Had Virtumonde followed instructions for cleaning - logs attached

:confused
Hi, and first off let me say thank you to all the voluteers that help us clean our systems.

I was seriously infected with virtumonde I even paid to download spysweeper because I was told that it could fix the infection, however it did not.
It did nothing more than my spybot search and destroy was doing. It would say it was clean, but as soon as I would reboot and clean again, it would show up.

I followed instructions here: http://forums.majorgeeks.com/showthread.php?t=139313

I think things are taken care of, as my automatic updates that were unable to be turned back on are now on. I installed and ran every program on the list and I just for peace of mind would like my logs reviewed to make sure there isnt any lingering infection.

Also, I only have two accts on my computer, mine and the admin that shows up only in safe mode (my acct I believe is set as admin status as well) I just wanted to know, do I need to log into safe mode and run all the same things in the admin mode? Or did the proceedures followed complete the clean for the entire unit.

Thanks in advance for your assistance.
R
Attached in this post are three of the four logs
I will attach the combo fix (final log after completing instructions) in the following post

 

This is the final log file regarding my issue.
(I misspoke in my initial post, the actual last log was not the combo fix but mg log that would be my final status)

Also while posting this, my spysweeper just alerted me to two items placed into quaranteen. I havent been anywhere online besides here since completing the scans/fixes. So maybe I'm not out of the woods yet.

Im running an avg virus scan as we speak, and it states that
I have a host change C:\windows\system32\etc\hosts

Now that my virus softwares are not showing as auto updates shut off, and giving me errors when trying to enable them, I think I'm going in the right direction, I just need help determining if I'm 'out of the woods' or if I need to complete further tasks.

Thanks again
R

 

shoot, I still didnt attach the right file! DUH, im brain dead from all this really!
This attachment is the final log report created by following instructions on the link listed in my initial post.
(i think this is the right one)

R

 

oh crud, I didnt realize I hadnt posted that. I had so many different logs from all the tings I ran,
attaching the combo fix log.
I guess you want to review it before I continue on.
So I wont do anything until you reply to what combofix said.
I am actually having no problems now, everything is working and my virus software isnt disabled anymore, but of course there may be some things lurking that were not cleared up, that you would be more versed in pointing out.
So here is the file and thanks, let me know if I should proceed with the next combo fix!
R

 

Im really freaked out now... suddenly music just starts playing on my computer and nothing is running. It is sort of like the stuff that played on a community I belonged to when 4chan was invading it. I am afraid my whole system has been infiltrated.

Im running your instructions right now!
R

 

btw, I dont have mgtools analyze exe. I only have mgtools, no option to just analyze
or an option to (select Do a system scan only)
when I double click mgtools, it just brings up a black cmos type screen and runs a scan
this was the result of that scan (attached)
do I need to install another form of mgtools?
R

 

Ok, nevermind, I ran highjack this and got the options for (select Do a system scan only)
I have selected the items you told me too from the log
I am now closing this browser, telling it to fix and then proceeding afterwards.

 

ok I see, I didnt realize there was a mg tools folder, and I only saw the mg tools exe in my cdrive (now I see the folder) When you explained that the mg analyze was just hijack this, I tried that and it gave me the options you suggested and I was able to follow it.
I fixed the 5 files you told me too (however it rebooted after the proceedure) and then proceeded with the combo fix instructions by saving the file to desktop and then dragging it onto my combofix icon on my desktop
when doing so, it started to run combofix on its own, but stopped and said there was an update available, and asked if I wanted to update and I said yes, then combo fix started over. It ran through 48 steps instead of 41 and then rebooted my machine when finished. It gave me a log and I will post it now with the highjack log.

Do I need to do those steps again now? Because I was confused by the first mg instruction?

BTW when combo fix was completing the log file, I got a error message something regarding no windows disc and it asked me to cancel, try again or continue, I tried all three and it just kept popping up until finally it went through and completed creating the log.

so attaching the logs from highjack this and combofix and I guess I will repeat the steps using mg analyze, but what if the files you told me need deleted are already gone by using the highjack this fix?
R

 

I just ran the mg analyze from the mg folder as directed, I'm attaching the log to this post, the 5 files you told me to delete in the initial post are no longer there.

Please tell me how to proceed, I'm sorry I got confused and didnt follow the directions properly.

R

 

Did the fix me instructions
ran cc cleaner
completed the getlogs instructions
attached is my mg log from the final step (C:\MGtools\GetLogs.bat )
and my combofix.
Everything 'seems' fine, but it did before you had me to proceed with the instructions in your post, until the wierd music started playing prior to the fix.

Please let me know if everything seems proper in the logs attached on this post or if I need to do anything further.
Thanks again for your help and tolerance with my inexperience with these proceedures.

R
(I am attaching the combofix log, but it doesnt succeed, only the mgzip is showing up as successfully uploaded)

 

BTW
"Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work."

It did give me a success message.

and I have had my system restore turned off since I began working on this, because I know that maleware can hide in the restore, so please let me know when it is safe to turn my restore back on, when letting me know if there is anything further I need to do, or if I need to recomplete the steps since I made mistakes in the initial run through (using highjack this instead of mg analyze)
I guess that the combofix isnt attaching because it states I have already attached it in this thread,
It is attached to the post that starts out:
"ok I see, I didnt realize there was a mg tools folder"

waiting for further instruction.
R


Thanks again for everything.

 

Thanks, I uninstalled all the programs as instructed.
My avg has been finding tracking cookies which I know are not extremely intrusive and just should be watched and deleted...
BUT last night and today when my avg runs it gives me this in the log when scanning for viruses.

File
(a little piece of paper with a blue i on it)

Result/Infection
(change)

Path
(C:\WINDOWS\system32\drivers\etc\hosts)

Is that something to be concerned with?
The results came back last night as no infection and didnt direct me to do anything regarding that one find. Is that just a result of all the fixes etc that we followed that is alerting the AVG there is a change?

Should I run another highjackthis to give you a final log?

I just want to be absolutely sure I am ok before I restart my system restore.
It has been disabled the entire time since I began cleaning, so I dont need to disable it, only know it is safe to re-enable it.

Thanks again
R