Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Limited Connectivity


  • Please log in to reply
6 replies to this topic

#1 guy1511

guy1511

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 17 September 2012 - 10:05 PM

I have 3 computers that are synced together.

One of them got some malware that did not seem to effect the other 2 and so the malware did not seem to get synced before I get it fixed.

I posted on the malware forum and got help fixing it. Then, In my wisdom, I decided to follow the same steps on the other 2 computers to just "make sure" that they were clean. Well when I ran COMBOFIX it screwed up my wifi connections.


Now I can connect to any router, but I can't get out to the internet. I get the Limited or no conectivity. I know it's not the router as other devises are working fine, like this one I'm typing on.

I have tried 1000 things to no avail and now I'm humbling myself and appealing here for some help.

I have attached 2 files.
One is an ip scan of my current configurations.

second is in the quarantine/registry_backup titled tcpip
My guess is this has something to do with it and it needs to be restored, but I dont know how.

I have 3 files in the qoobox quaranttine registry backup and they are the following:

BHO-{F934A054-E9B1-4BC3-83A3-76A1AE736170}.REG.DAT
HKLM-RUN-POWER PLAN ASSISTANT.REG.DAT
TCPIP

As stated above the tcpip is attached as it's quite long.


Of course Ive tryed rebooting and repairing and trouble shooting to no avail. I tried uninstalling the wifi hardware in devise manager and re-installing to no avail and Ive tried a lot of other things.

Please help me and thank you!

I was going to attach the files but there is no attach box so I'll past them in, and sorry for the length. they will be in next reply

BC AdBot (Login to Remove)

 


#2 guy1511

guy1511
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 17 September 2012 - 10:06 PM

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : JCMAC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : 10-93-E9-00-17-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c4b7:a722:4f17:2c81%21(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.44.129(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 470848489
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-40-35-2C-10-93-E9-00-17-B0

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 10-93-E9-00-17-B1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0BB32C37-9499-4A6F-B1D0-FCF699F47896}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Windows\system32>


