Posts by jholland1964

Is it possible these are usually Hidden Folders? I have never heard of this before.

You are NOT Finished. You did not do all the steps requested by RIK. The running of Mbam is ESPECIALLY important to clean the computer. Just deleting those few files is NOT ENOUGH. You have a hijacked computer which shows clearly in your HJT log. Just removing those files will not stop that. Your computer and personal files can be very much at risk.
Please take note of exactly what RIK told you:

You have a quite badly infected pc there.

He had you remove those few files in order for you to be able to complete the rest of the steps he gave you.
You should follow the rest of his steps if you want your computer clean, because as of yet, it is not.

Ok, you need to run HiJackThis again. Place check marks next to the following entries:

O4 - HKLM\..\RunServices: [rssb] C:\WINDOWS\system32\rssb.exe
O4 - HKLM\..\RunServices: [rsmg] C:\WINDOWS\system32\rsmg.exe

O23 - Service: AVP - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\kav6\avp.exe (file missing)
Once you have placed the check marks click the Fix Checked button.
Exit HJT.
Reboot the computer.
Now your Java is way, way out of date and definitely needs updating. You should go HERE and download the latest version which is version 6 update 14. Please choose the Offline Install and just save it to your desktop for easy access.
After you have downloaded that install file then close all browsers and go to Add/Remove and uninstall the following:

J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9

After the Uninstalls are complete then double click that Java install file on your desktop to install the latest version. When it has completed go back to the download page and on the Right Side you will see Verify Now. Click that and you will be taken to the verification page where you can check to be certain the new install was complete.

Now as far as this question:

there are no lables under any of the files or folders. Once I open a folder, there labels are under everything else.

I am not exactly certain what you mean. Look at my …

swears by this PC Security shield

that is really too bad. This program is truly a rogue program. Plus it is a paid program, which makes it doubly bad in my books. There are multiple excellent FREE programs which would provide superb protection for absolutely nothing. Show her my attachment of the rating for the website of this PC Security Shield. This is the web site rating...what does that tell you about the program itself if their web site is rated that badly? Some browsers won't even let you go there!
Well I can continue with clean up steps but I can tell you right now the infections will still get on there again.
Next thing you need to do is this:
Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked at and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Hi there recently my step sister has been using limewire on our family computer and since then every time I use google 90% of the time the search results I click on redirect me to a useless search engine of some sort.....(Oh and I have taught her how to use torrents since then so I don't think the problem will reoccur.)

The use of torrents is NO safer than any other file sharing program, I have no idea who told you this but file sharing is pretty much the easiest way to severely infect a computer....especially a computer running an alleged "security" program such as PCSecurityShield with such a poor reputation and considered Rogue Software. Their own website is considered a high security risk to even visit!
Uninstall this program IMMEDIATELY via Add/Remove!

Turn OFF ALL file sharing programs, better yet, uninstall them all. The computer cannot be cleaned with these programs being used.

Your HJT log is incomplete. The entire log must be posted including the topmost section which would read similar to this example

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:31 PM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

AFTER Uninstalling the Rogue security program and removing or totally disabling all file sharing programs then do the following:

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts …

Are things running better?

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer
Run a new HJT scan and save that log.
Post back with both logs

And stay out of the registry

What version of HiJackThis is it? The newest version is 2.0.2.
Download the new version and try that one.

Also, give us the names of the items removed by AVG

It would be helpful if you would give us more information. We have no idea what sort of problems you are experiencing or how you know you have a "virus or something".
Your HJT log does show that you are running multiple or parts of multiple anti-virus software. This is a No-No. The absolute rule is only one anti-virus program should be on the machine. If you change programs then the old one should be completely removed before the new one is installed.
Your log shows:
IObit Security 360, what I believe to be a test version. I always advise against using test versions of especially security programs because they are what they say "test" versions, not the finished product.
Parts of AVG anti-virus but not all of it.
Run HiJackThis again and place check marks next to the following entries:

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: 200.124.131.116 casinocontroller.com
O1 - Hosts: 200.124.131.116 casinocontroller.com
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {56b56feb-390f-4fc1-9efd-a95d6bcabea4} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: …

Try going back to the time before this all happened

Bad Advice
Using System Restore WILL NOT remove infections from the machine. Using System Restore now especially will only restore what has all ready been remove. System Restore only backs up certain files, not all files. Infection removal must be done using good removal programs.

