Posts by jholland1964

The file was a virus then so you wouldn't want to restore it. It was NOT a legitimate file which should have been restored, if you had found and restored it then the virus would have been back.
System Restore wouldn't work probably because there were no GOOD restore points, that one certainly wasn't. Re-set System Restore.

Nothing there jumps out at me.

Look in your McAfee program, there must be a log or quarantine or something like that. It would help to know the name of the virus and where it was located.

Whoops, sorry crunchie, didn't see you there. Follow Crunchie's instructions please

Are you absolutely certain this is the name of the missing file? Check to be absolutely certain.
As a beginning here let's get rid of those O18 Logitech entries in your HJT log just to make for easier reading.
Run HJT again and put a check mark next to all of those that read like this:

O18 - Protocol: bw+0 - {D19B43D0-4389-4DBD-88CD-DE585368E7AC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Then click the Fix Checked button.
Exit HJT.
Then run MBA-M as suggested by cguan_77
That is the one which would remove infections, not CCleaner, that will clean temp files and the like, but it isn't a security program.
Follow these instructions for running MBA-M

Please downloadMalwarebytes' Anti-Malware to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan , then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Then run a new …

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer
Then run a new HJT scan and post back here with both the MBA-M log and the new HJT log.
Judy

Post removed as I didn't see Crunchie's instructions.

download SDFix and save it to your Desktop.

* You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\).
Please reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key repeatedly;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual user account.

* Open the SDFix folder and double click on RunThis.bat to start the script.
* Type Y and press Enter to begin the script.
* It will start cleaning your PC and then prompt you to press any key to Reboot.
* Press any key to restart the PC.
* Your system will take longer than normal to restart as the fixtool will be removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished.
* Press any key to end the script and to load your desktop icons.
* A text …

Sorry you had to resort to reformat. Sometimes though it is the best way to go.
After the computer is totally reloaded you might run a new HJT scan and post it back here. We can take a look at it to be certain all is well.
Judy

Be sure to REBOOT the computer AFTER Malwarebytes' is complete and has done it's removal.
When it reboots then please also run a new HJT scan and post that log along with the MBA-M log
Judy

You still have used that OLD version of HiJackThis. Please note the link for the new one in my first post to you.
I don't see anything specific other than the large number of running programs so I would advise you follow the steps given HERE. Please IGNORE the Deckard Scanner program and continue on with the other steps, followed by a scan with the NEW version of HiJackThis.
Post back with ALL requested logs.

It appears the computer was not rebooted after your Malwarebytes' scan. This should always be done.
SpywareBlaster is NOT a removal program or a scanner program, it is a protection program only.
Antivir is your on board antivirus program, that should ALWAYS be the very first program you use for scanning when you suspect a problem.
Please UPDATE Antivir and run a Full System scan with it. Have it quarantine/remove everything it finds.
Malwarebytes' HAS to be installed to run it, it is a program. It shows in your log. If you uninstalled it then reinstall it and UPDATE, then run a Full System Scan with it. Have it REMOVE whatever is found.

REBOOT the system and run HiJackThis again.
Place check marks next to the following entries if they remain

R3 - Default URLSearchHook is missing
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O1 - Hosts: 91.207.117.244 browser-security.microsoft.com
O2 - BHO: (no name) - {9c464e29-5ba9-4b60-9fe7-d5625af82930} - C:\WINDOWS\system32\hgGvtRJC.dll (file missing)

O20 - AppInit_DLLs: fbkgfw.dll zjhnqe.dll tvqazz.dll
O20 - Winlogon Notify: hgGvtSLD - hgGvtSLD.dll (file missing)
O20 - Winlogon Notify: opnkhebA - opnkhebA.dll (file missing)
O20 - Winlogon Notify: qomefywu - qoMeFywu.dll (file missing)

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see …

Malwarebytes and It's picked up over 80 things. Is it reliable to use it?

There is NO WAY we would recommend something that was not reliable. This is the most commonly recommended removal tool here today. If it found 80+ items then they need to be removed by that program. BUT, be sure to UPDATE it again before you run the new scan, it has very frequent updates, sometimes more than once a day.
The latest verision as of 1/30/2009 noon EST is version 1.33 and the data base version is 1708.
Do a Full System scan with it again, AFTER updating, and have it REMOVE EVERYTHING found. Save the log and post it here.
Reboot the computer AFTER the removal and run a new HiJackThis scan and post that new log here also.
You said you used "some antispyware programs" also, what were those programs and what did they find?
Where are you located by the way? Who is your internet provider? I only ask because of some of the listings in your HJT log. I need to know if they are legitimate or part of your infections.

