Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repairing malware damage


  • Please log in to reply
6 replies to this topic

#1 Michael Carter

Michael Carter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quairading, Western Australia
  • Local time:06:15 AM

Posted 20 June 2011 - 11:21 PM

I have on my desk a Dell Dimension 3100, which has been infected by malware. My initial steps and problems are described in this thread:

http://www.bleepingcomputer.com/forums/topic404783.html

I have started a new thread here because I believe the ongoing problems are caused by malware.

First, the task bar and desktop icons are not displayed. Ctrl-alt-del works since I ran the repair install, and I can run programs from task mgr. Some, such as mspaint work just fine, but others, like iexplore do not, although they are listed as running processes. I attach a screenshot of the whole desktop, including the processes listed, below.

Posted Image

Second, the network doesn't work, and the ipconfig cpmmand displays no information.

I have the log from a malwarebytes scan, which I can post somewhere if requested.

I should appreciate any help on fixing this.

Edited by Michael Carter, 21 June 2011 - 05:39 AM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:15 PM

Posted 23 June 2011 - 11:16 PM

Hello.

Please post the MBAM log.

Also, please try running MBAM this way.

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

***************************************************

  • Make sure you are connected to the Internet.
  • Launch Malwarebytes' Anti-Malware
  • Click on the Update tab and click the button Check for Updates
  • If you encounter any problems while downloading the definition updates, manually download them from http://data.mbamupdates.com/tools/mbam-rules.exe'>here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

~Blade


In your next reply, please include the following:
Malwarebytes Log

Edited by Blade Zephon, 23 June 2011 - 11:17 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Michael Carter

Michael Carter
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quairading, Western Australia
  • Local time:06:15 AM

Posted 24 June 2011 - 05:40 AM

Thank you Blade Zephon for your reply.

The infected computer had no network and no explorer, so I had to make a couple of attempts at getting the latest definitions in, using thumb drives and the command prompt. I attach MBAM logs in reverse order.

After running the last scan and restarting, explorer seemed to be back, but there was still "limited connectivity" on the network. I'd appreciate your help in getting that back.

MCart

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6936

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

24/06/2011 6:27:06 PM
mbam-log-2011-06-24 (18-27-06).txt

Scan type: Quick scan
Objects scanned: 220159
Time elapsed: 15 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\4JREMC55\1[1].EXE (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\4JREMC55\1[2].EXE (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

24/06/2011 5:44:19 PM
mbam-log-2011-06-24 (17-44-19).txt

Scan type: Quick scan
Objects scanned: 213913
Time elapsed: 18 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\7EX9HUYK\1[1].EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\7EX9HUYK\1[2].EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\7EX9HUYK\1[3].EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\7EX9HUYK\1[4].EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\7EX9HUYK\1[6].EXE (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6902

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

6/21/2011 10:09:54 PM
mbam-log-2011-06-21 (22-09-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 335613
Time elapsed: 46 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8CCFE231-6643-45D7-8787-3ABA666083C0} (Trojan.Ambler) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Hijack.Taskman.Gen) -> Value: Taskman -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mircosoft Explorer (Backdoor.IRCBot) -> Value: Mircosoft Explorer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1\A0000082.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003947.exe (Worm.Palevo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003949.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003950.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003951.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003955.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003956.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003957.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003958.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003961.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003962.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003963.dll (Trojan.Ambler) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003964.dll (Trojan.Ambler) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003965.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003966.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003970.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003973.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003975.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003985.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003986.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0004002.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0004003.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0004004.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0004005.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

20/06/2011 10:37:55 PM
mbam-log-2011-06-20 (22-37-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 302589
Time elapsed: 52 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 59
Registry Values Infected: 15
Registry Data Items Infected: 1
Folders Infected: 14
Files Infected: 44

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{85E5E8D1-0B63-4588-A5A0-B927A23F5F60} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{69725738-CD68-4F36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4F36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90D9E343-D350-44ba-9329-1AA35B038657} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E8BDFF85-F8C2-4281-8669-31253E646518} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDic.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CntntCntr.CntntDisp.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoAX.ClientDetector (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoAX.ClientDetector.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoAX.UserProfiles (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SeekmoAX.UserProfiles.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmosa (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Palevo) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsotf (Trojan.Agent) -> Value: Microsotf -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{A54654D0-2A7A-F6EF-A4D4-D0FC0BAC11AB} (Trojan.ZbotR.Gen) -> Value: {A54654D0-2A7A-F6EF-A4D4-D0FC0BAC11AB} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.85.0 (Adware.Zango) -> Value: Zango 10.3.85.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790777BC76585333AD97 (Malware.Trace) -> Value: SRS_IT_E8790777BC76585333AD97 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsotf (Trojan.Agent) -> Value: Microsotf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Value: Zango@Zango.com -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\Seekmo@Seekmo.com (Adware.SeekMo) -> Value: Seekmo@Seekmo.com -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\Shane and Susana\Application Data\hgfrhf.exe,C:\Documents and Settings\Shane and Susana\Application Data\qldi.exe,C:\Documents and Settings\Shane and Susana\Application Data\uwfuss.exe,C:\Documents and Settings\Shane and Susana\Application Data\hgmfrl.exe,C:\Documents and Settings\Shane and Susana\Application Data\veef.exe,C:\Documents and Settings\Shane and Susana\Application Data\idyq.exe,C:\Documents and Settings\Shane and Susana\Application Data\uoagxd.exe,C:\Documents and Settings\Shane and Susana\Application Data\pbiik.exe,C:\Documents and Settings\Shane and Susana\Application Data\psmout.exe,C:\Documents and Settings\Shane and Susana\Application Data\nsgdpj.exe,C:\Documents and Settings\Shane and Susana\Application Data\rkxkxw.exe,C:\Documents and Settings\Shane and Susana\Application Data\sbqh.exe,C:\Documents and Settings\Shane and Susana\Application Data\endd.exe,C:\Documents and Settings\Shane and Susana\Application Data\jsvck.exe,C:\Documents and Settings\Shane and Susana\Application Data\uvguw.exe,C:\Documents and Settings\Shane and Susana\Application Data\jzkv.exe,C:\Documents and Settings\Shane and Susana\Application Data\iukdqw.exe,C:\Documents and Settings\Shane and Susana\Application Data\qgfmc.exe,C:\Documents and Settings\Shane and Susana\Application Data\elwb.exe,C:\Documents and Settings\Shane and Susana\Application Data\vdolew.exe,C:\RECYCLER\S-1-5-21-0414214863-6539905155-203319699-6777\yv8g67.exe,C:\RECYCLER\S-1-5-21-9785193246-5635295402-878887558-2478\yv8g67.exe,C:\Documents and Settings\Shane and Susana\Application Data\ufxw.exe,explorer.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\shane and susana\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\shane and susana\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\shane and susana\application data\funwebproducts\Data\shane and susana (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\SeekmoSA (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\4JREMC55\xub88628[1].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\4JREMC55\xub88628[2].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\documents and settings\shane and susana\local settings\temporary internet files\Content.IE5\4JREMC55\xub88628[3].gif (Extension.Mismatch) -> Quarantined and deleted successfully.
c:\program files\msn messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003954.exe (Worm.Palevo) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003972.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003978.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003979.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003982.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003983.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003987.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003988.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003989.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003990.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003991.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003992.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003993.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003994.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003995.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003996.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003997.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003998.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0003999.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0004000.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0004001.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2e9a4275-ffec-4ed0-a824-cc2a8b92379e}\RP29\A0004007.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\SeekmoSA\SeekmoSA.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\SeekmoSA\seekmosaabout.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\SeekmoSA\seekmosaau.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\SeekmoSA\seekmosaeula.mht (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\SeekmoSA\seekmosa_kyf.dat (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\0097707E.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\006C52D5.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Seekmo\reset cursor.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Seekmo\seekmo customer support center.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Seekmo\seekmo uninstall instructions.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\Seekmo\Weather.lnk (Adware.Seekmo) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\twain32\user.ds.lll (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\TDSSfxwp.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.


