Google redirect / search engines unable to load - Windows 7 system

Inactive
By Dtail42
Feb 1, 2012
Topic Status:
Not open for further replies.
  1. Dear All,

    For about 8-10 days, I'm having these problems with my laptop (32 bit Windows 7):
    When I start up my laptop after shutting it down entirely, all seems fine; google loads quickly. Then, from between 30-120 minutes after startup, things start going bad. First, google redirects (especially from links I try access after googling 'anti virus' or similar). Then, quite rapidly afterward, google (in any country/version) won't load at all, and neither will bing or yahoo.

    I have Sophos anti-virus installed, and ran a full check, with nothing found. I installed MalWare & did a quick scan, that found nothing:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.01.02

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Hansen :: FADING [administrator]

    01-Feb-12 12:05:52
    mbam-log-2012-02-01 (12-05-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199661
    Time elapsed: 12 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    --------------------------------


    Following the advice on your 5-step guide, I then ran gmer, with the following log as result:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-31 16:08:46
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GJ00
    Running: vtdn6o4v.exe; Driver: C:\Users\Hansen\AppData\Local\Temp\awldypod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8307A5D9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8309F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    PAGE ntkrnlpa.exe!ZwResumeThread 832A953E 1 Byte [CC] {INT 3 }
    .text iaStor.sys 83E5A8C6 1 Byte [CC] {INT 3 }

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.EXE[1972] kernel32.dll!CopyFileExW 765707DB 7 Bytes JMP 6FA075A0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
    .text C:\Windows\Explorer.EXE[1972] kernel32.dll!MoveFileWithProgressW 7657BE8C 5 Bytes JMP 6FA07460 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
    .text C:\Windows\Explorer.EXE[1972] ole32.dll!CoCreateInstance 7739590C 8 Bytes JMP 6FA07860 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2680] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2680] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2680] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2680] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2680] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[2680] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:436] 88D12161
    Thread System [4:504] 8AB78C30

    ------------------------
    After this, I saved the log above, as the system seemed to be finished - and got a message that it wasn't finished yet, so I re-ran/continued (?) the scan, and the following short log was created:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-31 16:10:02
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GJ00
    Running: vtdn6o4v.exe; Driver: C:\Users\Hansen\AppData\Local\Temp\awldypod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:436] 88D12161
    Thread System [4:504] 8AB78C30

    ---- EOF - GMER 1.0.15 ----



    ------------------------------
    Please help; any advice much appreciated!
    Cheers,
    Dennis
  2. Dtail42

