I am experiencing problems similar to: http://forums.spybot.info/showthread.php?t=53587

"unexpected error in fixing problems (cannot create file "C:\windows\system32/drivers\etc\hosts". Access is denied"


When I run HiJackThis, I get a warning: "For some reason our system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

Next message: Yo have an particularly large amount of hijacked domains. It's probably better to delete the file itself than to fix each item (and create a backup). If you see the same IP address in all the reported O1 items, consider deleting your Hosts file, which is located at C:\Windows\System32\drivers\etc\hosts.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:00 AM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com (http://www.getantivirusplusnow.com)
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com (http://www.secure-plus-payments.com)
O1 - Hosts: 74.125.45.100 www.getavplusnow.com (http://www.getavplusnow.com)
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com (http://www.securesoftwarebill.com)
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 88.198.198.204 google.ae
O1 - Hosts: 88.198.198.204 google.az
O1 - Hosts: 88.198.198.204 google.ba
O1 - Hosts: 88.198.198.204 google.be
O1 - Hosts: 88.198.198.204 google.bg
O1 - Hosts: 88.198.198.204 google.bs
O1 - Hosts: 88.198.198.204 google.ca
O1 - Hosts: 88.198.198.204 google.cd
O1 - Hosts: 88.198.198.204 google.com.gh
O1 - Hosts: 88.198.198.204 google.com.hk
O1 - Hosts: 88.198.198.204 google.com.jm
O1 - Hosts: 88.198.198.204 google.com.mx
O1 - Hosts: 88.198.198.204 google.com.my
O1 - Hosts: 88.198.198.204 google.com.na
O1 - Hosts: 88.198.198.204 google.com.nf
O1 - Hosts: 88.198.198.204 google.com.ng
O1 - Hosts: 88.198.198.204 google.ch
O1 - Hosts: 88.198.198.204 google.com.np
O1 - Hosts: 88.198.198.204 google.com.pr
O1 - Hosts: 88.198.198.204 google.com.qa
O1 - Hosts: 88.198.198.204 google.com.sg
O1 - Hosts: 88.198.198.204 google.com.tj
O1 - Hosts: 88.198.198.204 google.com.tw
O1 - Hosts: 88.198.198.204 google.dj
O1 - Hosts: 88.198.198.204 google.de
O1 - Hosts: 88.198.198.204 google.dk
O1 - Hosts: 88.198.198.204 google.dm
O1 - Hosts: 88.198.198.204 google.ee
O1 - Hosts: 88.198.198.204 google.fi
O1 - Hosts: 88.198.198.204 google.fm
O1 - Hosts: 88.198.198.204 google.fr
O1 - Hosts: 88.198.198.204 google.ge
O1 - Hosts: 88.198.198.204 google.gg
O1 - Hosts: 88.198.198.204 google.gm
O1 - Hosts: 88.198.198.204 google.gr
O1 - Hosts: 88.198.198.204 google.ht
O1 - Hosts: 88.198.198.204 google.ie
O1 - Hosts: 88.198.198.204 google.im
O1 - Hosts: 88.198.198.204 google.in
O1 - Hosts: 88.198.198.204 google.it
O1 - Hosts: 88.198.198.204 google.ki
O1 - Hosts: 88.198.198.204 google.la
O1 - Hosts: 88.198.198.204 google.li
O1 - Hosts: 88.198.198.204 google.lv
O1 - Hosts: 88.198.198.204 google.ma
O1 - Hosts: 88.198.198.204 google.ms
O1 - Hosts: 88.198.198.204 google.mu
O1 - Hosts: 88.198.198.204 google.mw
O1 - Hosts: 88.198.198.204 google.nl
O1 - Hosts: 88.198.198.204 google.no
O1 - Hosts: 88.198.198.204 google.nr
O1 - Hosts: 88.198.198.204 google.nu
O1 - Hosts: 88.198.198.204 google.pl
O1 - Hosts: 88.198.198.204 google.pn
O1 - Hosts: 88.198.198.204 google.pt
O1 - Hosts: 88.198.198.204 google.ro
O1 - Hosts: 88.198.198.204 google.ru
O1 - Hosts: 88.198.198.204 google.rw
O1 - Hosts: 88.198.198.204 google.sc
O1 - Hosts: 88.198.198.204 google.se
O1 - Hosts: 88.198.198.204 google.sh
O1 - Hosts: 88.198.198.204 google.si
O1 - Hosts: 88.198.198.204 google.sm
O1 - Hosts: 88.198.198.204 google.sn
O1 - Hosts: 88.198.198.204 google.st
O1 - Hosts: 88.198.198.204 google.tl
O1 - Hosts: 88.198.198.204 google.tm
O1 - Hosts: 88.198.198.204 google.tt
O1 - Hosts: 88.198.198.204 google.us
O1 - Hosts: 88.198.198.204 google.vu
O1 - Hosts: 88.198.198.204 google.ws
O1 - Hosts: 88.198.198.204 google.co.ck
O1 - Hosts: 88.198.198.204 google.co.id
O1 - Hosts: 88.198.198.204 google.co.il
O1 - Hosts: 88.198.198.204 google.co.in
O1 - Hosts: 88.198.198.204 google.co.jp
O1 - Hosts: 88.198.198.204 google.co.kr
O1 - Hosts: 88.198.198.204 google.co.ls
O1 - Hosts: 88.198.198.204 google.co.ma
O1 - Hosts: 88.198.198.204 google.co.nz
O1 - Hosts: 88.198.198.204 google.co.tz
O1 - Hosts: 88.198.198.204 google.co.ug
O1 - Hosts: 88.198.198.204 google.co.uk
O1 - Hosts: 88.198.198.204 google.co.za
O1 - Hosts: 88.198.198.204 google.co.zm
O1 - Hosts: 88.198.198.204 google.com
O1 - Hosts: 88.198.198.204 google.com.af
O1 - Hosts: 88.198.198.204 google.com.ag
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192176863531
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 19794 bytes

That other post which I mentioned suggested running these items as well:

Here is the DDS output:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Bill Jelen at 7:40:35.45 on Mon 12/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.1998 [GMT -5:00]

AV: Windows Enterprise Suite *On-access scanning enabled* (Updated) {9518F2C1-A704-4B5B-A6DD-BBC33D5C2750}
FW: Windows Enterprise Suite *enabled* {A51947DC-84F5-4AED-8AFE-53334BDBC42D}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Bill Jelen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://lenovo.live.com
mDefault_Page_URL = hxxp://lenovo.live.com
mStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [DVDTray] "c:\program files\hp dvd\umbrella\DVDTray.exe"
mRun: [DVDBitSet] "c:\program files\hp dvd\umbrella\DVDBitSet.exe" /NOUI
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\billje~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\billje~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\billje~1\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192176863531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina psqlpwd ACGina
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\billje~1\applic~1\mozilla\firefox\profiles\bngfimd7.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-10-12 58048]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2007-10-12 102463]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-1 94208]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-10-12 108256]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S3 hpusbwdm;HP DVD Movie Writer;c:\windows\system32\drivers\hpusbwdm.sys [2003-12-30 1080832]
S3 tpflhlp;tpflhlp;c:\program files\lenovo\system update\session\7luj08us\tpflhlp.sys [2007-7-24 13360]

=============== Created Last 30 ================

2009-12-07 12:34:09 0 d-----w- c:\program files\Trend Micro
2009-11-16 10:03:02 0 d-----w- c:\docume~1\billje~1\applic~1\Smith Micro
2009-11-16 10:01:45 0 d-----w- c:\program files\LG Electronics
2009-11-16 10:01:21 0 d-----w- c:\program files\CASIO
2009-11-16 10:01:08 0 d-----w- c:\program files\Samsung
2009-11-16 10:00:39 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-11-16 10:00:31 0 d-----w- c:\program files\Research In Motion
2009-11-16 10:00:31 0 d-----w- c:\program files\common files\Research In Motion
2009-11-10 02:00:28 0 d-sh--w- C:\found.000
2009-11-10 00:09:04 0 d-----w- c:\docume~1\billje~1\applic~1\Malwarebytes
2009-11-10 00:09:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-10 00:08:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-10 00:08:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 00:08:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-09 23:30:32 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-09 23:30:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-11-09 22:05:19 0 d-sh--w- c:\docume~1\alluse~1\applic~1\df49130

==================== Find3M ====================

2009-10-10 14:44:47 58644 ---ha-w- c:\windows\system32\mlfcache.dat
2007-09-25 20:49:47 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2007-10-11 15:28:26 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007101120071012\index.dat

============= FINISH: 7:41:43.77 ===============


The attach.txt says not to post. I am not sure how to attach a file.
-------------------

Here is GMER output:
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-12-07 07:52:42
Windows 5.1.2600 Service Pack 3
Running: u1fp24t0.exe; Driver: C:\DOCUME~1\BILLJE~1\LOCALS~1\Temp\uxliypod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

I noticed about a week ago that Google kept defaulting to the German version of Google. It was just about 1.5 days ago that something else seems to be redirecting the google results to other sites.

Should I try deletings the hosts file? But then whatever infected it will still be there...

Hi,

Since you ran DDS there should be attach.txt on your desktop too. Could you post its contents, please?


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt & fresh dds log

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Blade81:

Thanks for your reply. Here is the attach.txt:
DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2007 11:40:22 AM
System Uptime: 11/29/2009 11:28:52 AM (188 hours ago)

