[MissM]

Hello,
I just joined. Snoopy and Ron from COF recommended I come here for help.
I have tried everything I know and all COF members have suggested and more.
Ron said to ask you how to do a Hijack This log!
I am on my spare laptop right now as the one in a mess is in safe mode doing yet another scan.
I would appreciate any help.
Thank you:)
This is what I have done, went into safe mode, ran super anti spyware pro,found 1 adware and cleaned it,didn't help
Also did Spybot scan,found nothing,Ran Malware Bytes ,found nothing, Tried to download Avast Pro and all teh cmponents wouldn't load therefore didn't work. Turned off system restore to do all this at a recommendation.
right now I am running E-set on line scan.Is not finished yet,but so far nothing found.
Oh and ran Trend Housecall and it found 1 hpq insoo.dat Trojan Generic DIT but when I hit fix it ignored.
Right now it is without any protection from viruses,as my problem started in the first place by not letting me open a new downloaded program,saying couldn't find specified path and I may need permissions.
Hope I have said this all ok.
thank you

This post has been edited by MissM: 16 June 2010 - 03:55 AM

[roddy32]

Hi MissM and welcome to LnR. Our head malware remover is sleeping right now but he will be here to help you as soon as he can I'm sure so please be patient. I did not want you to think you were being ignored.

[Fred Flintstone]

Hi MissM Good to see you..

Here's the instructions for HijackThis:

Install HiJackThis

• Click here to download HJTInstall.exe, save it to your desktop.
  
• Doubleclick HJTInstall.exe to install it.<<< if running Vista, right click and select "Run as Administrator"
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis.
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed, it will launch Hijackthis.
  
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.

Please post back the log and I'll take a look when I return from work this evening and we'll go from there.

regards
Fred...

[MissM]

Morning Fred,
Thank you for your reply.
I will follow your instructions and will be back.
Have a good day:)

[MissM]

Well that went well and it was quick:)
`````````````````````````````````

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:33 AM, on 6/16/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thundercloud....start/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [CalendarPal] C:\Program Files\CalendarPal\CalendarPal.exe -min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-1645132230-1391208805-388722782-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-1645132230-1391208805-388722782-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0017641273110049) (0017641273110049mcinstcleanup) - Unknown owner - C:\Windows\TEMP\001764~1.EXE (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Windows Live Family Safety Service (fsssvc) - Unknown owner - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10989 bytes

[Fred Flintstone]

Hi MissM..
Nothing of real note to see in that log.

I suggest though that you switch System Restore back on. Better to have an infected restore point than none at all.
At least then if things go wrong you can restore to where you were and begin again as opposed to having to possibly reformat?
(And by turning it off and back on again, you will have deleted any infected restore points anyway).

Just a couple of "strays" which you can fix with HijackThis:
Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".

• If you are on the Main Menu page... Click "Do a system scan only"
  
• If you are on the "scan & fix stuff" page... Press the Scan...button.
  
• When the scan finishes...Place a check mark next to the following entries (if they are still present)
  
• Note: Only check those items listed below.
  

  Quote

  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
  O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
  
  
  
• After checking these items... CLOSE ALL open windows except HijackThis.
  
• Click the Fix Checked ...button...to remove the entries you checked.
  
• Choose YES...when prompted to fix the selected items.
  
• Once it has fixed them, close HijackThis and reboot your computer normally.

Quote

my problem started in the first place by not letting me open a new downloaded program,saying couldn't find specified path and I may need permissions.

What program was it that you tried to install??

Just got PM from Roddy that you've got a thread at COF, will find it and take a look there.

Fred

[MissM]

Hi Fred,

I printed off your instructions so as to get it right.

The programs I tried to download was Diskeeper and Photscape.

The virus 'e-set on line scan' found about 1am this morning was :
win32/0ficia.HHTrojan,said contained infected files.
and C/Users\owner\Desktopcomputer tools(I have a folder titled that on my desktop that I put program setups in) the rest said, Puninstall303-en-p-multiple threats.
They said it was all cleaned up and since I now don't have an anti virus installed since starting all this,I bought e-set and a back-up cd but when I go to download it it doesn't accept the password and id THEY gave me. Have tried over and over.
I was using Avast but had switched over to Trial Pro to run a scan but it wouldn't load all the components last night,several tries with that too.
Somehow I need to get a-hold of e-set to either get my money back or have them fix it so I can put it on.

Another thing I noticed today was online armor was blocking some active x and I took that off last week.It slowed my computer way down. Used Revo uninstaller which is 'supposed' to do a good job of removing,but it crops up on web pages where and blocks.

I turned system restore back on last night when I was done with the last scan.

Thank you so much for your help and being so quick to reply:)
I will go now and follow your instructions.

[MissM]

Hello again,

I followed the instructions and still cannot open things,things like IE(I mostly use Mozilla Firefox though, was using IE in safe mode to see if that would help me get to my antivirus to download,didn't work) unless I go into Safe Mode Networking and choose run as administrator.I mostly use Mozilla Firefox though, was using IE in safe mode to see if that would help me get to my antivirus to download,didn't work.
Some programs will open and some won't,I just got an error message signing in here with Roboform. But it did sign me in.
Waiting for a response from E-set as to why it doesn't take user name and password they supplied to download their Antivirus program.
Hopefully if they get it right I can then download ,more importantly open it.
I am about in tears here,I have spent HOURS working on this,I guess mostly I hate bugging people for help so much.

This post has been edited by MissM: 16 June 2010 - 10:19 PM

[Fred Flintstone]

