[Quads]

This is what can happen to Windows 7 after the use of OTL or Combofix after or during the process of removal of the leftovers. attached

Quads

[sUBs]

This is what can happen to Windows 7 after the use of OTL or Combofix after or during the process of removal of the leftovers. attached

I like to see this first hand. Which dropper did you use?

[Quads]

I can't remember which dropper I used it was a frw days ago, I was testing one as I had a user appear after the use of OTL on XP the netsvcs key was stuffed, XP is easier to fix

It's this thread that reminded me http://www.bleepingcomputer.com/forums/topic457851.html

Quads

[sUBs]

I can't remember which dropper I used it was a frw days ago, I was testing one as I had a user appear after the use of OTL on XP the netsvcs key was stuffed, XP is easier to fix

It's this thread that reminded me http://www.bleepingcomputer.com/forums/topic457851.html

It's okay if you can't remember which dropper? Can you tell me IF it's the malware which deleted the netsvcs key OR was it the doing of the tools?

[Quads]

It's the malware that damages the netsvcs key a far few of the times but also after that somethings is still not right as the use of Combofix or OTL to clean up causes after the restart the classic mode, audio etc, like the Bleeping Computer thread shows, With XP I had to run the netsvcs fix as the last thing to do.

They have not done so on the Bleeping Computer thread yet, but Win7 is harder than XP with this problem.

Quads

[sUBs]

It's the malware that damages the netsvcs key a far few of the times

If it's malware that's deleting the key, then there's little a tool can do. Legitimate 3rd party programs may also write to such keys. Perhaps inadvisable for automated tools to over-write them default values.

When the machine is left in such a state, the user should seek help from a trained person who would be able to advise them.

[Quads]

The key is not deleted because the symptoms are not there to say that it is deleted, as the Bleeping Computer thread also shows is that it was after running Combofix the problem with screenshot appeared.

netsvcs fixed once already, then

"ummm, ok. After I merged the CFscript to combofix.exe it ran then restarted the computer, but when it restarted the desktop is blank almost like it formatted. But also the task doesnt look like like aero, it looks solid grey and has the old start button. and now after the combofix log finished a handle license agreement popped up for susinternals software. is this normal? "

Quads

[sUBs]

it was after running Combofix the problem with screenshot appeared.

Doubt if it's ComboFix's doing. Do you have an X64 machine? Try exporting your netsvcs and compare it.

[Quads]

That's OK

I am just telling people all over to be aware of what happens after Combofix and OTL.

I am working on a thread at the moment where Combofix won't even run buy just unpacks and that is it.

Quads

[sUBs]

I am just telling people all over to be aware of what happens after Combofix and OTL.

Lol .. I already said it wasn't caused by ComboFix. Answer is there. Just look closer. ;)

I am working on a thread at the moment where Combofix won't even run buy just unpacks and that is it.

Whenever that happens, it's generally advised to double click CF once more. If/When that doesnt work, a reboot typically works.