Posts by jholland1964 - Page 22

The Hosts file has absolutely nothing to do with those Elf toolbars.

Well here is some info about the website you used for instruction. It is well known as an extremely, untrustworthy website. One of the major comments against it is :"Recommends running Combofix willy nilly and then pushes purchase of it's registry cleaner on users" It has also been noted for malicious content, spyware and malware installs. Persons using the Web Of Trust warning add on for their browser will also receive the advanced warning shown in my attachment. I realize none of this helps you but I post this mainly for others reading this, especially concerning the use of combofix which should never be used without the advice of a helper. It is generally a one time only tool and has to be used in a specific way.

I ask that you please follow the instructions given to you by crunchie and post back here with the results.

Just run the program.

Some confusion here on my part. You don't have to worry about the Host file notice as I said earlier. This is normal for both Vista and Windows7. I only gave that option because you mentioned it again and I thought there was additional difficulty. The message comes in the middle of the scan because that would be the time the program checks the host file entries. You ran the program before by ignoring that message. Continue to do the same. We don't need to see the host file.

I see that you uninstalled AVG. You need an anti-virus program on there ASAP.
I would suggest Avira Free or Avast Free

Either one ranks much higher than AVG and consistently are in the top ranked av programs including any of the paid programs.

You also need to check your settings. Make sure that Firefox is chosen as your default browser. In Firefox click Tools. On the General Tab at the bottom make sure there is a check mark in Always check to see if Firefox is Default Browser on Start up and also click the button that Says Check Now.

You need to run HJT again and put a check mark next to this entry
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-
Once you have placed that check mark click the Fix Checked button and Exit HJT

Reboot, run another scan with HJT and post the log.

For Vista: simply exit Hijackthis, right click on the Hijackthis icon and choose 'run as administrator'.
do this and fix those items again.

Ok, now I want you to run it again and put check marks next to these entries, please notice now they are slightly different:
O2 - BHO: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\tbElf_.dll (file missing)
O2 - BHO: Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (file missing)
O3 - Toolbar: Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll (file missing)
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\tbElf_.dll (file missing)

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot.
Run a new HJT scan and post that new log here.

That message is normal for machines running Vista and Windows 7, ignore it. You didn't post the new log, that is the same log you posted earlier.

I have to see the scan logs. Whenever any scan is requested please post the log ok?

Did you reboot after the removal?

Did what and still where?

double click my computer, double click c drive

You used the old version of HiJackthis.

Go to Add/Remove and Uninstall the following programs:
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Free Window Registry Repair
HiJackThis

Then download a new copy of HiJackThis from the link I gave you earlier.

Run a new system scan with Hijackthis and post back with the log.

You need to go to C:\Program Files\ double click it to open it and then look for these two Elf_1.15 and Elf_1.13 and delete them both.

Reboot the computer and run a new HJT scan and post the log back here.

Run that HJT again and this time please put check marks next to everything in the previous list. You only fixed the first two items. You need to fix them all.

O2 - BHO: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\tbElf_.dll
O2 - BHO: Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll
O3 - Toolbar: Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\tbElf_.dll
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

The reason you are still seeing this Whitesmoke Translater on the computer is that it WAS shown to you in the MBA-M scan but was not marked by you for removal

Folders Infected:
c:\Users\administrator\AppData\Roaming\whitesmoketranslator (PUP.WhiteSmoke) -> Not selected for removal

Something designated as a PUP means Potentially Unwanted Program. Those should always be removed.
The Whitesmoke Translator purports to be a program which analyzes users' writing and provides suggestions for improved grammar, style, and spelling. It gets bad reviews and its own website is considered unsatisfactory and possibly dangerous for possible Phishing, scamming, malware and spyware. I don't see it listed in your list of installed programs but it evidently is on the computer, though not installed fully.

Your Malwarebytes' program was not updated before the run. Current database is 5359 and yours showed 5309 at the time of the run and it was run in Safe Mode.
You need to update Malwarebytes and run a Full Scan with it in Normal Mode.
While the program will run and remove, as you have seen, in Safe Mode it doesn't scan everything in Safe Mode so it always should be run in Normal Mode if possible.
I ask that you do update and run again in Normal Mode, have it remove EVERYTHING found this time, Reboot the computer after it is finished.
Then also run this scan

Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use …

I want you to run HiJackThis again. This time put check marks in the boxes next to the following entries

R3 - URLSearchHook: Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\tbElf_.dll
O2 - BHO: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\tbElf_.dll
O2 - BHO: Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll
O3 - Toolbar: Elf 1.15 Toolbar - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Program Files\Elf_1.15\tbElf_.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\tbElf_.dll
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

Once you have placed those check marks then click the Fix Checked button.
Exit HJT, Reboot the computer
Run a new HiJackThis scan and post that new log.

