dahernandez
Posts: 68 +0
combofix log
Network connections and sound not working after malwarebytes
- Thread starter dahernandez
- Start date
- Status
dahernandez
Posts: 68 +0
ok running cmbofix right now should I retry the code to get internet working after to make sure avira updates or just run avira right after install
EDIT: I ran combofix log uploaded however when I tried installing avira i cant it starts extracting to sum temp folder then it says that it was changed maybe due to a virus and says setup is shutting down ive tried both in normal and safe mode.
EDIT2: I asked for help in the avira forums post here: http://forum.avira.com/wbb/index.php?page=Thread&threadID=83401 and one person has suggested using blacklight but i'm not sure if I should or if it would interfere with anything we're trying to do here.
EDIT: I ran combofix log uploaded however when I tried installing avira i cant it starts extracting to sum temp folder then it says that it was changed maybe due to a virus and says setup is shutting down ive tried both in normal and safe mode.
EDIT2: I asked for help in the avira forums post here: http://forum.avira.com/wbb/index.php?page=Thread&threadID=83401 and one person has suggested using blacklight but i'm not sure if I should or if it would interfere with anything we're trying to do here.
OK do the below!
COMBOFIX-Script
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Then drag this script and drop on top of ComboFix.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
When finished, it will create a log. Attach the log back to us.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Mike
EDIT: No BlackLight the above shoud do it, leave the Avira for now.
COMBOFIX-Script
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Code:
File::
C:\WINDOWS\system32\drivers\ntndis.exe
C:\WINDOWS\system32\drivers\ntndis.sys:
Drivers::
ntndisComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
When finished, it will create a log. Attach the log back to us.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Mike
EDIT: No BlackLight the above shoud do it, leave the Avira for now.
dahernandez
Posts: 68 +0
Ok heres the combofix log should I go retry to install avira?
Yes but also remove AVG first
Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe
Then install Avira free AntiVirus
Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe
Then install Avira free AntiVirus
dahernandez
Posts: 68 +0
Well avg uninstalled fine however avira is still not installing. Heres the error I get:
I haven't reran combofix just yet because I was waiting to install avira first and plug my network cable back in to install recovery console while i was at it.
One of the mods at the avira forums wants me to do this and I figured since I'm so close to getting my computer back I'd run it by you guys first.
I haven't reran combofix just yet because I was waiting to install avira first and plug my network cable back in to install recovery console while i was at it.
One of the mods at the avira forums wants me to do this and I figured since I'm so close to getting my computer back I'd run it by you guys first.
Obviously I already have mbam but they still want me to run blacklight as well as the cd boot uninstall and reinstall
As long as you definitely ran the AVG Removal tool
Actually here's another one:
Download the archive avg8.zip http://support.kaspersky.com/downloads/products2009/avg8.zip
unpack all files from the archive avg8.zip into one folder
run the file KLeaner.exe
wait until the utility finishes its work
restart your PC
rerun installation of Avira Antivirus
Still issues: Run CCleaner
Then install Avira Antivirus
Actually here's another one:
Download the archive avg8.zip http://support.kaspersky.com/downloads/products2009/avg8.zip
unpack all files from the archive avg8.zip into one folder
run the file KLeaner.exe
wait until the utility finishes its work
restart your PC
rerun installation of Avira Antivirus
Still issues: Run CCleaner
Then install Avira Antivirus
dahernandez
Posts: 68 +0
Ok first attatchment is the log created from when I first removed avg, then I ran combofix and that log is next, I then reran the remover tool and it brought up the dos window and then ran about a second worth of commands and closed and nothing happened, I then ran the kleaner and the hourglass would show after I double clicked it then nothing would come up so im assuming avg is completely gone. I tried to install and nothing, I then ran ccleaner and restarted which undid what the CFScript.txt had fixed which was the sound network connection icon and the XP look of the taskbar and windows. I tried again and again to install avira and the same thing happened it would not allow me to install. I then reran combofix and thats the next log1 then I tried avira again and nothing then I ran combofix with the CFScript.txt again and thats the next log2 but this time it did not fix the sound, network icon, or the lack of XP style in taskbar and windows.l I wouldve posted the first log sooner but this computer ran out of juice and had to wait for my wife to get home with the power cable so I just kept trying installing and combofix
I have not seen it before where Avira refuses to install
I understand you have done all of the above
There is also an option in CCleaner to do a Registry scan, I'd suggest for you to do this, and then repair all found issues (backup not required)
Then run CCleaner normally again
Then install Avira
You may need to tell us specifically what happens again
By the way, please check Control Panel -> Users. And confirm your present account is an Administrator account. If not, that will be a big concern.
dahernandez
Posts: 68 +0
Ok heres the new log. after running i tried installing avira again and same result
kimsland I did do all of that including the registry cleaner I didnt rerun ccleaner normally after that though so I will try that now.
EDIT: ran cleaner then registry then ran cleaner again which clean nothing then still couldnt install avira. Tried it once more and still nothing reg and cleaner both found nothing the second time, and still nothing.
kimsland I did do all of that including the registry cleaner I didnt rerun ccleaner normally after that though so I will try that now.
EDIT: ran cleaner then registry then ran cleaner again which clean nothing then still couldnt install avira. Tried it once more and still nothing reg and cleaner both found nothing the second time, and still nothing.
