Cannot connect to internet after running virus scan and even after uninstalling

[jeffce]

Did I need to drag the file then run combo fix...I thought that the act of dragging that file initiated the combofix run.

Just drag and drop the file onto ComboFix and that should run it....do a new download of the file I attached....make sure to save it to your Desktop >> make sure it is named CFScript.txt >> ensure file type is set to All Files. 

[Jroffman]

New log attached after a successful run.  One note is that I am also getting an error saying that my computer has multiple IP addresses (some Dell network analyzer tool that runs after startup).

[jeffce]

Hi,

Thanks for letting me know about the error message.  We still have some work to do though because that ZeroAccess infection has done a number on your system.

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  

Code: [Select]

ClearJavaCache::

NetSvc::
mbr
BsHelpCS
dtsagntsvc
vmodem
FA312
SSHDRV61
midisyn
ezplay
fsaa

Driver::
mbr
BsHelpCS
dtsagntsvc
vmodem
FA312
SSHDRV61
midisyn
ezplay
fsaa


• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

[Jroffman]

Log file attached...

[jeffce]

Hi,

Please download Malwarebytes' Anti-Malware to your desktop.

• Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan as shown below.
  
       
       
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan[/i]

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

----------

In your next reply please attach the logs made by Malwarebytes and ESET.  :)

[Jroffman]

I don't have connectivity to the internet so there is no way to connect to get the latest updates (I am downloading this software via a machine that can conenct and using a protable hard drive to bring it to the machine that cannot).  I just ran the Anti-Malware and it said no malicious items detected.  Do you still want still the log file?

I can't run the ESET online scanner without the ability to connect to the internet...how should I proceed?

[jeffce]

Lets go ahead and run a new scan with Farbars Service Scanner.  I posted for you to run it in the beginning if you had forgotten.  Attach the new log that is made.

[Jroffman]

Farbar Service Scanner Version: 25-05-2012
Ran by Kitchen (administrator) on 14-06-2012 at 11:25:54
Running from "C:\Users\Kitchen\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

[jeffce]

In the run box type the following

diskmgmt.msc

When disc management opens expand it so that all drives are visible
Take a screenshot and post it here

Are you able to burn a CD on another computer ?
-------------

[Jroffman]

Screenshot attached.  I can burn a CD or put anything I need to on a large portable hard drive.

[jeffce]

Ok...that looks fine.

Have you tried uninstalling the Network Adapter driver and then letting Windows reinstall it on reboot?

[Jroffman]

No...could you help me understand how I would do that?

Would it be the Intel Pro Network Connections 12.1.11.0?

[jeffce]

First be sure we are looking at the right thing...

Go to Device Manager >> expand Network Adapters >> let me know what is there. 

[Jroffman]

Broadcom 802.11g Network Adapter...used this when the machine wasn't connected via a network cable

Intel(r) 82562v-2 10/100 network connection

[bob3160]

Should look something like this: