First thing...stop all internet activity, reboot into safe mode, open your network connections, go the tcp/ip properties, and change your DNS addy to the correct one.
Then, after starting up in safe mode, open your “Hosts” (Windows XP C:\WINDOWS\SYSTEM32\DRIVERS\ETC) and comment out every ip appearing address in it. Save it.
Then work on the root kit.
FRemail coming at you...
Got the dial-up working again, at least. I think a virus turned off a bunch of MS services. Once I restarted the AOL-related services (AOL is what I use for dial-up - just a back-up) I was able to log onto AOL with no problems.
Rootkit scans didn't turn up any suspcious items, so that was good.
However, this screenshot below disturbs me. See the two items circled in red? I don't know what those are. Sometimes there are up to nine instances of them running simultaneously.
Any idea if that's spyware? No software I've used can identify them except for Spydetector.
And if I try to delete those processes or stop them, I get an "access denied" message.
Not sure how to get rid of them.
I understand if you're tired of giving input on my sad situation, but thought it was worth another try. I appreciate your posts very much.
and change your DNS addy to the correct one.I forgot to add:
How did you know the DNS addresses had changed?! You were right - they had changed. Maybe hacked? I changed them back (to the proper numbers) and they haven't changed again.
Still get that "a network cable is unplugged" message, no matter what.
On the phone on hold with my ISP right now, to see if the problem is the modem and not actually spyware.
ipconfig just gives me "Ethernet Adapter Local Area Connection: Media state ... media disconnected" (even though nothing is disconnected).