Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing trojan.gen.2, trojan.gen and trojan.zeroaccess.b [S


  • This topic is locked This topic is locked

#46
adiii

adiii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi, i did everything you asked. What's next? I still have those shaded desktop.ini icons.
  • 0

Advertisements


#47
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

The desktop.ini files are related to the customizing folder. If you have any custom icons, the desktop.ini will tell to the Windows how display him. If the desktop.ini is deleted, the customizing will disappear. :thumbsup:

I will give instructions to you about how to hide the desktop.ini when we finish.

Please, run Farbar Service Scanner again and post the log.
  • 0

#48
adiii

adiii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Farbar Service Scanner Version: 22-07-2012
Ran by owner (administrator) on 17-08-2012 at 00:05:11
Running from "C:\Users\owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 22:02] - [2012-03-30 08:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#49
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hold down the Windows key + R on your keyboard. This will display the Run dialogue box:
Type services.msc and press [ENTER]

Search for the Windows Firewall service > Right-click and choose start

Repeat the instructions for the Internet Connection Sharing (ICS) service.

PS: Let me know if you received any error message
  • 0

#50
adiii

adiii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
The windows firewall service was already running. I got the following error msg for ICS "The Internet Connection Sharing (ICS) service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."
  • 0

#51
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

1. Reregister the ipnathlp.dll. To do this, follow these steps:
  • Click in Start > Run and type regsvr32 ipnathlp.dll and then click OK two times.
  • Restart the computer.
2. Manually start ICS (Internet Connection Sharing) service.
  • Click Start, click Run, type services.msc, and then click OK
  • Double-click Internet Connection Sharing.
  • In the Service status area, click Start.
  • If ICS does not start successfully, continue to step 3.
3. Click Start, click Run, type the following command, and then click OK:

Reg add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters /v ServiceDll /t REG_EXPAND_SZ /d %SystemRoot%\System32\ipnathlp.dll

4. Restart the computer
5. Try to start the ICS (Internet Connection Sharing) service again.
  • 0

#52
adiii

adiii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
When i try to run regsvr32 ipnathlp.dll i get the following error message "The module "ipnathlp.dll" was loaded but the entry-point DllRegisterServer was not found. Make sure that "ipnathlp.dll" is a valid DLL or OCX file and then try again"
  • 0

#53
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Ok. Go to Step 3:

3. Click Start, click Run, type the following command, and then click OK:

Reg add HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters /v ServiceDll /t REG_EXPAND_SZ /d %SystemRoot%\System32\ipnathlp.dll

4. Restart the computer
5. Try to start the ICS (Internet Connection Sharing) service again.


  • 0

#54
adiii

adiii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi

I did step 3 and i got the same error message as before when trying to start ICS.
  • 0

#55
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • Type cmd and press [ENTER]
  • Next, type Net Start SharedAccess and tell me the result.

  • 0

Advertisements


#56
adiii

adiii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi i get the following:

System error 5 has occurred.

Access is denied.
  • 0

#57
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please set a new restore point before following these instructions:
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. SharedAccess
  • Select Create

NEXT:

Type regedit into the start box and when regedit.exe populates in the window above > right click it and choose "Run as an Administrator"

Registry Editor will open.

Navigate to : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

Right click on SharedAccess, click "Permissions" then "Administrators (Your_username-PC/Administators)" then tick "Full control" in "Allow" box, click OK:
Posted Image

Go to Start=>Run (alternatively use Windows key+R), type cmd and click OK.

Type Net Start SharedAccess and tell me the result.
  • 0

#58
adiii

adiii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I get the same error message.

System error 5 has occurred.

Access is denied.
  • 0

#59
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Download the Reset Registry Permissions and run the tool.

Click in start.
Posted Image

Restart the computer.

Go to Start=>Run (alternatively use Windows key+R), type cmd and click OK.

Type Net Start SharedAccess and tell me the result
  • 0

#60
adiii

adiii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
i still get the same error.

System error 5 has occurred.

Access is denied.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP