TechSpot

Network connections and sound not working after malwarebytes

By dahernandez
Feb 7, 2009
  1. Well I had what I thought was just a startup problem after running malwarebytes but I think it may be more... my original message from the OS forum
    If an admin would like to combine the posts and delete the quote be my guest.

    Well I ran malwarebytes again and it found something even though my computer apparently was not able to connect to the internet. super antispyware found nothing and when I try to run trend micro pccillin (which is oudated since my trial ran out last august) it says it cant run. I tried to instal AVG but it said i should remove my previous antivirus before and when I tried it said it could not be done. I was able to install HJT however I have no clue what to check to clean if anyone can look through my log I also included the most recent malwarebytes log.

    so no one can help me?

    well update even though it said I shouldn't install it until I remove my previous antivirus I went ahead and installed avg and it caught quite a few tihngs so I restarted and everything was still the same. However this time when I tried to use system restore it worked and I actually had sound again although my network still didn't work, so I reran everything and caught a bunch of things and it asked me to restart again and when I did it was back to the same thing no sound no network no desktop icons no start menu and the init32.exe error. So I tried to restore again this time the restore failed but all of a sudden my internet worked so I hurried and updated avg and avg kept catching infections after the update however it was catching weird infection constantly it said programs that I've had on my computer and know are clean are infected so now I'm confused, I figured something else had gone wrong and quickly restarted my computer in safe mode and I'm running everything again. Can no one help me? Im a poor college student and cant afford professional help.
     
  2. mflynn

    mflynn TS Rookie Posts: 2,793

    Yes

    Do the TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

    You have alreay done the MBAM but update it and run another quickscan and attach that log!.

    Then from the 8 Steps get us a SAS run log.

    Mike
     
  3. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    I have done the 8 steps and I can't update anything because my network connection does not start up. I am rerunning avg mam and sas and I'll repost any logs I am in safe mode atm because of the weird behavior I had in my last post.

    You probably want to do the 8 steps linked above if you havent already and post your logs, hopefully we can get this fixed, I have posted on other forums and if I find anything that works I'll post back.
     
  4. mflynn

    mflynn TS Rookie Posts: 2,793

    Are you doing these in Safe Mode networking and do you have Internet access there?

    Mike
     
  5. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    Yes I am in safe mode with networking and no internet. And when I'm not in safe mode and open network connections and try to use the troubleshoot it never pops up.
     
  6. mflynn

    mflynn TS Rookie Posts: 2,793

    Boot to Safe Mode and do all below.

    In your case I am assuming you are using another computer and a Flash drive to get these things on the effected computer.

    So save the below to a notepad file and take to the effected computer and copy from the notepad file. Do not create a bat or cmd file from this it is designed to be pasted directly to the command prompt!

    This should fix your Internet!

    Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.

    Then paste to the black screen of an open command prompt. All may not apply so ignore errors.
    Code:
    @echo off
    cd\
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    
    sc stop TDSSserv.sys
    sc delete TDSSserv.sys
    :: Above sc commands first stops then deletes service if it exists
    ::
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata"
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\tdss"
    ::
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" /f
    ::The above reg commands first unloads the reg keys then deletes these keys.
    ::
    Attrib -h -s -r tdss*.* /s
    del  tdss*.* /f /q /s
    :: The above two lines first clears protective attributes then 
    :: deletes all files on Drive beginning with the name tdss
    
    :: Remove AntiVirus2009
    attrib -h -s -r "%UserProfile%\Desktop\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll"
    attrib -h -s -r "%UserProfile%\Start Menu\Antivirus 2009\*.*"
    
    del "%UserProfile%\Desktop\Antivirus 2009.lnk" /f /q
    del "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk" /f /q
    del "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll" /f /q
    del "%UserProfile%\Start Menu\Antivirus 2009\*.*" /f /q
    
    rd /s /q "%UserProfile%\Start Menu\Antivirus 2009"
    
    attrib -h -s -r "c:\Program Files\Antivirus 2009\*.*"
    rd /s/q "c:\Program Files\Antivirus 2009"
    
    attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
    attrib -h -s -r c:\WINDOWS\system32\scui.cpl
    attrib -h -s -r c:\WINDOWS\system32\winsrc.dll
    
    del c:\WINDOWS\system32\ieupdates.exe /f /q
    del c:\WINDOWS\system32\scui.cpl /f /q
    del c:\WINDOWS\system32\winsrc.dll /f /q
    
    attrib -h -s -r c:\program files\xwdxqu.txt
    attrib -h -s -r c:\windows\x
    attrib -h -s -r c:\windows\SxsCaPendDel
    
    del c:\program files\xwdxqu.txt  /f /q
    del c:\windows\x  /f /q
    del c:\windows\SxsCaPendDel  /f /q
    
    reg delete HKLM\SOFTWARE\swearware /f
    reg delete HKCU\Software\Wget /f
    reg delete HKLM\Software\Classes\CLSID\{CD363BEC-7150-B887-530D-F3E2E0424EA} /f
    
    :: rootkit gaopdxserv
    attrib -h -s -r "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
    attrib -h -s -r "c:\windows\system32\gaopdxqpqjwmyc.dll"
    attrib -h -s -r "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"
    
    sc stop gaopdxserv.sys.sys
    sc delete gaopdxserv.sys.sys
    
    del  /f /q "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
    del  /f /q  "c:\windows\system32\gaopdxqpqjwmyc.dll"
    del  /f /q  "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"
    
    sc stop WinSvchostManager
    sc delete WinSvchostManager
    
    sc stop ntndis
    sc delete ntndis
    
    attrib -h -s -r "C:\WINDOWS\system32\drivers\ntndis.exe"
    attrib -h -s -r "C:\WINDOWS\system32\drivers\ntndis.sys"
    
    del  /f /q "C:\WINDOWS\system32\drivers\ntndis.exe"
    del  /f /q "C:\WINDOWS\system32\drivers\ntndis.sys"
    
    sc stop u_lehj
    sc delete u_lehj
    
    attrib -h -s -r "c:\program files\Common Files\System\u_lehj32.dll"
    del  /f /q "c:\program files\Common Files\System\u_lehj32.dll"
    
    attrib -h -s -r "C:\WINDOWS\system32\svcprs32.exe"
    attrib -h -s -r "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe"
    attrib -h -s -r "C:\WINDOWS\system32\mdmcls32.exe"
    
    del  /f /q "C:\WINDOWS\system32\svcprs32.exe"
    del  /f /q "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe"
    del  /f /q "C:\WINDOWS\system32\mdmcls32.exe"
    
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\Software\Classes\gaopdxvx" /f
    
    reg delete "HKEY_CURRENT_USER\Software\75319611769193918898704537500611" /f
    reg delete "HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "75319611769193918898704537500611" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "ieupdate" /f
    echo Finshed ripping out Antivirus 2008-9
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    exit
    exit
    This should run and exit!

    It is a coverall and you may see a few errors related to it addressing something you do not need. This is normal ignore.

    Reboot let me know!

    Mike
     
  7. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    should I reboot into safe mode again or normal mode?
     
  8. mflynn

    mflynn TS Rookie Posts: 2,793

    Try Normal and if Internet is fixed go straight into the 8 Steps.

    If it did not fix the Internet do the below using the same as the last copy paste operation.

    Do not do below if Internet is working!

    Drag mouse with left button down the lines below across then paste each line below 1 at a time to an open CMD prompt and hit enter, ignore any errors for now.
    Code:
    @echo off
    ipconfig /all >"%USERPROFILE%"\Desktop\ipconfig.txt
    ;Saves ip settings
    netsh interface ip delete arpcache
    ipconfig /flushdns
    ipconfig /release *
    ipconfig /renew *
    ipconfig /registerdns
    nbtstat -RR
    netsh winsock show catalog >"%USERPROFILE%"\Desktop\lsp.txt
    ;saves log of current settings
    netsh winsock reset catalog
    ;resets Winsock
    netsh winsock show catalog >>"%USERPROFILE%"\Desktop\lsp.txt
    ;winsock after rest
    netsh int ip reset >"%USERPROFILE%"\Desktop\tcpreset.txt
    ;reset TCP stack
    exit
    exit
    Reboot see new icons on desktop, paste contents of lsp and tcp.txt back to thread.

    Mike
     
  9. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    well i did the first one and rebooted and had no luck initially so I rebooted into safe mode and did the second one and when i rebooted my internet started working again. So i just finished updating malwarebytes and I'm going to update everything and rerun the steps 1-8 did you still want me to post the contents of lsp and tcp.txt however?
     
  10. mflynn

    mflynn TS Rookie Posts: 2,793

    Nah not unless we have more Internet access issues.

    Keep up the good work, get me those logs!