This one is stubborn.
A new HJT log.
Then do the below..
Temp files can cause this so clean up deeply with these
CCleaner http://www.ccleaner.com/download/builds get the SLIM at bottom of screen.
Run CCleaner twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
-------------------------------------------
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html
Temp and Registry, repeatedly until no more found including FF and Opera (but here do not clear Passwords).
-------------------------------------------
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. Run Analyze and clean.
-------------------------------------------
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy running which is the default.
Now try Avira again!
Mike
A new HJT log.
Then do the below..
Temp files can cause this so clean up deeply with these
CCleaner http://www.ccleaner.com/download/builds get the SLIM at bottom of screen.
Run CCleaner twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
-------------------------------------------
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html
Temp and Registry, repeatedly until no more found including FF and Opera (but here do not clear Passwords).
-------------------------------------------
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. Run Analyze and clean.
-------------------------------------------
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy running which is the default.
Now try Avira again!
Mike
dahernandez
Posts: 68 +0
Stubborn is not a strong enough word to describe this! here's the hjt log and I'll post back when I finish the rest of the steps
dahernandez
Posts: 68 +0
I'll uninstall spybot now and Im pretty sure the trend micro is uninstalled I went to remove programs and uninstalled from there it then rebooted and I didnt see it, although my security warning in the right side of the taskbar says trend micro is turned off, Is there another way of removing it?
Here's my little guide on that:
Trend is still not un-installed
*Start->Run-> C:\Program Files\Trend Micro\Internet Security 12\TISSuprt.exe
The Trend Micro Diagnostic Toolkit window will appear. Click on the Uninstall tab
Click on the Un-install button
Click on the Un-install button again when asked if you want to continue with the un-installation
Restart your computer
* Note: If the Trend Micro Diagnostic Toolkit window does not appear
Run: C:\Program Files\Trend Micro\Internet Security 12\PCCTool.exe
Or read here for more info: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1036064&id=EN-1036064
Trend is still not un-installed
*Start->Run-> C:\Program Files\Trend Micro\Internet Security 12\TISSuprt.exe
The Trend Micro Diagnostic Toolkit window will appear. Click on the Uninstall tab
Click on the Un-install button
Click on the Un-install button again when asked if you want to continue with the un-installation
Restart your computer
* Note: If the Trend Micro Diagnostic Toolkit window does not appear
Run: C:\Program Files\Trend Micro\Internet Security 12\PCCTool.exe
Or read here for more info: http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1036064&id=EN-1036064
dahernandez
Posts: 68 +0
Ok first could not find anything that says micro pccillin is still there it doesnt come up in the list of add/remove nothing on my desktop start menu or processes. I went to the program files/trend micro and it had hijackthis and internet security 11 which I assumed was an older version So I deleted that as well as tried the commands you gave me and it said it could not find them.
So I ran all the things you asked me to mike and still avira would not install here is another combofix log.
So I ran all the things you asked me to mike and still avira would not install here is another combofix log.
Nope!
c:\windows\system32\drivers\ntndis.sys. Keeps coming back.
Now there are other bad entries.
You may be getting reinfected.
Time for Drastic measures.
Download RootRepeal http://rootrepeal.googlepages.com/RootRepeal.rar
Make Folder on your Desktop name it RRepeal. Move the rar file there and extract.
Enter folder double click RootRepeal.exe.
Click the Report tab, then click Scan
It will ask what to include in the scan.
Check the following
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Then click OK
It will ask which drive to scan.
Check C: (or your windows drive, if not C)
Click OK
The scan will begin will take a while.
When scan completes, click Save Report .
Name the log RRepeal.txt save it to your Documents folder (it should default there).
Attach log here.
Then
Download Trojan Remover http://www.simplysup3.com/download/dl/trjsetup675.exe
This is a fully working 30 day trial.
Run and attach log!
Mike
c:\windows\system32\drivers\ntndis.sys. Keeps coming back.
Now there are other bad entries.
You may be getting reinfected.
Time for Drastic measures.
Download RootRepeal http://rootrepeal.googlepages.com/RootRepeal.rar
Make Folder on your Desktop name it RRepeal. Move the rar file there and extract.
Enter folder double click RootRepeal.exe.
Click the Report tab, then click Scan
It will ask what to include in the scan.
Check the following
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Then click OK
It will ask which drive to scan.
Check C: (or your windows drive, if not C)
Click OK
The scan will begin will take a while.
When scan completes, click Save Report .
Name the log RRepeal.txt save it to your Documents folder (it should default there).
Attach log here.
Then
Download Trojan Remover http://www.simplysup3.com/download/dl/trjsetup675.exe
This is a fully working 30 day trial.
Run and attach log!
Mike
dahernandez
Posts: 68 +0
Well rootrepeal crashed my computer a few minutes into the scan, the error was different than when sas or the sdfix crashed my computer:
driver_irql_not_less_or_equal
should I move onto the trojan remover?
driver_irql_not_less_or_equal
should I move onto the trojan remover?
- Status
Latest posts
-
New Affordable AMD B650 Motherboard Roundup- Avro Arrow replied
-
Nvidia GeForce RTX 3050 6GB Review: Quiet Release, Dodgy Name- petalsofpain replied