First do the following:
Disable Spybot's TeaTimer

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer in Safe Mode.
Once it is restarted do a search on the computer for these two files noted in RED
C:\WINDOWS\system32\rssb.exe
C:\WINDOWS\system32\rsmg.exe

When you find them Delete them, just the Two files noted in RED not the entire folder

Go to Add/Remove and Uninstall the following programs:
Napster
Napster Burn Engine
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Reboot the computer.
Update MBA-M and do another Full Scan with it. Remove everything found and Save the log.
Reboot.
Run a new HJT scan and save the log. Post back with both new logs.

That mailbox is in a UNIX file format and is not designed to be ever opened in a windows app

Then why is it on there?

Ok, first of all go to Add/Remove and Uninstall anything having to do with the Viewpoint Media Player. This is considered foistware and is not needed. It was installed with something else.

run HJT again and place a check mark next to the following entries:
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Unknown owner - C:\Program Files\Sygate\SPF\smc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Once you have placed the check marks click the Fix Checked button.
Exit HJT and reboot the computer. Then tell me how things seem to be running.

Are you running Sygate Firewall?

the same thing happened to me tuesday.

its as though its trying to execute an aol search command, but always fails and then starts over

Jack, you need to begin your OWN thread, giving all the particulars. What may "seem like" the same problem may not be since this concerns two different computers. Plus this thread has been marked solved and therefore help would not be offered here.

If all is well you can mark this one as solved.

Thanks, would like to see what is in there.
Also do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Reboot the computer. Run a NEW HJT scan and post that log along with the ESET scanner log.

Update MBA-M and run another Full Scan with it. Remove all that is found.
Reboot.
Run a new HJT scan and save the log. Post back here with both logs.
Judy

Thanks Crunchie!
aharrold, first of all you need to Uninstall Combofix as it won't be needed anymore.
To do this do the following:
* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"
Next, now you had Spywareguard on the computer and as noted it has never been tested with Vista and is a work in progress, HOWEVER the better program from the same creator, javacool, is SpyWareBlaster. An excellent, MUST HAVE program, I wouldn't run my computer without it and it DOES work just fine on Vista.
From their website here is an explanation of what it does:

Multi-Angle Protection

* Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
* Block spying / tracking via cookies.
* Restrict the actions of potentially unwanted or dangerous web sites.

And especially good...it DOES NOT run in the background. Just download, install, update, ENABLE all, including Restricted Sites portion and then Close the program. Just manually check for updates weekly and enable all new update protections.
Choose a download site from HERE

The ESET log clearly shows infected files:
C:\Documents and Settings\pouneh\Desktop\burningart\home\Mailbox multiple threats (contained infected files) but nothing was cleaned. You should run it again and this time have it clean. You must have infected emails in there if it is truly a Mailbox.
When you run a scan you have to have it clean or else it is pointless. Please run ESET again, have it clean and post the log.

Ok,good thinking! Now this will take awhile to read, and I want crunchie to see it too, so PLEASE don't take any other steps until instructed to do so, ok?
Judy

I just worked for 3 Hours on this same issue. It turned out that the line in HiJackThis: "O20 - AppInit_DLLs: ms32clod.dll" was the culprit. Malware-Bytes would not update or finish cleaning. Internet explorer would crash, & Windows Update would crash. Always referencing msvcrt.dll as the problem. As soon as I removed that Line using hijackthis & restarted everything was back to normal again. Hope this helps someone else who is having this issue.

We KNEW this was part of the infection, that was not the sole problem with the poster's machine, he had very corrupted files.
Also jedwar10 please bear this in mind:
When you fix these types of entries, HijackThis does not delete the offending file listed it only removes the listing from the scan. It is recommended that you reboot into safe mode and delete the offending file.

Does combofix even begin to run? Did you give it time, it isn't a fast scan, it takes awhile.

Yes it works on Vista 32bit, not 64.
Correct, it should be run from the desktop.
What happens when you try to run it?

Antivirus services were set to manual

not good enough, they need to actually be turned OFF, same goes for Windows Defender, MBA-M, SpywareGuard (which shouldn't be on this machine at all because it has never been tested on Vista and is considered a program in development, uninstall it), Spybot if any of it is still running. All of those, including Firewall, should be OFF. If you prefer go totally off line when these are disabled and try to run combofix.
Let us know what happens and what if any error messages you receive.

