Posts by jholland1964

I will say again, Rik is correct, your computer is severely infected. He told you to follow the steps on our Read Me sticky, http://www.daniweb.com/forums/thread134865.html

It is obvious you have READ the sticky but have not followed several of the instructions noted there:
You said there was a problem with the GMER program and it seemed to occur when scanning a uTorrent file you then asked this;

[I][B]"i know at the start of the thread it said about removing any p2p sharing softwares? is this why? does that mean i have to uninstall utorrent etc?" [/B][/I]

The "etc." tells me you also have OTHER P2P programs on there. If you had fully read the sticky you would have seen this statement:

P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt.
Our regular volunteers' time is valuable and most are not willing to waste it on a machine that is almost certain to be reinfected in short order.
So, please remove or disable all P2P software for the duration of the cleaning process. Failure to do so may result in your thread being ignored.

It is not an accident or coincidence that P2P programs are noted at #1. It is noted there for a very good reason, it is the easiest way to infect a computer and often times a key reason the clean up is quite difficult, or at times, impossible. If you doubt this look at this thread …

Maybe, if you mean the PAID version. I have never used the paid version so I cannot say with certainty but it does have excellent reviews. I use the Free version and it is definitely top of the line.
SpyBot, as far as I am concerned is very usefull for scanning. But that is all I use it for, I certainly don't recommend using it as a protection program and definitely don't use the TeaTimer portion as it can block changes made by other protection programs.
Honestly I believe a big part of your problem was AVG. It just isn't the portection program it was in the past and continues to rank much lower than other products out there today. I use Avira Free and have for several years, it consistently ranks much higher than many even paid programs. Avast also is very high ranking. I chose Avira because I found it much easier to use.

The key is safe surfing. That together with good protection progams and regular scanning and clean up make a huge difference.

Avast.
Uninstall AVG and then use this removal tool to be sure it is all gone.
http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Rik is correct, your computer is severely infected. And you are operating under a real misconception, you said;i had a similar problem before and i used hijackthis and it resolved the problem! can someone please let me know which files need to be checked in hijackthis, i can only run hijackthis in safe mode.
Just the fact that you can run HijackThis only in safe mode shows right there how severely infected the computer is right now. HiJackThis is simply a scanner and there should be no reason that it cannot be run in normal mode EXCEPT severe infections.
HiJackThis is NOT a repair program, it will NOT remove infections and it will not clean a machine. If this is the only thing you used with a past infection then it is likely that past infection remained. Your log shows a huge amount of malware, multiple infections and possible hijacking. On top of that you ran an out of date copy of HiJackThis. The latest version, which was released well over a year ago, is version 2.0.4 so you need to uninstall that one completely.
Do as Rik instructed and run all the tools shown in the link given.

Also, right click your hard drive and choose Properties. How large is it and how much space is remaining?

I'm sorry but SpyBot is absolutely NOT the program to use when removing serious infections and especially one such as this. It isn't even recommended to do so at most malware forums and to be perfectly frank one of the last recommended av programs would be AVG and only as a last resort. Plus it would never remove an infection like this one.
Do the following:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer or you may use Firefox to complete this scan and you will need to allow an Active X to be installed
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Post back with that log.

Thanks for those logs. What exactly happens when you try to fix the Host file?

Try these steps from bleepingcomputer:
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system. Please note that if you or your company has added custom entries to your HOSTS file then you will need to add them again after restoring the default HOSTS file. In order to protect itself, SystemTool changes the permissions of the HOSTS file so you can't edit or delete it. To fix these permissions please download the following batch file and save it to your desktop:

http://download.bleepingcomputer.com...hosts-perm.bat

When the file has finished downloading, double-click on the hosts-perm.bat file that is now on your desktop. If Windows asks if you if you are sure you want to run it, please allow it to run. Once it starts you will see a small black window that opens and then quickly goes away. This is normal and is nothing to be worried about. You should now be able to access your HOSTS file.

We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file. Once it is deleted, download the following HOSTS file that corresponds to your version of Windows and save it in the C:\Windows\System32\Drivers\etc folder. If the contents of the HOSTS file opens in your browser when you click on a link below then right-click on the appropriate link and select …

Hi, welcome to daniweb. Truly sorry for the delay, Santa was visiting so it was hard for anyone to get here before now. I am sorry, hope I can help you.

Need to get this Hosts file corrected that's for sure
Go to this link for specific instructions for Vista;

http://www.mvps.org/winhelp2002/hostsvista.htm

here is link for the zip file containing the actual Hosts file :
http://www.mvps.org/winhelp2002/hosts.zip

Download it and follow the instructions on the link to install it.

You need to TURN OFF SpyBot TeaTimer as it will definitely interfere with any fixes attempted, plus it shows what a lousy job it does since this infection obviously got by it without difficulty

Disable Spybot's TeaTimer

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Update MBA-M and do another Full Scan with it. Have it Remove everything found, REBOOT the computer, this is very important.
Post back with that log, and you failed to post any other MBA-M log so I have no idea what was found with it before you did the DDS scan. I DO need …

* Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
o If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below text box.

[B]KILLALL::
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-[/B]

# Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
# At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
# You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
# Now use your mouse to drag CFscript.txt on top of ComboFix.exe

# Follow the prompts.
# When it finishes, a log will be produced named c:\combofix.txt
Post back with that log.

Download and run this tool. http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Then reboot the computer and run that HJT executable again and post the log.

I see that you uninstalled AVG. You need an anti-virus program on there ASAP.
I would suggest Avira Free or Avast Free

Either one ranks much higher than AVG and consistently are in the top ranked av programs including any of the paid programs.

You also need to check your settings. Make sure that Firefox is chosen as your default browser. In Firefox click Tools. On the General Tab at the bottom make sure there is a check mark in Always check to see if Firefox is Default Browser on Start up and also click the button that Says Check Now.

You need to run HJT again and put a check mark next to this entry
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-
Once you have placed that check mark click the Fix Checked button and Exit HJT

Reboot, run another scan with HJT and post the log.

That message is normal for machines running Vista and Windows 7, ignore it. You didn't post the new log, that is the same log you posted earlier.

You used the old version of HiJackthis.

Go to Add/Remove and Uninstall the following programs:
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Free Window Registry Repair
HiJackThis

Then download a new copy of HiJackThis from the link I gave you earlier.

Run a new system scan with Hijackthis and post back with the log.

Update MBA-M and run another full scan. Have it remove everything found, reboot.
Then download and run a system scan with HiJackThis.

http://free.antivirus.com/hijackthis/

Post back here with both logs.

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/down...virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.Since you are using Windows Vista, and receive UAC prompt asking if you would like to continue running the program, you should press the Continue button.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log and a new scan log from HiJackThis.

Note:
Do not mouse-click combofix's window while it is running. That may cause it …

I need to see the actual ESET log, not just the top line.

You failed to update MBA-M before the scan and the version you are running is way out of date. The newest version is 1.50 and was released November 29th and will be installed via the normal update process so this tells me you haven't updated the program in at least two weeks. Current database version is 5354.
Your DDS log does show possibly infected files. You need to update MBA-M to the latest version and latest database and run another Full Scan, of course have it remove everything found and reboot the system. Post back here with that log.
Also do the following:
Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You will need to allow an Active X to be installed or you may use Firefox if you wish.
* You will need to temporarily Disable your current anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.
Post back with that log also.

All looks good to me. You need to uninstall combofix now as it cannot be used again. It needs to be done this way:

You should remove HiJackThis, you don't need it any more and the same goes for all of those other items you had to run, including the special scanners and the DDS scanner.

You also should uninstall combofix. It basically is a "one time" fix. If a person is told to use it again some other time then a new copy would be needed.

Uninstall Combofix:
Go Start > Run
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Looking good! Everything found by the ESET scan were in the Combofix quarantine or system restore so that's great. You left off the top part of the HJT scan and we do need to see that. That's the part that shows running processes. So post back with the entire HJT log and we can finish up.

Post the logs when you can.

Well, with the increased numbers of infected computers I have seen, here and another forum where I post, running McAfee I am not that impressed with it. There are a couple other FREE options I recommend that do quite a good job.
Avira Free is one, I use it and like it a lot.http://www.free-av.com/
Avast Free is also excellent. http://www.avast.com/free-antivirus-download

Both score very high in av testing, usually much higher than McAfee.

But before you change your security program you need to finish this to be sure all is clean, then you can decide if you want to change or not.

You need to Update MBA-M and do another Full Scan with it. If it finds anything have it of course remove or quarantine and reboot the computer.

Then also do the online scan with ESET Online scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Post back here with those logs and also a system scan log with HiJackThis.

Until Crunchie can look at this last log we cannot say for sure if you are clean or not.

Be sure to include crunchie on your list. He's the one reading these rootkit logs!

Download Bootkit Remover to your Desktop.

* You then need to extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
* After extracting remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
* It will show a Black screen with some data on it.
* Right click on the screen and click Select All.
* Press CTRL+C
* Open a Notepad and press CTRL+V
* Post the output back here.

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop

• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..
• Then post back here with that log and a new scan log from HiJackThis.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be …

Please read carefully and follow these steps.

* Download TDSSKiller and save it to your Desktop.
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

* If an infected file is detected, the default action will be Cure, click on Continue.

* If a suspicious file is detected, the default action will be Skip, click on Continue.

* It may ask you to reboot the computer to complete the process. Click on Reboot Now.

* If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

You are not running an anti-virus program or a firewall, why not?

I saw this beginning with your first post here. You are very, very lucky that the infections you had on the computer were able to be removed, but not without some problems. If you continue to run the computer without this protection you WILL continue to get infections on the computer. Notice I said WILL, NOT MIGHT. Next time, and there WILL be a next time, you may not be so lucky and will have to end up reformatting and reloading, losing all important files and personal information in the process or to the infection which then will give all personal information to others you do not know or cannot trace.
This very likely has happened with your personal information all ready. It also uploads hidden programs, such as scripts and commands, onto the computer. Which it obviously did on your computer.
You had several very serious Trojans on the computer, these two especially;

Win32/Agent.RNT it is very high risk and most definitely uploads other programs, files and scripts onto the computer.

Win32/TrojanDownloader.Banload this one is a trojan that steals sensitive information. The trojan can send the information to a remote machine. It very likely DID.
Obviously these were working very hard. Look at the number of infected files removed by combofix. Too many to note again, just look at the log. This alone should show you how at risk your computer …

Evan, you aren't finished yet. Thanks to crunchie stepping in looks like things are going now as they should but that doesn't mean everything is gone yet.

You need to Update MBA-M and run another Full Scan with it. Have it remove everything found and post back here with that log plus a new system scan log using HJT.

Judy

Your scan logs look good. The 1 item found by MBA-M was in your system restore.
One reason for the slowness of the computer is too many programs running at start up and then many continue to run all the time in the back ground, even if you aren't using them. Here's a list of items to turn off which aren't needed to run the computer OR needed to run the programs themselves and they can be run manually when needed.
To turn these items off you can use this small program to stop them. It is called Mike Lin's Startup Control Panel and can be found at this link;

http://www.mlin.net/StartupCPL.shtml

You can either install it or choose the Standalone version which isn't installed. If you install it then it will be found in the Control Panel with a little computer icon labeled Startups. Standalone version just sits where ever you choose to download it. Either one works the same.
Double click the icon and when the program opens you will see a number of Tabs. Go through each tab and look for the following listings, when you see one of them, take the check mark OUT of the box next to the name. Continue through the list until you have found each and removed its check mark. Once you are finished, close the program and reboot the computer and see if the speed has improved.

Here is the list and an …

Ok. Have asked another helper to take a look. Might take awhile. One of us will post back as soon as we can. Are you still having the same problems you were having when you created the thread?

Did you manually look through "C" drive for this combofix.txt file or just do a search?

No don't open it. Will have to consult with others on this and one of us will post back with instructions.

Look for this folder C:\Qoobox\
Don't open it if you find it just tell me if it is in C drive.
Just open C drive and look for it, don't do a search. It's a .txt file

Then the program didn't run correctly. Did you see various screens as the program ran?
You should have seen a final screen telling you that the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt?

Look here for the combofix log:

C:\ComboFix.txt.

Well at least one that is not wanting to be removed. Please do the following:
Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/download/anti-virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Post back here with that log.

Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

When you do boot to Safe Mode, choose Safe Mode with networking. This will allow you to go online in order to update MBA-M.

You need to work on this quicker than every day or two. If there IS infection on there it can continue to get bigger the longer you take and will be harder to remove.
As for the Norton showing, it is likely there are small remainders on there. We can take care of that AFTER you finish all the other steps.

Hello and welcome to daniweb.
You need to follow the steps given in our Read Me first sticky
http://www.daniweb.com/forums/thread134865.html and then post back here with all the requested logs. Please follow all steps exactly as given.

Before you do those steps though you need to run HiJackthis again and put a check mark next to this entry:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html

Once you have placed that check mark then click the Fix Checked button and Exit HJT. Then begin the steps in the Read Me sticky.

I want you to remove that website, cyberdefender, in the listing above because it is a VERY DANGEROUS website. It is well known for offering bogus security programs which then will not uninstall, they are known for phishing and other scams, their website is also known to contain viruses and other malware. If you have any of their software you are going to have to attempt to remove it, it is very dangerous.

Forgive me for being a bit confused but some of your post makes no sense:
I cannot reboot the computer. Once rebooted the computer signs off and never comes on.
If the computer never comes on then how did you run the scans? By your post below and the logs it obviously Does come on.

if I unplug the computer or turn it off, when I start it up, the monitor does not come on - I have to keep unplugging the computer and eventually it will restart the monitor, but not every time.

Everything the MBA-M scan found were in System Restore but you didn't remove them, why? The instructions are very clear, Remove All.

This honestly to me does not sound like a malware problem but a power problem especially with the monitor problem too. I suppose there could be malware that affects the monitor though I honestly have not heard of any.

Have you tried booting to Safe Mode?

That is MY fault. I forgot to have you do this at the end of the clean up.
First Empty your Quarantine in Avira

You need to set a new and clean System Restore point and those will all be gone:
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.

Then run a new Avira scan. Hopefully the new one should be clean.

As far as what AdAware found, yes, delete it.

Exactly WHERE were they found? System Restore?

Hello rodrigan, welcome to daniweb. Thank you for following our Read Me sticky and posting the logs.
One thing I point out from our Read Me first sticky is this, 1A – Please Uninstall or Disable any P2P (peer-to-peer) programs on the infected computer before posting in this forum. I see that you have FrostWire 4.21.1 installed on your computer. Since this is the most current version I have to assume that you DO use this and while you did follow directions to disable it, it IS listed in your auto starting programs so I presume that you use it often. Based on the fact that you have an 80gb hard drive and only 30gb free space remaining I would presume that you have a lot of music and/or videos on the computer and likely many of them were obtained via Frostwire. Just using P2P as PhilliePhan states in the Read Me sticky; P2P software circumvents common-sense security measures and opens a user’s computer to a world of hurt. Besides the risk of severe infection via P2P, downloading copyrighted material without paying for it is illegal. Individuals are and have been prosecuted for this here in the US and have been found guilty. Others have had their internet connections canceled by their ISP's also because downloads CAN be traced right to your computer.

I also see that you have parts of two anti-virus/security suites running on the computer, Lavasoft Ad-Watch Live! Anti-Virus and Norton 360, which is a …

Very good. Now you need to run HiJackThis once more and this time put check marks next to the following entries:

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0ATgA5AFUAQgBBAC0ANgBRADIAOQBOAC0ASAAyAEgARwBBAC0AVwBFAFQANABZAC0AOQAyAEsARABZAA"&"inst=NwA2AC0ANgAwADYAMAAzADIAMgA1ADgALQBQAEwAKwA5AC0AWABPADMANgArADEALQBOADEARAArADEA"&"prod=92"&"ver=9.0.872
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hotchick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &D&ownload &with BitComet - res://G:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://G:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://G:\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://G:\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)

Once you have placed those check marks then click the Fix Checked button.
Exit HiJackThis and reboot the computer.

