When I click on a link after a google search, I am being redirected to random web sites. Also, Start, Run, cmd does not work. If I make a copy of cmd.exe to cmdx.exe and then Start,Run,cmdx it works.

Thanks for the help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:38 PM, on 2/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cmdx.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O16 - DPF: {00110000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (11.5)) - http://www.whitfieldcountyga.com/realestate/ltocx11n.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146756500781
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {9D27C3FA-6662-4D29-99FB-A58A405FD584} (MOVEitUpDownWiz Class) - https://moveit.pcsbanking.com/COM/MOVEitUploadWizard4.0.0.ocx
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://southernfinancialsystems.webex.com/client/T26L/support/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45C81FDF-BAB9-49F1-B4C0-7692D47447D5}: NameServer = 189.0.0.10
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 16587 bytes

hi,

I dont recognize a antivirus app in your log. Do you have one installed and updated?
We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide, download combofix to your desktop. Disable any AV and antimalware as explained in the guide. Double click the combofix icon and follow the prompts. Post the combofix log in your reply.

The guide:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I downloaded combofix and it will not run. I renamed it and it still will not run. It does start and looks like it is loading but then does nothing. This is probably related to the reason the Start,Run,Cmd will not work.

Any suggestions?? Thanks!

hi,

do a online scan here;

ESET online scanner:

http://www.eset.com/onlinescan/

uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.

Here are the results from ESET. I have run several anti-virus programs and none of them have found anything.

Thanks!

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3897 (20090228)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=8ca5c28bd449cd41afc1c2e087ab5d7b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-01 08:45:33
# local_time=2009-03-01 03:45:33 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=754996
# found=0
# scan_time=20355

hi,


I renamed it and it still will not run.

Did you disable your AV, antimalware including tea timer as explained in the guide?

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.


You can try running combofix in Safe mode. to reach safe mode you would tap the f8 key during a computer restart. Chose the first option from the list safe mode.
You can also try running MBAM. link and directions:

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:

http://www.malwarebytes.org/mbam.php

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click **Remove Selected.**
*A restart may be required to finish the clean up process*
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

please post the MBAM log in reply if successful

I tried to run combofix in SAFE mode and it still will not work. It loads but then it terminates.

Here is the MBAM log. What ever is on my PC, it is determine to stay there.

Thanks!

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 3

3/1/2009 8:47:21 PM
mbam-log-2009-03-01 (20-47-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 229316
Time elapsed: 1 hour(s), 9 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Any other suggestions? Thanks!

I finally got COMBOFIX to work. The secret is when you download COMBOFIX do "save as" and save it under a different name. If you download it and just rename it, it may not work as in my case.

It appears my problems have been fixed. Start,Run,cmd works Start,run,regedit works, and am I am not being redirected to random web sites any more.

Thanks!

Here is my COMBOFIX log:

ComboFix 09-03-02.01 - Steve Griffin 2009-03-02 12:38:08.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.785 [GMT -5:00]
Running from: c:\documents and settings\Steve Griffin\Desktop\xyz.exe
Command switches used :: xyz
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-03-02 12:45 . 2009-03-02 12:45 <DIR> d--hs---- c:\documents and settings\Temporary Internet Files\Content.IE5
2009-03-01 14:05 . 2009-03-01 14:05 <DIR> d-------- C:\32788R22FWJFW.5.tmp
2009-03-01 14:05 . 2009-03-01 14:05 <DIR> d-------- C:\32788R22FWJFW.4.tmp
2009-03-01 14:04 . 2009-03-01 14:04 <DIR> d-------- C:\32788R22FWJFW.3.tmp
2009-02-28 16:25 . 2009-03-01 03:45 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-28 12:59 . 2009-03-02 08:38 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-28 12:59 . 2009-03-02 08:38 <DIR> d-------- c:\documents and settings\Steve Griffin\Application Data\SUPERAntiSpyware.com
2009-02-28 12:59 . 2009-02-28 12:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-28 12:21 . 2009-02-28 12:22 <DIR> d-------- C:\32788R22FWJFW.2.tmp
2009-02-28 12:20 . 2009-02-28 12:21 <DIR> d-------- C:\32788R22FWJFW.1.tmp
2009-02-28 12:17 . 2009-02-28 12:18 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-02-27 22:24 . 2009-02-27 22:04 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-27 22:04 . 2009-02-27 22:04 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-27 22:00 . 2009-02-27 22:00 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-27 12:15 . 2009-02-27 12:15 <DIR> d-------- c:\program files\ERUNT
2009-02-27 10:28 . 2009-02-27 15:27 354,903 --a------ c:\temp\METRO.zip
2009-02-25 23:41 . 2009-02-25 23:42 <DIR> d-------- C:\rsit
2009-02-25 23:37 . 2009-02-25 23:37 <DIR> d-------- c:\program files\Trend Micro
2009-02-25 22:48 . 2009-02-25 22:48 <DIR> d-------- c:\windows\ERUNT
2009-02-25 22:42 . 2009-02-25 23:26 <DIR> d-------- C:\SDFix
2009-02-25 22:34 . 2009-02-25 22:34 <DIR> d-------- C:\_OTMoveIt
2009-02-25 22:29 . 2009-02-25 22:35 <DIR> d-------- C:\OTScanIt2
2009-02-25 22:05 . 2009-03-01 14:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 22:05 . 2009-02-25 22:05 <DIR> d-------- c:\documents and settings\Steve Griffin\Application Data\Malwarebytes
2009-02-25 22:05 . 2009-02-25 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 22:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 22:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 20:56 . 2009-02-25 20:56 <DIR> d-------- c:\documents and settings\Temporary Internet Files\AntiPhishing
2009-02-25 20:56 . 2008-04-13 19:12 389,120 --a------ c:\windows\system32\cmdx.exe
2009-02-25 20:42 . 2009-02-25 20:42 <DIR> d-------- c:\program files\Auslogics
2009-02-25 20:38 . 2009-02-25 20:38 <DIR> d-------- c:\documents and settings\Steve Griffin\Application Data\GlarySoft
2009-02-25 20:34 . 2009-02-25 20:34 <DIR> d-------- c:\program files\Glary Registry Repair
2009-02-25 19:59 . 2009-02-25 19:59 <DIR> d-------- c:\documents and settings\Steve Griffin\Application Data\RegistryDefense
2009-02-25 19:39 . 2008-04-13 19:12 389,120 --a------ c:\temp\cmdx.exe
2009-02-25 18:46 . 2008-01-22 11:09 16,384 --a------ c:\windows\system32\WorkAfterReboot.exe
2009-02-24 23:32 . 2009-02-25 16:46 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-24 23:30 . 2005-09-23 08:29 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-02-24 23:18 . 2009-02-24 23:18 <DIR> d-------- c:\program files\Registrar Registry Manager
2009-02-24 23:18 . 2007-12-16 15:40 31,024 --a------ c:\windows\system32\rrMon.sys
2009-02-24 22:39 . 2009-02-25 06:08 1,374 --a------ c:\windows\imsins.BAK
2009-02-24 22:33 . 2009-03-02 12:17 <DIR> d-------- c:\documents and settings\Temporary Internet Files\OLK6BC
2009-02-24 22:31 . 2009-03-02 10:20 <DIR> d--h----- c:\documents and settings\Temporary Internet Files\Content.MSO
2009-02-24 22:21 . 2009-03-02 12:30 <DIR> d--h----- c:\documents and settings\Temporary Internet Files\Content.Word
2009-02-24 21:48 . 2008-04-13 20:12 116,224 --a------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-02-24 21:48 . 2001-08-17 22:37 27,648 --a------ c:\windows\system32\dllcache\xrxftplt.exe
2009-02-24 21:48 . 2001-08-17 22:36 23,040 --a------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-02-24 21:48 . 2008-04-13 20:12 18,944 --a------ c:\windows\system32\dllcache\xrxscnui.dll
2009-02-24 21:48 . 2001-08-17 22:37 4,608 --a------ c:\windows\system32\dllcache\xrxflnch.exe
2009-02-24 21:47 . 2001-08-17 22:37 99,865 --a------ c:\windows\system32\dllcache\xlog.exe
2009-02-24 21:47 . 2004-08-04 07:00 28,288 --a------ c:\windows\system32\dllcache\xjis.nls
2009-02-24 21:47 . 2004-08-03 22:29 19,455 --a------ c:\windows\system32\dllcache\wvchntxx.sys
2009-02-24 21:47 . 2008-04-13 14:46 19,200 --a------ c:\windows\system32\dllcache\wstcodec.sys
2009-02-24 21:47 . 2001-08-17 12:11 16,970 --a------ c:\windows\system32\dllcache\xem336n5.sys
2009-02-24 21:47 . 2004-08-03 22:29 12,063 --a------ c:\windows\system32\dllcache\wsiintxx.sys
2009-02-24 21:45 . 2001-08-17 13:28 794,399 --a------ c:\windows\system32\dllcache\usr1806v.sys
2009-02-24 21:44 . 2001-08-17 13:28 794,654 --a------ c:\windows\system32\dllcache\usr1801.sys
2009-02-24 21:43 . 2001-08-17 22:36 525,568 --a------ c:\windows\system32\dllcache\tridxp.dll
2009-02-24 21:42 . 2001-08-17 14:56 172,768 --a------ c:\windows\system32\dllcache\t2r4disp.dll
2009-02-24 21:41 . 2001-08-17 12:18 285,760 --a------ c:\windows\system32\dllcache\stlnata.sys
2009-02-24 21:40 . 2001-08-17 14:56 147,200 --a------ c:\windows\system32\dllcache\smidispb.dll
2009-02-24 21:39 . 2001-08-17 22:36 386,560 --a------ c:\windows\system32\dllcache\sgiul50.dll
2009-02-24 21:38 . 2001-08-17 22:36 495,616 --a------ c:\windows\system32\dllcache\sblfx.dll
2009-02-24 21:37 . 2001-08-17 13:28 899,146 --a------ c:\windows\system32\dllcache\r2mdkxga.sys
2009-02-24 21:36 . 2008-04-13 20:12 363,520 --a------ c:\windows\system32\dllcache\psisdecd.dll
2009-02-24 21:35 . 2008-04-13 20:10 259,328 --a------ c:\windows\system32\dllcache\perm3dd.dll
2009-02-24 21:34 . 2001-08-17 14:05 351,616 --a------ c:\windows\system32\dllcache\ovcodek2.sys
2009-02-24 21:33 . 2004-08-03 22:31 132,695 --a------ c:\windows\system32\dllcache\netwlan5.sys
2009-02-24 21:32 . 2004-08-04 07:00 1,875,968 --a------ c:\windows\system32\dllcache\msir3jp.lex
2009-02-24 21:31 . 2001-08-17 13:28 797,500 --a------ c:\windows\system32\dllcache\ltsmt.sys
2009-02-24 21:30 . 2004-08-04 07:00 1,158,818 --a------ c:\windows\system32\dllcache\korwbrkr.lex
2009-02-24 21:29 . 2004-08-04 07:00 471,102 --a------ c:\windows\system32\dllcache\imskdic.dll
2009-02-24 21:28 . 2004-08-04 07:00 311,359 --a------ c:\windows\system32\dllcache\imepadsv.exe
2009-02-24 21:28 . 2004-08-04 07:00 134,339 --a------ c:\windows\system32\dllcache\imekr.lex
2009-02-24 21:28 . 2004-08-04 07:00 102,463 --a------ c:\windows\system32\dllcache\imepadsm.dll
2009-02-24 21:28 . 2004-08-04 07:00 60,928 --a------ c:\windows\system32\dllcache\iisclex4.dll
2009-02-24 21:28 . 2004-08-04 07:00 57,398 --a------ c:\windows\system32\dllcache\imjpdadm.exe
2009-02-24 21:28 . 2004-08-04 07:00 44,032 --a------ c:\windows\system32\dllcache\imekrmig.exe
2009-02-24 21:28 . 2004-08-04 07:00 19,456 --a------ c:\windows\system32\dllcache\iiscrmap.dll
2009-02-24 21:28 . 2004-08-04 07:00 6,656 --a------ c:\windows\system32\dllcache\iissync.exe
2009-02-24 21:28 . 2004-08-04 07:00 3,584 --a------ c:\windows\system32\dllcache\iismui.dll
2009-02-24 21:26 . 2004-08-04 07:00 10,129,408 --a------ c:\windows\system32\dllcache\hwxkor.dll
2009-02-24 21:26 . 2004-08-04 07:00 10,096,640 --a------ c:\windows\system32\dllcache\hwxcht.dll
2009-02-24 21:26 . 2001-08-17 13:28 542,879 --a------ c:\windows\system32\dllcache\hsf_msft.sys
2009-02-24 21:26 . 2001-08-17 13:28 488,383 --a------ c:\windows\system32\dllcache\hsf_v124.sys
2009-02-24 21:26 . 2001-08-17 13:28 391,199 --a------ c:\windows\system32\dllcache\hsf_k56k.sys
2009-02-24 21:26 . 2001-08-17 14:56 353,184 --a------ c:\windows\system32\dllcache\i740dnt5.dll
2009-02-24 21:26 . 2001-08-17 13:28 73,279 --a------ c:\windows\system32\dllcache\hsf_spkp.sys
2009-02-24 21:26 . 2001-08-17 13:28 57,471 --a------ c:\windows\system32\dllcache\hsf_samp.sys
2009-02-24 21:26 . 2001-08-17 13:28 50,751 --a------ c:\windows\system32\dllcache\hsf_tone.sys
2009-02-24 21:26 . 2001-08-17 13:28 44,863 --a------ c:\windows\system32\dllcache\hsf_soar.sys
2009-02-24 21:26 . 2001-08-17 22:36 9,759 --a------ c:\windows\system32\dllcache\hsf_inst.dll
2009-02-24 21:24 . 2001-08-17 13:28 907,456 --a------ c:\windows\system32\dllcache\hcf_msft.sys
2009-02-24 21:23 . 2001-08-17 14:56 1,733,120 --a------ c:\windows\system32\dllcache\g400d.dll
2009-02-24 21:22 . 2001-08-17 13:28 595,647 --a------ c:\windows\system32\dllcache\es56cvmp.sys
2009-02-24 21:21 . 2001-08-17 13:28 634,134 --a------ c:\windows\system32\dllcache\el656ct5.sys
2009-02-24 21:20 . 2001-08-17 12:14 952,007 --a------ c:\windows\system32\dllcache\diwan.sys
2009-02-24 21:19 . 2001-08-17 22:36 419,357 --a------ c:\windows\system32\dllcache\dgconfig.dll