Motherboard: LENOVO | | 765901U
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 45.845 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP349: 9/14/2009 5:14:20 PM - Software Distribution Service 3.0
RP350: 9/15/2009 3:00:18 AM - Software Distribution Service 3.0
RP351: 9/15/2009 3:22:17 AM - Printer Driver Microsoft XPS Document Writer Installed
RP352: 9/15/2009 7:25:25 AM - Installed iTunes
RP353: 9/15/2009 7:33:48 AM - Printer Driver Amyuni Document Converter 2.50 Installed
RP354: 9/16/2009 7:33:56 AM - System Checkpoint
RP355: 9/17/2009 7:35:06 AM - System Checkpoint
RP356: 9/18/2009 8:33:56 AM - System Checkpoint
RP357: 9/19/2009 9:33:57 AM - System Checkpoint
RP358: 9/20/2009 11:12:38 AM - System Checkpoint
RP359: 9/21/2009 11:33:57 AM - System Checkpoint
RP360: 9/22/2009 12:33:46 PM - System Checkpoint
RP361: 9/23/2009 1:33:46 PM - System Checkpoint
RP362: 9/24/2009 2:33:46 PM - System Checkpoint
RP363: 9/25/2009 3:33:45 PM - System Checkpoint
RP364: 9/26/2009 4:54:18 PM - System Checkpoint
RP365: 9/27/2009 6:12:21 PM - System Checkpoint
RP366: 9/28/2009 6:33:39 PM - System Checkpoint
RP367: 9/29/2009 7:33:32 PM - System Checkpoint
RP368: 9/30/2009 7:53:09 PM - System Checkpoint
RP369: 10/1/2009 8:43:11 PM - System Checkpoint
RP370: 10/2/2009 9:56:35 PM - System Checkpoint
RP371: 10/3/2009 10:33:32 PM - System Checkpoint
RP372: 10/4/2009 11:33:32 PM - System Checkpoint
RP373: 10/6/2009 12:33:24 AM - System Checkpoint
RP374: 10/7/2009 1:33:20 AM - System Checkpoint
RP375: 10/8/2009 2:33:20 AM - System Checkpoint
RP376: 10/9/2009 3:33:20 AM - System Checkpoint
RP377: 10/10/2009 4:33:20 AM - System Checkpoint
RP378: 10/11/2009 5:33:20 AM - System Checkpoint
RP379: 10/12/2009 7:08:35 AM - System Checkpoint
RP380: 10/13/2009 7:33:19 AM - System Checkpoint
RP381: 10/14/2009 7:40:25 AM - System Checkpoint
RP382: 10/15/2009 8:33:22 AM - System Checkpoint
RP383: 10/16/2009 9:33:20 AM - System Checkpoint
RP384: 10/17/2009 9:56:13 AM - System Checkpoint
RP385: 10/18/2009 10:56:13 AM - System Checkpoint
RP386: 10/19/2009 11:56:12 AM - System Checkpoint
RP387: 10/20/2009 12:56:13 PM - System Checkpoint
RP388: 10/21/2009 1:56:12 PM - System Checkpoint
RP389: 10/22/2009 2:56:13 PM - System Checkpoint
RP390: 10/23/2009 3:57:18 PM - System Checkpoint
RP391: 10/24/2009 4:55:56 PM - System Checkpoint
RP392: 10/25/2009 6:18:18 PM - System Checkpoint
RP393: 10/26/2009 7:54:43 PM - System Checkpoint
RP394: 10/27/2009 8:52:36 PM - System Checkpoint
RP395: 10/28/2009 9:42:19 PM - System Checkpoint
RP396: 10/29/2009 9:49:36 PM - System Checkpoint
RP397: 10/30/2009 10:49:36 PM - System Checkpoint
RP398: 10/31/2009 11:49:28 PM - System Checkpoint
RP399: 11/2/2009 12:49:28 AM - System Checkpoint
RP400: 11/3/2009 2:01:29 AM - System Checkpoint
RP401: 11/4/2009 2:49:28 AM - System Checkpoint
RP402: 11/5/2009 3:49:28 AM - System Checkpoint
RP403: 11/6/2009 4:49:28 AM - System Checkpoint
RP404: 11/7/2009 5:49:28 AM - System Checkpoint
RP405: 11/8/2009 5:49:03 AM - System Checkpoint
RP406: 11/9/2009 6:49:03 AM - System Checkpoint
RP407: 11/10/2009 7:12:32 AM - System Checkpoint
RP408: 11/11/2009 7:24:25 AM - System Checkpoint
RP409: 11/12/2009 8:05:54 AM - System Checkpoint
RP410: 11/13/2009 9:05:54 AM - System Checkpoint
RP411: 11/14/2009 9:06:58 AM - System Checkpoint
RP412: 11/15/2009 10:05:54 AM - System Checkpoint
RP413: 11/16/2009 5:01:07 AM - Installed SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
RP414: 11/16/2009 5:01:44 AM - Installed LG USB Modem driver
RP415: 11/17/2009 5:05:52 AM - System Checkpoint
RP416: 11/18/2009 6:05:53 AM - System Checkpoint
RP417: 11/19/2009 7:20:30 AM - System Checkpoint
RP418: 11/20/2009 8:05:55 AM - System Checkpoint
RP419: 11/21/2009 9:05:33 AM - System Checkpoint
RP420: 11/22/2009 10:05:19 AM - System Checkpoint
RP421: 11/23/2009 9:02:08 PM - System Checkpoint