Next I strongly advise that you visit the Windows Update page and download and install all updates for your system. You are only running Vista SP1 and support for SP1 ends next July. You need to update to SP2 to receive continued support until 2017. If you are running anything less, than you’re missing important free updates for your PC that can make your PC safer and run better. End of support means that Microsoft will no longer provide further support for that specific service pack level. This means that customers need to upgrade to a supported service pack to continue to receive security updates, hotfixes or assisted support from Microsoft Customer Service & Support.

Well, your Avira scan obviously was clean, that is very good. However, it appears that you did not follow the FIRST part of my instructions and that was to UNINSTALL AVG. It is clearly still on the computer and still running. Having two anti-virus programs installed and running on a computer puts that computer at great risk and actually weakens the protection because both programs spend some of the time fighting each other instead of protecting the computer.
You absolutely MUST follow my instructions and Uninstall AVG. Completely. It also appears that you have not rebooted the computer following the runs of MBA-M which also is part of the instructions when MBA-M has removed infections. Have you rebooted the computer when instructed during these clean ups?

It also appeared that you had several browsers open and running during the HJT scan. The log shows IE as open, Google Chrome had two windowss open and also your Thunderbird Mail program open. One good practice, not required but recommended is do as little as possible when scans are running, it helps the scans go faster.
Immediately Uninstall AVG. REBOOT the computer and run a New HJT system scan, save the log and post back here with that log.

Very good. I would suggest that you stop that AdAware auto starting service. It really does nothing, unless you have paid for the program, and even then it does little. AdAware just isn't the program it once was. Keep MBA-M, at least once a week Update the program first and run a Quick Scan with it. If it finds anything then have it Remove all it finds, reboot the system, Update the program again and run the Full Scan to be safe. It often has multiple updates a day so always update before each scan.
I also suggest that you add one more program, that is SpywareBlaster from Javacool. It truly is a MUST have program. I wouldn't run a computer without it. It is FREE, it Does NOT run in the background but it does the following:
SpywareBlaster doesn't scan for and clean spyware--it prevents it from being installed in the first place. SpywareBlaster prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites

Simply download, install, update, enable all protection and close the program. Simple as that. Just manually check for updates every few weeks or so, if there are any then install them and click enable all. That's it.

http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

You do not have an anti-virus program on the computer, this is an absolute MUST, especially today with the very serious threats encountered all over the net.
There are several very good Free ones I suggest you choose one of these, install it, update it and schedule daily updates and weekly scans with it. Otherwise you have virtually no protection on the computer. AdAware is an anti-malware program and offers no protection, it is a scanner only. You have an outdated copy of Windows Defender on the computer but it also is an anti-malware program and also offers little to no protection. You seem to have the McAfee firewall installed but that is it.
Essentially you have no protection really.

Here are the two FREE programs highly recommended, choose ONE of them and install it.

Avira Free: http://www.avira.com/en/avira-free-antivirus is on the left side of the page.

Avast Free:http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

After you have one of these installed, updated and active then please run a system scan with HiJackThis version 2.0.4 and post back here with the log.

http://free.antivirus.com/hijackthis/

I have done what you suggested except upgrading to SP3 because I am afraid that I may lose some or all of my data and my notebook's bilingual capability. I am now on a trip and do not have a backup of the data and CDs of the software on my notebook, some of which are necessary for my work. Is there a way around this?
I understand your concern, especially since you are not at home and at this time without the ability to back up necessary items. However, updating to the proper service pack should have no affect on bilingual capability of the computer or cause you to lose data. It is an update of the operating system, it shouldn't change anything else. Of course I cannot force you to do this, it is your choice of course. I can only strongly recommend this, if for security reasons only. Having SP3 on there makes the operating system more secure and gives you the ability to continue to receive critical updates needed to keep the operating system secure through the lifespan of the operating system which is extended until 2014 with the addition of SP3. Without that you can no longer update XP. Many of the critical updates DO concern security and are for your protection and the protection of the system. I will just urge you to do this as soon as you do return home and have the ability to back up important data.

Is …

You need to update MBA-M. There is a new version now 1.50
Please do the following:
Please Run the ESET Online Scanner

http://www.eset.com/onlinescan/scanner.php?i_agree=14
* You can use Internet Explorer to complete this scan and you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt.

Post back with that log.