Fighting infection

[Amats]

Processor: AMD Athlon Dual Core 64X2 2.91 GHz
RAM: 3.5 Gb
Video Card: Nvidia Geforce 8800 GTS 512mb
Service Pak 3

Never had much trouble with viruses before but about 2 months ago computer couldn't access the internet through my wireless network.  I wiped the hard drive and it worked ok then started having the same problem again.  Wiped again, worked ok had the same problem again in about a week.  I was told some years ago by a computer tech that  a router is a hardware firewall and software firewalls are not needed.  Seems that advice doesn't apply now.  I've done all the steps through copying the SuperAntiSpyware log which is pasted below.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/06/2010 at 10:49 PM

Application Version : 4.36.1006

Core Rules Database Version : 4900
Trace Rules Database Version: 2712

Scan type       : Complete Scan
Total Scan Time : 00:48:20

Memory items scanned      : 558
Memory threats detected   : 0
Registry items scanned    : 6743
Registry threats detected : 1
File items scanned        : 60299
File threats detected     : 74

System.BrokenFileAssociation
   HKCR\.exe

Adware.Tracking Cookie
   C:\Documents and Settings\Mom\Cookies\mom@247realmedia[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@2o7[1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\mom@adbrite[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@adecn[2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\mom@advertising[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@adxpose[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@apmebf[2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\mom@atdmt[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@bizrate[2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\mom@burstnet[2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\mom@collective-media[1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][3].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\mom@doubleclick[2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\mom@fastclick[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@householdaccount[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@imrworldwide[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@insightexpressai[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@interclick[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@invitemedia[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@kanoodle[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@kontera[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@lockedonmedia[1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\mom@media6degrees[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@mediaplex[2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\mom@overture[2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\mom@pointroll[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@questionmarket[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@realmedia[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@revsci[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@ru4[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@serving-sys[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@specificclick[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@specificmedia[2].txt
   C:\Documents and Settings\Mom\Cookies\mom@statcounter[2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\mom@tacoda[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@trafficmp[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@traveladvertising[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@tribalfusion[1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][3].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][4].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][5].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][6].txt
   C:\Documents and Settings\Mom\Cookies\[email protected][7].txt
   C:\Documents and Settings\Mom\Cookies\mom@yieldmanager[1].txt
   C:\Documents and Settings\Mom\Cookies\mom@zedo[2].txt

[Carol~]

Carol, you are not allow to post in this forum. If you want to help please read the link "Would you like to learn to fight malware". Thank you.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
===================================

Please download: HiJackThis to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
  
• Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
  
• Please post the log in your next reply.
  

[Amats]

I really appreciate the help Dave.  2 logs attached

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Download

Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

==========================================

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix
Please copy and paste your logs in your next reply.

[Amats]

Combofix log attached

[recovering disk space - old attachment deleted by admin]

[SuperDave]

I was told some years ago by a computer tech that  a router is a hardware firewall and software firewalls are not needed.

Not all routers have built-in firewalls.

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and logs posted for each one)

* Copy the file path in the below Code box:

Code: [Select]

c:\windows\system32\drivers\kgpcpy.cfg
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

I can't find too much that is dangerous in your logs. How is your computer working now?

I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Amats]

I am still unable to connect to my wireless internet on this computer.  I ran a scan with a program called StopZilla before you started helping me and it said I had a dialer virus but it wanted $40 to eliminate it.  Didn't know if it was a scam or not.  computer is extremely slow tonight
2 files attached

[recovering disk space - old attachment deleted by admin]

[SuperDave]

I ran a scan with a program called StopZilla before you started helping me and it said I had a dialer virus but it wanted $40 to eliminate it.

StopZilla is not a good program to have on your computer.

The txt file from Jotti's is no good. I will need the link. Please do it again and paste the link in your next reply.

The ESET scan looks good so all I need now is the link from Jotti's.

computer is extremely slow tonight.

Do you mean when you're on-line or just slow all the time? How much RAM do you have and how much free disk space?

[Amats]

Actually, several nights ago I was running internet and programs and hit the stop button on my computer accidently which turned the computer off and ever since then its very hard to select anything with my mouse.  Do you think maybe I created an error on my hard drive or what?
Also, when I try to select the box to paste the file for the Jotti scan, a window with a bunch of drivers listed on it comes up and will not let me paste the file in the box.  I tried deleting it but it just keeps coming back.

[SuperDave]

Do you think maybe I created an error on my hard drive or what?

You could try this. Also please ensure that all your cables are securly attached. Please let me know if this problem still continues.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
===============================

when I try to select the box to paste the file for the Jotti scan, a window with a bunch of drivers listed on it comes up and will not let me paste the file in the box.  I tried deleting it but it just keeps coming back.

Don't bother with it anymore. The ESET scan came back clean.

[Amats]

I ran ckdsk, 1 file attached.

[recovering disk space - old attachment deleted by admin]

[SuperDave]

As stated in that report, please run chkdsk again with the F parameter. chkdsk /f

[Amats]

Ran chkdsk F, no more problems with mouse.  Only problem that remains is I can't access my wireless internet with this computer.

[SuperDave]

Try hard-wiring your computer to your router. If you can connect, using that method, then there is something not right with your wireless receiver. My daughter was having the same problem with her laptop. I shut it off, restarted it and the connection was there. I had the same problem with my laptop about a week later with the same solution. Sometimes, the best thing we can do for a computer is to shut it off now and then. If you're still having problems connecting, I suggest that you start a thread in one of the other forums dealing with this type of problem.