Network connections and sound not working after malwarebytes

By dahernandez
Feb 7, 2009
Topic Status:
Not open for further replies.
  1. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    combofix log
  2. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Run Combofix again I need to see that it is really gone.

    Then do the full Avira and get me that log.

    Mike
  3. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    ok running cmbofix right now should I retry the code to get internet working after to make sure avira updates or just run avira right after install

    EDIT: I ran combofix log uploaded however when I tried installing avira i cant it starts extracting to sum temp folder then it says that it was changed maybe due to a virus and says setup is shutting down ive tried both in normal and safe mode.


    EDIT2: I asked for help in the avira forums post here: http://forum.avira.com/wbb/index.php?page=Thread&threadID=83401 and one person has suggested using blacklight but i'm not sure if I should or if it would interfere with anything we're trying to do here.
  4. mflynn

    mflynn Newcomer, in training Posts: 2,793

    OK do the below!

    COMBOFIX-Script
    Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Code:
    File::
    C:\WINDOWS\system32\drivers\ntndis.exe
    C:\WINDOWS\system32\drivers\ntndis.sys:
    
    Drivers::
    ntndis
    Then drag this script and drop on top of ComboFix.

    ComboFix will now run a scan on your system.

    It may reboot your system when it finishes. This is normal.

    When finished, it will create a log. Attach the log back to us.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Mike

    EDIT: No BlackLight the above shoud do it, leave the Avira for now.
  5. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    Ok heres the combofix log should I go retry to install avira?
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  7. mflynn

    mflynn Newcomer, in training Posts: 2,793

    OK that got it but I want to see one more ComboFix log to confirm.

    Avira should install now.

    Mike
  8. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    Well avg uninstalled fine however avira is still not installing. Heres the error I get:
    [​IMG]

    I haven't reran combofix just yet because I was waiting to install avira first and plug my network cable back in to install recovery console while i was at it.

    One of the mods at the avira forums wants me to do this and I figured since I'm so close to getting my computer back I'd run it by you guys first.
    Obviously I already have mbam but they still want me to run blacklight as well as the cd boot uninstall and reinstall
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  10. mflynn

    mflynn Newcomer, in training Posts: 2,793

    I agree with Kim.

    But you should run ComboFix and post the log. It will fix issues, you can then do the Avira and run ComboFix later to get the Recovery console.

    Mike
  11. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    Ok first attatchment is the log created from when I first removed avg, then I ran combofix and that log is next, I then reran the remover tool and it brought up the dos window and then ran about a second worth of commands and closed and nothing happened, I then ran the kleaner and the hourglass would show after I double clicked it then nothing would come up so im assuming avg is completely gone. I tried to install and nothing, I then ran ccleaner and restarted which undid what the CFScript.txt had fixed which was the sound network connection icon and the XP look of the taskbar and windows. I tried again and again to install avira and the same thing happened it would not allow me to install. I then reran combofix and thats the next log1 then I tried avira again and nothing then I ran combofix with the CFScript.txt again and thats the next log2 but this time it did not fix the sound, network icon, or the lack of XP style in taskbar and windows.l I wouldve posted the first log sooner but this computer ran out of juice and had to wait for my wife to get home with the power cable so I just kept trying installing and combofix
  12. mflynn

    mflynn Newcomer, in training Posts: 2,793

    OK I edited Post #6 to correct this.

    Boot to Safe mode Networking and do post #6 again then immediately follow that with post #29 CFSscipt!

    Mike

    Good night will check in in morning!
  13. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    I have not seen it before where Avira refuses to install
    I understand you have done all of the above ;)

    There is also an option in CCleaner to do a Registry scan, I'd suggest for you to do this, and then repair all found issues (backup not required)

    Then run CCleaner normally again
    Then install Avira

    You may need to tell us specifically what happens again :confused:
    By the way, please check Control Panel -> Users. And confirm your present account is an Administrator account. If not, that will be a big concern.
     
  14. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Yes I am awaiting the results of post #37.