Your most recent MBA-M scan shows No Action Taken. Also on previous scans did you reboot immediately after running the MBA-M scans and BEFORE you did anything else? This is essential for full cleaning most of the time and therefore the recommended way to do it. Also, it would help if you re-enable those auto starting programs for now, you can always stop them once this is complete. We can't tell what may be hidden on there, even if the program doesn't appear to be auto starting, sometimes they do.

Other than that there was a BDT involved i dont know much.

Honestly, I am not up on acronyms, what do you mean by BDT?

got a string of nasties a couple days ago, and just finished dealing with them

It would certainly help to know exactly what these were, how they were removed and with what?
Were the scans you just posted done in normal mode? You appear to have very few auto starting programs.
If you have logs from the actual removals these would be much more helpful. Quite often the steps recommended depend on the actual malware involved.

Just noticed. The HiJackThis you are using is way out of date. Uninstall this and download a new version.

Your Malwarebytes' database is also way out of date. Current version is 2353. Please update it also and do a Full System scan. Have it remove anything found and save the log.
Please do both of these in NORMAL mode.

You should print these instructions because all FireFox browsers MUST be closed before running the fix.

* Please double-click Goored.exe on your Desktop to run it.
o Select 2. Fix Goored by typing 2 and pressing Enter.
o Make sure all instances of Firefox are closed at this point.
o Type y at the prompt and press Enter again.
o A log will open which you can just close. The log file is named Goored.txt and is on your Desktop.
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

* Now rerun FireFox and please attach the new Goored.txt log to your next reply

Ok, here's crunchie's recommendation:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

* Double-click GooredFix.exe to run it.
* Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
* A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.
Judy

I have no idea of your location, I believe crunchie's is Australia, I am in the US so take into consideration possible time differences.

My problem still not solved. Planning to restore the system with HP recovery manager. Its my HP laptop.

-Hari

hari, one reason your problem is not solved is you have not posted back here in 6 weeks. There is no way we can offer help if the poster fails to return in short order. Since 6 weeks have passed there is no way to know exactly what may be wrong with the computer now, or if any changes recommended have even been attempted.
This should be a lesson to all, if you ask for help stick with it. We are not mind readers and cannot offer other solutions or fixes to try unless the poster returns with the results of the last suggestions.

I am going to advise that you hold off running any more removal tools, until crunchie can take a look at this. Vista can be very "squirly" with some removals, you don't want to mess anything up, ok?
There obviously is "something" there and I have an idea of what crunchie may recommend but since I am hesitant with the Vista OS I want to wait. He will check this out I assure you.
Judy

Run HJT again and put check marks next to these two entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 207.248.228.166:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
Click the Fix Checked button.
Exit HJT.
Reboot the computer.
Check to see if you are still being re-directed.
Run an new HJT log and post it here.

Ok, I am going to refer this to crunchie to take a look. Some tools don't run well in Vista and don't want to cause more problems.
I do have two concerns and hope you can answer immediately:
Why does SpywareBlaster show as running? It DOES NOT run in the background, it is not supposed to run in the background but it clearly shows as running on your machine.
You also show SpywareGuard as running on your computer. This is considered a Work In Progress by the developer Javacool and has NOT been tested on Vista, it's most recent updates were in 2004 and they DO NOT recommend it be installed on a Vista Machine. I would recommend it's immediate UNINSTALL.
Also why is Malwarebytes' running in the background?

I figured i would run MBA-M again and the uacinit.dll file is back and it cant seem to delete it on reboot.

Ok, then another tool is needed:

Download (Download) the latest version of ComboFix save to you desktop
Disable or Close all anti-spyware, anti-malware antivirus real-time protection, which may affect ComboFix.
Close all programs of you computer and do nothing on the computer while combofix runs.
Double click ComboFix.exe on you desktop
When Combofix finished, it will create a log for you, please post back here with that log.

yes i did! i was refering to clicking the program registries in Hijackthis. I do but then they just reappear!

The only one you would need to be concerned about is that O16 entry. It WILL reappear if you go back to that site, so if IT keeps coming back then you are visiting that site.
Those entries I noted were just general clean up...there is NO infection putting them on there so don't worry about them Plus they are NOT REGISTRY entries. The Registry is an entirely different thing and we are doing nothing with the registry.
did you follow the instructions as I gave them...all the way through including:
Place the check marks, CLICK the FIX CHECKED button. EXIT HJT.
REBOOT and then run a NEW HJT scan and post the NEW log here?

I won't know the log is clean until you post a new one. If you yourself added that O15 Trusted site then it is ok, however, when I tried it then it would not come up. That is why I told you to remove it. It generally wouldn't be needed there if this is your regular ISP site.
The O16 is also ok as long as you personally know what it is. I could find no information for it.
Please run HJT again and I can check the log.

Can you better explain this onclick ? I find no information concerning a virus of this name.
The logs you posted are the Original logs not new ones.

First of all you need to TURN OFF the Spybot TeaTimer as it can interfere with fixes done.
Disable Spybot's TeaTimer

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Next run HiJackThis again and place check marks next to the following entries:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;;*.local;;;;;;;;;;;;;;;;;;;;<local>
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: {01232355-5C70-455B-B33E-A62433F3B77F} (WebCamX Control) - http://cctv.nolanseafoods.co.uk/WebCamX.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - http://www.cardsmadeeasy.com/403.html
O16 - DPF: {AA25A56C-B654-4356-B390-DC3594B75C63} (HCNetActiveX Control) - http://192.168.1.67/codebase/HCNetVideoActiveX.cab

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Next do the following: download the latest version of Java which is version 6 Update 14 choose the Offline Install and save it to the desktop for easy access.
Next close all browsers and go to Add/Remove. Uninstall the following programs:
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Once you have done those uninstalls then double click the new Java install file on …

Run HJT again and place a check mark next to the following entry:
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
Click the Fix Checked button.
Exit HJT.
Now your Java program is WAY out of date and should definitely be updated as that can be a security risk. First of all download the latest SunJava version which is Version 6 Update 14
Download the Offline Install file and save it to your desk top.
Once you have done that download then close your browsers and go to Add/Remove and Uninstall ALL old versions of Java that you find there. When all of those are Uninstalled then double click that install file on the desk top to install the latest version. When that is complete go back to the download page and on the right side you will see Verify Now. Click that to go to the verification page to be certain that your install was successful.
Judy

If you are sure all is fixed you can mark this solved. However is you are concerned about the crash, can you tell me what happened exactly when the crash happened? Did you get an error message, and if so what was it?

I didn't tell you to remove any registry entries, what are you talking about? Did you read my last post concerning old registry entries?

There really is no need to worry about these. They are just old entries that do nothing. The registry isn't awful.
Some programs have hundreds of entries in a registry, yes some from old programs but this doesn't affect the performance of the computer. They just sit there, do nothing. Registries have gotten larger over the years just because of the increase in size of the drives themselves. The belief that old and unused registry entries need to be cleaned out is false, at least in my belief. They do nothing but sit there. Playing in the registry to remove old entries often times do more damage than just letting them sit. Remove the wrong thing, hit the wrong key and you may "zap" the entire operating system itself. Just leave them alone. They hurt nothing.

I would recommend that you Uninstall The Rosetta Stone, that is where some of the infected files are located.
You need to run ESET again and be sure that Remove found threats is checked and the option to Scan unwanted applications is Checked.
Reboot the computer
Update MBA-M and run a Full System Scan with it.
Be sure that everything is checked, and click Remove Selected
Reboot the computer
Run a new HJT scan and save the log. Post back with those three logs.

Please Download ATF-Cleaner.exe by Atribune
Save to the desktop for easy access.

Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer

Please Run the ESET Online Scanner and attach the ScanLog with your post for …

If you feel all is ok then you can mark this solved.

Run HiJackThis again and place check marks next to the following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza Pro\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)

O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - (no file)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/newe...feControls.cab

Once you have placed …

There has to be someplace WITHIN the program itself which tells it to auto start, maybe in it's preferences or options. I don't honestly know since I don't use it.

Probably a good idea. Just be sure you have all your disks

Really looks to me like you probably have some corrupt system files with all these programs having errors. You would do well to run a Disk Check and have it repair. You will need your system disk probably.

Check another faulting program error and see what caused it to fail also.

Your logs look pretty good. One thing I would recommend however and that is NOT to have the Facebook IM program start automatically with the computer. It can easily be run manually. Since you had the problem with this program in the first place I would not give it the power to run on it's own. The choice is yours really but that is what I would recommend.
You need to Uninstall Combofix and it is not needed anymore and shouldn't remain on the computer. If you are told to use it again a new copy should always be used.
To uninstall it do the following:

* Click START then RUN
* Now type Combofix /u in the runbox and click OK. The space between the combofix and the /u, it must be there.
When shown the disclaimer, Select "2"

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.