Can't Get Rid of Trojans!

[amwdmw]

Help! Running Avira and Malwarebytes, but virus can't be deleted! Couldn't run Malware the other day, but after using Avira, could then run Malware. Here are my avira and hijack this logs:

Avira AntiVir Personal

Report file date: Friday, August 28, 2009 15:48

Scanning for 1668725 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : D47NKT61

Version information:

BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00

AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 19:36:14

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 15:21:42

ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 8/21/2009 16:29:08

ANTIVIR3.VDF : 7.1.5.179 236544 Bytes 8/28/2009 16:29:11

Engineversion : 8.2.1.7

AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 19:31:50

AESCRIPT.DLL : 8.1.2.26 463227 Bytes 8/28/2009 16:29:24

AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 15:59:39

AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 15:59:39

AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 19:31:50

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 15:59:39

AEHEUR.DLL : 8.1.0.155 1921400 Bytes 8/28/2009 16:29:22

AEHELP.DLL : 8.1.6.0 233846 Bytes 8/28/2009 16:29:13

AEGEN.DLL : 8.1.1.59 356725 Bytes 8/28/2009 16:29:12

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40

AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 15:59:39

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +SPR,

Start of the scan: Friday, August 28, 2009 15:48

Starting search for hidden objects.

'50132' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'Ymsgr_tray.exe' - '1' Module(s) have been scanned

Scan process 'BrMfcMon.exe' - '1' Module(s) have been scanned

Scan process 'DLG.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'BrccMCtl.exe' - '1' Module(s) have been scanned

Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned

Scan process 'pctsTray.exe' - '1' Module(s) have been scanned

Scan process '2Wire.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'InfoMyCa.exe' - '1' Module(s) have been scanned

Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned

Scan process 'DMXLauncher.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'hkcmd.exe' - '1' Module(s) have been scanned

Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

41 processes with 41 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '71' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Documents and Settings\Williams Family\Local Settings\Temp\ESRn.exe

[DETECTION] Is the TR/Spy.ZBot.afy.1 Trojan

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1289\A0157636.dll

[DETECTION] Is the TR/ExeDot.WJ Trojan

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1290\A0157640.dll

[DETECTION] Is the TR/ExeDot.XE Trojan

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1300\A0159664.dll

[DETECTION] Is the TR/ExeDot.XE Trojan

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1301\A0159671.dll

[DETECTION] Is the TR/ExeDot.aak Trojan

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1302\A0159672.dll

[DETECTION] Is the TR/ExeDot.act Trojan

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1304\A0160663.dll

[DETECTION] Is the TR/ExeDot.act Trojan

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1305\A0160664.dll

[DETECTION] Is the TR/ExeDot.act Trojan

C:\WINDOWS\SYSTEM32\xwreg32.dll

[DETECTION] Is the TR/Dldr.Calper.aet Trojan

Beginning disinfection:

C:\Documents and Settings\Williams Family\Local Settings\Temp\ESRn.exe

[DETECTION] Is the TR/Spy.ZBot.afy.1 Trojan

[NOTE] The file was moved to '4aea55b0.qua'!

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1289\A0157636.dll

[DETECTION] Is the TR/ExeDot.WJ Trojan

[NOTE] The file was moved to '4ac9558d.qua'!

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1290\A0157640.dll

[DETECTION] Is the TR/ExeDot.XE Trojan

[NOTE] The file was moved to '4bbdea7e.qua'!

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1300\A0159664.dll

[DETECTION] Is the TR/ExeDot.XE Trojan

[NOTE] The file was moved to '4bbbe5ee.qua'!

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1301\A0159671.dll

[DETECTION] Is the TR/ExeDot.aak Trojan

[NOTE] The file was moved to '4bbe82c6.qua'!

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1302\A0159672.dll

[DETECTION] Is the TR/ExeDot.act Trojan

[NOTE] The file was moved to '4ac9558e.qua'!

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1304\A0160663.dll

[DETECTION] Is the TR/ExeDot.act Trojan

[NOTE] The file was moved to '4bb18a9f.qua'!

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1305\A0160664.dll

[DETECTION] Is the TR/ExeDot.act Trojan

[NOTE] The file was moved to '4bb0b357.qua'!

C:\WINDOWS\SYSTEM32\xwreg32.dll

[DETECTION] Is the TR/Dldr.Calper.aet Trojan

[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003

[WARNING] The file could not be deleted!

[NOTE] Attempting to perform action using the ARK library.

[NOTE] The file was moved to '4a79edfe.qua'!

End of the scan: Friday, August 28, 2009 17:08

Used time: 1:03:49 Hour(s)

The scan has been done completely.

8184 Scanned directories

329521 Files were scanned

9 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

9 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

329510 Files not concerned

9133 Archives were scanned

3 Warnings

11 Notes

50132 Objects were scanned with rootkit scan

0 Hidden objects were found

Logfile of HijackThis v1.99.1

Scan saved at 5:14:04 PM, on 8/28/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\2Wire Wireless Manager\2Wire.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\Program Files\Avira\AntiVir Desktop\avscan.exe

C:\WINDOWS\system32\notepad.exe

C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo!

[miekiemoes]

Hi,

Please post the log from Malwarebytes in your next reply.

[miekiemoes]

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.