AntiMalware Doctor

Download SuperAntiSpyware

• Load SuperAntiSpyware and click the Check for updates button.
  
• Once the update is finished click the Scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.
  

Thanks! Will do...

Okay, a couple of problems...

1). I found Antivirus XP running on my computer this morning. I used RKILL to get it to stop.

2). I downloaded and ran SuperAntiSpyware, but couldn't get the log at first. It told me I needed to reboot to get some of the viruses off.

3). I rebooted and found I could not get into any of the files. (I got the popup where it asked me which program to use to open the file. I couldn't open SuperAntiSpyware).

4). So I ran combo-fix again, and after I did everything seemed to work again. I was able to get the SuperAntiSpyware log and here it is...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/01/2010 at 05:28 AM

Application Version : 4.35.1000

Core Rules Database Version : 4756
Trace Rules Database Version: 2568

Scan type : Complete Scan
Total Scan Time : 00:34:16

Memory items scanned : 572
Memory threats detected : 1
Registry items scanned : 6056
Registry threats detected : 7
File items scanned : 24688
File threats detected : 35

Trojan.Agent/Gen-RogueAV
C:\DOCUMENTS AND SETTINGS\ANN\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE
C:\DOCUMENTS AND SETTINGS\ANN\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE

Adware.Vundo/Variant-Senorita
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}
HKCR\CLSID\{940D0CA2-1DA7-4C85-B314-52A878575B57}
HKCR\CLSID\{940D0CA2-1DA7-4C85-B314-52A878575B57}\InprocServer32
HKCR\CLSID\{940D0CA2-1DA7-4C85-B314-52A878575B57}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SIKAFEMU.DLL
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{940D0CA2-1DA7-4C85-B314-52A878575B57}
HKU\S-1-5-21-436374069-515967899-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{940D0CA2-1DA7-4C85-B314-52A878575B57}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{940D0CA2-1DA7-4C85-B314-52A878575B57}
C:\_OTM\MOVEDFILES\03282010_215222\C_WINDOWS\SYSTEM32\TALOZIKU.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Ann\Cookies\ann@pointroll[2].txt
C:\Documents and Settings\Ann\Cookies\ann@advertise[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tripod[1].txt
C:\Documents and Settings\Ann\Cookies\ann@realmedia[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ads.pointroll[2].txt
C:\Documents and Settings\Ann\Cookies\ann@trafficmp[1].txt
C:\Documents and Settings\Ann\Cookies\ann@collective-media[1].txt
C:\Documents and Settings\Ann\Cookies\ann@interclick[2].txt
C:\Documents and Settings\Ann\Cookies\ann@statcounter[2].txt
C:\Documents and Settings\Ann\Cookies\ann@counter.surfcounters[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.yieldmanager[2].txt
C:\Documents and Settings\Ann\Cookies\ann@doubleclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.wsod[3].txt
C:\Documents and Settings\Ann\Cookies\ann@zedo[2].txt
C:\Documents and Settings\Ann\Cookies\ann@atdmt[1].txt
C:\Documents and Settings\Ann\Cookies\ann@invitemedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@bizzclick[1].txt
C:\Documents and Settings\Ann\Cookies\ann@msnportal.112.2o7[1].txt
C:\Documents and Settings\Ann\Cookies\ann@overture[1].txt
C:\Documents and Settings\Ann\Cookies\ann@tribalfusion[2].txt
C:\Documents and Settings\Ann\Cookies\ann@revsci[2].txt
C:\Documents and Settings\Ann\Cookies\ann@ad.wsod[2].txt
C:\Documents and Settings\Ann\Cookies\ann@imrworldwide[2].txt
C:\Documents and Settings\Ann\Cookies\ann@lfstmedia[2].txt
C:\Documents and Settings\Ann\Cookies\ann@media6degrees[2].txt
C:\Documents and Settings\Ann\Cookies\ann@specificmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@businessfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.businessfind[2].txt

Adware.Vundo/Variant-Nx
C:\_OTM\MOVEDFILES\03282010_215222\C_WINDOWS\SYSTEM32\BIZIVATA.DLL

Adware.Vundo/Variant-[Fixed]
C:\_OTM\MOVEDFILES\03282010_215222\C_WINDOWS\SYSTEM32\RIWOZUBI.DLL
C:\_OTM\MOVEDFILES\03282010_215222\C_WINDOWS\SYSTEM32\TISIBUFU.DLL

To be safe I'm going to shut down this computer. I will use my laptop to check for your responses.

Hello.
Is the machine running any better now? SAS should have caught most of it.

It does seem to be working alot better. Even the issue in my browser when I would do searches is gone. Thanks!

I found some more stuff on there this morning and ran the Super Antispyware program. It seems to have worked and here's the log...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/02/2010 at 06:37 AM

Application Version : 4.35.1000

Core Rules Database Version : 4760
Trace Rules Database Version: 2572

Scan type : Complete Scan
Total Scan Time : 00:29:05

Memory items scanned : 623
Memory threats detected : 0
Registry items scanned : 6034
Registry threats detected : 0
File items scanned : 24674
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Ann\Cookies\ann@ad.wsod[3].txt

Cookies is nothing to worry about, everyone has them and they are used by your browsers.

Oh sure, so I put it to its paces last night, no anomalies. So I'm considering my machine healed. Thanks sooooo much for your patience and help. Have a safe and happy Easter Belahzur!