Hi MissM..

I'm thinking possible file association problems, but it's odd that you can run some programs but not others.
Lets kill two stones with one bird here and run ComboFix.
This will double check that there is not a malware issue, and also gives a much more comprehensive log containing a lot more info about your system.

Back Up registry with ERUNT

• Please use the following link and scroll down to ERUNT and download it on to your desktop. HERE
  
• Click on the erunt-setup.exe
  
• Follow the prompts to install ERUNT
  
• Choose language
  
• A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO
  
  
  
  
• Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next

Download and Run ComboFix

• Please download ComboFix from the following link.
  
  Link 1.
  
  **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  
  
• Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  
• Double click on ComboFix.exe & follow the prompts
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it will produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Quote

I am about in tears here,I have spent HOURS working on this,I guess mostly I hate bugging people for help so much.

Don't get stressed out thinking you have to rush this all at once!
Take a break when you need to, as you have a spare machine don't try to do it all at once!

If you get fed up (we all do in those circumstances) and want to leave it for a few hours or a day.. feel free to do so.
We can pick it back up when you are ready.. no pressure.

Just look on it as a learning experience, whether we succeed or fail ..you can't help but know more about computers at the end of it can you.??..

So just run through the above AT YOUR OWN PACE and post the log when ready.
As for bugging people... whatever would geeky type peeps do without someone to bug them with PC problems!!

Regards
Fred

[MissM]

Thank you so much Fred. I so appreciate your help.

I printed this off.

I will take breaks as you suggested,and yes I am learning new things,good for this old brain.

Welp off I go.

[MissM]

Here I am again,took a long break,just turned the machine back on and see that system restore is turned off and I turned it back on last night.
I cannot turn it back on cause it doesn't look like it has before.
I can see where it is turned off but nothing to click on to turn it back on.
It is like something is running this machine and its not me.
Is that what Malware does?

I am going to have to go into safe mode to open those programs you gave me,I tried with out but get the same message as with some of the other programs.Should I go into safe mode or safe mode networking?

Thanks:)

[MissM]

Got the system restore back.

[Fred Flintstone]

Hi MissM, use safe mode with networking to install the software and update if needed.
Just don't leave it connected to the internet any longer than you have to if your protection programs are not working.

Short periods to do whats required will be fine though..
Again, no rush - no stress, if you get tired / fed up give it a break as long as you need. I will check in occasionally to see how you are doing.

Fred

[MissM]

Hi,GROAN!!!
I did all, hilited and copied log and now I can't paste. I just tried to click on paste and it is not hilited to do that.
I am trying to find the log and haven't been able to yet.

Every so often as it scanned it would say 'administrator permission needed' and then go on scanning.
Other than that it all went smoothly until now.

This post has been edited by MissM: 17 June 2010 - 12:44 PM

[MissM]

I redid everything.
Hope this works.
When it started it said 'access denied,administrator permissions needed.command prompt. I opened it with administrator permissions.
Then it scanned,between #'3 38 and 39 got the same message as above and then it scanned again.
So here is the log:

ComboFix 10-06-16.03 - owner 06/17/2010 8:58.1.2 - x86 MINIMAL
Running from: c:\users\owner\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))))
.

2010-06-17 13:06 . 2010-06-17 13:06 -------- d-----w- c:\users\owner\AppData\Local\temp
2010-06-17 13:06 . 2010-06-17 13:06 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-06-17 13:06 . 2010-06-17 13:06 -------- d-----w- c:\users\TEMP.owner-br-pc\AppData\Local\temp
2010-06-17 13:06 . 2010-06-17 13:06 -------- d-----w- c:\users\TEMP.owner-br-pc.003\AppData\Local\temp
2010-06-17 13:06 . 2010-06-17 13:06 -------- d-----w- c:\users\TEMP.owner-br-pc.002\AppData\Local\temp
2010-06-17 13:06 . 2010-06-17 13:06 -------- d-----w- c:\users\TEMP.owner-br-pc.001\AppData\Local\temp
2010-06-17 13:06 . 2010-06-17 13:06 -------- d-----w- c:\users\TEMP.owner-br-pc.000\AppData\Local\temp
2010-06-17 13:06 . 2010-06-17 13:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-17 13:06 . 2010-06-17 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-17 12:56 . 2010-06-17 12:57 -------- d-----w- C:\32788R22FWJFW
2010-06-17 11:51 . 2010-06-17 11:51 -------- d-----w- c:\program files\ERUNT
2010-06-17 05:26 . 2010-06-17 05:26 -------- d-----w- C:\Recovered Files
2010-06-16 03:12 . 2010-06-16 03:12 -------- d-----w- c:\program files\ESET
2010-06-16 02:35 . 2010-06-16 03:05 -------- d-----w- c:\program files\McAfee.com
2010-06-16 02:35 . 2002-06-06 19:59 290816 ----a-w- c:\windows\system32\mcinsctl.dll
2010-06-16 00:30 . 2010-06-16 01:04 -------- d-----w- c:\programdata\FileCure
2010-06-14 01:32 . 2010-06-16 16:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-12 15:11 . 2010-06-12 15:11 -------- d-----w- c:\users\owner\AppData\Local\Apps
2010-06-02 13:41 . 2010-06-02 13:42 -------- d-----w- c:\program files\QuickTime
2010-05-25 17:04 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-23 17:24 . 2010-05-23 17:24 -------- d-----w- c:\programdata\Viewpoint
2010-05-23 17:04 . 2010-05-23 17:18 -------- d-----w- c:\users\owner\AppData\Roaming\FinalMediaPlayer
2010-05-23 17:03 . 2010-06-14 03:05 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-05-23 16:48 . 2010-06-15 16:57 -------- d-----w- c:\users\owner\AppData\Local\QuickPlay

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 12:33 . 2009-12-22 04:23 720 ----a-w- c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-06-17 07:30 . 2009-03-14 21:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-17 02:37 . 2008-10-23 10:56 -------- d-----w- c:\program files\SMINST
2010-06-17 02:17 . 2009-04-10 20:22 -------- d-----w- c:\program files\SpywareBlaster
2010-06-16 22:04 . 2009-05-04 12:22 6648 ----a-w- c:\users\owner\AppData\Local\d3d9caps.dat
2010-06-16 02:29 . 2009-03-15 23:50 -------- d-----w- c:\users\owner\AppData\Roaming\Uniblue
2010-06-16 01:08 . 2009-03-17 00:32 -------- d-----w- c:\program files\Alwil Software
2010-06-16 01:02 . 2008-10-23 09:41 -------- d-----w- c:\programdata\Norton
2010-06-16 00:59 . 2010-03-31 23:05 -------- d-----w- c:\programdata\Alwil Software
2010-06-16 00:30 . 2008-10-23 09:42 -------- d-----w- c:\programdata\Symantec
2010-06-15 23:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-13 22:02 . 2009-03-15 22:48 -------- d-----w- c:\users\owner\AppData\Roaming\Serif
2010-06-13 22:02 . 2008-10-23 09:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-13 01:48 . 2010-05-07 03:31 -------- d-----w- c:\users\owner\AppData\Roaming\OnlineArmor
2010-06-13 01:48 . 2010-05-07 03:31 -------- d-----w- c:\programdata\OnlineArmor
2010-06-13 01:44 . 2010-04-03 14:10 -------- d-----w- c:\program files\Auslogics
2010-06-04 21:08 . 2008-10-23 10:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 19:24 . 2010-04-20 22:42 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 18:28 . 2010-02-25 15:11 -------- d-----w- c:\program files\CCleaner
2010-05-26 17:06 . 2010-06-12 21:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 21:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 17:30 . 2009-10-29 01:50 -------- d-----w- c:\users\owner\AppData\Roaming\Registry Mechanic
2010-05-23 17:22 . 2010-05-11 13:17 -------- d-----w- c:\programdata\PhotoMail
2010-05-16 11:53 . 2009-10-24 00:07 -------- d-----w- c:\program files\Google
2010-05-15 10:46 . 2010-05-07 03:29 225936 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-05-14 01:27 . 2009-03-14 23:30 80968 ----a-w- c:\users\owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-12 15:21 . 2009-11-25 15:51 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 13:16 . 2009-08-25 23:35 -------- d-----w- c:\program files\IncrediMail
2010-05-07 03:29 . 2010-05-07 03:29 -------- d-----w- c:\program files\Tall Emu
2010-05-06 01:40 . 2009-11-21 03:04 -------- d-----w- c:\program files\McAfee
2010-05-05 17:41 . 2009-10-30 02:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 05:59 . 2010-06-12 21:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-12 21:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-12 21:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-12 21:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-12 21:38 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2009-10-30 02:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-10-30 02:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 03:31 . 2006-11-02 06:37 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-04-23 03:30 . 2009-07-25 03:09 180224 ----a-w- c:\windows\UninstallWSST.exe
2010-04-23 03:30 . 2007-03-12 10:35 12288 ----a-r- c:\windows\Twunk_32.dll
2010-04-23 03:30 . 2007-03-12 10:35 12288 ----a-r- c:\windows\Twunk_16.dll
