Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win64.ZAccess [Solved]


  • This topic is locked This topic is locked

#16
PoorestFish

PoorestFish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Something odd happened.

Ran ComboFix and it went through with the entire operation and then it restarted my computer. Upon restart, a command screen popped up and said "please wait" and sat there for about an hour before I exited out of it in which case a slew of command prompts began to open and close in a seemingly infinite loop. In which case I was unable to click on anything so I restarted my computer once again. Same problem occurs and I frantically try to reopen ComboFix in between flashing screens. ComboFix opens and loads and the screens progress their infinite loop in which case I desperately restart my computer one more time. Logged in and the looping issue is gone so I checked Chrome and apparently now I can connect to the internet. There is no ComboFix folder to post a log. The ComboFix folder is non-existent though I know it ran through its initial scan before restarting.

Where should I progress from here?
  • 0

Advertisements


#17
PoorestFish

PoorestFish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
I stand corrected. Browsers work, but curiosity got to me and I opened Windows Update as well as AVG and FileHippo and none of these applications seem to be able to connect. Windows update returns with an error and cannot even check for updates. Something about error 8024402C for Windows Update and Filehippo returns with "Error: The remote name could not be resolved: 'update.filehippo.com'" and AVG just continuously looks for an update never actually finding anything though it says it is updating.

Thought these discoveries might be helpful.
  • 0

#18
PoorestFish

PoorestFish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Though not asked, and I apologize in advance if this messes up our progress, I ran ComboFix just a few minutes ago and produced the following log after restarting my computer completely disabling AVG and Spybot from starting up.

Attached Files


  • 0

#19
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi PoorestFish,

Did anything improve after the second run of ComboFix?

Let's get another look at the services:


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the all of the options are checked:

    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#20
PoorestFish

PoorestFish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Browsers are able to connect to the internet, but that has been the only noticeable fix really.

Attached is the FSS log.

Attached Files

  • Attached File  FSS.txt   2.82KB   54 downloads

  • 0

#21
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi PoorestFish,

Let's see if we can fix your updates.

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image

Then,

Please run FSS again.
  • Make sure the all of the options are checked:
    Posted Image
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Do you updates work now?
  • 0

#22
PoorestFish

PoorestFish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Windows Update still cannot check for updates and neither can FileHippo. I assume that whatever is going on, it is related to why AVG and Spybot were also unable to update prior to disabling them from startup.

Attached Files

  • Attached File  FSS.txt   2.45KB   43 downloads

  • 0

#23
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi PoorestFish,

Let's give this a try (thanks to Seven Forums).

1. Download the following batch file.
Reset_Windows_Update_Full.bat

2. Click on Save, and save the .bat file to your Desktop.

3. Right click on the downloaded .bat file, and click on Run as administrator.

4. If prompted by UAC click on Run, then Yes (if administrator) or type in administrator's password (if standard user).

5. You will now see a elevated command prompt open and run. When it's finished, your computer will automatically reboot itself.

Does Windows Update work now?
  • 0

#24
PoorestFish

PoorestFish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
No.

Ran the .bat file and afterwards the computer restarted itself and then restarted itself again before I could even log in then proceeded to say that it is "reverting changes" before allowing me to log in. Symptoms as of thus far, Windows Update and FileHippo as well as Spybot and AVG are unable to update.

Thanks for your help Buddierdl, I have never combatted a virus to this degree before and I appreciate your continued help.
  • 0

#25
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi PoorestFish,

Let's try this.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image


Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands 
    [CREATERESTOREPOINT] 
    
    :Reg 
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local] 
    
    :Files 
    regsvr32 polstore.dll /c 
    
    :Commands 
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

  • 0

Advertisements


#26
PoorestFish

PoorestFish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Upon running OTL I encountered the attached pop-up window during the scan in which I clicked "OK" before the program finished the fix and proceeded to restart.

OTL Error.jpg

Not sure if this is normal, but posted the attachment in case it may be helpful. Updates still not working.

Attached Files


  • 0

#27
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi PoorestFish,

I think we found a corrupt file. Let's look for a replacement.

Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    /md5start
    polstore.*
    /md5stop
  • Select the "None" button at the top of the window.
  • Click the Run Scan button. Post the log it produces in your next reply.

  • 0

#28
PoorestFish

PoorestFish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Attached is the requested log.

