Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No Internet after Zeroaccess Removal [Solved]


  • This topic is locked This topic is locked

#16
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
ComboFix 12-05-28.02 - admin 05/28/2012 14:57:54.3.2 - x86
Running from: c:\users\admin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\tp
c:\windows\system32\tp\movefile.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 19:06 . 2012-05-28 19:06 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-05-28 19:06 . 2012-05-28 19:06 -------- d-----w- c:\users\jeo\AppData\Local\temp
2012-05-28 19:06 . 2012-05-28 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 15:42 . 2012-05-23 01:26 475712 ----a-w- C:\rootkitremover.exe
2012-05-27 15:21 . 2012-05-27 15:21 -------- d-----w- C:\_OTL
2012-05-26 03:39 . 2012-05-26 03:39 -------- d-----w- c:\users\admin\AppData\Local\WindowsForUs
2012-05-26 03:36 . 2010-03-23 08:16 51712 ----a-w- c:\program files\Common Files\System\uninstall.exe
2012-05-26 03:36 . 2012-05-26 03:36 -------- d-----w- c:\program files\WinBubble
2012-05-26 01:16 . 2012-05-25 22:03 650240 ----a-w- C:\MicrosoftFixit50203.msi
2012-05-24 19:24 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1790B437-6F5A-41AB-B9FF-893F1AE20797}\mpengine.dll
2012-05-24 19:23 . 2012-05-27 06:53 -------- d-----w- c:\users\admin\Pavark
2012-05-24 06:45 . 2012-05-24 06:58 -------- d-----w- c:\users\admin\AppData\Local\Microsoft Games
2012-05-24 01:25 . 2008-01-19 03:43 891448 ----a-w- C:\tcpip.sys
2012-05-23 05:14 . 2012-05-23 05:14 -------- d-----w- c:\users\admin\AppData\Local\Opera
2012-05-23 03:33 . 2012-05-24 06:02 -------- d-----w- c:\users\admin\AppData\Roaming\vlc
2012-05-23 03:31 . 2012-05-23 03:31 -------- d-----w- c:\users\admin\AppData\Roaming\Apple Computer
2012-05-23 03:21 . 2012-05-23 03:21 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2012-05-23 03:00 . 2012-05-23 03:00 -------- d-----w- c:\users\admin\AppData\Roaming\IObit
2012-05-22 18:39 . 2012-05-22 22:03 -------- d-----w- c:\users\jeo\Vista
2012-05-22 04:22 . 2012-05-26 01:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-21 03:34 . 2012-05-28 18:20 -------- d-----w- c:\windows\system32\wbem\repository
2012-05-21 02:36 . 2012-05-21 02:36 -------- d-----w- c:\users\jeo\AppData\Roaming\Malwarebytes
2012-05-21 02:35 . 2012-05-21 02:35 -------- d-----w- c:\programdata\Malwarebytes
2012-05-20 23:21 . 2012-05-20 23:21 -------- d-----w- c:\program files\DLLSuite
2012-05-19 18:34 . 2012-05-19 18:34 -------- d-----w- c:\program files\Dragon Internet
2012-05-19 03:40 . 2012-05-25 19:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-19 03:40 . 2012-05-25 19:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-18 21:50 . 2012-05-18 21:51 -------- d-----w- c:\users\admin\AbiSuite
2012-05-15 19:31 . 2012-05-15 19:31 -------- d-----w- c:\program files\Common Files\FTL Shared
2012-05-15 07:15 . 2012-05-15 07:15 -------- d-----w- c:\users\Bolo2\AppData\Roaming\TOSHIBA
2012-05-15 07:06 . 2012-05-15 07:06 -------- d-----w- c:\users\Bolo2\AppData\Roaming\LocalNet
2012-05-15 06:06 . 2012-04-13 07:36 6734704 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B5D8087-BA63-4A2F-A7CC-0C8FF7404B6E}\mpengine.dll
2012-05-15 03:54 . 2012-05-15 03:54 -------- d-----w- c:\users\jeo\AppData\Roaming\Thunderbird
2012-05-15 03:54 . 2012-05-15 03:54 -------- d-----w- c:\program files\Qualcomm
2012-05-15 03:54 . 2012-05-15 03:54 -------- d-----w- c:\program files\Netscape
2012-05-14 04:52 . 2012-05-14 04:52 -------- d-----w- c:\programdata\IObit
2012-05-14 04:51 . 2012-05-15 17:31 -------- d-----w- c:\users\jeo\AppData\Roaming\IObit
2012-05-14 04:51 . 2012-05-14 04:51 -------- d-----w- c:\program files\IObit
2012-05-14 02:46 . 2012-05-14 02:46 -------- d-----w- c:\users\jeo\AppData\Roaming\SmartPCTools
2012-05-13 21:17 . 2012-04-13 07:36 6734704 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-13 21:14 . 2012-05-13 21:17 -------- d-----w- c:\windows\TempFA2B2319-FCE2-5246-1C6F-52F8D52354BF-Signatures
2012-05-13 19:28 . 2012-05-13 19:28 -------- d-----w- c:\programdata\LocalNet
2012-05-13 07:27 . 2012-05-13 07:27 2881 ----a-w- c:\users\jeo\Sharedaccess.reg
2012-05-13 06:45 . 2012-05-13 06:45 -------- d-----w- c:\users\jeo\AppData\Roaming\CheckPoint
2012-05-13 04:38 . 2012-05-13 04:38 -------- d-----w- c:\programdata\CheckPoint
2012-05-13 03:38 . 2012-05-13 03:38 -------- d-----w- c:\users\jeo\AppData\Roaming\DriverCure
2012-05-13 03:38 . 2012-05-13 03:38 -------- d-----w- c:\users\jeo\AppData\Roaming\SpeedyPC Software
2012-05-13 03:38 . 2012-05-17 01:43 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-13 02:22 . 2012-05-17 02:15 -------- d-----w- c:\program files\cfos6link
2012-05-11 00:31 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 00:31 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 00:31 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 00:31 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-11 00:31 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 00:31 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-11 00:30 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 00:30 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 00:30 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 00:30 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 00:30 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 00:30 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 00:30 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-11 00:30 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 06:56 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 06:56 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 06:56 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 06:56 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 06:50 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-05-10 06:45 . 2012-03-30 12:39 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 06:45 . 2012-03-29 13:39 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-10 06:42 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-10 06:41 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 06:41 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-05-10 06:41 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-01 01:50 . 2012-05-01 01:50 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 01:50 . 2011-07-24 03:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 00:44 . 2012-03-21 00:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-12-21 07:24 . 2012-01-15 06:32 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"NDSTray.exe"="NDSTray.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DriveRestore Professional.lnk]
backup=c:\windows\pss\DriveRestore Professional.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-06-15 18:37 47408 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Notes]
2005-04-03 06:16 420352 ----a-w- c:\program files\Power Soft\Free Notes\FreeNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 21:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 21:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-01-16 00:55 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2875643067-1621112102-2647771907-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA32.sys [2007-06-29 86656]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 01:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mWindow Title = Dragon Internet
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Photo Express - c:\program files\Photo Express\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-28 15:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????p?IZ???????????????8 ??`
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-28 15:10:10
ComboFix-quarantined-files.txt 2012-05-28 19:10
.
Pre-Run: 2,820,251,648 bytes free
Post-Run: 2,788,691,968 bytes free
.
- - End Of File - - 3778894DCE52A1B5092530872AD89DD9
  • 0