Update MBA-M and run another full scan. Have it remove everything found, reboot.
Then download and run a system scan with HiJackThis.

http://free.antivirus.com/hijackthis/

Post back here with both logs.

No, you don't need to turn anything off to run either. Be sure to Update MBA-M before the scan. It updates multiple times a day.

This is HiJackThis. You need to uninstall the version you used because it was the wrong one.You need version 2.0.4

http://free.antivirus.com/hijackthis/

Follow these instructions for it's use this time:
Getting Started

1. Download and install HijackThis. You will need to download both the Installer and Executable files.
1. Download Installer
2. Download Executable

2. Once installed, open HijackThis by clicking Start > Program Files > HijackThis and click the button labeled "Do a system scan only".

3. Once the scan is complete, click the AnalyzeThis button. A web page will open containing helpful information regarding HijackThis.
Note: Once the scan is complete, the scan button will read "Save log". You may save the log file to your PC. Once you select where you would like to save the file, it will open in your system's default text editor. Typically this application is Notepad.

First of all I am not Tony Weiss, I am jholland64, a helper here at daniweb. I was merely citing information given by Tony Wiess from Symantec/Norton concerning this Norton VRQ tool from the Norton website.

It seems to me that you may be a bit confused about both Norton and McAfee:

Neither of these programs are free, both must be purchased to use. Many computers come with free TRIAL versions of one or the other installed on them when the computer is purchased. There are also other Trial offers for the programs but all work the same. For the trial period the programs are fully working but at the end of that trial period (which usually is 90 days) then in order to continue to use which ever one you have you must PURCHASE a full license to continue to use them and continue for them to have the ability to stop and/or remove infections. If you do not pay for them then they no longer work and must be Uninstalled.

That is the reason you had to pay Norton is because Norton Internet Security 2011 is a PAID program. The license for it must be purchased in order for it to work.

The same goes for the McAfee program, it is a PAID program and the license must be purchased in order for the program to work. What you likely received from your bank was a Trial version and therefore would have to …

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/down...virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.Since you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log and a new scan log from HiJackThis.

Note:
Do not mouse-click combofix's window while it is running. That may cause it …

Very Good! Lots of nasty items removed!
Update MBA-M and run a new Full Scan with it. Have it remove everything it finds, Reboot.
Run a new HJT scan and save the log.
Post back here with both logs.

Open Firefox, Click on Tools, Options.
On the General Tab you can choose WHERE to send Downloaded items. Change yours to say Desktop

Yes to both questions.

I need to see the actual ESET log, not just the top line.

The correct version of HiJackThis should have run on your computer, the one you chose is an older, test version. Though McAfee shows as enabled it doesn't show as running, it only shows the udpater is running.
Since the House Call scan also found infected items, though we don't know what they were I think time has come to use another tool

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.Since you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program …

Are you using an Asian language on the computer?

Your McAfee doesn't appear to be running or wasn't when you ran this scan, did you purposely turn it off?

That is normal for your operating system. Ignore that and continue.

Give us a system scan log using this program http://free.antivirus.com/hijackthis/

Still getting pop ups?

Try this scanner then, http://housecall.trendmicro.com/

Were you able to get the eSET scan to run or not?

You failed to update MBA-M before the scan and the version you are running is way out of date. The newest version is 1.50 and was released November 29th and will be installed via the normal update process so this tells me you haven't updated the program in at least two weeks. Current database version is 5354.
Your DDS log does show possibly infected files. You need to update MBA-M to the latest version and latest database and run another Full Scan, of course have it remove everything found and reboot the system. Post back here with that log.
Also do the following:
Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You will need to allow an Active X to be installed or you may use Firefox if you wish.
* You will need to temporarily Disable your current anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Post back with that log also.

Need to see the log from MBA-M also. The full log can be found in the program itself under the Logs Tab. It would be the last log there. Open it, Go to Edit, Select All, Copy. Come back here and paste it into a reply. Can't give you any other instructions or make any determinations until all the logs are posted.