Why isn't your anti-virus program running?
Turn off Spyware Doctor, Malwarebytes, they are NOT anti-virus programs. It appears that your anti-virus program is Antivir, is that correct?

You are not deleting anything, you are just stopping them from running automatically.
Go through the tabs that do have items listed and remove the check marks from these;
Turn off the following, doesn't matter which tab they are under:
PC Pitstop Optimize Reminder
Windows Defender
RegistryMechanic
SUPERAntiSpyware
Spyware Doctor
Adobe Reader Speed Launcher
WIAWizardMenu
AdobeUpdateManage
LogitechSoftwareUpdate
HP Software Update
AzMixerSel

An easy way to stop the programs you don't want to start with windows and then run all the time in the background is either, first through the program itself, though often times it is hard to find WHERE to do that in the program. An easier way is to use a program like Mike Lin's StartUp Control Panel. It is FREE by the way.
Download, install. Then you will find it in your own Control Panel with a little computer icon that says Start up.
Open the program and go through the various tabs. Take check marks OUT of those you don't want running at start and all the time.
Take all those check marks out, close the program and reboot the computer.

You are running an out of date version of HiJackThis. Newest version is 2.0.2 Get rid of that old one and download the new one HERE
You have a tremendous number of programs running all the time in the background which certainly could cause high resource usage.
Turn off the following:
PC Pitstop Optimize Reminder
Windows Defender
RegistryMechanic
SUPERAntiSpyware
Spyware Doctor
Adobe Reader Speed Launcher
WIAWizardMenu
AdobeUpdateManage
LogitechSoftwareUpdate
HP Software Update
AzMixerSel
None of those need to be running all the time.
Have you done a general clean up...temp files, disk defrag and the like lately?

There is NO NEED to purchase a good anti-virus program there are some superior FREE ones available. I myself use Antivir and am very pleased with it. Avast is another good free one many use as well as AVG 8.

Download, install and update one of those and then do a Full System scan with it. Quarantine all that it finds.
Reboot the system.
Then do the following;
download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Run a new HJT scan and save the log.
Post back here with both logs.
Judy

I see instances of two anti-virus programs in the log, AVG8 and Norton.
From these entries below this tells me that BOTH are currently fully active on the computer;
Running processes:
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

This is a BIG, GIANT NO-NO. The absolute rule is ONLY ONE anti-virus should ever be running on a computer.
If Norton is current, paid for and up to …

If I may comment here, I believe that your log shows no entries after O22 because you don't seem to have any XP services running.
Several other things I note, your O4 entries, which are the auto starting programs that start when the computer starts shows AVG7 antivirus but it is not running on the machine which certainly would explain this log showing multiple infections. The computer is grossly infected.
Your Trusted Zone section shows multiple BAD entries:
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com

I see multiple Trojans, password stealers, hijackers.
You might try SDFix and see if this works to remove some of them.

Download SDFix and save it to the desktop.
double-click on the SDFix icon that should be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.

A window will now open showing SDFix being extracted into the C:\SDFix folder. Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions
# Next, please reboot your computer into Safe Mode by doing the following:

1. Restart your computer

2. After hearing …

Hmm I was wondering if you might know of how to find out what a program is. Since you seem to know them well. This is for getting rid of this rouge. I was wondering, because I found 2 and maybe more which are "letiteyu" and "rogiwnu" and I can't google them.

As I told mheidi, the original poster has not returned to this thread and you shouldn't post a question within an existing thread. While problems may seem similar a lot depends on your specific computer and your specific symptoms.

You need to create your own thread Ash Abe Add and give us full information. You actual post is unclear, at least to me, on what it is you are actually asking. You say you have found 2 but we don't know exactly 2 of what or what program you were using to find these 2 or why. We don't know your symptoms or your operating system either. Please begin your own thread and give us full information and one of us will be most happy to offer assistance.
Judy

should all these be run in normal mode? the reason i'm doing everything in safe mode is because normal mode is simply not functioning for me, everytime i restart in normal mode, once i click on anything, the entire computer freezes up and it becomes impossible to use

Basically yes, MBA-M for sure, it won't work properly in Safe Mode. This is directed by the creator of the program.
HJT should be run in normal mode because this is the only way we can see what is actually running on the computer.
May I ask, where you are located?