    Dtail42 Newcomer, in training Topic Starter

    DDS logs posted here

    DDS txt:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
    Run by Hansen at 12:44:04 on 2012-02-01
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3511.1919 [GMT 1:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
    SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    C:\Program Files\Panasonic\PNotif\PNotif.exe
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Canon\DIAS\CnxDIAS.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Windows\system32\EtmService.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Panasonic\PPlanEx\opdoffsv.exe
    C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
    C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Panasonic\Selsussv\selsussv.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Panasonic\PPlanEx\PPlanEx.exe
    C:\Program Files\Panasonic\WSwitch\WSwitch.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Panasonic\PPlanEx\ChgBmode.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Panasonic\PPopup\ppopup.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Panasonic\WheelPad\Touchpad.exe
    C:\Users\Hansen\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://panasonic.net/avc/toughbook/landing.html
    uStart Page = hxxp://www.google.ch/
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [Facebook Update] "c:\users\hansen\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [PPlanEx] c:\program files\panasonic\pplanex\PPlanEx.exe
    mRun: [WSwitch] c:\program files\panasonic\wswitch\WSwitch.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [Panasonic Hotkey Manager] c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE
    mRun: [PCinfo] c:\program files\panasonic\pcinfo\PcInfoUt.exe
    mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
    mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe
    mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\hansen\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hansen\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-100000000002}\SC_Acrobat.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pcinfo~1.lnk - c:\program files\panasonic\ppopup\ppopup.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\touchp~1.lnk - c:\program files\panasonic\wheelpad\Touchpad.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Trusted Zone: danid.dk
    Trusted Zone: danid.dk
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 130.60.128.3 130.60.64.51
    TCP: Interfaces\{2C0EFC34-B9FC-48D1-9D34-1D1D1D632395} : DhcpNameServer = 130.60.128.3 130.60.64.51
    TCP: Interfaces\{D4504C51-1A91-434E-B047-ACD20B1F1A14}\0586162657C6F63716 : DhcpNameServer = 192.168.1.1 68.87.76.182 68.87.78.134
    TCP: Interfaces\{D4504C51-1A91-434E-B047-ACD20B1F1A14}\34162696E6E602055726C696360275966496 : DhcpNameServer = 89.150.129.4 89.150.129.10
    TCP: Interfaces\{D4504C51-1A91-434E-B047-ACD20B1F1A14}\94E6374716E64735C6565607 : DhcpNameServer = 213.191.74.12 62.109.123.254
    TCP: Interfaces\{D4504C51-1A91-434E-B047-ACD20B1F1A14}\C696E6B6379737 : DhcpNameServer = 212.242.40.3 212.242.40.51
    TCP: Interfaces\{D4504C51-1A91-434E-B047-ACD20B1F1A14}\D4F42494C454 : DhcpNameServer = 195.186.152.32 195.186.216.32
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\hansen\appdata\roaming\mozilla\firefox\profiles\gvb29958.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\hansen\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-1-25 64512]
    R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-21 122360]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 ETMService;Intel(R) Dynamic Power Performance Model Service Application;c:\windows\system32\EtmService.exe [2010-4-13 207384]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
    R2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\panasonic\pplanex\opdoffsv.exe [2010-4-13 1389440]
    R2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\panasonic\pcinfo\PcInfoPi.exe [2010-4-13 46912]
    R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\panasonic\pcinfo\PCInfoSV.exe [2010-4-13 243072]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]
    R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-12-21 97520]
    R2 SELSUSSV;USB Selective Suspend Manager;c:\program files\panasonic\selsussv\selsussv.exe [2010-12-20 113024]
    R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]
    R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-4-13 208552]
    R3 EtmDevDram;EtmDevDram;c:\windows\system32\drivers\EtmDevDram.sys [2010-4-13 56832]
    R3 EtmDevGen;EtmDevGen;c:\windows\system32\drivers\EtmDevGen.sys [2010-4-13 46080]
    R3 EtmDevMcp;EtmDevMcp;c:\windows\system32\drivers\EtmDevMcp.sys [2010-4-13 78336]
    R3 EtmDevPch;EtmDevPch;c:\windows\system32\drivers\EtmDevPch.sys [2010-4-13 51200]
    R3 EtmDrvMgr;EtmDrvMgr;c:\windows\system32\drivers\EtmDrvMgr.sys [2010-4-13 120320]
    R3 EtmFan;EtmFan;c:\windows\system32\drivers\EtmDevFan.sys [2010-4-13 27136]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-1-12 70656]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-4-13 132352]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-13 232448]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
    R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2010-4-13 53376]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-1-12 102784]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-1-12 208896]
    S3 MEITBLCD;Tablet Buttons information for Panasonic PC;c:\windows\system32\drivers\meitblcd.sys [2010-4-13 11968]
    S3 MEITBTN;Tablet Buttons HID Driver for Panasonic PC;c:\windows\system32\drivers\meitbtn.sys [2010-4-13 14784]
    S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2010-12-21 23928]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-21 1343400]
    S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-21 22536]
    .
    =============== Created Last 30 ================
    .
    2012-02-01 11:05:04 -------- d-----w- c:\users\hansen\appdata\roaming\Malwarebytes
    2012-02-01 11:04:53 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-01 11:04:52 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-01 11:04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-31 14:32:15 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2ccd0128-a57b-4879-b331-bd2cc3d93e02}\mpengine.dll
    2012-01-31 14:12:19 -------- d-----w- c:\users\hansen\appdata\roaming\Process Hacker 2
    2012-01-31 13:45:40 -------- d-----w- c:\program files\Process Hacker 2
    2012-01-31 13:22:54 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-31 13:22:54 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-31 13:22:54 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-31 13:22:54 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-25 14:50:34 -------- d-----w- c:\program files\ESET
    2012-01-25 13:41:09 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2012-01-25 13:11:50 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2012-01-25 13:09:43 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2012-01-25 13:09:35 -------- d-----w- c:\program files\Lavasoft
    2012-01-18 19:51:07 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-18 19:51:07 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-18 19:51:07 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-18 19:51:06 99840 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-18 19:51:06 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-18 19:51:06 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-18 19:51:06 314368 ----a-w- c:\windows\system32\webio.dll
    2012-01-18 19:51:06 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-18 19:51:06 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-18 19:51:06 15360 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-13 13:59:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-13 10:59:15 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
    2012-01-13 10:59:10 -------- d-----w- C:\AvaSoft7USB2
    2012-01-11 12:52:05 -------- d-----w- c:\programdata\Canon
    2012-01-11 12:51:34 81987 ----a-w- c:\windows\system32\AUCPLMNT.DLL
    2012-01-11 06:35:00 1288984 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 06:34:59 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 06:34:59 1328640 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 06:34:58 514560 ----a-w- c:\windows\system32\qdvd.dll
    .
    ==================== Find3M ====================
    .
    2011-12-07 09:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys
    2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-05 04:30:11 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
    2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 12:44:55.25 ===============
  3. Dtail42