2010-04-23 03:29 . 2008-05-15 10:35 237568 ----a-w- c:\windows\system32\UCI32A30.dll
2010-04-23 03:29 . 2007-10-29 00:07 221184 ----a-w- c:\windows\system32\UCI32M23.dll
2010-04-23 03:29 . 2008-04-17 18:04 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-04-23 03:29 . 2008-04-17 17:16 200704 ----a-w- c:\windows\system32\SynCtrl.dll
2010-04-23 03:29 . 2009-07-25 03:09 28672 ----a-w- c:\windows\system32\ssconfig.exe
2010-04-23 03:29 . 2009-07-22 14:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-04-23 03:29 . 2009-02-20 16:35 376832 ----a-w- c:\windows\system32\S64CPA.exe
2010-04-23 03:29 . 2009-03-05 10:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-04-23 03:29 . 2005-06-27 16:07 307200 ----a-w- c:\windows\system32\pcre.dll
2010-04-23 03:27 . 2006-11-02 08:51 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys
2010-04-23 03:27 . 2009-09-02 07:09 176128 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-04-23 03:27 . 2006-11-02 08:30 40960 ----a-w- c:\windows\system32\drivers\processr.sys
2010-04-23 03:27 . 2008-01-21 02:23 20480 ----a-w- c:\windows\system32\drivers\flpydisk.sys
2010-04-23 03:27 . 2007-11-01 01:47 208896 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2010-04-23 03:27 . 2008-01-21 02:23 118784 ----a-w- c:\windows\system32\drivers\E1G60I32.sys
2010-04-23 03:27 . 2006-11-02 08:30 40960 ----a-w- c:\windows\system32\drivers\crusoe.sys
2010-04-23 03:27 . 2008-12-12 16:11 61440 ----a-w- c:\windows\system32\dnssd.dll
2010-04-23 03:27 . 2009-02-20 16:36 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-04-23 03:27 . 2008-03-04 22:58 774144 ----a-w- c:\windows\system32\CVAUX.DLL
2010-04-23 03:27 . 2008-03-04 22:58 1691648 ----a-w- c:\windows\system32\CV.DLL
2010-04-23 03:24 . 2008-10-23 09:55 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2010-04-23 03:24 . 2008-10-23 09:55 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2010-04-23 03:24 . 2008-10-23 09:55 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2010-04-23 03:24 . 2009-02-20 16:35 61440 ----a-w- c:\windows\system32\athihvui.dll
2010-04-23 03:23 . 2009-12-10 19:26 249856 ----a-w- c:\windows\Setup1.exe
2010-04-23 03:23 . 2010-03-29 16:46 90112 ----a-w- c:\windows\SDUnInst.exe
2010-04-23 03:19 . 2009-04-21 23:41 184320 ----a-w- c:\windows\Help\OEM\scripts\SecurityStatusServer.dll
2010-04-23 03:19 . 2006-10-17 21:05 24576 ----a-w- c:\windows\Help\OEM\scripts\launchAP.exe
2010-04-23 03:19 . 2006-09-29 17:28 4096 ----a-w- c:\windows\Help\OEM\scripts\Interop.HelpPane.dll
2010-04-23 03:18 . 2009-07-25 03:09 466944 ----a-w- c:\windows\Christmas Dreams.scr
2010-04-23 03:07 . 2007-03-02 20:10 65536 ----a-w- c:\users\owner\AppData\Roaming\HPAppData\RegClean.dll
2010-04-23 02:39 . 2009-02-20 17:10 36864 ----a-w- c:\programdata\Temp\{CDD849CF-7442-466F-B026-8C93990A7C3C}\PostBuild.exe
2010-04-23 02:39 . 2009-06-16 22:54 36864 ----a-w- c:\programdata\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2010-04-23 02:39 . 2009-02-20 17:08 36864 ----a-w- c:\programdata\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
2010-04-23 02:39 . 2009-02-20 17:06 36864 ----a-w- c:\programdata\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
2010-04-23 02:39 . 2008-10-23 10:46 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2010-04-23 02:39 . 2008-10-23 10:44 36864 ----a-w- c:\programdata\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
2010-04-23 02:39 . 2008-10-23 10:43 36864 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-04-23 02:39 . 2008-03-29 23:57 217088 ----a-w- c:\programdata\Stardock\DesktopX\GadgetRuntime\SDCtrls.dll
2010-04-23 02:38 . 2007-09-07 15:44 94208 ----a-w- c:\programdata\PopCap\PopCapLoader\Oberon\BookwormAdventures\j2k-codec.dll
2010-04-23 02:37 . 2007-10-23 15:29 2568192 ----a-w- c:\programdata\PopCap\PopCapLoader\Oberon\BookwormAdventures\BookwormAdventures.dll
2010-04-23 02:36 . 2010-02-24 17:53 225280 ----a-w- c:\programdata\Kodak\EasyShareSetup\wtf\finish.exe
2010-04-23 02:36 . 2010-02-24 17:51 225280 ----a-w- c:\programdata\Kodak\EasyShareSetup\wtf\update.exe
2010-04-23 02:36 . 2010-02-24 17:50 225280 ----a-w- c:\programdata\Kodak\EasyShareSetup\wtf\start.exe
2010-04-23 02:36 . 2010-01-07 16:39 45056 ----a-w- c:\programdata\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2010-04-23 02:36 . 2010-01-07 16:41 77824 ----a-w- c:\programdata\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
2010-04-23 02:36 . 2010-02-24 17:50 1187840 ----a-w- c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_759da7\EasyShrx.Dll
2010-04-23 02:36 . 2010-01-07 16:38 1187840 ----a-w- c:\programdata\Kodak\EasyShareSetup\$SETUP_140001_ac7acd\EasyShrx.Dll
2010-04-23 02:36 . 2010-02-24 17:49 114688 ----a-w- c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.2.30.1.dll