    Mike
     
  11. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    well it took me a few days to post back here because of school but mainly because scans took so long to complete. so after i updated avg went crazy finding basically every .htm file on my computer as a virus html/framer so knowing that some of the programs were safe I decided to go into safe mode and run avg there the first log is that one avg only ran in cmd promt it said because of the safe mode. then i restarted and ran malwarebytes and spybot s&d which took a very long time to scan because avg kept popping up with those .htm viruses the next log is the malwarebytes from that scan however by the time both those scans finished and cleaned everything i attempted to run avg scanner and sas and neither would run so I was forced to restart and as soon as I hit new task explorer.exe about 50 or more dos windows popped up and close almost immediately with varying names from cmd.exe to command.exe and possibly a couple more variations of the word command and finally my start menu and desktop icons came back up and the internet was gone again but I assumed since I already updated this wasnt as big a deal as getting my computer clean so i ran avg and it caught somewhere in the area of 10,000 infections but almost all were those html/framer viruses and all those files are just being deleted since the avg vault was full almost after a few minutes of running. then after I cleaned those I ran another malwarebytes and sas but when I came back from school there had been a power outage and so I don't think it finished before my computer was turned off. So I turned it back on and something that hadn't happened since initially my computer was infected happened. as it was starting instead of the normal blue background startup it was a black background with an old windows looking window that had the users and password to be inputed which never happened before as I dont have a password so i just hit ok and started with explorer.exe again and then my sound came back all of a sudden but no internet and my taskbar didnt have the normal xp look but the classic look which seemed odd and when I opened my ctrl panel it said it was set to the normal xp not the classic, of course those cosmetic issues didnt bother me as much as getting my computer fixed so I ran avg found around 6000 more infections again mostly if not all those html ones and I saved that log and uploaded it(had to split it up into 2 files because it was so big) and then ran malwarebytes and that log is next then ran sas and it found nothing and the entire time this was running spybot almost every few seconds kept giving me popups asking me if I wanted to allow or deny some changes being made to my registry so i kept hitting deny assuming whatever malware I have is trying to change it but it kept popping up. so after all that I restarted again and the window asking for my password at startup didnt show up and after I new task and did explorer.exe the taskbar was still the classic view but the sound was gone again and no internet so i ran avg and it found much much fewer but still around 50 or so of those html and then I ran malwarebytes and it found nothing as well as sas and spybot only had about 2 or 3 of those popups asking me to allow or deny changes So I figure I'm on the right track as fewer and fewer things are being caught. I restarted this morning and I'm attatching the hjt log and avg did popup 3 of those html right at startup without me running a scan and spybot had only one popup of which I denied something trying to change startup.exe "...some % things" to "startup.exe" "..same things". So I'm going to leave avg running again while I go to class and hopefully by the time I get back I'll have even less things that it finds wrong but it still seems like the underlying cause is still there and doesnt seem to be caught by anything and is responsible for this init32.exe error at startup, also whenever I do start and new task explorer.exe my icons and taskbar do not show up until after i receive the init32.exe error. I've tried stopping the process before the error and still nothing shows up until i receive the init32.exe error. Thanks again if anyone can help out and to mflynn who's been very helpful when I get home i'm going to retry those cmd prompt to try and get my internet back again and try updating again.

    hjt log since I exceeded the 5 upload limit on the previous post
     
     
  12. mflynn

    mflynn TS Rookie Posts: 2,793

    Actually I wish you had run the 8 Steps and gotten me the logs first. I hope you did not lose much.
    There is a possibility that AVG is corrupted and under the control of Malware which would make some of these False positives.

    You need to UPDATE then run MBAM again Quick Scan as it had a lot and I feel there are more.

    And you never sent an SAS log. So update it and run it and post log.

    Then do the below (only after all above is complete)

    Download SDFix to Desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.
    =========================================
    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Mike
     
  13. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    I will do that when I get back from school, malwarebytes is updated as of 3 days ago but I'll get my internet back up and update it and sas again, also I did not post an sas log because sas did not find anything, i didnt think it saved logs if nothing was found. As far as avg being corrupted thats what I initially thought and I posted on the avg forums asking if that was possible and they just deleted my post and when I pmd an avg team member he said it was deleted because whatever I posted was ridiculous and believed to be me just badmouthing them to other forum members so I went ahead and let avg delete all those htm files. Even if I did lose files they were mostly some type of help files for programs and thats really not that important I can reinstall programs I'm more concerned with making sure my computer is safe and working properly again without losing any of my media/school files.
    Thanks again for your help mflynn.
     
  14. mflynn

    mflynn TS Rookie Posts: 2,793

    All right good to know you did in fact run SAS!

    Well it (the AVG finds) does look out of the ordinary.

    After you get me the requested MBAM SDFix and ComboFix logs and they are processed to clean, I am going to suggest we replace the AVG which shows to be Ver. 7.5 with Avira which is as good as the best and way better than AVG!

    But do not do that yourself do it under my guidance.

    Mike
     
  15. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    Ok so I ran the first code to restart my internet then restarted and my original xp style taskbar was back no longer the classic view and the local area connection icon popped up and said i was connected like normally however when I tried to open firefox it continually crashed and when I opened IE it showed a very suspicious looking error page who's troubleshooter tried to have me send 'microsoft' some information to better there service or something like that. Anyways I tried to update but both mbam and sas said there was either no internet or they were blocked by the firewall. So I restarted into safe mode and internet was working fine there although firefox still kept crashing but IE worked and I was able to update both mbam and sas then i ran full scans first with sas which found a few things and then ran mbam and found nothing so there was no mbam log. I have since restarted and am running quick scans of both currently in regular mode, still no internet or not able to reach the update servers in normal mode but my sound finally came back!!!!!! So i'm running those scans and the other things you've said and I will post back, so far right after start mbam found 5 infections. Also I know you have told me nothing about spybot but I do have it and it keeps bugging me telling me that something is trying to create a new entry in windows/system32/...various file names the first one up is reader_s.exe and if I want to deny or allow I'm not hitting either since it'll just make a ton more pop up and slow down my scans. AVG again is going nuts telling me there are .htm viruses and I am no longer telling it to delete just closing the window.
    Thanks again Mike!

    Well mbam found 26 infections then I started sas and my computer crashed (blue screen of death) So I'm restarting and re running the scans here is the mbam log
     
  16. mflynn

    mflynn TS Rookie Posts: 2,793

    Whoa!

    Unplug your network able while doing the below.

    Ok I hate to ask you to do this but you need to run each of SAS MBAM ComboFix and last SDFix one after the other.

    Run MBAM check log if not clean run again until it is clean or finds something it can not clean. With cable disconnected do not worry about logs. Do it like this for each of the programs above.

    Once you are thu this the reboot reconnect the cable log here and install Avria update and do full scan clean all it finds.

    Only after you have the protection of Avira uninstall the AVG!

    Mike
     
  17. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    Ok cable is unplugged but just to clarify, you want me to run sas over and over until it no longer finds anything wrong and not worry about saving logs then run mbam over and over until it finds nothing wrong and not worry about logs then run combofix and then SDfix? isnt combofix like hjt where it saves a log and needs someone experienced to review it before telling it to remove anything? so just run combofix and save log but have it do nothing then run all the sdfix steps? are quick scans ok for mbam and sas? and what if they require restarts to finish cleaning?

    Ok well I cannot run sas without my computer crashing.
     
  18. mflynn

    mflynn TS Rookie Posts: 2,793

    Save the combofix log I will get it when we plug cable back in. Run combofix only once!

    As for the SAS try it in Safe Mode but if it fails again skip it and do the other runs. But if it runs in Safe mode till clean then run once more in full if it will.

    Plug in cable and log in here get Avira and update and run it!

    Mike
     
  19. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    Ok ran sas in safe mode 3 times with last 2 times clean then tried in normal mode with crash again so I moved on to mbam and I have been running it all day and I keep getting the same 2 infections caught mbam says they were succesfully quarantined and removed but everytime without fail they continue showing up

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

    should I move on to comfix and sdfix?
     
  20. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes you can move on to ComboFix
    But also do this, anytime, download this tool: http://www.dougknox.com/xp/utils/XP_FixLogon.zip
    This utility checks for the correct GINA value in the Registry and will allow you to restore it, if its incorrect.
     
  21. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    Ok the fixlogon found nothing needing repair I then proceeded with combofix log attatched and I'm currently installing sdfix then i'll install avira



    EDIT: I installed sdfix rebooted to safe mode and upon starting it my computer crashes same as with the sas before, I've tried it twice now and both times crashed.
     
  22. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes I see that

    Please uninstall Trend Micro PC-cillin Internet Security
    If Trend does not un-install properly, you can do the following:

    *Start->Run-> C:\Program Files\Trend Micro\Internet Security 12\TISSuprt.exe
    The Trend Micro Diagnostic Toolkit window will appear. Click on the Uninstall tab
    Click on the Un-install button
    Click on the Un-install button again when asked if you want to continue with the un-installation
    Restart your computer

    * Note: If the Trend Micro Diagnostic Toolkit window does not appear
    Run: C:\Program Files\Trend Micro\Internet Security 12\PCCTool.exe

    Or read here for more info: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1036064&id=EN-1036064

    ---------------

    Finally, once it is gone, then install Avira free AntiVirus

    Re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove)

    --------------

    Doing the above will stop the restarts and clean your system a lot more effectively than Trend
     
  23. mflynn

    mflynn TS Rookie Posts: 2,793

    When finished run ComboFix again the last had found/removed items. We need to confirm they are gone and find no more.

    We are after a clean log!

    Mike
     
  24. dahernandez

    dahernandez TS Rookie Topic Starter Posts: 68

    should I also remove avg or only remove it after I've installed avira?

    also I started this morning and back to some old behavior sound gone no network connection and black screen with old windows startup window asking me to put in my password along with the classic view taskbar after I do run explorer.exe so I'm going to have to run that first code to get everything back and im guessing rerun mbam and sas.
     
  25. mflynn

    mflynn TS Rookie Posts: 2,793

    Get me the Combofix log.

    Then

    Install Avira first then uninstall AVG then full scan in Avira.

    Ignore the other sound etc for now 1 thing at a time we need to be clean of Malware first!

    Mike
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.