Nothing personal is in the logs. No, don't zip it we want you to copy/paste the logs. Know that one piece of instruction from the creator says to zip it but our instructions say;
Copy&Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.

Oh yes, we do need to see ALL of those logs. Just because the computer is running right now and apparently running fine that doesn't mean that everything is gone, it could just be somewhat "crippled" and can "heal" itself and fire up again. So we need to take a look to be sure other steps aren't required. Hopefully they won't be but it is much better to assure that all is clean rather than have the same thing come up only worse the next time.

Don't worry about the GMER problem. Many people have difficulties with it. Just continue on.
Add this to your list to do after the MBA-M scan is complete and you have it remove all and reboot:

IF you can get online with the infected computer. If not then that's fine.
Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You will need to allow an Active X to be installed in order to run it so be sure to do that.
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Once that is finished then post back here with all the logs.

Your host file seems fine, it doesn't show in the logs and would likely show if there were a problem.

You are running TWO anti virus programs, McAfee and Microsoft Security Essentials. An absolute NO-NO. Doing this definitely lessens your protection does not add protection at all. Neither will work correctly. Uninstall one of these immediately. You also mention Norton but the program showing in your installed program list is for Norton Security Scan which is a FREE online scanner, there is no reason you would be paying for it.Norton Utilities is a Registry Cleaner, a totally unnecessary program and yes, it's paid. But there is no reason you need to clean the registry. Good security tools like MBA-M WILL clean infected registry entries if found, along with some other tools too, but regularly cleaning the registry is most definitely not needed.
In this same area you also have the Uniblue RegistryBooster installed and running, another totally worthless tool. There is truly no way to "boost" the registry. It should be removed alone with that Norton Registry Cleaner.

The NortonVRQ tool is also showing in your programs list. I don't know why you would have this unless you work for Symantec. The tool is not intended for public use but rather for use by trained Symantec personnel.Do you work for Sysmantec? If not then why do you have it on your computer?

I refer to this information from
Tony Weiss
Norton Forums Global Community Manager

We would prefer that logs be copy/pasted and not attached. Have done this with your attached logs and removed the attachments.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Adrian at 18:11:07.71 on 18/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2558.1661 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DriverHive\DriverHiveTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wscntfy.exe
…

P2P are file sharing programs like Limewire, iTorrent, BitTorrent, Frostwire. Anything like those, there are many of them, too many to list here. They are used to usually download music illegally instead of paying for it from a legitimate site like iTunes. With P2P programs you get these types of things from a person you don't know and those very often contain infections.
If you have downloaded music from anywhere without paying for it, these would be current songs, then delete the songs.

werfault.exe is the Windows Error Reporting. Allow this scan to finish and then try the other steps. There may be one additional file you will need but try the steps I gave first about the flash drive and see if you can do them. If you can't let me know.

Calm down, the steps are easy to do. They are all very simple as long as you take your time and read everything. Be sure to scan that flash drive before using it again. OR get another clean one to use for the removal programs and worry about the infected one later. Just don't use it until you are 100% certain that it is completely free of any infected files, chances are that it is NOT clean.

The tools, steps and how to do each are listing in full on the sticky. The programs themselves do no walk you through the steps, they are on the sticky so print it out if needed.Or read it from another computer as you do the steps on the infected one.

http://www.daniweb.com/forums/thread134865.html

You download the tools and save them to the flash drive. Then insert the flash drive into the infected computer. Open the flash drive and move the tools from the flash drive to the computer. Install and run each tool. Save each log. Post back here with the logs.

With MBA-M it will need to be updated if possible. Then when you run the scan run a Full Scan. When it's finished it will show you in a box every bad file found in red. Make sure there are check marks next to each and then click the Clean/Quarantine box. Reboot the computer, that is very important.

Then go to the MBA-M program, click the …

Unless you have access to another computer that can get online to get these needed tools then there isn't much that can be done.

ARE you actually using a proxy server? If not these may have been changed by the infection.
Check these settings on the infected computer, go to Control Panel, Internet Options, Connection Tab, LAN button. Make sure there is NO check mark in Use Proxy Server. Then try to get online.

I also have some advice concerning that flash drive you have used to move items from the infected computer, there would be a very good chance that you have also moved infected files to that flash drive so don't insert it into any other computer without fully scanning it or else you could likely infect another computer.

If the system is pirated as you say, a "fake Windows 7" then that means it is a pirated or illegal operating system and we cannot offer assistance. You will need to take the computer to a shop and have them do repairs with a legal copy of the operating system.