Your HiJackThis program is the old version. Get rid of that one and download the new one from HERE. Save it to the desktop for now.
Also do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.
Once the computer has rebooted then run a full system scan with the new version of HiJackThis and save the log.
Please copy/paste both logs back here.
Judy

Don't see anything suspicious in the logs. Is the computer running all right?
Judy

Sounds as if the hard drive is failing or corrupt. When you did the reinstall did you totally wipe the drive or just reinstall on top of what was there?

oh and i forgot to add, my computer is acting extremely slow in normal startup and is essentially frozen, i'm forced to use safe-mode with networking to do anything

Your first log was run in normal mode. We don't get a full picture if HJT is run in safe mode is the reason I asked.
What about all those Symantec entries? Has it been uninstalled or just turned off?

Edit:
Thanks for the welcome crunchie. Good to be back

You say you are waiting to install McAfee...your log shows that there are remaining Symantec/Norton entries in Services.
When did you uninstall this program? And WHY was HiJackThis run in Safe Mode with Networking? It should be run in normal mode?

Whoops! Sorry Crunchie, didn't see you there.

I got the same virus on one of the workstations. I did the antivirus thing got rid of what I thought was all but now the only problem is right after you log in (I tried safe mode too) it logs you off. tried doing a windows repair but no luck. any one have a clue what to do now?
Thanks

What "same virus"? Are you referring to another thread or something? We have no way of knowing what you are talking about unless you explain it a little better.
What virus, what "antivirus thing" did you do?
Can we see some logs and get more info?

I need the MBA-M log. If you have not run it yet then do so now. This is the removal program and should be run BEFORE running HJT.
Run MBA-M, let it REMOVE all found. Save the log.
Reboot the system and then run a new HJT scan.
Post back with both logs.

Looks like MBA-M did it's usual great work.
To be safe I want you to run one more program.
Please download ComboFix by sUBs from
HERE
or
HERE
* You must download it to and run it from
your Desktop
* Physically disconnect from the internet.
* Now STOP all your monitoring programs
(Antivirus/Antispyware, Guards and Shields) as they could easily interfere
with ComboFix.
* Double click combofix.exe & follow the prompts.
* When finished, it will produce a log. Please save that
log to post in your next reply along with a fresh HJT log
* Re-enable all the programs that were disabled during
the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is
running. That may cause it to stall.

CF disconnects your machine from the internet. The connection
is automatically restored before CF completes its run. If CF runs into
difficulty and terminates prematurely, the connection can be
manually restored by restarting your machine.

Run Combofix ONCE only!!

Alright So I uninstalled McAfee and I went through a full system scan with that program and removed 23 infections. The New Log is:

What program did you run the scan with? Can you post the log of the program that you scanned with and the names of the viruses removed?
Seeing the logs are key to telling us what needs to be done next.

Not certain which program you are talking about.
MBA-M version 1.33 can be downloaded HERE
HiJackThis version 2.0.2 can be downloaded HERE.

You said there was no anti-virus program on the computer but the HJT log clearly shows McAfee + Avast4 on there so there are actually TWO anti-virus programs running on the computer. You have to go in and Uninstall ONE of them for sure, immediately. Since she said she didn't have one then either the computer came with McAfee pre-installed, if this is a new computer, or she installed it and didn't realize it. It appears to be the full McAfee program on there so if she didn't know it was there then it probably hasn't been updated.
There are, by the looks of the log, multiple infections on the computer OR at least one which keeps "re-inventing" itself.
Take one of those av programs off of there.
If there is no internet access then you will have to find a way to get it either on line or download programs and take it to the computer via cd or something.
Try to boot to Safe Mode with networking and see if it can get online that way. If you can then download, install, update MBA-M
Then run a full system scan in NORMAL mode and have it remove all that it finds. Save the log and post it here.
First order of business however, is to get that extra av program OFF.

We need to see the logs of the programs you ran. I hope you mean Malwarebytes' Anti-Malware (MBA-M) when you say Malware along with the HJT log. Be sure it is the latest version which is 2.0.2
We also need to know the symptoms which were/are going on with the computer.

Here's what showed on Hijackthis

http://img108.imageshack.us/img108/3833/74617990fa7.jpg

http://img394.imageshack.us/img394/2444/17033309mu1.jpg

Am not sure why you posted these, they show the same thing the log you posted here.
The log looks ok to me. Throw away that cd you burned though, you shouldn't take the chance of installing whatever it was by mistake.