RP422: 11/24/2009 9:29:25 PM - System Checkpoint
RP423: 11/29/2009 12:05:35 PM - System Checkpoint
RP424: 11/30/2009 12:33:07 PM - System Checkpoint
RP425: 12/1/2009 1:33:07 PM - System Checkpoint
RP426: 12/2/2009 2:33:07 PM - System Checkpoint
RP427: 12/3/2009 3:33:09 PM - System Checkpoint
RP428: 12/4/2009 4:33:07 PM - System Checkpoint
RP429: 12/5/2009 5:45:07 PM - System Checkpoint
RP430: 12/6/2009 6:07:07 PM - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 88.198.198.204 google.ae
Hosts: 88.198.198.204 google.az
Hosts: 88.198.198.204 google.ba
Hosts: 88.198.198.204 google.be
Hosts: 88.198.198.204 google.bg
Hosts: 88.198.198.204 google.bs
Hosts: 88.198.198.204 google.ca
Hosts: 88.198.198.204 google.cd
Hosts: 88.198.198.204 google.com.gh
Hosts: 88.198.198.204 google.com.hk
Hosts: 88.198.198.204 google.com.jm
Hosts: 88.198.198.204 google.com.mx
Hosts: 88.198.198.204 google.com.my
Hosts: 88.198.198.204 google.com.na
Hosts: 88.198.198.204 google.com.nf
Hosts: 88.198.198.204 google.com.ng
Hosts: 88.198.198.204 google.ch
Hosts: 88.198.198.204 google.com.np
Hosts: 88.198.198.204 google.com.pr
Hosts: 88.198.198.204 google.com.qa
Hosts: 88.198.198.204 google.com.sg
Hosts: 88.198.198.204 google.com.tj
Hosts: 88.198.198.204 google.com.tw
Hosts: 88.198.198.204 google.dj
Hosts: 88.198.198.204 google.de
Hosts: 88.198.198.204 google.dk
Hosts: 88.198.198.204 google.dm
Hosts: 88.198.198.204 google.ee
Hosts: 88.198.198.204 google.fi
Hosts: 88.198.198.204 google.fm
Hosts: 88.198.198.204 google.fr
Hosts: 88.198.198.204 google.ge
Hosts: 88.198.198.204 google.gg
Hosts: 88.198.198.204 google.gm
Hosts: 88.198.198.204 google.gr
Hosts: 88.198.198.204 google.ht
Hosts: 88.198.198.204 google.ie
Hosts: 88.198.198.204 google.im
Hosts: 88.198.198.204 google.in
Hosts: 88.198.198.204 google.it
Hosts: 88.198.198.204 google.ki
Hosts: 88.198.198.204 google.la
Hosts: 88.198.198.204 google.li
Hosts: 88.198.198.204 google.lv
Hosts: 88.198.198.204 google.ma
Hosts: 88.198.198.204 google.ms
Hosts: 88.198.198.204 google.mu
Hosts: 88.198.198.204 google.mw
Hosts: 88.198.198.204 google.nl
Hosts: 88.198.198.204 google.no
Hosts: 88.198.198.204 google.nr
Hosts: 88.198.198.204 google.nu
Hosts: 88.198.198.204 google.pl
Hosts: 88.198.198.204 google.pn
Hosts: 88.198.198.204 google.pt
Hosts: 88.198.198.204 google.ro
Hosts: 88.198.198.204 google.ru
Hosts: 88.198.198.204 google.rw
Hosts: 88.198.198.204 google.sc
Hosts: 88.198.198.204 google.se
Hosts: 88.198.198.204 google.sh
Hosts: 88.198.198.204 google.si
Hosts: 88.198.198.204 google.sm
Hosts: 88.198.198.204 google.sn
Hosts: 88.198.198.204 google.st
Hosts: 88.198.198.204 google.tl
Hosts: 88.198.198.204 google.tm
Hosts: 88.198.198.204 google.tt
Hosts: 88.198.198.204 google.us
Hosts: 88.198.198.204 google.vu
Hosts: 88.198.198.204 google.ws
Hosts: 88.198.198.204 google.co.ck
Hosts: 88.198.198.204 google.co.id
Hosts: 88.198.198.204 google.co.il
Hosts: 88.198.198.204 google.co.in
Hosts: 88.198.198.204 google.co.jp
Hosts: 88.198.198.204 google.co.kr
Hosts: 88.198.198.204 google.co.ls
Hosts: 88.198.198.204 google.co.ma
Hosts: 88.198.198.204 google.co.nz
Hosts: 88.198.198.204 google.co.tz
Hosts: 88.198.198.204 google.co.ug
Hosts: 88.198.198.204 google.co.uk
Hosts: 88.198.198.204 google.co.za
Hosts: 88.198.198.204 google.co.zm
Hosts: 88.198.198.204 google.com
Hosts: 88.198.198.204 google.com.af
Hosts: 88.198.198.204 google.com.ag
Hosts: 88.198.198.204 google.com.ar
Hosts: 88.198.198.204 google.com.au
Hosts: 88.198.198.204 google.com.bn
Hosts: 88.198.198.204 google.com.br
Hosts: 88.198.198.204 google.com.by
Hosts: 88.198.198.204 google.com.bz
Hosts: 88.198.198.204 google.com.cu
Hosts: 88.198.198.204 google.com.ec
Hosts: 88.198.198.204 google.com.fj
Hosts: 88.198.198.204 www.google.ae
Hosts: 88.198.198.204 www.google.as
Hosts: 88.198.198.204 www.google.at
Hosts: 88.198.198.204 www.google.az