    Dtail42 Newcomer, in training Topic Starter

    DDS attach.txt log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 20-Dec-10 22:14:17
    System Uptime: 01-Feb-12 8:38:05 (4 hours ago)
    .
    Motherboard: Panasonic Corporation | | CFF9-2
    Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz | IC1 | 2400/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 88.226 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&CE0BD7B&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&CE0BD7B&0&01
    Service: vwifimp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP231: 20-Jan-12 11:11:10 - Windows Update
    RP233: 23-Jan-12 12:02:03 - Windows Defender Checkpoint
    RP234: 24-Jan-12 8:06:58 - Windows Update
    RP235: 25-Jan-12 14:08:09 - Installed Ad-Aware
    RP236: 25-Jan-12 14:09:19 - Installed Ad-Aware
    RP237: 27-Jan-12 17:37:00 - Windows Update
    RP238: 31-Jan-12 15:31:08 - Windows Update
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Ad-Aware
    Adobe Acrobat 7.0 Professional - English, Français, Deutsch
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Amazon MP3-Downloader 1.0.9
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AvaSoft for AvaSpec USB2
    Battery Recalibration
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    BrettspielWelt
    Canon Utilities Digital Photo Professional 3.6
    Cisco Systems VPN Client 5.0.07.0290
    Conexant HD Audio
    D3DX10
    Debut Video Capture Software
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DivX Setup
    Dropbox
    EasyBits GO
    EndNote X1
    ESET Online Scanner v3
    Facebook Video Calling 1.1.1.1
    GoldWave v5.58
    Google Books Download
    GooReader
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotkey Appendix
    Hotkey Settings
    Intel PROSet Wireless
    Intel(R) Dynamic Power Performance Management
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    InterVideo WinDVD
    iPhoneBrowser
    ISI ResearchSoft - Export Helper
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Junk Mail filter update
    Loupe Utility
    Magic DVD Ripper V5.5.2
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 9.0.1 (x86 en-US)
    Mozilla Thunderbird (3.1.17)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NemID
    Optical Disc Drive Letter-Setting Utility
    Panasonic Common Components
    Panasonic Notification
    PC Information Popup
    PC Information Viewer
    PDF Settings
    Power Plan Extension Utility
    Process Hacker 2.27 (r4957)
    QuickTime
    R for Windows 2.12.1
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Data
    Roxio Central Tools
    Roxio Creator LJB
    Roxio File Backup
    RStudio
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    SigmaPlot 10.0
    Skype Click to Call
    Skype™ 5.5
    Sophos Anti-Virus
    Sophos AutoUpdate
    Synaptics Pointing Device Driver
    Touch Pad Utility
    upc cablecom Installer
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    USB Selective Suspend Manager
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.11
    Website Ripper Copier
    Windows Driver Package - Avantes (WinUSB) AvantesSpectrometers (08/24/2009 1.6.0.1)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Wireless Switch Utility
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31-Jan-12 19:51:20, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {24DC0815-9D82-47FD-81B3-11DE033EF7A3}. The error: "740" Happened while starting this command: "C:\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe" -Embedding
    31-Jan-12 19:49:59, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    31-Jan-12 19:49:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    .
    ==== End Of File ===========================
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! I'll help you get going in the right direction.

