Questions:
1. Did you check the line in Superantispyware to remove the entries it finds? If you did not, please run it again with that line checked.
2. Did you use or need my steps #7 and #8 for the display and/or Startup?
3. Did you reboot into Normal Mode to complete the removals after Malwarebytes?
---------------------------------------------------------
I had not asked you to run Combofix yet- I will do that now, but please don't go ahead with scan unless I direct you. If you get an error message trying to run something, let me know in the closest exact words you can what it says.
I'd also like to have you run DDS. It produces 2 logs which give me a lot of information about your system.
--------------------------------------
Please go back to the link>
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
From that,
download and run DDS- instructions are with link. There will be 2 logs: DDS.txt and Attach.txt. Ignore the direction for the Attach.txt log and do not zip it or attach it. Just paste it into the reply same as the DDS.txt log.
If DDS won't download, first download this file:
xp_scr_fix
Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say
Yes.
You should then be able to run DDS.scr. It's the .scr file extension causing the problem.
=================================
Then run Combofix:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions,
if needed
- Click START> then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
- Double click combofix.exe & follow the prompts.
- If prompted for Recovery Console, please allow.
- Once installed, you should see a blue screen prompt that says:
- The Recovery Console was successfully installed.[/b]
- Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
- Note: No query will be made if the Recovery Console is already on the system.
- .Close/disable all anti virus and anti malware programs
(If you need help with this, please see HERE)
- .Close any open browsers.
- .Click on Yes, to continue scanning for malware
- .If Combofix asks you to update the program, allow
- When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty
and terminates prematurely, the connection can be manually restored by restarting your machine.
If Combofix still won run, do this first NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but
rename combofix.exe to
friday.exe BEFORE saving it to your desktop.
Do NOT run it yet.
-------------------------------------
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 3 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
- Rkill.com
- Rkill.scr
- Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following>>>>.
Please download
exeHelper by Raktor and save it to your desktop.
- Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
- A black window should pop up, press any key to close once the fix is completed.
- A log file called exehelperlog.txt will be created and should open at the end of the scan)
- A copy of that log will also be saved in the directory where you ran exeHelper.com
- Copy and paste the contents of exehelperlog.txt in your next reply.
Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
Rkill instructions
Once you've gotten one of them to run
- immediately double click on friday.exe to run
- If normal mode still doesn't work, run BOTH tools from safe mode.
In you have done #2, please post BOTH logs, rKill and Combofix.
=================================
Please leave the 2 logs from DDS and the Combofix log in your next reply.
If you still aren't able to download and run either or both, let me know what happens when you try.
================================
Please advise what remains of the original problems or if anything else has started.
================================
The account for
Carola need to do the following:
Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'>
CHECK 'accept first party Cookies'>
CHECK 'Block third party Cookies'>
CHECK 'allow per session Cookies'> Apply> OK.
For Firefox: Tools> Options> Privacy> Cookies>
CHECK ‘accept Cookies from Sites’>
UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