Hosts: 88.198.198.204 www.google.ba
Hosts: 88.198.198.204 www.google.be
Hosts: 88.198.198.204 www.google.bg
Hosts: 88.198.198.204 www.google.bs
Hosts: 88.198.198.204 www.google.ca
Hosts: 88.198.198.204 www.google.cd
Hosts: 88.198.198.204 www.google.com.gh
Hosts: 88.198.198.204 www.google.com.hk
Hosts: 88.198.198.204 www.google.com.jm
Hosts: 88.198.198.204 www.google.com.mx
Hosts: 88.198.198.204 www.google.com.my
Hosts: 88.198.198.204 www.google.com.na
Hosts: 88.198.198.204 www.google.com.nf
Hosts: 88.198.198.204 www.google.com.ng
Hosts: 88.198.198.204 www.google.ch
Hosts: 88.198.198.204 www.google.com.np
Hosts: 88.198.198.204 www.google.com.pr
Hosts: 88.198.198.204 www.google.com.qa
Hosts: 88.198.198.204 www.google.com.sg
Hosts: 88.198.198.204 www.google.com.tj
Hosts: 88.198.198.204 www.google.com.tw
Hosts: 88.198.198.204 www.google.dj
Hosts: 88.198.198.204 www.google.de
Hosts: 88.198.198.204 www.google.dk
Hosts: 88.198.198.204 www.google.dm
Hosts: 88.198.198.204 www.google.ee
Hosts: 88.198.198.204 www.google.fi
Hosts: 88.198.198.204 www.google.fm
Hosts: 88.198.198.204 www.google.fr
Hosts: 88.198.198.204 www.google.ge
Hosts: 88.198.198.204 www.google.gg
Hosts: 88.198.198.204 www.google.gm
Hosts: 88.198.198.204 www.google.gr
Hosts: 88.198.198.204 www.google.ht
Hosts: 88.198.198.204 www.google.ie
Hosts: 88.198.198.204 www.google.im
Hosts: 88.198.198.204 www.google.in
Hosts: 88.198.198.204 www.google.it
Hosts: 88.198.198.204 www.google.ki
Hosts: 88.198.198.204 www.google.la
Hosts: 88.198.198.204 www.google.li
Hosts: 88.198.198.204 www.google.lv
Hosts: 88.198.198.204 www.google.ma
Hosts: 88.198.198.204 www.google.ms
Hosts: 88.198.198.204 www.google.mu
Hosts: 88.198.198.204 www.google.mw
Hosts: 88.198.198.204 www.google.nl
Hosts: 88.198.198.204 www.google.no
Hosts: 88.198.198.204 www.google.nr
Hosts: 88.198.198.204 www.google.nu
Hosts: 88.198.198.204 www.google.pl
Hosts: 88.198.198.204 www.google.pn
Hosts: 88.198.198.204 www.google.pt
Hosts: 88.198.198.204 www.google.ro
Hosts: 88.198.198.204 www.google.ru
Hosts: 88.198.198.204 www.google.rw
Hosts: 88.198.198.204 www.google.sc
Hosts: 88.198.198.204 www.google.se
Hosts: 88.198.198.204 www.google.sh
Hosts: 88.198.198.204 www.google.si
Hosts: 88.198.198.204 www.google.sm
Hosts: 88.198.198.204 www.google.sn
Hosts: 88.198.198.204 www.google.st
Hosts: 88.198.198.204 www.google.tl
Hosts: 88.198.198.204 www.google.tm
Hosts: 88.198.198.204 www.google.tt
Hosts: 88.198.198.204 www.google.us
Hosts: 88.198.198.204 www.google.vu
Hosts: 88.198.198.204 www.google.ws
Hosts: 88.198.198.204 www.google.co.ck
Hosts: 88.198.198.204 www.google.co.id
Hosts: 88.198.198.204 www.google.co.il
Hosts: 88.198.198.204 www.google.co.in
Hosts: 88.198.198.204 www.google.co.jp
Hosts: 88.198.198.204 www.google.co.kr
Hosts: 88.198.198.204 www.google.co.ls
Hosts: 88.198.198.204 www.google.co.ma
Hosts: 88.198.198.204 www.google.co.nz
Hosts: 88.198.198.204 www.google.co.tz
Hosts: 88.198.198.204 www.google.co.ug
Hosts: 88.198.198.204 www.google.co.uk
Hosts: 88.198.198.204 www.google.co.za
Hosts: 88.198.198.204 www.google.co.zm
Hosts: 88.198.198.204 www.google.com
Hosts: 88.198.198.204 www.google.com.af
Hosts: 88.198.198.204 www.google.com.ag
Hosts: 88.198.198.204 www.google.com.ar
Hosts: 88.198.198.204 www.google.com.au
Hosts: 88.198.198.204 www.google.com.bn
Hosts: 88.198.198.204 www.google.com.br
Hosts: 88.198.198.204 www.google.com.by
Hosts: 88.198.198.204 www.google.com.bz
Hosts: 88.198.198.204 www.google.com.cu
Hosts: 88.198.198.204 www.google.com.ec
Hosts: 88.198.198.204 www.google.com.fj
Hosts: 88.198.198.204 google.com
Hosts: 88.198.198.204 www.google.com
Hosts: 88.198.198.204 bing.com
Hosts: 88.198.198.204 www.bing.com
Hosts: 88.198.198.204 search.yahoo.com
Hosts: 88.198.198.204 www.search.yahoo.com
Hosts: 88.198.198.204 search.live.com
Hosts: 88.198.198.204 search.msn.com

