Will it ever be free?
Hi woowoo,
You are now a freshman so yes it can you will see and Welcome to Malware Removal University.
Ok now let's continue.
I missed a program in your add/remove program list that needs removing it is bundle with malware.
Add/Remove Programs
- Click Start
- Go to Control Panel
- Go to Add/Remove Programs
- Find and click Remove for the following:
webHancer Customer Companion
--------------------------------------------
Now download Ccleaner but do not run it yet I will let you know when.
Download CCleaner from here It will start to download automatically. If ask if you want to download let it. Save to your Desktop.
If Ccleaner screen opens just close it.
-------------------------------------------------
Here we are going to just make sure this tool is setup correctly Do not run scan yet.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Click on Scanner on the toolbar at top of this screen.
- Click on the Settings tab.
- Under How to act?
- Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
- All checkboxes should be ticked.
- Under Possibly unwanted software:
- All checkboxes should be ticked.
- Under Reports:
- Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
- Select Scan every file.
- Under How to act?
- Close AVG Anti-Spyware without running yet.
- Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
-------------------------------------------------
Here you had to do the following so when I have go look for bad files and folders you can find them.
To enable the viewing of Hidden files follow these steps:
- Close all programs so that you are at your desktop.
- Click Start, then select My Computer)
- Select the Tools (at top of opened screen in menu and click Folder Options.
- After the new window appears select the View tab.
- Put a checkmark in the checkbox labeled Display the contents of system folders.
- Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
- Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
- Remove the checkmark from the checkbox labeled Hide protected operating system files.
- Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.
------------------------------------------------------
You need read up on this tool. I love it.
Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34ECF~1\Bar888.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{34ECF~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - <http://activex.matcash.com/speedtest2.dll>
---------------------------------------------------------
Reboot your computer in Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
Use Windows Explorer to navigate to and delete the following folders and files (if they are present) just what is in red:
Some of the file and folder may not be found from uninstall of program at beginning of post, but it is always best to check to make sure they are gone.
Files:
- C:\namn.exe
- C:\WINDOWS\system32\isetup.exe
- C:\WINDOWS\Downloaded Program Files\speedtest2.dll
- C:\Documents and Settings\comet\winstall.exe
Folders:
- C:\Program Files\webHancer
- C:\PROGRA~1\COMMON~1\{34ECF~1 <<< The path to this file should look like this C:\Program Files\Common Files now look for a folder starting with these numbers and letters 34ECF I do not know the rest of folder description. If you can not find move to next one it could have been removed already.
- C:\WINDOWS\system32\nfomon
- C:\WINDOWS\system32\vidmon
------------------------------------------------------------
Still in safemode do the following:
Here we are going to clean out cookies and temp files from your computer.
*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
- Double click the CCleaner shortcut on the desktop to start the program. you downloaded earlier
- On the Windows tab, under Internet Explorer,
- All Boxes should have a check mark. (You will need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
- On the Windows tab, under Windows Explorer,
- All Boxes should have a check mark.
- On the Windows tab, under System,
- All Boxes should have a check mark.
- On the Windows tab, under Advanced,
- NO check marks
- On the Windows tab, under Internet Explorer,
- If you use either the Firefox or Mozilla browsers, the box to put check in for "Cookies" is on the Applications tab, under Firefox/Mozilla. If already checked move to next step.
- Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours." - Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
- Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
- After CCleaner has completed its process, click Exit.
- You will need to reboot here if not ask to do so.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should fix screen a little better.
- Click on the Scan tab.
- Click on Complete System Scan to start the scan process.
- Let the program scan the machine.
- When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button.(3)
- When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
______________________________
Now rerun Combofix like you did before:
1. Double click combofix.exe & follow the prompts.
2. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
------------------------------------------------
Next
Now rerun kaspersky scan
-----------------------------------------------
Please post these in your next reply:
combofix's log
kaspersky scan report
New HJT log