them does not work. I type my search terms, press enter and a tab opens which would load a URL like this: http://www.google.com/search?q=test...s=org.mozilla:en-US:official&client=firefox-a Well that URL never opens. It just results in the error messages i posted earlier. The same thing happens if i manually type http://www.google.com or http://www.bing.com. It doesnt load those websites.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I think it will be better when you're posting with access to the thread.

    If you type this: www.google.com in the Address bar, it will not load the site. It has to have the http:// or https before the www. You should just get a drop down list in the Address bar where it can choose what you want to load. If you type bing in the Search bar, you will get a screen full of sites with 'bing' in the name. If you check one of those, the site should them load.

    Your toolbar at the top of the screen should have 2 dialog boxes: one is for the search engine which you use to find a URL related to the search term you type in. The other is to accept the URL written in the full, correct context with http:// or https before the www.

    If you have a Bookmark/Favorite or a shortcut on your desktop that already had the full URL for the web page/site, if you click on it, link should then appear in the Address bar as the site loads.

    If you have copied a URL or if you know it exactly, you can either paste or type it into the Address bar, press Go or Enter and that URL should load.

    The input for the search engine and the Address Bar are not the same, nor are they interchangeable. So you would not expect Bing to load if you just put that word in the Address bar, nor would you expect http://www.bing.com to load if you put it in the search box.
    Again, I think you are considering a search engine and Address bar together.
    For instance If you have the search box on the browser, whether it's Google or Bing or any other, you shouldn't type http://www.google.com or http://www.bing.com in the search box> you're already there.

    If you have a Google search box and you would rather use Bing, then you type only the word Bing in the search box.

    If you type a full URL in the right context, it must go into the Address Bar to load it.

    A search engine looks for web pages that match your search term. Then you choose one of those pages, and you go to that site.

    To load the site directly, the http' and 'www' are required in addition to the site domain[/b]

    These are not interchangeable- they each have a purpose and the each require different entries.
    =======================================
    Virtually every program that you install put itself on the Start Menu. When installing, there is usually a box for 'Common' install which put the program everywhere it can. The other choice is 'Custom' which allows you to check or uncheck it's placement.

    However, keep in mind that those programs that start on boot will continue running in the background. So as you surf, temporary internet files and temp files are added. The will usually lead to some slowdown as more resources are used.

    If you prefer to chance that instead of simply launching the program as needed, it's your call. Convenience vs resources is usually degrading at some point.
    ==================================
    I do not make any changes to work software.
    ===================================
    You ran it once and it seemed to fix whatever the problem was. Then when the problem returned, you ran it again. The log I want is from that second runif you still have it.

    If you do not, I don't want you to run it again until I instruct you in how to uninstall it, then reinstall with my link. I just want to see what's it's removing that appears to help, at least for a while.
    ==================================
    Why I asked you about this : S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    The S4 designation on this Service means it's stopped (S) and disabled(4)
    This same entry can be either:
    1. Name:LMIRfsClientNP> File Name> LMIRfsClientNP.sys> Description: Added by an unidentified MALWARE! X
    or
    2. Name: LMIRfsClientNP> File Name> LMIRfsClientNP.dll> Related to LMIRfsClientNP.dll from LogMeIn, Inc. L

    The file extension is what makes the difference. Your entry had no file extension.

    ====================================
    There is a proxy running in Firefox: FF - prefs.js: network.proxy.http_port - 58586
    Did you reset as instructed?
    =================================
    I ask questions to try to give the user information that could affect entries I might remove. I do it because it would help the system. You prefer to have everything running and using the system resources- that's okay.
  19. ga41

    ga41 Newcomer, in training Topic Starter

    I know the difference between the address bar and the search box. I referenced each one seperately if you read back. Typing just www.google.com in the address bar the browser will append http:// in front anyway.

    Either case i tried again and they will not load even if i type these full URLs in the address bar in all 4 of my browsers.

    https://www.google.com/

    http://www.google.com/

    https://www.bing.com

    http://www.bing.com

    =============================================

    I unfortunately do not have the log you requested.. I checked in the Recycle Bin as well but it's not there unless the program stores a copy of the logs somewhere i don't know.

    =============================================



    I apologise but i don't understand what i'm supposed to do regarding this.

    =============================================

    I checked again just now and Firefox is not set up to use a proxy.