Follow the steps here and post back with the requested logs

http://www.daniweb.com/forums/thread134865.html

Oh please understand, I am certainly NOT defending the product, that was not my intention. I evidently mis-understood your post, I thought you were saying, because you ran all those infection removal programs, that YOU knew you had infection on your computer. This could certainly cause problems with any program.

The title of your thread, "Need help getting rid of internet redirect" would indicate an infection but in your last post you say you had no infections on your machine, that you installed this new copy of Trend Micro on your Uninfected machine and it found no infections but for some reason you then attempted to remove it. Frankly, I don't know why you decided to remove this program you paid for from your computer, you don't explain that at all, and if you believe the computer is clean I am not certain why you posted in this forum which is solely for assistance in removing, as the name implies, Viruses, Spyware and other Nasties or why you used the infection removal programs.
Those would not remove a valid program and whether either of us like it or not, TrendMicro IS a valid program. It is not what the removal tools we ask posters to use are for and if they DID remove valid programs when attempting to remove infections from a computer then they would not be on our list of recommended tools.

Therefore, I believe you have posted this question in the wrong place. We …

First of all in order to correctly locate and remove files from a computer you must call them by the proper name and you are not.

You keep referring to this program as Micro Trend, that is NOT the name of the program.

The correct name of the program is Trend Micro.

The Trend Micro removal tool isn't garbage it just didn't work for you. I have seen it work many, many times. In addition to the incorrect name used there are many different factors at work here.

#1.The main reason is the Fake Alert infection. Anti-virus programs will NOT remove these and they are not designed to do so. The first accepted tool in removal for this family of infections is MBA-M. There may be other tools required in addition to that but MBA-M is the main one that must be used.
#2. The first action of these Fake Alert infections will be to disable and damage and also infect the security programs installed on the computer. The user won't know they are damaged as they appear to be working, but they are not, key files are damaged. Reinstalling a new copy on top of a damaged copy will likely also damage the new copy. The fact that the diagnose feature and attempted removals also froze the machine tells me at least that key files were missing or corrupted BY THE INFECTION so that when the removal was attempted the files the removal needed …

I have never seen a log that looks like that, so yes there IS something wrong there.
Please follow the steps given on our Read Me sticky and post back with the requested logs.

http://www.daniweb.com/forums/thread134865.html

Don't uninstall Avira, it is an EXCELLENT program, consistently out scoring most other programs in protection and removals. So leave it.

Your DNS in the Smitfraudfix log shows you location as Baton Rouge, LA. Is this correct?

Let's see if you can get that Trend Micro completely off the system.

Here is their removal tool. http://solutionfile.trendmicro.com/solutionfile/TIS/TISTOOL/SupportTool_32-bit.exe

After download, extract and run TISTOOL.exe file. Click the Uninstall tab, and then click the Uninstall button. Select the Trend Micro program that you’d like to uninstall from the drop down box and click Uninstall.

We need to get that off if at all possible before going forward. After that uninstall do another scan with the DDS scanner and post the log labeled DDS.txt I don't need to see the other one this time, the one that is labeled Attach.txt.
As far as Windows Defender, no it cannot be uninstalled as it is integrated with Vista but certainly turn it off and leave it off.
Post back with the new DDS log and then we can go forward.
Judy

There are several things about your logs that I find very confusing. At the very top of the DDS scan log it says:

AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

But NONE of those programs show anywhere else, not in the Installed programs list, nor is there any reference to them in the Rest of the log.They would be listed in BOTH logs even if they were installed but disabled, but they don't show.So this makes no sense to me.
Then Avira clearly shows in both the log and the Installed programs log.
So, here is the first problem, absolute rule is only ONE anti-virus program should be on the computer, one portion of your log would indicate that there are two on the computer.

The other problem is you mentioned running other programs, I see one was Smitfraudfix. You didn't mention this. I need to see the report from this The report can be found at the root of the system drive, usually at C:\rapport.txt
You DID say you ran MBA-M previously. I would like to see the log which found the infections. I really need to know what has been found in previous scans, the name and full locations. You only say "it" goes away and comes back but I don't know what "it" is.

Also you have SpyBot TeaTimer running, …

Follow the instructions given here and post back with all the requested logs and we will be most happy to help you.
http://www.daniweb.com/forums/thread134865.html

Sounds good to me. Happy we could help you.