    Mike
  15. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    Ok heres the new log. after running i tried installing avira again and same result

    kimsland I did do all of that including the registry cleaner I didnt rerun ccleaner normally after that though so I will try that now.

    EDIT: ran cleaner then registry then ran cleaner again which clean nothing then still couldnt install avira. Tried it once more and still nothing reg and cleaner both found nothing the second time, and still nothing.
  16. mflynn

    mflynn Newcomer, in training Posts: 2,793

    This one is stubborn.

    A new HJT log.

    Then do the below..

    Temp files can cause this so clean up deeply with these

    CCleaner http://www.ccleaner.com/download/builds get the SLIM at bottom of screen.
    Run CCleaner twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
    -------------------------------------------
    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html
    Temp and Registry, repeatedly until no more found including FF and Opera (but here do not clear Passwords).
    -------------------------------------------
    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner. Run Analyze and clean.
    -------------------------------------------
    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.

    Now try Avira again!

    Mike
  17. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    Stubborn is not a strong enough word to describe this! here's the hjt log and I'll post back when I finish the rest of the steps
  18. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Well Spybot - Search & Destroy, should have been uninstalled from the start
    Please uninstall it now
    Also Trend Micro still exists (it's definitely uninstalled?)

    I think continue with mflynn's advice, I'm not getting that far with this
  19. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    I'll uninstall spybot now and Im pretty sure the trend micro is uninstalled I went to remove programs and uninstalled from there it then rebooted and I didnt see it, although my security warning in the right side of the taskbar says trend micro is turned off, Is there another way of removing it?
  20. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Here's my little guide on that:


    Trend is still not un-installed

    *Start->Run-> C:\Program Files\Trend Micro\Internet Security 12\TISSuprt.exe
    The Trend Micro Diagnostic Toolkit window will appear. Click on the Uninstall tab
    Click on the Un-install button
    Click on the Un-install button again when asked if you want to continue with the un-installation
    Restart your computer

    * Note: If the Trend Micro Diagnostic Toolkit window does not appear
    Run: C:\Program Files\Trend Micro\Internet Security 12\PCCTool.exe

    Or read here for more info: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1036064&id=EN-1036064
  21. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Since you are not running TeaTimer SpyBot is not interfering nor I doubt Trend but go ahead and cleanup what you can.

    The HJT log shows the ntndis is finally gone, so Combofix (no cfscript) to confirm.

    Mike
  22. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    Ok first could not find anything that says micro pccillin is still there it doesnt come up in the list of add/remove nothing on my desktop start menu or processes. I went to the program files/trend micro and it had hijackthis and internet security 11 which I assumed was an older version So I deleted that as well as tried the commands you gave me and it said it could not find them.

    So I ran all the things you asked me to mike and still avira would not install here is another combofix log.
  23. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Nope!

    c:\windows\system32\drivers\ntndis.sys. Keeps coming back.

    Now there are other bad entries.

    You may be getting reinfected.

    Time for Drastic measures.

    Download RootRepeal http://rootrepeal.googlepages.com/RootRepeal.rar

    Make Folder on your Desktop name it RRepeal. Move the rar file there and extract.

    Enter folder double click RootRepeal.exe.
    Click the Report tab, then click Scan

    It will ask what to include in the scan.

    Check the following
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Then click OK

    It will ask which drive to scan.

    Check C: (or your windows drive, if not C)
    Click OK
    The scan will begin will take a while.

    When scan completes, click Save Report .

    Name the log RRepeal.txt save it to your Documents folder (it should default there).

    Attach log here.

    Then

    Download Trojan Remover http://www.simplysup3.com/download/dl/trjsetup675.exe
    This is a fully working 30 day trial.

    Run and attach log!

    Mike
  24. dahernandez

    dahernandez Newcomer, in training Topic Starter Posts: 68

    Well rootrepeal crashed my computer a few minutes into the scan, the error was different than when sas or the sdfix crashed my computer:
    driver_irql_not_less_or_equal

    should I move onto the trojan remover?
  25. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Yes!

    Mike
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.