==== Installed Programs ======================


ACDSee
ACDSee 10 Photo Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.4
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz DVD 2
Bink and Smacker
BlackBerry Desktop Software 5.0
Bonjour
CASIO USB Driver V1.0.8003.1229
Client Security Solution
Compatibility Pack for the 2007 Office system
Diskeeper Lite
ERUNT 1.1j
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
HP DVD Movie Writer
HP DVD Movie Writer Capture Device
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
Lenovo Registration
LG USB Modem driver
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Maintenance Manager
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MapPoint North America 2004
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.3)
Mozilla Firefox (3.0b1)
Mozilla Thunderbird (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 3.5_LE10 - HPC
On Screen Display
Picasa 3
PowerDVD
Presentation Director
Productivity Center Supplement for ThinkPad
Quicken 2007
QuickTime
RealPlayer Basic
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SnagIt 7
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Media Player
VoiceOver Kit
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Toolbar
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip
XML Paper Specification Shared Components Pack 1.0
XP Themes

==== End Of File ===========================

I will follow the other instructions.

Bill Jelen
(Excel MVP)

As I tried to run Combofix the first time, I received about 3 notifications that various files were unreadable and that I should run chkdsk. They seemed to be fairly random files, one was in an iTunes directory.

ComboFix started. It downloaded WRC. I then get to the blue screen where it says it will take 10 minutes or so. After 12 hours, nothing changed in that blue screen, so I X'ed out of it.

This morning, tried to run ComboFix again.

Try 1: It downloaded something, said "Combofix shall restart" then hung. I X'ed out.

Try 2: Showed me the warranty screen. I clicked Yes. Then nothing.

Try 3: Combofix progress bar shows for 5 seconds, then nothing.

Try 4: Same as Try 3.

I am starting to realize that I have something extremely nasty and starting to think that I should try to get important stuff off the PC (Financial files) and sentimental stuff off the PC (family photos). I've read here that I should not connect an external hard drive. Is it OK to start to load these up to a file sharing site like basecamp? Currently, there are no other computers on the home network.

Bill

Hi,

Did you have protection software disabled before you ran ComboFix? If you had, then try this:


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Download Combofix from any of the links below. You must rename (use EatMalware.exe) it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
--------------------------------------------------------------------

Double click on EatMalware.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Since you have Malwarebytes' Anti-Malware installed there, open it, go to update tab and update the definitions, run a quick scan letting the tool remove found items. Then post back the report.



I am starting to realize that I have something extremely nasty and starting to think that I should try to get important stuff off the PC (Financial files) and sentimental stuff off the PC (family photos). I've read here that I should not connect an external hard drive. Is it OK to start to load these up to a file sharing site like basecamp? Currently, there are no other computers on the home network.
If you disable autorun functionality correctly then external drive can be used.

Disable antivirus protection before doing these:
1. Download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to your Desktop of your clean system.
2. After downloading, double-click on Flash_Disinfector to run it.
3. Just follow the prompts and continue until it begin scanning.
4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
5. It will scan removable drives, wait for the scan to finish. Done.

Protection software is disabled.

Renaming ComboFix to EatMalware was a bit effective. It finished Stage 5 on one scan and actually got up to stage 6a on another scan.

No log is being produced.

Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
attrib -r -s -h c:\windows\system32\drivers\etc\hosts
del /q c:\windows\system32\drivers\etc\hosts >logit.txt 2>&1
start logit.txt
del %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.

Start Malwarebytes Anti-Malware, go to update tab and click check for updates to get the latest definition version. When done, run a quick scan letting MBAM delete its findings. Post generated report & fresh dds log back here.

Thanks for your suggestions.

I ran the fixes.bat per the instructions. The resulting notepad file was empty. I thought this was strange, so I browsed to the hosts directory. There were 49 backup host files created on November 9th, but no actual hosts file.

(As an aside and for background...I had tried running combofix or eatmalware a few additional times over the past few days. It once got up to step 16 but often stalled at step 6. The last two times that I ran it, something actually deleted the file)

Somewhat good news...Google is now back to the U.S. Google instead of the German version.

Updated MalwareBytes and did a quick scan. One item found and removed:
Malwarebytes' Anti-Malware 1.42
Database version: 3363
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/15/2009 6:50:05 AM
mbam-log-2009-12-15 (06-50-01).txt

Scan type: Quick Scan
Objects scanned: 133296
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Bill Jelen\Local Settings\Temporary Internet Files\Content.IE5\VKY8QBQE\install[1].exe (Rogue.AdvancedVirusRemover) -> No action taken.

Re-ran DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Bill Jelen at 6:54:28.51 on Tue 12/15/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3046.2283 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
svchost.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bill Jelen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://lenovo.live.com
mDefault_Page_URL = hxxp://lenovo.live.com
mStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\TBMon.exe"
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [DVDTray] "c:\program files\hp dvd\umbrella\DVDTray.exe"
mRun: [DVDBitSet] "c:\program files\hp dvd\umbrella\DVDBitSet.exe" /NOUI
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\billje~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\billje~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\billje~1\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192176863531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina psqlpwd ACGina
IFEO: image file execution options - svchost.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\billje~1\applic~1\mozilla\firefox\profiles\bngfimd7.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-10-12 58048]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2007-10-12 102463]
R2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2004-9-22 221191]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2004-9-22 28672]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-12-1 94208]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-3-15 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-10-12 108256]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S3 hpusbwdm;HP DVD Movie Writer;c:\windows\system32\drivers\hpusbwdm.sys [2003-12-30 1080832]
S3 tpflhlp;tpflhlp;c:\program files\lenovo\system update\session\7luj08us\tpflhlp.sys [2007-7-24 13360]