    =============================================

    Regarding your previous question about AdAware, it is installed but i have Ad-Watch Live disabled.
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    [​IMG][/list]
    ====================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ====================================
    You are using LogMeIn. The following process is a part of LogMeIn. But it is not running and it has been disabled. The description is:
    Display Name: LogMeIn Rfs Client Network Provider
    Filename: LMIRfsClientNP.dll

    I have looked for a description of what this files actually does, but LMI isn't giving that information. It is possible that this should be running. Please check another computer in the office and see what the status is.
    =========================================
    We don't seem to be making much progress. There are 2 things puzzling me- still>
    How do you access TechSpot?

    Don't you have a search engine that you routinely use in the browser?

    If you type the word bing in the browser search box, what happens?

    I am just not understanding the reason for searching for a search engine!
  21. ga41

    ga41 Newcomer, in training Topic Starter

    I will perform your Combofix instructions as soon as i get back to the office tomorrow.

    I used to use Google as my search engine but as mentioned i can't anymore. The only way for me to access http://www.google.com or make a Google search from a search box is with Opera if i have Opera Turbo enabled (http://www.opera.com/browser/turbo/)

    I first accessed Techspot by typing the http://www.techspot.com URL in the address bar but now i just type "techspot" and pick it from the previous addresses.

    As i said before i am not searching for the term "bing" or "google" i'm trying to perform a search. Period. Trying to perform a search for any term from the search box of any browser will not give me any results.

    For example, i type the word "test" in the search box in Opera, I press enter and it tries to load this URL: http://www.google.com/search?client...rceid=opera&ie=utf-8&oe=utf-8&channel=suggest Now, that URL never actually finishes loading. It just remains "Loading" for a few minutes and then displays Opera's "Page not found" message.

    The equivalent thing happens with Internet Explorer, Chrome and Firefox.

    Again, I am NOT initiating a search for the words "Google" or "Bing" or "Yahoo" or "www.google.com" or whatever, I'm simply trying to perform A Search.

    Now you could assume that the problem then lies with the browser's settings, which is what i initially thought. So i tried to access Google's website and search from there. I manually typed in the address bar www.google.com or http://www.google.com and even https://www.google.com and they too did NOT load. All the progress bars and whatnot were displaying "Loading" as they would for any other page but the websites would not actually load, no data would be downloaded. Eventually all browsers will display their equivalent "Page not found" messages. Which is what has led me to believe that this might be malware related. All other websites work fine, they load at normal speeds without issue. It's only search engines that cannot be accessed.

    Hope this makes things a bit clearer and i'd like to say that i do appreciate you taking the time to reply and try and help me with these issues.
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    A Host hijack can do this, but that would usually show up in one of the prelim logs. I apologize if I sounded like I was patronizing you. I'd like you to go ahead and run HijackThis If the log comes out with multiple entries like these
    O1 - Hosts file is located at: C:\WINDOWS\help\hosts
    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: 207.44.220.30 www.google.ca


    we can fix them and get you back to being able to search!
  23. ga41

    ga41 Newcomer, in training Topic Starter

    OK, i downloaded HijackThis from here: http://free.antivirus.com/hijackthis/ (version 2.0.4), saved the executable to my desktop, ran it and clicked on "Do a system scan and save a logflie".