2010-04-23 02:36 . 2010-01-07 16:38 114688 ----a-w- c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.0.20.1.dll
2010-04-23 02:34 . 2007-03-06 07:33 12288 ----a-w- c:\programdata\HP\Digital Imaging\Data\Destination\aiopfl.dll
2010-04-21 18:19 . 2008-10-23 10:53 -------- d-----w- c:\program files\Common Files\Java
2010-04-21 18:18 . 2010-04-21 18:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 08:13 . 2010-05-07 03:29 24440 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-04-20 08:13 . 2010-05-07 03:29 30584 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-04-15 22:49 . 2010-03-02 23:42 1335048 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-04-08 20:48 . 2010-03-16 22:41 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-04-06 21:52 . 2010-04-20 22:42 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_Launch.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-07-29 01:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-07-29 01:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-07-29 01:49 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-07 160328]
"CalendarPal"="c:\program files\CalendarPal\CalendarPal.exe" [2007-01-23 1150976]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-03-11 468264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-07-29 671376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-04-23 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2010-04-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.Commonstartup
backupExtension=.Commonstartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2010-05-15 10:46 6785808 ----a-w- c:\program files\Tall Emu\Online Armor\oaui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Input Device Main Program]
2010-04-23 02:15 356352 ----a-w- c:\program files\HP\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2007-08-31 19:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2008-07-03 14:37 812952 ----a-w- c:\program files\Registry Mechanic\RMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ----a-w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2009-10-10 21:07 320832 ----a-w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol System Monitor]
2009-10-10 21:07 320832 ----a-w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:a6,47,4c,63,4e,2b,ca,01

R0 ilpjo;ilpjo;c:\windows\system32\drivers\qbchs.sys [x]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-05-15 225936]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-04-20 24440]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-14 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-03-14 66632]
R2 0017641273110049mcinstcleanup;McAfee Application Installer Cleanup (0017641273110049);c:\windows\TEMP\001764~1.EXE [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-03-26 93320]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\OAcat.exe [2010-04-20 1284600]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2010-04-20 3506680]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
R3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-04-20 30584]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-14 12872]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [x]
S3 HpGmb001;USB Mobile Packet Filter Driver;c:\windows\system32\DRIVERS\HpGmb001.SYS [2008-08-26 11264]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 16:44]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 16:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://thundercloud.net/start/index.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open Image with Open IT Online
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\g6fa34yc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 09:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1808)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
Completion time: 2010-06-17 09:08:13
ComboFix-quarantined-files.txt 2010-06-17 13:08
ComboFix2.txt 2010-06-17 12:28

Pre-Run: 200,767,721,472 bytes free
Post-Run: 200,133,132,288 bytes free

- - End Of File - - 2384409A51DA28D0871E345B51E8AAD9

[Fred Flintstone]

Hi MissM..

I want to try a reg fix to restore default file associations for .exe files.
(It'a safe script, just tested it on myself)!!

First though, disable TeaTimer as it might interfere with the script:

teatimer

Please disable Teatimer as it may interfere with the fix.

First:
• Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
  
• Choose Exit Spybot S&D Resident


Second:
• Open Spybot S&D
  
• Click Mode, check Advanced Mode
  
• Go To Left Panel, Click Tools, then also in left panel, click Resident
  
• If your firewall raises a question, say OK
  
• Uncheck the box labeled Resident Tea-Timer and OK any prompts.
  
• Use File, Exit to terminate Spybot
  
• Reboot your machine for the changes to take effect.

third:


• download ResetTeaTimer.exe and double click to run

We will re-enable it when your computer is clean.

Then:

Create a Registry 'merge' file

• Open Notepad
  
• Copy/Paste the 'entire' contents... in the code box below...to Notepad.
  

  Windows Registry Editor Version 5.00
  
  [HKEY_CLASSES_ROOT\.EXE]
  @="exefile"
  "Content Type"="application/x-msdownload"
  
  [HKEY_CLASSES_ROOT\.EXE\PersistentHandler]
  @="{098f2470-bae0-11cd-b579-08002b30bfeb}"
  
  [HKEY_CLASSES_ROOT\exefile]
  @="Application"
  "EditFlags"=hex:38,07,00,00
  "FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
    00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
    32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
    00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00
  
  [HKEY_CLASSES_ROOT\exefile\DefaultIcon]
  @="%1"
  
  [HKEY_CLASSES_ROOT\exefile\shell]
  
  [HKEY_CLASSES_ROOT\exefile\shell\open]
  "EditFlags"=hex:00,00,00,00
  
  [HKEY_CLASSES_ROOT\exefile\shell\open\command]
  @="\"%1\" %*"
  "IsolatedCommand"="\"%1\" %*"
  
  [HKEY_CLASSES_ROOT\exefile\shell\runas]
  
  [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
  @="\"%1\" %*"
  "IsolatedCommand"="\"%1\" %*"
  
  [HKEY_CLASSES_ROOT\exefile\shellex]
  
  [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
  @="{86C86720-42A0-1069-A2E8-08002B30309D}"
  
  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]
   

  
  
• Save the file ...Name:"fix.reg"...File Type as: "All files" (*.*) ...to your desktop
  
  fix.reg <<------------- you should see this on your desktop.
  
• Go to Desktop, double-click the fix.reg icon
  
• Reply Yes...to the merge prompt... to enter this data with your registry.

Once done, try again to run one of the programs that refused to work before and let me know if there is any difference?

Do you have a Windows disc for this computer?
If so, we will try SFC (Sytem File Checker) next.

Thanks
Fred

[MissM]

Hi Fred,

I got all the way through but when I double clicked on 'fix reg' I got this message:
``````````````````````````````````````````````````````````````````````````````````````````````````````````````
Registry Editor
Cannot import C:\Users\Owner\Desktop\fix.reg: not all data was successfully written to the registry. Some keys are open by the system or other processes.
```````````````````````````````````````````````````````````````````````````````````````````````````````````````````

I re-copied and pasted to notepad to make sure I got it right, redid and got the same message.
I was not in safe mode. Should I try it that way?

[MissM]

Hello again,

I went ahead and went to safe mode and it took successfully, but still cannot open certain programs.

You asked if I got a disk with my computer. No, no disk,I have the box and everything else but in the box was a little paper that told me to create my own disk by going to Recovery Manager?? Or buy a disk from them.
Why in the world would a co.sell a computer without a recovery disk:(
And why did I not check for that when I bought it:(

I can open Firefox,(obviously I am here;) but cannot open IE only in safe mode. Can open defragger, spyware blaster,emails,I can open Ccleaner, Malwarebytes,I just looked at some things on my start list and see Microsoft Silverlight and clicked on that and got that same ol message about not being able to open it.
Registry Mechanic opens,by the way what do you think of that program? It says, 'system health is low'Spybot opens

So that is some of what I can and cannot open.I find it odd I can open Firefox in normal mode but IE can only be opened in safe mode networking.

This post has been edited by MissM: 18 June 2010 - 02:42 AM

[MissM]

Well I got brave tonight,since I have no recovery disc that came with the puter I am following HPs instructions on making my own. I happened to have a lot of blank discs and am on the first one now.I had the kind they recommended.
So will see if they do ok and let you know so you can tell me what to do with them once I have them,lol

This old ladys brain is learning and learning Can't wait to tell my kids
altho at times I have felt like and and

This post has been edited by MissM: 18 June 2010 - 03:58 AM

[Fred Flintstone]

Morning MissM.. just off to work, but try this to see if IE will open without addons.

With the pc booted in Normal Mode:
Go to Start click in the Search box and type Internet Explorer.

You should see in the list above an option Internet Explorer (No Addons)
Click that to see if IE will run as it could be a problem addon causing problems.

Let me know how you go
Thanks

Fred