Advertisements


#17
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#18
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Farbar Service Scanner Version: 17-05-2012
Ran by admin (administrator) on 29-05-2012 at 12:40:11
Running from "D:\Win32\Week2\tues"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
WAN connected
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-11-13 14:47] - [2011-04-21 09:58] - 0273408 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 02:45] - [2012-03-30 08:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#19
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
Read through all parts please before proceding

» Step 1«
  • Download subinacl.msi from the following link, and save it on the desktop.
  • On the desktop, double-click subinacl.msi to install the tool.
  • Select the recommended destination folder (C:\Program Files (x86)\Windows Resource Kits\Tools for x86, C:\Program Files\Windows Resource Kits\Tools for x64). Windows XP, will not offer a choice

    When you've completed that...
  • Save the attached file and unzip to your desktop
  • Double-click the unzipped file gRaSP.exe and let it run. It may take some time.
  • When it finishes it will open a logfile, please copy that in your next reply.
NOTE MBAM and some other security programs may misidentify gRaSP as malware. Select 'ignore' or 'trusted application'

» Step 2«
Uninstall the dialing program your ISP provided

» Step 3«
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

» Step 4«
Reinstall the dialer you previously removed

»Next..«
Please reply with the gRaSP and ComboFix log and let me know if the dialer installed correctly
  • 0

#20
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
GRasP Log:

gRaSP Started 21:33:51.66
gRaSP is restoring x86 registry permissions 21:33:51.66
gRaSP has restored HKLM administrator permissions 21:44:40.62
gRaSP has restored HKLM system permissions 21:53:22.43
gRaSP has restored HKCU administrator permissions 21:53:28.14
gRaSP has restored HKCU system permissions 21:53:32.44
gRaSP has restored HKCR administrator permissions 22:01:15.19
gRaSP has restored HKCR system permissions 22:07:56.96
gRaSP is restoring x86 folder permissions 22:07:57.36
gRaSP has restored folder administrator permissions 22:07:57.36
gRaSP has restored folder system permissions 22:07:57.47
gRaSP Ended 22:07:57.49
  • 0

#21
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
ComboFix Log:

ComboFix 12-05-28.02 - admin 05/30/2012 22:16:12.4.2 - x86
Running from: c:\users\admin\Desktop\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 02:25 . 2012-05-31 02:25 -------- d-----w- c:\users\admin\AppData\Local\temp
2012-05-31 02:25 . 2012-05-31 02:25 -------- d-----w- c:\users\jeo\AppData\Local\temp
2012-05-31 02:25 . 2012-05-31 02:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-31 02:25 . 2012-05-31 02:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 02:25 . 2012-05-31 02:25 -------- d-----w- c:\users\Bolo2\AppData\Local\temp
2012-05-31 02:25 . 2012-05-31 02:25 -------- d-----w- c:\users\Bolo\AppData\Local\temp
2012-05-31 01:28 . 2012-05-31 01:28 -------- d-----w- c:\program files\Windows Resource Kits
2012-05-31 01:27 . 2012-05-31 01:28 -------- d-sh--w- c:\windows\Installer
2012-05-28 19:24 . 2012-05-28 19:24 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-05-28 19:24 . 2012-05-28 19:24 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-05-27 15:42 . 2012-05-23 01:26 475712 ----a-w- C:\rootkitremover.exe
2012-05-27 15:21 . 2012-05-27 15:21 -------- d-----w- C:\_OTL
2012-05-26 03:39 . 2012-05-26 03:39 -------- d-----w- c:\users\admin\AppData\Local\WindowsForUs
2012-05-26 03:36 . 2010-03-23 08:16 51712 ----a-w- c:\program files\Common Files\System\uninstall.exe
2012-05-26 03:36 . 2012-05-26 03:36 -------- d-----w- c:\program files\WinBubble
2012-05-26 01:16 . 2012-05-25 22:03 650240 ----a-w- C:\MicrosoftFixit50203.msi
2012-05-25 21:17 . 2011-03-02 15:44 86528 ----a-w- C:\dnsrslvr.dll
2012-05-25 21:17 . 2011-03-02 15:44 168448 ----a-w- C:\dnsapi.dll
2012-05-24 19:24 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1790B437-6F5A-41AB-B9FF-893F1AE20797}\mpengine.dll
2012-05-24 19:23 . 2012-05-27 06:53 -------- d-----w- c:\users\admin\Pavark
2012-05-24 06:45 . 2012-05-24 06:58 -------- d-----w- c:\users\admin\AppData\Local\Microsoft Games
2012-05-24 01:25 . 2008-01-19 03:43 891448 ----a-w- C:\tcpip.sys
2012-05-23 05:14 . 2012-05-23 05:14 -------- d-----w- c:\users\admin\AppData\Local\Opera
2012-05-23 03:33 . 2012-05-24 06:02 -------- d-----w- c:\users\admin\AppData\Roaming\vlc
2012-05-23 03:31 . 2012-05-23 03:31 -------- d-----w- c:\users\admin\AppData\Roaming\Apple Computer
2012-05-23 03:21 . 2012-05-23 03:21 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2012-05-23 03:00 . 2012-05-23 03:00 -------- d-----w- c:\users\admin\AppData\Roaming\IObit
2012-05-22 18:39 . 2012-05-22 22:03 -------- d-----w- c:\users\jeo\Vista
2012-05-22 04:22 . 2012-05-26 01:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-21 03:34 . 2012-05-29 18:33 -------- d-----w- c:\windows\system32\wbem\repository
2012-05-21 02:36 . 2012-05-21 02:36 -------- d-----w- c:\users\jeo\AppData\Roaming\Malwarebytes
2012-05-21 02:35 . 2012-05-21 02:35 -------- d-----w- c:\programdata\Malwarebytes
2012-05-20 23:21 . 2012-05-20 23:21 -------- d-----w- c:\program files\DLLSuite
2012-05-19 03:40 . 2012-05-25 19:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-19 03:40 . 2012-05-25 19:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-18 21:50 . 2012-05-18 21:51 -------- d-----w- c:\users\admin\AbiSuite
2012-05-15 19:31 . 2012-05-15 19:31 -------- d-----w- c:\program files\Common Files\FTL Shared
2012-05-15 07:15 . 2012-05-15 07:15 -------- d-----w- c:\users\Bolo2\AppData\Roaming\TOSHIBA
2012-05-15 07:06 . 2012-05-15 07:06 -------- d-----w- c:\users\Bolo2\AppData\Roaming\LocalNet
2012-05-15 06:06 . 2012-04-13 07:36 6734704 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0B5D8087-BA63-4A2F-A7CC-0C8FF7404B6E}\mpengine.dll
2012-05-15 03:54 . 2012-05-15 03:54 -------- d-----w- c:\users\jeo\AppData\Roaming\Thunderbird
2012-05-15 03:54 . 2012-05-15 03:54 -------- d-----w- c:\program files\Qualcomm
2012-05-15 03:54 . 2012-05-15 03:54 -------- d-----w- c:\program files\Netscape
2012-05-14 04:52 . 2012-05-14 04:52 -------- d-----w- c:\programdata\IObit
2012-05-14 04:51 . 2012-05-15 17:31 -------- d-----w- c:\users\jeo\AppData\Roaming\IObit
2012-05-14 04:51 . 2012-05-14 04:51 -------- d-----w- c:\program files\IObit
2012-05-14 02:46 . 2012-05-14 02:46 -------- d-----w- c:\users\jeo\AppData\Roaming\SmartPCTools
2012-05-13 21:17 . 2012-04-13 07:36 6734704 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-13 21:14 . 2012-05-13 21:17 -------- d-----w- c:\windows\TempFA2B2319-FCE2-5246-1C6F-52F8D52354BF-Signatures
2012-05-13 19:28 . 2012-05-13 19:28 -------- d-----w- c:\programdata\LocalNet
2012-05-13 07:27 . 2012-05-13 07:27 2881 ----a-w- c:\users\jeo\Sharedaccess.reg
2012-05-13 06:45 . 2012-05-13 06:45 -------- d-----w- c:\users\jeo\AppData\Roaming\CheckPoint
2012-05-13 04:38 . 2012-05-13 04:38 -------- d-----w- c:\programdata\CheckPoint
2012-05-13 03:38 . 2012-05-13 03:38 -------- d-----w- c:\users\jeo\AppData\Roaming\DriverCure
2012-05-13 03:38 . 2012-05-13 03:38 -------- d-----w- c:\users\jeo\AppData\Roaming\SpeedyPC Software
2012-05-13 03:38 . 2012-05-17 01:43 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-13 02:22 . 2012-05-17 02:15 -------- d-----w- c:\program files\cfos6link
2012-05-11 00:31 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 00:31 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 00:31 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 00:31 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-11 00:31 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 00:31 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-11 00:30 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 00:30 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 00:30 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 00:30 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 00:30 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 00:30 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 00:30 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-11 00:30 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 06:56 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 06:56 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 06:56 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 06:56 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 06:50 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-05-10 06:45 . 2012-03-30 12:39 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 06:45 . 2012-03-29 13:39 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-10 06:42 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-10 06:41 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 06:41 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-05-10 06:41 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 01:50 . 2012-05-01 01:50 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-01 01:50 . 2011-07-24 03:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 00:44 . 2012-03-21 00:44 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-12-21 07:24 . 2012-01-15 06:32 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"NDSTray.exe"="NDSTray.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DriveRestore Professional.lnk]
backup=c:\windows\pss\DriveRestore Professional.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-06-15 18:37 47408 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Notes]
2005-04-03 06:16 420352 ----a-w- c:\program files\Power Soft\Free Notes\FreeNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 21:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 21:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-01-16 00:55 296056 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2875643067-1621112102-2647771907-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA32.sys [2007-06-29 86656]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 01:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mWindow Title = Dragon Internet
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-30 22:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????p?IZ???????????????8 ??`
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-05-30 22:27:57
ComboFix-quarantined-files.txt 2012-05-31 02:27
.
Pre-Run: 4,595,605,504 bytes free
Post-Run: 4,575,338,496 bytes free
.
- - End Of File - - 7E30177213D922CE7908B4EF08E3D2EA
  • 0

#22
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I uninstalled the dialing program before running ComboFix. I think I successfully reinstalled the dialing program, but I don't use that anymore because tech support at my isp had me set it up manually. However, I am still not able to be online neither through the dialing program nor through the manual connection.
  • 0

#23
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts

I uninstalled the dialing program before running ComboFix. I think I successfully reinstalled the dialing program, but I don't use that anymore because tech support at my isp had me set it up manually. However, I am still not able to be online neither through the dialing program nor through the manual connection.

:confused: I don't understand. Are you on dialup or via a modem/router?
  • 0

#24
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I am on dial-up, but I used Windows to set up a dial-up connection. That way I can bypass the dialing program altogether. The dial-up connectioon is configured correctly because tech support took me through it, and I have set them up in the past myself.

However, as I have said, I re-installed the dialing program to see what would happen, and it still doesn't work because I can connect to the internet just fine, but no browser nor ping works.
  • 0

#25
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
Why have you installed the dialing connection if you didn't need it :confused:

I can connect to the internet just fine, but no browser nor ping works.

Can you explain a bit please? Can you navigate the Internet OK? Or do you mean the dialer is answered and makes a connection?
  • 0

Advertisements


#26
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I mean that the dialer is answered and it makes a connection. I cannot navigate the internet at all. No browser works. With Chrome I get a dns error. I can ping a numeric ip address, but I cannot ping a url. However, nslookup works. I have no proxies set and I am certain that all my internet connections are set up properly because I went through them ad nauseum with the tech support from my isp. Finally the tech support guy gave up and said that I have a Windows problem.

That's when I began running every antivirus tool I could find. It was ComboFix that told me that it found ZeroAccess and that my TCP/IP stack was infected. Now everything appears clean, but I still have no internet access. Also, I have a problem in that I lost the ability to print - Windows tells me that the print spooling service is shut down. If I start it manually through services.msc, it shuts itself down within seconds. The printing problem happened around the same time that I lost the ability to navigate the internet.

However, I must say that whatever fix that you applied with the last run of ComboFix has caused the computer to run more smoothly. I am no longer hounded to confirm when I want to save something to my own desktop. I really appreciate it.

Edited by winvista, 01 June 2012 - 09:56 AM.

  • 0

#27
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts

I mean that the dialer is answered and it makes a connection. I cannot navigate the internet at all. No browser works. With Chrome I get a dns error. I can ping a numeric ip address, but I cannot ping a url. However, nslookup works. I have no proxies set and I am certain that all my internet connections are set up properly because I went through them ad nauseum with the tech support from my isp. Finally the tech support guy gave up and said that I have a Windows problem.

That's when I began running every antivirus tool I could find. It was ComboFix that told me that it found ZeroAccess and that my TCP/IP stack was infected. Now everything appears clean, but I still have no internet access. Also, I have a problem in that I lost the ability to print - Windows tells me that the print spooling service is shut down. If I start it manually through services.msc, it shuts itself down within seconds. The printing problem happened around the same time that I lost the ability to navigate the internet.

However, I must say that whatever fix that you applied with the last run of ComboFix has caused the computer to run more smoothly. I am no longer hounded to confirm when I want to save something to my own desktop. I really appreciate it.

It wasn't quite clean, there was a ZA service still there (the file had gone though), but that's now sorted. The confirm was fixed when I reset permissions. I'm a bit rusty on dialup connections, haven't used one for a while. Can you go into network connections and confirm you have a dial-up connection.
Right click on it, select properties, Networking, TCP IPv4 and tell me what it says about obtaining an IP address and the DNS settings?
  • 0

#28
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
It is set to obtain IP address and DNS settings automatically.
  • 0

#29
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
When I do an "ipconfig /all" while connected, I can see my connection there is an IPv4 address listed and dns server addresses are listed. The subnet mask is 255.255.255.255 and the default gateway is 0.0.0.0. DHCP is not enabled and Netbios is disabled.

Edited by winvista, 01 June 2012 - 10:04 PM.

  • 0

#30
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
Can you try changing your DNS settings to 8.8.8.8 and 8.8.4.4

Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP