amwdmw

Help! Running Avira and Malwarebytes, but virus can't be deleted! Couldn't run Malware the other day, but after using Avira, could then run Malware. Here are my avira and hijack this logs: Avira AntiVir Personal Report file date: Friday, August 28, 2009 15:48 Scanning for 1668725 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : D47NKT61 Version information: BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 19:36:14 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 15:21:42 ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 8/21/2009 16:29:08 ANTIVIR3.VDF : 7.1.5.179 236544 Bytes 8/28/2009 16:29:11 Engineversion : 8.2.1.7 AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 19:31:50 AESCRIPT.DLL : 8.1.2.26 463227 Bytes 8/28/2009 16:29:24 AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 15:59:39 AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 15:59:39 AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 19:31:50 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 15:59:39 AEHEUR.DLL : 8.1.0.155 1921400 Bytes 8/28/2009 16:29:22 AEHELP.DLL : 8.1.6.0 233846 Bytes 8/28/2009 16:29:13 AEGEN.DLL : 8.1.1.59 356725 Bytes 8/28/2009 16:29:12 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40 AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 15:59:39 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +SPR, Start of the scan: Friday, August 28, 2009 15:48 Starting search for hidden objects. '50132' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned Scan process 'BrMfcMon.exe' - '1' Module(s) have been scanned Scan process 'DLG.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'BrccMCtl.exe' - '1' Module(s) have been scanned Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned Scan process 'pctsTray.exe' - '1' Module(s) have been scanned Scan process '2Wire.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'InfoMyCa.exe' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'DMXLauncher.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 41 processes with 41 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '71' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\Williams Family\Local Settings\Temp\ESRn.exe [DETECTION] Is the TR/Spy.ZBot.afy.1 Trojan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1289\A0157636.dll [DETECTION] Is the TR/ExeDot.WJ Trojan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1290\A0157640.dll [DETECTION] Is the TR/ExeDot.XE Trojan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1300\A0159664.dll [DETECTION] Is the TR/ExeDot.XE Trojan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1301\A0159671.dll [DETECTION] Is the TR/ExeDot.aak Trojan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1302\A0159672.dll [DETECTION] Is the TR/ExeDot.act Trojan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1304\A0160663.dll [DETECTION] Is the TR/ExeDot.act Trojan C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1305\A0160664.dll [DETECTION] Is the TR/ExeDot.act Trojan C:\WINDOWS\SYSTEM32\xwreg32.dll [DETECTION] Is the TR/Dldr.Calper.aet Trojan Beginning disinfection: C:\Documents and Settings\Williams Family\Local Settings\Temp\ESRn.exe [DETECTION] Is the TR/Spy.ZBot.afy.1 Trojan [NOTE] The file was moved to '4aea55b0.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1289\A0157636.dll [DETECTION] Is the TR/ExeDot.WJ Trojan [NOTE] The file was moved to '4ac9558d.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1290\A0157640.dll [DETECTION] Is the TR/ExeDot.XE Trojan [NOTE] The file was moved to '4bbdea7e.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1300\A0159664.dll [DETECTION] Is the TR/ExeDot.XE Trojan [NOTE] The file was moved to '4bbbe5ee.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1301\A0159671.dll [DETECTION] Is the TR/ExeDot.aak Trojan [NOTE] The file was moved to '4bbe82c6.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1302\A0159672.dll [DETECTION] Is the TR/ExeDot.act Trojan [NOTE] The file was moved to '4ac9558e.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1304\A0160663.dll [DETECTION] Is the TR/ExeDot.act Trojan [NOTE] The file was moved to '4bb18a9f.qua'! C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1305\A0160664.dll [DETECTION] Is the TR/ExeDot.act Trojan [NOTE] The file was moved to '4bb0b357.qua'! C:\WINDOWS\SYSTEM32\xwreg32.dll [DETECTION] Is the TR/Dldr.Calper.aet Trojan [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003 [WARNING] The file could not be deleted! [NOTE] Attempting to perform action using the ARK library. [NOTE] The file was moved to '4a79edfe.qua'! End of the scan: Friday, August 28, 2009 17:08 Used time: 1:03:49 Hour(s) The scan has been done completely. 8184 Scanned directories 329521 Files were scanned 9 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 9 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 329510 Files not concerned 9133 Archives were scanned 3 Warnings 11 Notes 50132 Objects were scanned with rootkit scan 0 Hidden objects were found Logfile of HijackThis v1.99.1 Scan saved at 5:14:04 PM, on 8/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\2Wire Wireless Manager\2Wire.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\avira\antivir desktop\avcenter.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\WINDOWS\system32\notepad.exe C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo!