Hello
So there is definitely something still lingering around. Turned on my computer yesterday, malware would not open but ran a quick scan of SuperAS and it found a few things. After that I tried Malware again and it did open. Below are the full Malware scan, the SAS run in safe mode and the initial SAS quick scan that picked up some things.
Malware logMalwarebytes' Anti-Malware 1.44
Database version: 3630
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/24/2010 5:07:52 PM
mbam-log-2010-01-24 (17-07-52).txt
Scan type: Full Scan (C:\|)
Objects scanned: 188963
Time elapsed: 38 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mogiluhehe (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1904b52c-2424-4ee9-8fa5-b5c3f24a613b}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1,192.168.0.1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b5da2abe-4587-418a-af64-7c0c2ae08e08}\NameServer (Trojan.DNSChanger) -> Data: 193.104.110.38,4.2.2.1 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Super AS safe modeSUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 01/25/2010 at 02:22 AM
Application Version : 4.31.1000
Core Rules Database Version : 4512
Trace Rules Database Version: 2324
Scan type : Complete Scan
Total Scan Time : 05:18:25
Memory items scanned : 214
Memory threats detected : 0
Registry items scanned : 6567
Registry threats detected : 0
File items scanned : 63445
File threats detected : 0
And here is the log of the quick scan I ran when I first encountered problems yesterdaySUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 01/24/2010 at 03:46 PM
Application Version : 4.31.1000
Core Rules Database Version : 4512
Trace Rules Database Version: 2324
Scan type : Quick Scan
Total Scan Time : 00:37:26
Memory items scanned : 528
Memory threats detected : 3
Registry items scanned : 469
Registry threats detected : 5
File items scanned : 25671
File threats detected : 10
Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\YAPONEMA.DLL
C:\WINDOWS\SYSTEM32\YAPONEMA.DLL
Adware.Vundo/Variant-[Fixed]
C:\WINDOWS\SYSTEM32\VATIMETE.DLL
C:\WINDOWS\SYSTEM32\VATIMETE.DLL
C:\WINDOWS\SYSTEM32\BINANUYE.DLL
C:\WINDOWS\SYSTEM32\BINANUYE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09e6211d-b92d-4748-aaa1-6a79a7d7c2d7}
HKCR\CLSID\{09E6211D-B92D-4748-AAA1-6A79A7D7C2D7}
HKCR\CLSID\{09E6211D-B92D-4748-AAA1-6A79A7D7C2D7}\InprocServer32
HKCR\CLSID\{09E6211D-B92D-4748-AAA1-6A79A7D7C2D7}\InprocServer32#ThreadingModel
HKU\S-1-5-21-4176964332-4052761198-853208096-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09E6211D-B92D-4748-AAA1-6A79A7D7C2D7}
Adware.Tracking Cookie
I really appreciate your help.
THank you
Justin