TechSpot

mflynn · #41 02-15-2009

This one is stubborn.

A new HJT log.

Then do the below..

Temp files can cause this so clean up deeply with these

CCleaner http://www.ccleaner.com/download/builds get the SLIM at bottom of screen.
Run CCleaner twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
-------------------------------------------
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html
Temp and Registry, repeatedly until no more found including FF and Opera (but here do not clear Passwords).
-------------------------------------------
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. Run Analyze and clean.
-------------------------------------------
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.

Now try Avira again!

Mike

dahernandez · #42 02-15-2009

Stubborn is not a strong enough word to describe this! here's the hjt log and I'll post back when I finish the rest of the steps

kimsland · #43 02-15-2009

Well Spybot - Search & Destroy, should have been uninstalled from the start
Please uninstall it now
Also Trend Micro still exists (it's definitely uninstalled?)

I think continue with mflynn's advice, I'm not getting that far with this

dahernandez · #44 02-15-2009

I'll uninstall spybot now and Im pretty sure the trend micro is uninstalled I went to remove programs and uninstalled from there it then rebooted and I didnt see it, although my security warning in the right side of the taskbar says trend micro is turned off, Is there another way of removing it?

kimsland · #45 02-15-2009

Here's my little guide on that:

Trend is still not un-installed

*Start->Run-> C:\Program Files\Trend Micro\Internet Security 12\TISSuprt.exe
The Trend Micro Diagnostic Toolkit window will appear. Click on the Uninstall tab
Click on the Un-install button
Click on the Un-install button again when asked if you want to continue with the un-installation
Restart your computer

* Note: If the Trend Micro Diagnostic Toolkit window does not appear
Run: C:\Program Files\Trend Micro\Internet Security 12\PCCTool.exe

Or read here for more info: http://esupport.trendmicro.com/suppo...&id=EN-1036064

mflynn · #46 02-15-2009

Since you are not running TeaTimer SpyBot is not interfering nor I doubt Trend but go ahead and cleanup what you can.

The HJT log shows the ntndis is finally gone, so Combofix (no cfscript) to confirm.

Mike

dahernandez · #47 02-15-2009

Ok first could not find anything that says micro pccillin is still there it doesnt come up in the list of add/remove nothing on my desktop start menu or processes. I went to the program files/trend micro and it had hijackthis and internet security 11 which I assumed was an older version So I deleted that as well as tried the commands you gave me and it said it could not find them.

So I ran all the things you asked me to mike and still avira would not install here is another combofix log.

mflynn · #48 02-15-2009

Nope!

c:\windows\system32\drivers\ntndis.sys. Keeps coming back.

Now there are other bad entries.

You may be getting reinfected.

Time for Drastic measures.

Download RootRepeal http://rootrepeal.googlepages.com/RootRepeal.rar

Make Folder on your Desktop name it RRepeal. Move the rar file there and extract.

Enter folder double click RootRepeal.exe.
Click the Report tab, then click Scan

It will ask what to include in the scan.

Check the following
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Then click OK

It will ask which drive to scan.

Check C: (or your windows drive, if not C)
Click OK
The scan will begin will take a while.

When scan completes, click Save Report .

Name the log RRepeal.txt save it to your Documents folder (it should default there).

Attach log here.

Then

Download Trojan Remover http://www.simplysup3.com/download/dl/trjsetup675.exe
This is a fully working 30 day trial.

Run and attach log!

Mike

dahernandez · #49 02-15-2009

Well rootrepeal crashed my computer a few minutes into the scan, the error was different than when sas or the sdfix crashed my computer:
driver_irql_not_less_or_equal

should I move onto the trojan remover?

mflynn · #50 02-15-2009

Yes!

Mike

dahernandez · #51 02-15-2009

Ok heres the log from it, it found something in userinit.exe but couldnt fix it.

mflynn · #52 02-15-2009

AllRight!

Left Drag mouse and Copy for Pasting all text in the box below.
Make sure the slider bar goes to bottom from the @ to the end of the second exit.

Then paste to the black screen of an open command prompt.

Code:

@echo off
cd\
attrib /s userinit.exe >"%USERPROFILE%"\Desktop\userinit.txt
dir /s userinit.exe >>"%USERPROFILE%"\Desktop\userinit.txt
exit
exit

Now post the userinit.txt from the new icon on the desktop back to the thread.

Now if before you did not install Recovery Console when you ran ComboFix do it now.

Mike

dahernandez · #53 02-15-2009

Here it is, my network cable is still not connected nor do I have my network icon back to install the recovery console should I retry post #6 command and try to get my internet back on?

mflynn · #54 02-15-2009

We are going to replace the bad userinit with a good one from backup

Plug up and install the Recovery console.

Then print this post for a guide.

Boot to Recovery console
type
copy C:\WINDOWS\ServicePackFiles\i386\userinit.exe C:\WINDOWS\system32

answer yes to over write existing file

Then
type
copy C:\WINDOWS\ServicePackFiles\i386\userinit.exe C:\WINDOWS\system32\dllcache
answer yes to over write existing file

Then type exit to reboot

Report back when complete.

Mike

dahernandez · #55 02-16-2009

Ok so I can't get my internet back on this time. I've tried the old and updated versions of post #6 and tried a bunch of different times. these are the txt files from post #8.

mflynn · #56 02-16-2009

Ok I am preparing a post to get the Internet back but run Trojan Remover, I need to confirm the usuerinit repair.

Mike

dahernandez · #57 02-16-2009

well i cant install the recovery console without the internet unless theres a manual way of doing it

mflynn · #58 02-16-2009

Shutdown computer/Turn off.

Bring up in Safe Mode networking and try.

Mike

EDIT:

Do this again if you did not include it in the last things you tried/

Try this again also in Safe Mode Networking.

Run SuperAntiSpyware

Then Click Preferences
then click Repairs

Then counting down from top do the following entries

Numbers 6, 8, 11, 12, 13, 15,18, 19, 20, 21, 22, 24, 25, 26 and 27!

Reboot to normal and test.

dahernandez · #59 02-16-2009

didnt work

mflynn · #60 02-16-2009

The EDIT from my last post either?

Mike

EDIT: Copy then paste the below into an open cmd prompt!

Code:

@echo off
netsh winsock reset
netsh int ip reset
exit
exit

Look at the below settings, try a repair
Start-Run
type
NCPA.CPL

And these confirm Computer Browser, DHCP, Server and Work Station are all on.
Start-Run
type
services.msc

Mike

Similar Topics
Topic	Replies	Forum
Help On My Network Connections	27	Windows OS
i need help with my connections network	1	Gaming
XP Network connections	2	Storage and Networking
HELP!network connections problems...	1	Storage and Networking
Problems with network connections in Network folder	1	Windows OS

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

TechSpot

Network connections and sound not working after malwarebytes

Follow TechSpot

Subscribe to our Newsletter