=============== Created Last 30 ================

2009-12-14 22:22:51 0 d-s---w- C:\ComboFix
2009-12-13 04:30:20 0 d-sh--w- C:\found.001
2009-12-11 22:15:46 0 d-sha-r- C:\cmdcons
2009-12-11 22:14:35 98816 ----a-w- c:\windows\sed.exe
2009-12-11 22:14:35 77312 ----a-w- c:\windows\MBR.exe
2009-12-11 22:14:35 261632 ----a-w- c:\windows\PEV.exe
2009-12-11 22:14:35 161792 ----a-w- c:\windows\SWREG.exe
2009-12-07 12:34:09 0 d-----w- c:\program files\Trend Micro
2009-11-16 10:03:02 0 d-----w- c:\docume~1\billje~1\applic~1\Smith Micro
2009-11-16 10:01:45 0 d-----w- c:\program files\LG Electronics
2009-11-16 10:01:21 0 d-----w- c:\program files\CASIO
2009-11-16 10:01:08 0 d-----w- c:\program files\Samsung
2009-11-16 10:00:39 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-11-16 10:00:31 0 d-----w- c:\program files\Research In Motion
2009-11-16 10:00:31 0 d-----w- c:\program files\common files\Research In Motion

==================== Find3M ====================

2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-10 14:44:47 58644 ---ha-w- c:\windows\system32\mlfcache.dat
2007-09-25 20:49:47 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2007-10-11 15:28:26 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007101120071012\index.dat

============= FINISH: 6:55:27.23 ===============

The Attach.txt file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/11/2007 11:40:22 AM
System Uptime: 12/15/2009 6:51:58 AM (0 hours ago)

Motherboard: LENOVO | | 765901U
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 778/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 45.611 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP349: 9/14/2009 5:14:20 PM - Software Distribution Service 3.0
RP350: 9/15/2009 3:00:18 AM - Software Distribution Service 3.0
RP351: 9/15/2009 3:22:17 AM - Printer Driver Microsoft XPS Document Writer Installed
RP352: 9/15/2009 7:25:25 AM - Installed iTunes
RP353: 9/15/2009 7:33:48 AM - Printer Driver Amyuni Document Converter 2.50 Installed
RP354: 9/16/2009 7:33:56 AM - System Checkpoint
RP355: 9/17/2009 7:35:06 AM - System Checkpoint
RP356: 9/18/2009 8:33:56 AM - System Checkpoint
RP357: 9/19/2009 9:33:57 AM - System Checkpoint
RP358: 9/20/2009 11:12:38 AM - System Checkpoint
RP359: 9/21/2009 11:33:57 AM - System Checkpoint
RP360: 9/22/2009 12:33:46 PM - System Checkpoint
RP361: 9/23/2009 1:33:46 PM - System Checkpoint
RP362: 9/24/2009 2:33:46 PM - System Checkpoint
RP363: 9/25/2009 3:33:45 PM - System Checkpoint
RP364: 9/26/2009 4:54:18 PM - System Checkpoint
RP365: 9/27/2009 6:12:21 PM - System Checkpoint
RP366: 9/28/2009 6:33:39 PM - System Checkpoint
RP367: 9/29/2009 7:33:32 PM - System Checkpoint
RP368: 9/30/2009 7:53:09 PM - System Checkpoint
RP369: 10/1/2009 8:43:11 PM - System Checkpoint
RP370: 10/2/2009 9:56:35 PM - System Checkpoint
RP371: 10/3/2009 10:33:32 PM - System Checkpoint
RP372: 10/4/2009 11:33:32 PM - System Checkpoint
RP373: 10/6/2009 12:33:24 AM - System Checkpoint
RP374: 10/7/2009 1:33:20 AM - System Checkpoint
RP375: 10/8/2009 2:33:20 AM - System Checkpoint
RP376: 10/9/2009 3:33:20 AM - System Checkpoint
RP377: 10/10/2009 4:33:20 AM - System Checkpoint
RP378: 10/11/2009 5:33:20 AM - System Checkpoint
RP379: 10/12/2009 7:08:35 AM - System Checkpoint
RP380: 10/13/2009 7:33:19 AM - System Checkpoint
RP381: 10/14/2009 7:40:25 AM - System Checkpoint
RP382: 10/15/2009 8:33:22 AM - System Checkpoint
RP383: 10/16/2009 9:33:20 AM - System Checkpoint
RP384: 10/17/2009 9:56:13 AM - System Checkpoint
RP385: 10/18/2009 10:56:13 AM - System Checkpoint
RP386: 10/19/2009 11:56:12 AM - System Checkpoint
RP387: 10/20/2009 12:56:13 PM - System Checkpoint
RP388: 10/21/2009 1:56:12 PM - System Checkpoint
RP389: 10/22/2009 2:56:13 PM - System Checkpoint
RP390: 10/23/2009 3:57:18 PM - System Checkpoint
RP391: 10/24/2009 4:55:56 PM - System Checkpoint
RP392: 10/25/2009 6:18:18 PM - System Checkpoint
RP393: 10/26/2009 7:54:43 PM - System Checkpoint
RP394: 10/27/2009 8:52:36 PM - System Checkpoint
RP395: 10/28/2009 9:42:19 PM - System Checkpoint
RP396: 10/29/2009 9:49:36 PM - System Checkpoint
RP397: 10/30/2009 10:49:36 PM - System Checkpoint
RP398: 10/31/2009 11:49:28 PM - System Checkpoint
RP399: 11/2/2009 12:49:28 AM - System Checkpoint
RP400: 11/3/2009 2:01:29 AM - System Checkpoint
RP401: 11/4/2009 2:49:28 AM - System Checkpoint
RP402: 11/5/2009 3:49:28 AM - System Checkpoint
RP403: 11/6/2009 4:49:28 AM - System Checkpoint
RP404: 11/7/2009 5:49:28 AM - System Checkpoint
RP405: 11/8/2009 5:49:03 AM - System Checkpoint
RP406: 11/9/2009 6:49:03 AM - System Checkpoint
RP407: 11/10/2009 7:12:32 AM - System Checkpoint
RP408: 11/11/2009 7:24:25 AM - System Checkpoint
RP409: 11/12/2009 8:05:54 AM - System Checkpoint
RP410: 11/13/2009 9:05:54 AM - System Checkpoint
RP411: 11/14/2009 9:06:58 AM - System Checkpoint
RP412: 11/15/2009 10:05:54 AM - System Checkpoint
RP413: 11/16/2009 5:01:07 AM - Installed SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
RP414: 11/16/2009 5:01:44 AM - Installed LG USB Modem driver
RP415: 11/17/2009 5:05:52 AM - System Checkpoint
RP416: 11/18/2009 6:05:53 AM - System Checkpoint
RP417: 11/19/2009 7:20:30 AM - System Checkpoint
RP418: 11/20/2009 8:05:55 AM - System Checkpoint
RP419: 11/21/2009 9:05:33 AM - System Checkpoint
RP420: 11/22/2009 10:05:19 AM - System Checkpoint
RP421: 11/23/2009 9:02:08 PM - System Checkpoint
RP422: 11/24/2009 9:29:25 PM - System Checkpoint
RP423: 11/29/2009 12:05:35 PM - System Checkpoint
RP424: 11/30/2009 12:33:07 PM - System Checkpoint
RP425: 12/1/2009 1:33:07 PM - System Checkpoint
RP426: 12/2/2009 2:33:07 PM - System Checkpoint
RP427: 12/3/2009 3:33:09 PM - System Checkpoint
RP428: 12/4/2009 4:33:07 PM - System Checkpoint
RP429: 12/5/2009 5:45:07 PM - System Checkpoint
RP430: 12/6/2009 6:07:07 PM - System Checkpoint
RP431: 12/7/2009 8:47:18 PM - System Checkpoint
RP432: 12/8/2009 8:53:21 PM - System Checkpoint
RP433: 12/9/2009 9:45:07 PM - System Checkpoint
RP434: 12/10/2009 10:27:05 PM - System Checkpoint
RP435: 12/13/2009 2:06:27 AM - System Checkpoint