    Questions and Comments:
    1. This error appears in the Event Viewer:
    This may be a compatibility issue and/or it can indicate that it (requires elevation). But is DCOM won't start. you won't get very far. I am not familiar with this particular Sophos problem, but I found discussion of it here: http://community.sophos.com/t5/Sophos-Endpoint-Protection/Remote-Console-and-Windows-7/td-p/95

    There are 3 errors in a row: for the CD, for the Program Compatibility and for Sophos.
    ==================================
    I see domains fro DK> Switzerland in the Trusted zone and an IP from DhcpNameServer = 130.60.128.3
    University of Zurich
    descr: Zurich, Switzerland
    country: CH
    Please just assure me that these belong to you and your ISP.
    ===============================
    I see you already have the Eset Online Virus scan on the system. Please update it and run a new scan. Leave log in next reply if there is one.
    ==============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PMwith your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.

    Please leave logs in next reply.
  5. Dtail42

    Dtail42 Newcomer, in training Topic Starter

    Hi Bobbye,
    Thanks a lot for helping a stranger in need!

    First of all: yes, the Uni Zurich and DK / CH trusted zones are correct & belong to me.

    I re-ran & updated Eset online scan - result was negative, nothing found.

    I installed & ran combofix - the log is here:

    ----
    ComboFix 12-02-02.01 - Hansen 02-Feb-12 13:47:58.1.4 - x86
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3511.2095 [GMT 1:00]
    Running from: c:\users\Hansen\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Hansen\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DC367470-FCA6-41BA-9529-A72E3E32F89A}.xps
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-02 13:01 . 2012-02-02 13:01 -------- d-----w- c:\users\Webmail\AppData\Local\temp
    2012-02-02 13:01 . 2012-02-02 13:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-02 12:43 . 2012-02-02 12:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CCD0128-A57B-4879-B331-BD2CC3D93E02}\offreg.dll
    2012-02-01 11:05 . 2012-02-01 11:05 -------- d-----w- c:\users\Hansen\AppData\Roaming\Malwarebytes
    2012-02-01 11:04 . 2012-02-01 11:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-01 11:04 . 2012-02-01 11:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-01 11:04 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-31 14:32 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CCD0128-A57B-4879-B331-BD2CC3D93E02}\mpengine.dll
    2012-01-31 14:12 . 2012-01-31 14:12 -------- d-----w- c:\users\Hansen\AppData\Roaming\Process Hacker 2
    2012-01-31 13:45 . 2012-01-31 13:45 -------- d-----w- c:\program files\Process Hacker 2
    2012-01-31 13:22 . 2012-01-31 13:22 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-31 13:22 . 2012-01-31 13:22 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-31 13:22 . 2012-01-31 13:22 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-31 13:22 . 2012-01-31 13:22 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-25 14:50 . 2012-01-25 14:50 -------- d-----w- c:\program files\ESET
    2012-01-25 13:41 . 2012-01-25 13:11 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2012-01-25 13:11 . 2012-01-25 13:11 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2012-01-25 13:09 . 2011-12-23 06:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2012-01-25 13:09 . 2012-01-25 13:09 -------- d-----w- c:\programdata\Lavasoft
    2012-01-25 13:09 . 2012-01-25 13:09 -------- d-----w- c:\program files\Lavasoft
    2012-01-18 19:51 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-18 19:51 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-18 19:51 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-18 19:51 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-18 19:51 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-18 19:51 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
    2012-01-18 19:51 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-18 19:51 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-18 19:51 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-18 19:51 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-13 13:59 . 2012-01-13 13:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-13 10:59 . 2012-01-13 10:59 -------- d-----w- c:\program files\DIFX
    2012-01-13 10:59 . 2009-07-14 05:25 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
    2012-01-13 10:59 . 2012-01-13 14:47 -------- d-----w- C:\AvaSoft7USB2
    2012-01-11 12:52 . 2012-01-11 12:52 -------- d-----w- c:\programdata\Canon
    2012-01-11 12:51 . 2006-02-21 01:27 81987 ----a-w- c:\windows\system32\AUCPLMNT.DLL
    2012-01-11 06:35 . 2011-11-17 05:41 1288984 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 06:34 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 06:34 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 06:34 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-07 09:08 . 2010-12-21 19:15 236576 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-24 04:23 . 2011-12-14 09:42 2340352 ----a-w- c:\windows\system32\win32k.sys
    2011-11-05 04:35 . 2011-12-14 09:43 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 04:34 . 2011-12-14 09:43 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-05 04:30 . 2011-12-14 09:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 03:28 . 2011-12-14 09:43 386048 ----a-w- c:\windows\system32\html.iec