#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:15 PM

Posted 25 June 2011 - 07:57 PM

  • Go to Start -> Control Panel -> Network and Internet Connections -> Network Connections.
  • Right-click your default connection, usually Local Area Connection or Dial-up Connection (if you are using dial-up), and left-click on the Properties option.
  • Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically".
  • Click OK twice.
    :spacer:
  • Go to Start -> Run...
  • In the Open: field type cmd and click OK or hit Enter.
    • This will open a Command Prompt.
  • At the DOS prompt screen, type in ipconfig /flushdns and then press Enter (notice the space between "ipconfig" and "/flushdns").
  • Type netsh int ip reset c:\resetlog.txt and press Enter.
  • Exit the Command Prompt.
  • Reboot your PC and try to connect.

Please post for me the log that appears after running the commands. It will be located at C:\resetlog.txt

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Michael Carter

Michael Carter
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quairading, Western Australia
  • Local time:06:15 AM

Posted 26 June 2011 - 10:53 PM

Thank you again Blade very much for your help.

Your solution fixed the network, so thank you very much for that. I append the log below. However, the computer is still very much buggered. IE doesn't work. Browsing in Safari is very slow. Trying to remove an expired version of CA seems impossible because everything times out, and the screen keeps freezing.

I managed to install HJT, and had a look at the log. It was overwhelming. Would you be willing to look at it?

This is the IP reset log:

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation
old REG_MULTI_SZ =
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain
SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2810EB22-763D-4D0C-9450-64BBD1758685}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{531D3D38-B38F-4A40-9052-52EFBA55506B}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{BB95751F-31F5-4C67-B335-2C80554B3EDB}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{BB95751F-31F5-4C67-B335-2C80554B3EDB}\NetbiosOptions
reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{CD6209D3-5884-4164-8FDA-3F03149999D2}\NetbiosOptions
old REG_DWORD = 2

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{F94D3BB6-3B49-4FE4-8819-A29BC0C91617}\NameServerList
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{F94D3BB6-3B49-4FE4-8819-A29BC0C91617}\NetbiosOptions
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts
deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableProxy
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{017B31B5-BE38-4157-9BD7-B1CAECC70D8A}\AddressType
added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{017B31B5-BE38-4157-9BD7-B1CAECC70D8A}\DisableDynamicUpdate
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{017B31B5-BE38-4157-9BD7-B1CAECC70D8A}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{017B31B5-BE38-4157-9BD7-B1CAECC70D8A}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{017B31B5-BE38-4157-9BD7-B1CAECC70D8A}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2810EB22-763D-4D0C-9450-64BBD1758685}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{531D3D38-B38F-4A40-9052-52EFBA55506B}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BB95751F-31F5-4C67-B335-2C80554B3EDB}\NameServer
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\DefaultGateway
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\IpAutoconfigurationSeed
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\Mtu
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\TcpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\TcpWindowSize
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD6209D3-5884-4164-8FDA-3F03149999D2}\UdpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF8F673A-29FD-4B39-99CA-AE819BA75BF3}\DefaultGateway
old REG_MULTI_SZ =
<empty>

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF8F673A-29FD-4B39-99CA-AE819BA75BF3}\DisableDynamicUpdate
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF8F673A-29FD-4B39-99CA-AE819BA75BF3}\IpAutoconfigurationAddress
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF8F673A-29FD-4B39-99CA-AE819BA75BF3}\IpAutoconfigurationMask
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF8F673A-29FD-4B39-99CA-AE819BA75BF3}\IpAutoconfigurationSeed
reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF8F673A-29FD-4B39-99CA-AE819BA75BF3}\RawIpAllowedProtocols
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF8F673A-29FD-4B39-99CA-AE819BA75BF3}\TcpAllowedPorts
old REG_MULTI_SZ =
0

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CF8F673A-29FD-4B39-99CA-AE819BA75BF3}\UdpAllowedPorts
old REG_MULTI_SZ =
0

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F94D3BB6-3B49-4FE4-8819-A29BC0C91617}\NameServer
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\GlobalMaxTcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SackOpts
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDupAcks
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize
deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution
<completed>


#6 Michael Carter

Michael Carter
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quairading, Western Australia
  • Local time:06:15 AM

Posted 28 June 2011 - 05:06 AM

OK to close this thread, I have given up, installed a second hard drive, and put a clean install of Windows on that.

Thanks again for all assistance and replies.

MCart

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:06:15 PM

Posted 28 June 2011 - 06:31 AM

Thanks for letting me know.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users