    The only Hosts-related entries i can see are only about my work software. :(

    Here's the log if it's of help:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:20:01, on 07/10/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\CfgSrvc.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\WINDOWS\system32\CfgSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
    C:\WINDOWS\SDMan.EXE
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\SABRE\Apps\OADP\Oadp.exe
    C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\system32\FSRremoS.EXE
    C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe
    C:\WINDOWS\system32\Pelmiced.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\KeePass Password Safe\KeePass.exe
    C:\SABRE\Apps\OADP\OadpUtil.exe
    C:\WINDOWS\sabserv.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Sabre Red Workspace\Profiles\T252_9114\mysabre.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Documents and Settings\Sabre\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Iomega StorCenter\retrospect\retrospect.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Sabre\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O1 - Hosts: 127.0.0.34 ofep34.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.23 ofep23.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.36 fos.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.8 ofep08.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.21 ofep21.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.32 ofep32.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.44 access.certd.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.36 frt.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.28 ofep28.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.30 ofep30.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.6 ofep06.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.41 access.tstsa.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.26 ofep26.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.4 ofep04.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.35 ofep35.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.24 ofep24.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.37 lb1.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.39 tsts.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.39 access.tsts.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.33 ofep33.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.9 ofep09.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.22 ofep22.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.29 ofep29.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.40 cert.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.31 ofep31.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.7 ofep07.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.40 access.cert.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.20 ofep20.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.43 access.certc.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.42 access.tstsb.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.27 ofep27.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.5 ofep05.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.36 decs.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.25 ofep25.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.38 lb2.sabre.com # Nortel SSL-VPN
    O1 - Hosts: 127.0.0.3 ofep03.sabre.com # Nortel SSL-VPN
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe\KeePass.exe" --preload
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [KeePass Password Safe 2] "C:\Program Files\KeePass Password Safe\KeePass.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Startup: Opera.lnk = C:\Program Files\Opera\opera.exe
    O4 - Startup: Outlook 2007.lnk = ?
    O4 - Startup: Sabre Red Workspace.lnk = C:\Program Files\Sabre Red Workspace\Profiles\T252_9114\mysabre.exe
    O4 - Global Startup: Iomega StorCenter.lnk.disabled
    O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
    O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
    O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1226583171046
    O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.4014.13/TSWeb.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Google Update Service (gupdate1c98697a6707e86) (gupdate1c98697a6707e86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\rthlpsvc.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
    O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
    O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: O?cnao?a Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

    --
    End of file - 12726 bytes
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Yeah! We got it! You can't bring up the search engines because the searches are all set to go through Nortel SSL-VPN.

    Download HostXpert 4.4 and save it to the desktop
    • Unzip HostsXpert.zip
    • It will create a folder named HostsXpert in whatever folder you extract it to.
    • Double click HostsXpert.exe to run..
    • Click Restore MS Hosts File and then click OK.
    • Click the X to exit the program
    =====================================
    You are currently using HijackThis from a temporary directory- this can cause problems.HijackThis creates backups, these are needed in case of any recovery issues.

    Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

    Steps to create the folder
    1. Please go to My Computer> Double click on the Local Drive(C)> Select: New >> Folder and name the folder HJT.
    2. Download HijackThis to the new folder:
    3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
    4. Close ALL windows except HJT
    5. Scan> SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')> Use Ctrl-X to paste into Notepad and post the log.
    6. Don't make any changes in the log.
    ====================================
    Reboot the computer and try the other search engines. Do they come up now?
    ===================================
  25. ga41

    ga41 Newcomer, in training Topic Starter

    No luck once again Bobbye.

    I restored the Hosts file (which i had actually done once manually before i started the thread), saved the log from HijackThis, tried to access http://www.google.com and perform a search from the browser's search box but nothing. Same as before. Tried it with IE, Chrome, FF and Opera. Rebooted and tried again but still nothing.

    Those entries must have something to do with our work software because now it can't log in. Don't worry, that's happened before, if i delete all the files in the "etc" folder (the software's Tech Support recommendation) it's usually fixed. I haven't done that though right now.

    I think this is getting us nowhere, perhaps it's time for a format and be done with it, what do you think?

    Here's the HJT log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:50:23, on 08/10/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\system32\CfgSrvc.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\WINDOWS\system32\CfgSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
    C:\WINDOWS\SDMan.EXE
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\SABRE\Apps\OADP\Oadp.exe
    C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\system32\FSRremoS.EXE
    C:\WINDOWS\system32\Pelmiced.exe
    C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\KeePass Password Safe\KeePass.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\SABRE\Apps\OADP\OadpUtil.exe
    C:\WINDOWS\sabserv.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Program Files\Iomega StorCenter\retrospect\retrospect.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h
    O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe\KeePass.exe" --preload
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [KeePass Password Safe 2] "C:\Program Files\KeePass Password Safe\KeePass.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: CleanupNortelVPN.bat
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Startup: Opera.lnk = C:\Program Files\Opera\opera.exe
    O4 - Startup: Outlook 2007.lnk = ?
    O4 - Startup: Sabre Red Workspace.lnk = C:\Program Files\Sabre Red Workspace\Profiles\T252_9114\mysabre.exe
    O4 - Global Startup: Iomega StorCenter.lnk.disabled
    O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
    O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
    O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1226583171046
    O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.4014.13/TSWeb.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Google Update Service (gupdate1c98697a6707e86) (gupdate1c98697a6707e86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\rthlpsvc.exe
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
    O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
    O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: O?cnao?a Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

    --
    End of file - 10211 bytes
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.