    2011-11-05 02:55 . 2011-12-14 09:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-01-31 13:22 . 2011-08-24 09:27 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hansen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hansen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hansen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Facebook Update"="c:\users\Hansen\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-25 137536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PPlanEx"="c:\program files\Panasonic\PPlanEx\PPlanEx.exe" [2010-03-18 590208]
    "WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2010-03-19 1209728]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
    "Panasonic Hotkey Manager"="c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [2010-04-05 1103232]
    "PCinfo"="c:\program files\Panasonic\pcinfo\PcInfoUt.exe" [2009-07-03 99136]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-17 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-17 175640]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-17 168472]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
    "PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2009-07-16 161088]
    "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\users\Hansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Hansen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2011-1-15 25214]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
    PC Information Popup.lnk - c:\program files\Panasonic\PPopup\ppopup.exe [2010-4-13 718208]
    Touch Pad Utility.lnk - c:\program files\Panasonic\WheelPad\Touchpad.exe [2010-4-13 373120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2004-12-14 01:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2010-12-22 02:55 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-26 23:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
    2009-11-19 04:45 307768 ------w- c:\program files\CONEXANT\SAII\SAIICpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R1 hvlbadmg;hvlbadmg;c:\windows\system32\drivers\hvlbadmg.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-10-25 102784]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-10-25 208896]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
    R3 MEITBLCD;Tablet Buttons information for Panasonic PC;c:\windows\system32\DRIVERS\MeiTBLCD.sys [2009-08-20 11968]
    R3 MEITBTN;Tablet Buttons HID Driver for Panasonic PC;c:\windows\system32\DRIVERS\MeiTBtn.sys [2009-08-20 14784]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2010-12-21 23928]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1343400]
    R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [x]
    R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2010-12-21 22536]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-12-23 64512]
    S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2010-10-08 122360]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 ETMService;Intel(R) Dynamic Power Performance Model Service Application;c:\windows\system32\EtmService.exe [2009-11-13 207384]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2012-01-25 2152152]
    S2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\Panasonic\PPlanEx\opdoffsv.exe [2010-03-18 1389440]
    S2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PCInfoPi.exe [2009-09-30 46912]
    S2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [2010-03-26 243072]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]
    S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2010-12-21 97520]
    S2 SELSUSSV;USB Selective Suspend Manager;c:\program files\Panasonic\Selsussv\selsussv.exe [2010-04-07 113024]
    S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-09-23 208552]
    S3 EtmDevDram;EtmDevDram;c:\windows\system32\DRIVERS\EtmDevDram.sys [2009-10-20 56832]
    S3 EtmDevGen;EtmDevGen;c:\windows\system32\DRIVERS\EtmDevGen.sys [2009-10-20 46080]
    S3 EtmDevMcp;EtmDevMcp;c:\windows\system32\DRIVERS\EtmDevMcp.sys [2009-10-20 78336]
    S3 EtmDevPch;EtmDevPch;c:\windows\system32\DRIVERS\EtmDevPch.sys [2009-10-20 51200]
    S3 EtmDrvMgr;EtmDrvMgr;c:\windows\system32\DRIVERS\EtmDrvMgr.sys [2009-10-20 120320]
    S3 EtmFan;EtmFan;c:\windows\system32\DRIVERS\EtmDevFan.sys [2009-10-20 27136]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-10-25 70656]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-07 232448]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-12-23 15232]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
    S3 NewMisc;Panasonic Misc Driver;c:\windows\system32\DRIVERS\newmisc.sys [2009-10-28 53376]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3142439408-3311776838-2971966211-1001Core.job
    - c:\users\Hansen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 17:45]
    .
    2012-02-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3142439408-3311776838-2971966211-1001UA.job
    - c:\users\Hansen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 17:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ch/
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    Trusted Zone: danid.dk
    Trusted Zone: danid.dk
    TCP: DhcpNameServer = 130.60.128.3 130.60.64.51
    FF - ProfilePath - c:\users\Hansen\AppData\Roaming\Mozilla\Firefox\Profiles\gvb29958.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-02-02 14:05:12
    ComboFix-quarantined-files.txt 2012-02-02 13:05
    .
    Pre-Run: 98,281,308,160 bytes free
    Post-Run: 98,461,282,304 bytes free
    .
    - - End Of File - - E064893E6ADA1A19AC768D29190D3D20
  6. Dtail42

    Dtail42 Newcomer, in training Topic Starter

    Also, I tried to look into the Sophos problem, but no luck finding anything useful. If it's a problem, should I uninstall it, and install/use a different anti-virus? If so, please advise.

    Cheers!
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    So far, I'm looking at a nice, clean, lean system!

    1. "all seems fine; google loads quickly".> Explain Do you mean when you search Google the site you choose loads right away? If not, what do you men.?

    2. "Then, from between 30-120 minutes after startup, things start going bad."> What are you trying to do t this time?

    3." First, google redirects (especially from links I try access after googling 'anti virus' or similar)".> When you say 'redirect', do you mean you are taken to a site other than the one you choose in a search from Google? If not, what? Does this just happen on security-related sites?

    3."Then, quite rapidly afterward, google (in any country/version) won't load at all, and neither will bing or yahoo.">
    How do you mean won't load? Do you get a 'server can't find...' or other message?
    Again with respect to 'load'> Do you mean the search engine itself Google won't load for you to do a search?
    If not, and this includes all 3 of the search engines-do you mean that you are unable to access a site using any of the 3 search engines? Message? What?

    4. Do you have an internet connection? When you boot, you have access. Look at the computer screens in the area by the clock> do you see a red X go on either when you hit the 30-120 min?
    ===============================
    I'd like you to disable the AdAware Adwatch which now lists itself as an antivirus:
    Ad-Aware AE Ad-Watch Live!
    • Right click on the Ad-Aware icon in the system tray. [​IMG]
    • Click on Disable Ad-Watch Live!

    It's possible that there is a conflict between the Sophos AV and AdWatch.
    Reboot the computer after disabling AdWatch and see if it makes any difference.
    =========================
    I'd like you to check some Services:

    Please download Farbar Service Scanner
    • Check Include all files option
    • Press the Scan button
    • Log named FSS.txt will be created in the same directory as the tool
    • Please paste the log into your next reply
    ======================================
    The only thing I observe in the logs is that Java is outdated. That would not cause what you are describing.
    =============================
    Please leave answers to my questions and Farbar log in next reply.
  8. Dtail42

    Dtail42 Newcomer, in training Topic Starter

    Hi Bobbye,

    I have disabled AdAware.

    I downloaded & ran Farbar Service Scanner. However, there was no option to tick 'include all files' -- see screenshot here:
    http://imageshack.us/photo/my-images/824/fssscreen.jpg/
    Please advise if I need to do things differently.

    Here is the log the scan created:
    Farbar Service Scanner Version: 05-02-2012
    Ran by Hansen (administrator) on 07-02-2012 at 16:19:08
    Running from "C:\Users\Hansen\Downloads"
    Microsoft Windows 7 Professional (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2011-11-09 09:38] - [2011-09-29 16:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

    C:\Windows\system32\dnsrslvr.dll
    [2011-04-14 07:13] - [2011-03-03 06:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit
    **** End of log ****


    In response to your questions:
    1. "all seems fine; google loads quickly".> Explain Do you mean when you search Google the site you choose loads right away? If not, what do you men.?
    I mean that when I hit my 'home' button in firefox (which is set to www.google.com), then the google page pops up instantly, and search queries produce good results.

    2. "Then, from between 30-120 minutes after startup, things start going bad."> What are you trying to do t this time?
    3." First, google redirects (especially from links I try access after googling 'anti virus' or similar)".> When you say 'redirect', do you mean you are taken to a site other than the one you choose in a search from Google? If not, what? Does this just happen on security-related sites?

    This means that when I, at some time into this period from whatever webpage (news site, scientific journals, etc), try to call up google by pressing the 'home' button again it takes distinctly longer (around 2-4 seconds) before google shows.
    From then on, what seem to be legit links resulting from google searches will take me to clearly non-intended sites --e.g. a search for 'elephant seed dispersal' (bear with me, I'm a bio-nerd) will produce a link to a colleague's website - but clicking the link takes me to a site filled with ads for online services or downloads. That kind of thing.

    3."Then, quite rapidly afterward, google (in any country/version) won't load at all, and neither will bing or yahoo.">
    How do you mean won't load? Do you get a 'server can't find...' or other message?
    Again with respect to 'load'> Do you mean the search engine itself Google won't load for you to do a search?

    If not, and this includes all 3 of the search engines-do you mean that you are unable to access a site using any of the 3 search engines? Message? What?
    I get a 'server can't find' error page - for all three search engines.

    4. Do you have an internet connection? When you boot, you have access. Look at the computer screens in the area by the clock> do you see a red X go on either when you hit the 30-120 min?
    I have a wired connection at university, and a wifi connection at home - I have tried to look out for red x's during online time on both connections, but have not consciously noted any such thing around the time google/search engines won't work.

    Update: The problem with onset of 'server can't find'-errors for google/search engines persists. However, it seems that it now takes significantly longer - around 60-180 minutes - after a fresh restart/boot before the error occurs, and google/search engines won't load anymore.There are also now not any searches for legit things that result in redirects to 'ad/download' pages. However, when I do a search for anything with anti-virus and then click on a legit link, I am still sometimes taken to a clearly non-intended 'ad/download' page.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please note: I will be Offline on Wednesday, 2/8 and Thursday, 2/9. When I return on Friday, 2/10, I will pick up the oldest threads first.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Open Farbar again. Look at the screen shot>
    [​IMG]
    all of the boxes should be checked. You only have the first 2 instead of 'all of the files.' Please run new scan with all boxes checked.

    Will change my confusing directions! I downloaded and ran twice and do not see the option to choose all! Sorry about that.
    ==============================
    Can you help me out on this please- no English safe sites to ID:
    AvaSoft7USB2
    =============================
    For this:
    For some reason and especially since the time intervals are random you are losing the internet connection. I think you are going to check things with your ISP- You have the following listed:
    IP 130.60.128.3 > Zurich
    IP 195.186.152.32 > Linkys router default
    IP 212.242.40.3> Telenor,, DK> Blacklisted for email
    IP 89.150.129.4 > Fullrate A/S> Denmark

    Advise check which one is connecting when you lose the connection and can't get the page.

    A redirect is different.
  11. Dtail42

    Dtail42 Newcomer, in training Topic Starter

    Hi Bobbye,

    I re-ran Farbar Service Scanner with all boxes ticked; here's the log:

    ------------
    Farbar Service Scanner Version: 12-02-2012 01
    Ran by Hansen (administrator) on 13-02-2012 at 09:13:39
    Running from "C:\Users\Hansen\Downloads"
    Microsoft Windows 7 Professional (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2011-11-09 09:38] - [2011-09-29 16:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

    C:\Windows\system32\dnsrslvr.dll
    [2011-04-14 07:13] - [2011-03-03 06:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

    C:\Windows\system32\mpssvc.dll
    [2009-07-14 00:53] - [2009-07-14 02:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

    C:\Windows\system32\bfe.dll
    [2009-07-14 00:54] - [2009-07-14 02:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll
    [2009-07-14 00:23] - [2009-07-14 02:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

    C:\Windows\system32\vssvc.exe
    [2009-07-14 00:24] - [2009-07-14 02:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

    C:\Windows\system32\wscsvc.dll
    [2011-02-09 07:12] - [2010-12-21 06:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll
    [2009-07-14 01:15] - [2009-07-14 02:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

    C:\Windows\system32\qmgr.dll
    [2009-07-14 00:30] - [2009-07-14 02:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****

    Regarding the 'AvaSoft7USB2' - this is software related to a photospectrometer I recently installed in my lab (from the company Avantes), and is safe.