==== Installed Programs ======================


ACDSee
ACDSee 10 Photo Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.4
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz DVD 2
Bink and Smacker
BlackBerry Desktop Software 5.0
Bonjour
CASIO USB Driver V1.0.8003.1229
Client Security Solution
Compatibility Pack for the 2007 Office system
Diskeeper Lite
ERUNT 1.1j
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
HP DVD Movie Writer
HP DVD Movie Writer Capture Device
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Learn2 Player (Uninstall Only)
Lenovo Registration
LG USB Modem driver
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Maintenance Manager
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MapPoint North America 2004
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.3)
Mozilla Firefox (3.0b1)
Mozilla Thunderbird (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 3.5_LE10 - HPC
On Screen Display
Picasa 3
PowerDVD
Presentation Director
Productivity Center Supplement for ThinkPad
Quicken 2007
QuickTime
RealPlayer Basic
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SnagIt 7
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
System Migration Assistant
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.6
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
Viewpoint Media Player
VoiceOver Kit
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Toolbar
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip
XML Paper Specification Shared Components Pack 1.0
XP Themes

==== Event Viewer Messages From Past Week ========

12/15/2009 6:52:33 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/13/2009 11:31:54 AM, error: Dhcp [1002] - The IP address lease 10.0.0.6 for the Network Card with network address 001C2514D454 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
12/12/2009 11:32:07 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft Office Document Image Writer share name Printer5.
12/11/2009 5:22:44 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).
12/11/2009 5:20:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVT Backup Protection Service service to connect.
12/11/2009 5:18:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.
12/11/2009 5:18:41 PM, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2009 5:17:40 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/11/2009 5:17:10 PM, error: Service Control Manager [7034] - The tvtnetwk service terminated unexpectedly. It has done this 1 time(s).
12/11/2009 5:17:10 PM, error: Service Control Manager [7034] - The TVT Backup Protection Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2009 5:17:10 PM, error: Service Control Manager [7034] - The Network Associates Task Manager service terminated unexpectedly. It has done this 1 time(s).
12/11/2009 5:17:10 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

I ran the fixes.bat per the instructions. The resulting notepad file was empty.
Sorry, I should had explained that there will be contents only if things didn't go as planned.


Uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK.




Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of OTL.txt to your reply.

This thread has been closed due to inactivity.

As it has been four days or more since your last post, it will not be re-opened.

If you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.