OTL logfile created on: 1/10/2013 9:24:23 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert Chau\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 50.29% Memory free
16.00 Gb Paging File | 11.19 Gb Available in Paging File | 69.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 30.23 Gb Free Space | 12.98% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 75.75 Gb Free Space | 32.53% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 80.02 Gb Free Space | 34.36% Space Free | Partition Type: NTFS
Drive G: | 423.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 232.88 Gb Total Space | 86.99 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
Drive J: | 5.58 Gb Total Space | 3.52 Gb Free Space | 63.15% Space Free | Partition Type: FAT32

Computer Name: CHAU-DESKTOP | User Name: Robert Chau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: POLSTORE.DLL >
[2009/07/13 17:16:12 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=0E6DCD164732580CC1E57276252F49CF -- C:\Windows\SysWOW64\polstore.dll
[2009/07/13 17:16:12 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=0E6DCD164732580CC1E57276252F49CF -- C:\Windows\winsxs\wow64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_aa5813cb3a17070e\polstore.dll
[2009/07/13 17:41:53 | 000,372,224 | ---- | M] (Microsoft Corporation) MD5=8DEC9C6DD13C4B3B62CD8D5A0FEF1650 -- C:\Windows\SysNative\polstore.dll
[2009/07/13 17:41:53 | 000,372,224 | ---- | M] (Microsoft Corporation) MD5=8DEC9C6DD13C4B3B62CD8D5A0FEF1650 -- C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_a003697905b64513\polstore.dll
[2009/07/13 17:41:53 | 000,372,224 | ---- | M] (Microsoft Corporation) MD5=8DEC9C6DD13C4B3B62CD8D5A0FEF1650 -- C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.17514_none_a2347d4102a4c8ad\polstore.dll

< MD5 for: POLSTORE.DLL.MUI >
[2009/07/13 18:26:32 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=20F407B2D635507DFF09881128E19ABF -- C:\Windows\SysNative\en-US\polstore.dll.mui
[2009/07/13 18:26:32 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=20F407B2D635507DFF09881128E19ABF -- C:\Windows\winsxs\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1960e99fd05fd73c\polstore.dll.mui
[2009/07/13 18:26:32 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=20F407B2D635507DFF09881128E19ABF -- C:\Windows\winsxs\amd64_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_1b91fd67cd4e5ad6\polstore.dll.mui
[2009/07/13 18:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=FA446FB076895F6D94899ED394954ECB -- C:\Windows\SysWOW64\en-US\polstore.dll.mui
[2009/07/13 18:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=FA446FB076895F6D94899ED394954ECB -- C:\Windows\winsxs\x86_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bd424e1c18026606\polstore.dll.mui
[2009/07/13 18:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=FA446FB076895F6D94899ED394954ECB -- C:\Windows\winsxs\x86_microsoft-windows-n..ients-svc.resources_31bf3856ad364e35_6.1.7601.17514_en-us_bf7361e414f0e9a0\polstore.dll.mui

< MD5 for: POLSTORE.MOF >
[2009/06/10 12:47:07 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\SysNative\wbem\polstore.mof
[2009/06/10 13:28:32 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\SysWOW64\wbem\polstore.mof
[2009/06/10 12:47:07 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_a003697905b64513\polstore.mof
[2009/06/10 12:47:07 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\winsxs\amd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.17514_none_a2347d4102a4c8ad\polstore.mof
[2009/06/10 13:28:32 | 000,001,275 | ---- | M] () MD5=BC6599512389FB92466A70445549451C -- C:\Windows\winsxs\wow64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7600.16385_none_aa5813cb3a17070e\polstore.mof

< End of report >

Attached Files

  • Attached File  OTL.Txt   9.81KB   45 downloads

  • 0

#29
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi PoorestFish,

Let's try this tool.

  • Please download Complete Internet Repair and save it to your desktop.
  • Double-click on the icon and allow the contents to extract to your desktop. This should create a folder called "Complete Internet Repair."
  • Open the folder and double-click on CIntRep.exe
  • You should see the screen below. Please check all of the boxes and press run.
    Posted Image
  • A log will be produced inside the "Logging" folder in the "Complete Internet Repair" folder. Please copy/paste it into your next reply.

Did it fix anything?


  • 0

#30
PoorestFish

PoorestFish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
None of the previous issues were fixed. This error occurred though the scan did complete and restart my computer.

wuauclt.jpg

Also attached is the log.

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP