Please can someone look at my logs, not sure if I got rid of all virus. I've run through the malware removal steps and here are my logs for superanti spyware/malwarebytes anti-malware/HJT
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 12/07/2008 at 07:04 PM
Application Version : 4.21.1004
Core Rules Database Version : 3665
Trace Rules Database Version: 1645
Scan type : Complete Scan
Total Scan Time : 00:39:02
Memory items scanned : 313
Memory threats detected : 0
Registry items scanned : 5797
Registry threats detected : 7
File items scanned : 22934
File threats detected : 12
Adware.Tracking Cookie
C:\Documents and Settings\Matt & Ariana\Cookies\matt_&
[email protected][1].txt
C:\Documents and Settings\Matt & Ariana\Cookies\matt_&
[email protected][1].txt
C:\Documents and Settings\Matt & Ariana\Cookies\matt_&
[email protected][2].txt
C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@casalemedia[2].txt
C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@atdmt[2].txt
C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@doubleclick[2].txt
C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@adrevolver[1].txt
C:\Documents and Settings\Matt & Ariana\Cookies\matt_&_ariana@revsci[2].txt
Rogue.Component/Trace
HKLM\Software\Microsoft\E04E9B0C
HKLM\Software\Microsoft\E04E9B0C#e04e9b0c
HKLM\Software\Microsoft\E04E9B0C#red_srv
HKLM\Software\Microsoft\E04E9B0C#red_srv_bckp
HKLM\Software\Microsoft\E04E9B0C#Version
HKLM\Software\Microsoft\E04E9B0C#e04e368c
HKLM\Software\Microsoft\E04E9B0C#e04e5f69
Rootkit.TDSServ/Fake
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1359\A0203487.SYS
Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1414\A0213359.DLL
Adware.Vundo/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1415\A0215395.DLL
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEA029A3-FE2B-47C9-96FA-BE9DB23741C5}\RP1418\A0217412.DLL
Malwarebytes' Anti-Malware 1.31
Database version: 1469
Windows 5.1.2600 Service Pack 2
12/7/2008 5:49:47 PM
mbam-log-2008-12-07 (17-49-47).txt
Scan type: Quick Scan
Objects scanned: 71051
Time elapsed: 25 minute(s), 11 second(s)
Memory Processes Infected: 3
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 4
Files Infected: 34
Memory Processes Infected:
C:\Documents and Settings\Matt & Ariana\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Program Files\Extra Antivir\Extra Antivir.exe (Rogue.Extraantivir) -> Unloaded process successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\ddcDspPj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vtUmLcCv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vgjvvb.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtumlccv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3632e35-300c-487e-b96f-22428439bb1d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e3632e35-300c-487e-b96f-22428439bb1d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f34dd418-b748-46eb-8305-baaeb7353cac} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3c45c649-d662-40ff-8f3b-cb9c1e13ae58} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\extra antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiexec.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ddcdsppj -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcdsppj -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir (Rogue.Extraantivir) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\nnnnNDuU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UuDNnnnn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UuDNnnnn.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUmLcCv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ddcDspPj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jPpsDcdd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jPpsDcdd.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vgjvvb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gjeosdmu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifmtmlir.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\2KG3E0C7\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\M6NM0N4O\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Local Settings\Temporary Internet Files\Content.IE5\M6NM0N4O\mslog[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\Buy.url (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\Extra Antivir.exe (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\Help.url (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\HowToBuy.txt (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\ID.dat (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\License.txt (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Program Files\Extra Antivir\Uninstall.exe (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Purchase License.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Start Extra Antivir.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Support Page.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Extra Antivir\Uninstall.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir\Extra Antivir.ini (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Application Data\Extra Antivir\spl.ini (Rogue.Extraantivir) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Best BDSM P0rn.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Gay Fetish Sex.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv481228549733.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt & Ariana\Start Menu\Programs\Startup\Extra Antivir.lnk (Rogue.Extraantivir) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:14 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Zzoechk] C:\WINDOWS\W?nSxS\w?wexec.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Matt & Ariana\Application Data\Twain\Twain.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163132585593O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) -
https://www.cashcall.com/LoanStatus/x86/capicom.dllO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cabO20 - AppInit_DLLs: eofgmvmn.dll rseuuw.dll bnlevj.dll vgjvvb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
--
End of file - 6968 bytes