    Regarding the ISP IP's - the two from Switzerland are legit; they are my university network, and my home internet provider. I expect the two in Denmark to be legit as well; one at my parent's place, one at a colleague where I stay from time to time & use his net every time.

    The redirect problem as well as the "can't find server error" occur in the same way on both of the Swiss networks. I haven't been on the Danish ones in quite a while.

    Something funny happened while looking up the IP's, though - it may help you in determining what is wrong: When (in Firefox) I google for a "what's my IP address'-website, google gives me as the first result 'your public IP address is: XYZ' - where XYZ stands for one out of five (!) IP addresses that seem to cycle through at random for every time I hit the 'reload current page' in the address bar:
    209.190.46.194
    46.23.64.114
    173.192.170.112
    209.222.8.98
    77.79.10.67

    BUT: If I go to any of the "what is my IP address" websites (e.g. www.whatismyip.com), I get the correct, current uni-Zurich address (130.60.20.162).

    Checking the above five addresses on www.whatismyipaddress.com, I get the following results -- and checking the blacklist-status here, too, they are all five blacklisted, but only once, at the same site: blackholes.five-ten-sg.com.

    IP: 209.190.46.194
    Decimal: 3518901954
    Hostname: c2.2e.be.static.xlhost.com
    ISP: eNET
    Organization: XLHost.com
    Services: None detected
    Type: Corporate
    Assignment: Static IP
    Location: USA, Columbus, Ohio

    IP: 46.23.64.114
    Decimal: 773275762
    Hostname: 46.23.64.114
    ISP: UK2 - Ltd
    Organization: UK2 Infrastructure
    Services: None detected
    Type:
    Assignment: Static IP
    Location: United Kingdom

    IP: 173.192.170.112
    Decimal: 2915084912
    Hostname: 173.192.170.112-static.reverse.softlayer.com
    ISP: SoftLayer Technologies
    Organization: Hosting Services
    Services: None detected
    Type: Corporate
    Assignment: Static IP
    Location: USA, Dallas, Texas

    209.222.8.98
    Decimal: 3520989282
    Hostname: 209.222.8.98.choopa.net
    ISP: Choopa.com
    Organization: Reliable_Servers
    Services: None detected
    Type: Corporate
    Assignment: Static IP
    Location: USA, Newark, New Jersey

    IP: 77.79.10.67
    Decimal: 1297025603
    Hostname: hst-10-67.duomenucentras.lt
    ISP: SPLIUS, UAB
    Organization: Webhosting, collocation services
    Services: None detected
    Type:
    Assignment: Static IP
    Location: Lithuania

    I hope this somehow helps????
    CHeers,
    Dennis
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Dennis, if you do a tracert, you may be able to observe these IPs as the trace proceeds. Google Support explains this:
    Why you may get different IPs: also from Google:
    More explanation for static vs dynamic IP: http://whatismyipaddress.com/
    -------------------------------------
    It appears that each of the ISPs you listed gave you a static IP: You have access in several different countries, so I don't know that I can do anything with the IPs you identified. You can watch any site as it loads in the lower left corner of the screen and follow the loading.
    =========================================
    I'd like to try the following. The fact that all; 3 browsers are being affected leans more toward a setting problem-or-something blocking access:

    Boot into Safe Mode with Networking
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking Option when the Windows Advanced Options menu appears, and then press ENTER.

    Once there, see of any or ll of the browsers will access correctly. There are a lot of processes running from Sophos. It won't start in this mode> see if it makes a difference.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Dennis, it's time to close the thread. Please send me a PM if you still have the problem and I can reopen the thread.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.