Cannot load any search engine websites in any of my browsers

I will perform your Combofix instructions as soon as i get back to the office tomorrow.

I used to use Google as my search engine but as mentioned i can't anymore. The only way for me to access http://www.google.com or make a Google search from a search box is with Opera if i have Opera Turbo enabled (http://www.opera.com/browser/turbo/)

I first accessed Techspot by typing the http://www.techspot.com URL in the address bar but now i just type "techspot" and pick it from the previous addresses.

As i said before i am not searching for the term "bing" or "google" i'm trying to perform a search. Period. Trying to perform a search for any term from the search box of any browser will not give me any results.

For example, i type the word "test" in the search box in Opera, I press enter and it tries to load this URL: http://www.google.com/search?client...rceid=opera&ie=utf-8&oe=utf-8&channel=suggest Now, that URL never actually finishes loading. It just remains "Loading" for a few minutes and then displays Opera's "Page not found" message.

The equivalent thing happens with Internet Explorer, Chrome and Firefox.

Again, I am NOT initiating a search for the words "Google" or "Bing" or "Yahoo" or "www.google.com" or whatever, I'm simply trying to perform A Search.

Now you could assume that the problem then lies with the browser's settings, which is what i initially thought. So i tried to access Google's website and search from there. I manually typed in the address bar www.google.com or http://www.google.com and even https://www.google.com and they too did NOT load. All the progress bars and whatnot were displaying "Loading" as they would for any other page but the websites would not actually load, no data would be downloaded. Eventually all browsers will display their equivalent "Page not found" messages. Which is what has led me to believe that this might be malware related. All other websites work fine, they load at normal speeds without issue. It's only search engines that cannot be accessed.

Hope this makes things a bit clearer and i'd like to say that i do appreciate you taking the time to reply and try and help me with these issues.

A Host hijack can do this, but that would usually show up in one of the prelim logs. I apologize if I sounded like I was patronizing you. I'd like you to go ahead and run HijackThis If the log comes out with multiple entries like these
O1 - Hosts file is located at: C:\WINDOWS\help\hosts
O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.220.30 www.google.ca

we can fix them and get you back to being able to search!

OK, i downloaded HijackThis from here: http://free.antivirus.com/hijackthis/ (version 2.0.4), saved the executable to my desktop, ran it and clicked on "Do a system scan and save a logflie".

The only Hosts-related entries i can see are only about my work software.

Here's the log if it's of help:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:20:01, on 07/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\CfgSrvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Sabre Red Workspace\Profiles\T252_9114\mysabre.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Sabre\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Iomega StorCenter\retrospect\retrospect.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Sabre\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: 127.0.0.34 ofep34.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.23 ofep23.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.36 fos.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.8 ofep08.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.21 ofep21.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.32 ofep32.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.44 access.certd.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.36 frt.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.28 ofep28.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.30 ofep30.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.6 ofep06.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.41 access.tstsa.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.26 ofep26.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.4 ofep04.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.35 ofep35.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.24 ofep24.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.37 lb1.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.39 tsts.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.39 access.tsts.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.33 ofep33.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.9 ofep09.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.22 ofep22.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.29 ofep29.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.40 cert.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.31 ofep31.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.7 ofep07.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.40 access.cert.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.20 ofep20.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.43 access.certc.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.42 access.tstsb.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.27 ofep27.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.5 ofep05.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.36 decs.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.25 ofep25.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.38 lb2.sabre.com # Nortel SSL-VPN
O1 - Hosts: 127.0.0.3 ofep03.sabre.com # Nortel SSL-VPN
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe\KeePass.exe" --preload
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KeePass Password Safe 2] "C:\Program Files\KeePass Password Safe\KeePass.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Opera.lnk = C:\Program Files\Opera\opera.exe
O4 - Startup: Outlook 2007.lnk = ?
O4 - Startup: Sabre Red Workspace.lnk = C:\Program Files\Sabre Red Workspace\Profiles\T252_9114\mysabre.exe
O4 - Global Startup: Iomega StorCenter.lnk.disabled
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1226583171046
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.4014.13/TSWeb.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c98697a6707e86) (gupdate1c98697a6707e86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: O?cnao?a Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 12726 bytes

Yeah! We got it! You can't bring up the search engines because the searches are all set to go through Nortel SSL-VPN.

Download HostXpert 4.4 and save it to the desktop

• Unzip HostsXpert.zip
• It will create a folder named HostsXpert in whatever folder you extract it to.
• Double click HostsXpert.exe to run..
• Click Restore MS Hosts File and then click OK.
• Click the X to exit the program

=====================================
You are currently using HijackThis from a temporary directory- this can cause problems.HijackThis creates backups, these are needed in case of any recovery issues.

Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

Steps to create the folder

1. Please go to My Computer> Double click on the Local Drive(C)> Select: New >> Folder and name the folder HJT.
2. Download HijackThis to the new folder:
3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
4. Close ALL windows except HJT
5. Scan> SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')> Use Ctrl-X to paste into Notepad and post the log.
6. Don't make any changes in the log.

====================================
Reboot the computer and try the other search engines. Do they come up now?
===================================

No luck once again Bobbye.

I restored the Hosts file (which i had actually done once manually before i started the thread), saved the log from HijackThis, tried to access http://www.google.com and perform a search from the browser's search box but nothing. Same as before. Tried it with IE, Chrome, FF and Opera. Rebooted and tried again but still nothing.

Those entries must have something to do with our work software because now it can't log in. Don't worry, that's happened before, if i delete all the files in the "etc" folder (the software's Tech Support recommendation) it's usually fixed. I haven't done that though right now.

I think this is getting us nowhere, perhaps it's time for a format and be done with it, what do you think?

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:23, on 08/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\CfgSrvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\CfgSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
C:\WINDOWS\SDMan.EXE
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\SABRE\Apps\OADP\Oadp.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\Pelmiced.exe
C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\SABRE\Apps\OADP\OadpUtil.exe
C:\WINDOWS\sabserv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Iomega StorCenter\retrospect\retrospect.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {D79559E8-9991-41C5-AA2B-A96EC766F43F} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe\KeePass.exe" --preload
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [KeePass Password Safe 2] "C:\Program Files\KeePass Password Safe\KeePass.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CleanupNortelVPN.bat
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Sabre\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Opera.lnk = C:\Program Files\Opera\opera.exe
O4 - Startup: Outlook 2007.lnk = ?
O4 - Startup: Sabre Red Workspace.lnk = C:\Program Files\Sabre Red Workspace\Profiles\T252_9114\mysabre.exe
O4 - Global Startup: Iomega StorCenter.lnk.disabled
O4 - Global Startup: OADP Utility.lnk = C:\SABRE\Apps\OADP\OadpUtil.exe
O4 - Global Startup: Sabre Printing Start.lnk = C:\SABRE\Sabstart.exe
O4 - Global Startup: Sabre Server.lnk = C:\WINDOWS\sabserv.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1226583171046
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.4014.13/TSWeb.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Config Service Helper (CfgSrvc) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1c98697a6707e86) (gupdate1c98697a6707e86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HSSP Configuration Module (HsspConfig) - Unknown owner - C:\WINDOWS\system32\CfgSrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Iomega StorCenter\retrospect\retrorun.exe
O23 - Service: Sabre Printing Module (SabrePrint) - Sabre Inc. - C:\SABRE\Apps\OADP\Oadp.exe
O23 - Service: Sabre Device Manager (SDMan) - Unknown owner - C:\WINDOWS\SDMan.EXE
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: O?cnao?a Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 10211 bytes

I note that the Host reset you did previously was on the Trend Micros site. After the reset you told the helper that the system was fine. But you only said you wanted to HJT log checked and did not mention search problems: http://community.trendmicro.com/t5/Malware-Discussions/My-Hijackthis-log-for-analysis/td-p/48009

It seems like many users (or maybe just a few but with different user name) are putting HJT logs out and asking them to be checked, all with this same listing of Hosts. Only 2 of them were completed however, yours being one of them.

I am not a programmer, but I think the problem is related to the VPN and that is all in the Start menu to start on boot. I think there may be conflicts that are stopping you from getting out of the VPN, unless you use the Opera Turbo which specifically:

The Hosts files you showed are not a normal host file listing. I think you said you removed LogMeIn(??) so where you reset the host files, you then had no way to access work.

You mentioned a Help Desk. I understand you are a small business without a resident IT, but I am limited here in what I can do. Let's clean up from the scans:
Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
=====================================
Hopefully you can find someone with 'hands on' to see what is not configured correctly and help you fix it.

That's not me Bobbye, i only posted one thread online about this issue and that's this one. Sabre's booking system is used by more than 50.000 travel agencies world wide and the way their program works apparently modifies the Hosts file, it's not unreasonable to have others with a similar if not the same Hosts file.

I had not removed Logmein, i mentioned that i didn't remember if i'd uninstalled it or not but after checking the next day i saw that it's still here and present.

I'll now go through the steps you mentioned and report back later on.

No problem. The only reason I even mentioned that thread was because of the date. I saw quite a few others with the same host set up.

Per, PM, member has informed me that a reformat was done and the problem was resolved.

Therefore the thread will be closed.