Reformat is extremely drastic. There is NO reason to reformat at this time.

Turn off the AIM program completely until the computer is deemed clean. It cannot spam if it isn't turned on.
There were multiple Trojans on the computer; Vundo(which is the same family of trojans as Virtumonde) Trojan.Spambot also known as Fake.Alert, Trojan.TinyDownloader705, Backdoor.Bot Trojan.Downloader.
Go to Start, Control Panel, Add/Remove and look for any or all of these listings:
* FunWebProducts
* My Web Search (Smiley Central or FWP product as applicable)
* My Way Speedbar (Smiley Central or other FWP as applicable)
* My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
* My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
* Search Assistant - My Way
*AskBar
UNINSTALL any of the above items found.
Reboot. Please be sure you are in NORMAL mode.
Please empty ALL TEMP files.
BOTH the MBA-M program and HJT must be run in Normal mode. They are meant to be run in NORMAL mode.
There is a new version of MBA-M, please do the update and then do a full scan with it again. Reboot the System.
AFTER you run the MBA-M then run the HJT.
Post back here with BOTH logs.

If you feel all is ok then you can mark this solved, unless there is something else. Keep the MBA-M program. Update it and run a Quick Scan with it weekly at least. If it DOES find something then fix whatever is found in the Quick Scan, reboot and then run the Full System scan to be certain all files are checked. As with the Quick Scan remove everything found.

Looks LOTS better. How are things running?

Your HiJackThis is out of date. Delete that one and download the new version from HERE
Your MBA-M is also out of date. You need to update that which will give you a new version and also the latest database. Just go to the Update Tab, click Update and follow the prompts. It will install the newest version for you and it will also remove the old.
Once you have done both of those updates then run a new MBA-M scan, allow it to remove all that is found.
Reboot.
Run a new HJT scan and save the log. Post back here with both new logs.
Judy

Looks pretty good. You need to update your Java program it is way out of date and out of date Java is a security risk. Go HERE and download the offline install. Save it to the desk top.
Then go to Add/Remove and Uninstall ALL the old versions of java that you find there. Once that is complete then install that new version.
When the install is finished go back to that download page and on the Right Side you will see Verify Now. Click that to verify the installation was complete.
You also then need to Uninstall Combofix.
To do this do the following:
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
When shown the disclaimer, Select "2"
Judy

The last log you posted from MBAM is exactly the same as the one before. Did you update MBAM? If so, run it and post the log from that one.

Poster says he cannot update. But he should be able to at least Remove. Please at least use the MBA-M to remove items found. This may help with the inability to update.

Please do the following:
download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot.
Run a new HJT scan and save the log. Please post back here with both logs and be absolutely certain to post back with the entire log.
You posted HJT log is incomplete as it does not show the top portion of the log. We need to see the entire log in both cases.
Judy

Please update MBA-M and run it again. Please remove all items found, save the log.
Reboot.
Run HJT again and save the log. Post back here with both new logs.
Judy

And still I cannot update anything

One reason is that you did not remove the items found with MBA-M
Try Safe Mode with Networking and see if you can do the updates that way.
If not then boot back to NORMAL mode run MBA-M again and this time REMOVE all items found.
Reboot and then see if there is a difference.

First of all please turn off SpyBot TeaTimer.
Disable Spybot's TeaTimer

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer
Next go HERE
Download, install, update MBA-M. Then run a FULL SYSTEM scan with it and have it REMOVE all it finds.
Save the log.
REBOOT
Then run the ESET ONLINE SCANNER also noted on that link I gave you. Have it fix everything it finds. Save the log. Reboot

Then run another HJT scan and save the log. Post back here with all three logs.
This "could be" a false positive, however I wouldn't take the chance, throw away that disk you burned.
One thing I found was that this seems to appear in files downloaded via a torrent downloads. AVG seems to flag this the most, though other av programs have done the same so there is definitely something suspicious about this file and the way it is obtained.

Ok, we can wait a few days if you like to see if problems happen again before marking this one solved.
Judy

We need to see the HJT scan run in normal mode.

First of all please do the following:
Disable Spybot's TeaTimer as it can interfere with any fixes done.

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Next do the following:
Please Download ATF-Cleaner.exe by Atribune (Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

Next download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When …

Please do the following;
download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.
Run a new HJT scan and save the log.
Post back here with both logs.
Judy

What was the name of the trojan found?

How does everything seem to be working?
Judy