BleepingComputer.com: Still Infected, need help!

well everything is running that should be?

what AV and Firewall do you have active at the moment?

Try uninstalling them

are you trying to connect wirelessly or wired


check in Device Manager are there any warning triangles

run the following:

click start > run then type/copy/paste the following command in

netsh int ip reset c:\resetlog.txt

A log will be generated on the root c drive could you attach that

There is no AV running currently, the only firewall running is the Windows Firewall.

I'm using the wireless connection primarily, but have tried the wired connection which yields the same result.

No warning triangles in the Device Manager.

Here is the log...


reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB03F5A-7A63-4417-A5B6-49C395578BCF}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB03F5A-7A63-4417-A5B6-49C395578BCF}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB03F5A-7A63-4417-A5B6-49C395578BCF}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB03F5A-7A63-4417-A5B6-49C395578BCF}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB03F5A-7A63-4417-A5B6-49C395578BCF}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB03F5A-7A63-4417-A5B6-49C395578BCF}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAB03F5A-7A63-4417-A5B6-49C395578BCF}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
reset Linkage\UpperBind for PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&6C79FC5&0&00E0. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for PCI\VEN_14E4&DEV_170C&SUBSYS_01AF1028&REV_02\4&2FE911E8&0&00F0. bad value was:
REG_MULTI_SZ =
PSched

reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:
REG_MULTI_SZ =
PSched

<completed>

Let's try a manual rebuild of tcpip

I'd like you to uninstall and reinstall TCPIP again, but using the directions from this MS KB How to remove and reinstall TCP/IP on a Windows Server 2003 domain controller This set of directions is a bit different procedure from what you followed earlier. Please be sure to carry out the steps below in the order given: (images and instructions to aid what you've read at the MS link, are provided courtesy of one of our Experts.
1. Locate the file - C:\Windows\inf\Nettcpip.inf, and then open it in Notepad.





2. Locate the [MS_TCPIP.PrimaryInstall] section.

3. Edit the Characteristics = 0xa0 entry and replace 0xa0 with 0×80.





4. Save the file, and then exit Notepad.





5. In Control Panel, double-click Network Connections, right-click Local Area Connection, and then select Properties.





6. On the General tab, click Install, select Protocol, and then click Add.





7. In the Select Network Protocols window, click Have Disk.






8. In the Copy manufacturer’s files from: text box, type c:\windows\inf, and then click OK.






9. Select Internet Protocol (TCP/IP), and then click OK.





Note This step will return you to the Local Area Connection Properties screen, but now the Uninstall button is available.

10. Select Internet Protocol (TCP/IP), click Uninstall, and then click Yes.


11. It is important that you restart the computer to complete the uninstall.



------------


Step #2 - Reinstall of TCP/IP





Edit the file - C:\Windows\inf\Nettcpip.inf. Replace the 0×80 back to 0xA0

Redo sub-steps 4-11 to re-install TCP/IP

Followed the instructions.

Removed both registry entries and reinstalled TCP/IP, didn't seem to make any difference. Still cannot get online. Really not sure what do at this point.

Maybe you have some other ideas?

Thanks

You might try uninstalling SP3 then re-installing it

you may be missing some integral files that I'm not seeing in the logs:

• Click Start, click Run, copy/paste the following into the open run box:
  c:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe then click OK.
  
• When the Windows XP Service Pack 3 Removal Wizard starts, click Next.
  
• Follow the instructions on the screen to remove Windows XP SP3.

Then go to MS to download and reinstall the service pack:

Download the latest Windows XP service pack from the Microsoft Download Center
You can download the stand-alone update package from the Download Center.
This page will say that this installation package is intended for IT professionals and developers. However, you can safely download this file.

http://www.microsoft.com/downloads/details...08-1E1555D4F3D4

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.