Sorry- we're behind. this is a very busy forum.

Mention to your wife that the Coupon Bar isn't a good place to visit! Full of adware.

Please reopen HijackThis to 'do system scan only.' Check each of the following if present: Optional removals are in green:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll See Optional 1
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll See Optional 1

Optional 1: Foistware: AskBar
You have the Ask Toolbar installed, I would recommend you uninstall it - decide after taking a look at this article:
http://www.benedelman.org/spyware/ask-toolbars/

(If you choose to remove it, uninstall it and delete this folder C:\Program Files\AskBar}

Close all Windows except HJT. Click on "Fix Checked."

Download SDFix HERE and save it to your Desktop.

• Double click SDFix.exe and it will extract the files to %systemdrive%
  (Drive that contains the Windows Directory, typically C:\SDFix)
  
  Boot into Safe Mode
• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  
  Run SDFix
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• Attach Report.txt back here

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Rescan with HijackThis. Leave the following in your next reply:
SDFix Report
Eset log
HJT log

Thanking you in advance for your patience.

One problem is that you did not check the line in Mbam to remove the entries it finds> it shows No Action Taken.

Please update Mbam and scan again, after doing this:
Make sure that everything is checked, and click Remove Selected.

After that, please run Combofix- it looks like it's up again:
Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  
• Run Combo-Fix.exe and follow the prompts.
  (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
• Wait for the scan to be completed.
• If it requires a reboot, please do it.

• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

There has been a problem with Combofix, so if you get message that it's not available, let me know.

When finished, do online scan:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Include the following in next reply:
Combofix report
Eset log
new scan with HijackThis

Please make not to remind me to tell you how to reset the Cookies.

I don't see any antivirus program running. I totally missed this in the first HJT log! You mentioned Avast in your post but where is it?

MEMSWEEP2: Added by the Sophos Anti-Rootkit security a Trojan Remover. It does not have antivirus protection/

Handle that first.

Then remove the pirated program:
ADOBE.CREATIVE.SUITE.4.MASTER.COLLECTON.DD.MULTILANGUAGE-ISO
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

hpqthb08.exe is process which improves the startup time of HP Image Zone. HP throws all the Digital Imaging processes on Startup-none of them need to be there! So take them all off!

Regarding the Eset scan: it found the C:\Qoobox\Quarantine> Qoobox is where Combofix send the quarantined files. It off the system and it will be removed when I have you uninstall Combofix.

P2P Warning:
I notice that you have BitTorrent which is a P2P program. P2P (person to person) programs are also called 'file sharing' programs. In earlier computer days, these programs did not have much threat. But as they progressed, so did the dangers of using them. For that reason, we do not permit discussion of this type of program, not do we support it. The exception is to suggest you uninstall (c:\\Program Files\\DNA\\btdna.exe) P2P programs for the following reasons:

• As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
• Malware writers use these program to include malicious content.
• Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
• The 'sharing' also includes malware that the shared system has on it.
• Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.

Let me know what you're going to do about the Adobe program so we can go on- or not.

The first 3 cleaning program do not require you to disable the security. When you get to Combofix or Eset, yes, instructions are to disable it. But you are always told to enable it as soon as you are finished with the program. Please reinstall and update it now

Regarding MEMSWEEP, I just left that with the comment that it did not have an AV program- in case you though it did. You don't need to do anything with it.

We should finish completely to make sure all the malware is gone. sometimes the main problem-aka-Google direct- resolves, but the can be other malware entries.

You should uninstall the Adobe C4 program either with it's own uninstaller or in Add/Remove Programs.

I went back to reread all the posts and noticed this:

An .exe file is what 'executes' a program. If you want to go to the Green Bay Packers site, and .exe files attachment isn't going to work because the site doesn't get 'executed' like a program does.

For instance: hpqthb08.exe will bring up many sites because hpqth08 must be 'executed' to work. But if you entered hewlettepackard.exe, you're not going to find it because hewlettepackard isn't a program that need to be executed.

BitTorrent shows starting up on 2009-05-16 17:38. So you need to take it off of startup. Do a search on the computer for it- look first in All Programs.

I'll take you at your word on uninstalling the Adobe c4 program. You can have HijackThis remove the entries I left, then uninstall in Add/Remove, follow by deleting the program folder in Windows Explorer> C/Programs

Uninstall ComboFix.exe And all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Run the Eset scan once more and if it's clean, I'll have you remove the cleaning tools and set new restore point.

A tip for users on the system: stay away from the Coupon Sites!

You still don't have an antivirus program. Without that, what we have done was a waste of time!

I just had another member with this same program pirated. And he was full of malware.

Part of my job is to tell members when they have either too many antivirus programs or none. If I don't see an antivirus entry in the HJT log, that means that at the time the scan was done, there was no AV running. That is not safe.

Is the printer working yet?
Has the search problem been resolved?
What problem remain since you have run the scans?

You really don't need to know this-but-I go back and read all the replies in a thread. Sometimes I repeat what I've said for emphasis. And occasionally I miss something.

To remove the cleaning tools and set new clean restore point:
Remove all of the tools we used and the files and folders they created

• DownloadOTCleanIt by OldTimer
• Save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.

The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.


You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you desire.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

If I can help you in the future, please let me know.