2009-02-24 21:18 . 2008-04-13 20:11 249,856 --a------ c:\windows\system32\dllcache\ctmasetp.dll
2009-02-24 21:17 . 2004-08-04 07:00 1,677,824 --a------ c:\windows\system32\dllcache\chsbrkr.dll
2009-02-24 21:16 . 2004-08-04 07:00 195,618 --a------ c:\windows\system32\dllcache\c_10002.nls
2009-02-24 21:15 . 2001-08-17 13:28 871,388 --a------ c:\windows\system32\dllcache\bcmdm.sys
2009-02-24 21:14 . 2001-08-17 13:28 762,780 --a------ c:\windows\system32\dllcache\3cwmcru.sys
2009-02-24 21:13 . 2004-08-04 07:00 7,168 --a------ c:\windows\system32\dllcache\wamregps.dll
2009-02-24 21:12 . 2001-08-17 14:56 66,048 --a------ c:\windows\system32\dllcache\s3legacy.dll
2009-02-24 21:11 . 2004-08-04 07:00 169,984 --a------ c:\windows\system32\dllcache\iisui.dll
2009-02-24 21:11 . 2004-08-04 07:00 94,720 --a------ c:\windows\system32\dllcache\certmap.ocx
2009-02-24 21:11 . 2004-08-04 07:00 19,968 --a------ c:\windows\system32\dllcache\inetsloc.dll
2009-02-24 21:11 . 2004-08-04 07:00 14,336 --a------ c:\windows\system32\dllcache\iisreset.exe
2009-02-24 21:11 . 2004-08-04 07:00 7,680 --a------ c:\windows\system32\dllcache\inetmgr.exe
2009-02-24 21:11 . 2004-08-04 07:00 6,144 --a------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-02-24 21:11 . 2004-08-04 07:00 5,632 --a------ c:\windows\system32\dllcache\iisrstap.dll
2009-02-24 21:05 . 2004-08-04 07:00 50,620 --a------ c:\windows\system32\command.com.bak
2009-02-24 21:05 . 2004-08-09 12:55 2,577 --a------ c:\windows\system32\config.nt.bak
2009-02-24 21:05 . 2004-08-04 07:00 1,688 --a------ c:\windows\system32\autoexec.nt.bak
2009-02-24 20:03 . 2009-02-24 20:03 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-20 18:49 . 2009-02-20 18:48 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-19 09:34 . 2009-02-19 09:35 430,080 --a------ c:\windows\system32\BSTIEPrintCtl1.dll
2009-02-10 09:33 . 2009-02-10 09:33 <DIR> dr------- c:\documents and settings\Steve Griffin\Application Data\Brother
2009-02-04 19:06 . 2009-02-04 19:06 58 --a------ c:\windows\BRPfX04A.INI
2009-02-04 19:06 . 2009-02-04 19:06 40 --a------ c:\windows\opt_2460.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 17:44 23,653,508 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-03-02 17:44 1,766,250,784 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-03-02 13:38 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-02 02:54 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-25 22:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-20 23:48 --------- d-----w c:\program files\Java
2009-02-09 13:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-30 04:13 --------- d-----w c:\program files\CCleaner
2009-01-19 03:33 --------- d-----w c:\program files\MSECache
2008-11-10 19:58 60,744 ------w c:\documents and settings\Steve Griffin\g2mdlhlpx.exe
2007-08-06 13:36 722,176 ------w c:\documents and settings\Steve Griffin\gotomypc_428.exe
2003-08-27 21:19 36,963 ------r c:\program files\Common Files\SM1updtr.dll
2008-06-02 16:49 27,976 ------w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-06-02 16:49 125,848 ------w c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-01-29 15:00 46,408 ----a-w c:\program files\mozilla firefox\plugins\atmccli.dll
2008-06-02 16:49 98,712 ------w c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-09-26 14:16 32,768 --sh--w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092620080927\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 68856]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ptmsgfrm.exe"="c:\program files\WebEx\Productivity Tools\ptmsgfrm.exe" [2008-08-30 42312]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-12-15 925696]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-01-25 106496]
"AMSG"="c:\progra~1\THINKV~2\AMSG\amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336]
"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-29 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-05-17 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-05-17 126976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-04-13 196608]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-04-13 208896]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-11-06 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 136600]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 1470464]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-27 509784]
"TpShocks"="TpShocks.exe" [2005-11-07 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]

c:\documents and settings\Steve Griffin\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 49152]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-06-19 50688]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2006-10-03 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 10:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-05-17 10:41 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-08 16:59 39936 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"aux2"= c:\windows\system32\..\joiiaax.tls

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd csspwntfy ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-27 64160]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-04-05 85760]
S1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-04-05 11520]
S1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2006-04-05 4224]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-04-05 4736]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-04-05 4442]
S2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-12-21 12544]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [2005-11-15 46142]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2005-12-21 3968]
S2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2005-12-08 3328]
S3 em556B;3Com 3ccxem556B PCMCIA Device Driver;c:\windows\system32\drivers\em556n4b.sys [2006-05-22 19996]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-02-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-27 22:04]

2009-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-03-02 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-04-13 00:15]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {45C81FDF-BAB9-49F1-B4C0-7692D47447D5} = 189.0.0.10
DPF: {00110000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.whitfieldcountyga.com/realestate/ltocx11n.cab
DPF: {9D27C3FA-6662-4D29-99FB-A58A405FD584} - hxxps://moveit.pcsbanking.com/COM/MOVEitUploadWizard4.0.0.ocx
FF - ProfilePath - c:\documents and settings\Steve Griffin\Application Data\Mozilla\Firefox\Profiles\buf0odlp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 12:47:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Micro Focus]
@Denied: (C D) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(364)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(420)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\IBM ThinkVantage\Client Security Solution\csspwntfy.dll
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtsp.dll
c:\program files\IBM ThinkVantage\Client Security Solution\tcsrpc.dll
c:\program files\IBM ThinkVantage\Client Security Solution\cssuserdatadispatcher.dll
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
Completion time: 2009-03-02 12:51:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-02 17:51:25

Pre-Run: 29,371,232,256 bytes free
Post-Run: 29,844,480,000 bytes free

334 --- E O F --- 2009-02-25 11:08:33

hi,

ok good. looks like your all set. You can remove combofix like this:
start>run and type in combofix /u
click ok or enter
Note: there is a space after the x and before the /

You can navigate to your root C drive and delete these temp directories:

C:\32788R22FWJFW.5.tmp
C:\32788R22FWJFW.4.tmp
C:\32788R22FWJFW.3.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.0.tmp

if all is good, some info for you:

Reducing Your Risk To Malware:
The Short Version:

1) Keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other Software (http://secunia.com/vulnerability_scanning/online/) up to date to "patch" possible vulnerabilities that could be exploited.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, links or popups.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, Chat Rooms or Social Sites, no matter how tempting or legitimate the message.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software to your computer.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing.*

8) Install and know the limitations of a software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. See also: Hardening or Securing Internet Explorer. (http://www.microsoft.com/downloads/details.aspx?FamilyID=6AA4C1DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en)

10) If your habits include: warez, cracks etc or you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.