And this the reg backup file


c: qoobox quarantine registry_backups

tcpip


REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters]
"ICSDomain"="mshome.net"
"SyncDomainWithMembership"=dword:00000001
"NV Hostname"="JCMAC"
"DataBasePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,64,72,69,76,65,72,73,5c,65,74,63,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="JCMAC"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableWsd"=dword:00000001
"QualifyingDestinationThreshold"=dword:00000003
"DhcpNameServer"="192.168.1.1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{03E87399-1161-4C3B-8132-64EFB7701AD1}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,30,33,45,38,37,33,39,39,2d,31,31,36,31,2d,34,43,\
33,42,2d,38,31,33,32,2d,36,34,45,46,42,37,37,30,31,41,44,31,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{056CC559-A7B0-493F-B8A2-F3A7AF481111}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,30,35,36,43,43,35,35,39,2d,41,37,42,30,2d,34,39,\
33,46,2d,42,38,41,32,2d,46,33,41,37,41,46,34,38,31,31,31,31,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{181A8484-BE1A-4D4F-9A96-9A58E7218F38}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,31,38,31,41,38,34,38,34,2d,42,45,31,41,2d,34,44,\
34,46,2d,39,41,39,36,2d,39,41,35,38,45,37,32,31,38,46,33,38,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{3E3D20D2-2F2C-4938-86AE-58D0CC652470}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,33,45,33,44,32,30,44,32,2d,32,46,32,43,2d,34,39,\
33,38,2d,38,36,41,45,2d,35,38,44,30,43,43,36,35,32,34,37,30,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{96ED2C70-F801-48A5-A8A1-FDFA93553380}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,39,36,45,44,32,43,37,30,2d,46,38,30,31,2d,34,38,\
41,35,2d,41,38,41,31,2d,46,44,46,41,39,33,35,35,33,33,38,30,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Adapters\{D95504B0-0BC8-4E56-8A51-C5953F52253B}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,44,39,35,35,30,34,42,30,2d,30,42,43,38,2d,34,45,\
35,36,2d,38,41,35,31,2d,43,35,39,35,33,46,35,32,32,35,33,42,7d,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{03E87399-1161-4C3B-8132-64EFB7701AD1}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:00000000
"T1"=dword:00000000
"T2"=dword:00000000
"LeaseTerminatesTime"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{056CC559-A7B0-493F-B8A2-F3A7AF481111}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="192.168.1.10"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.1.1"
"Lease"=dword:0000a8c0
"LeaseObtainedTime"=dword:50572add
"T1"=dword:50577f3d
"T2"=dword:5057be85
"LeaseTerminatesTime"=dword:5057d39d
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000001
"DhcpNetworkHint"="071696460277966696025353020756270286F65727"
"DhcpInterfaceOptions"=hex:51,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,9d,\
d3,57,50,03,ff,ff,4a,43,4d,41,43,06,00,00,00,00,00,00,00,04,00,00,00,00,00,\
00,00,9d,d3,57,50,c0,a8,01,01,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\
00,9d,d3,57,50,c0,a8,01,01,1c,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,\
9d,d3,57,50,c0,a8,01,ff,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,9d,\
d3,57,50,ff,ff,ff,00,3b,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,9d,d3,\
57,50,00,00,93,a8,3a,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,9d,d3,57,\
50,00,00,54,60,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,9d,d3,57,50,\
00,00,a8,c0,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,9d,d3,57,50,c0,\
a8,01,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,9d,d3,57,50,05,00,\
00,00
"DhcpGatewayHardware"=hex:c0,a8,01,01,06,00,00,00,7c,61,93,29,f2,dc
"DhcpGatewayHardwareCount"=dword:00000001
"DhcpNameServer"="192.168.1.1"
"DhcpDefaultGateway"=hex(7):31,39,32,2e,31,36,38,2e,31,2e,31,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,32,35,35,2e,32,35,35,2e,30,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{056CC559-A7B0-493F-B8A2-F3A7AF481111}\05243475962756C656373713]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="192.168.10.191"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.10.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:503f988f
"T1"=dword:5040414f
"T2"=dword:5040bfdf
"LeaseTerminatesTime"=dword:5040ea0f
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000001
"DhcpNetworkHint"="05243475962756C656373713"
"DhcpInterfaceOptions"=hex:06,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,0f,\
ea,40,50,42,b4,60,0c,40,ee,60,0c,03,00,00,00,00,00,00,00,04,00,00,00,00,00,\
00,00,0f,ea,40,50,c0,a8,0a,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\
00,0f,ea,40,50,ff,ff,ff,00,3b,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,\
0f,ea,40,50,00,01,27,50,3a,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,0f,\
ea,40,50,00,00,a8,c0,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,0f,ea,\
40,50,00,01,51,80,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,0f,ea,40,\
50,c0,a8,0a,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,0f,ea,40,50,\
05,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,0a,01,06,00,00,00,00,25,84,6d,48,42
"DhcpGatewayHardwareCount"=dword:00000001
"DhcpNameServer"="66.180.96.12 64.238.96.12"
"DhcpDefaultGateway"=hex(7):31,39,32,2e,31,36,38,2e,31,30,2e,31,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,32,35,35,2e,32,35,35,2e,30,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{056CC559-A7B0-493F-B8A2-F3A7AF481111}\36865727368696C6C6]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="192.168.0.8"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.0.1"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:5040c586
"T1"=dword:5040cc8e
"T2"=dword:5040d1d4
"LeaseTerminatesTime"=dword:5040d396
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="36865727368696C6C6"
"DhcpInterfaceOptions"=hex:06,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,96,\
d3,40,50,d1,12,2f,3d,d1,12,2f,3e,36,00,00,00,00,00,00,00,04,00,00,00,00,00,\
00,00,96,d3,40,50,c0,a8,00,01,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\
00,96,d3,40,50,00,00,0e,10,17,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,\
96,d3,40,50,40,00,00,00,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,96,\
d3,40,50,c0,a8,00,01,02,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,96,d3,\
40,50,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,96,d3,40,\
50,ff,ff,ff,00,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,96,d3,40,50,\
05,00,00,00
"DhcpGatewayHardware"=hex:c0,a8,00,01,06,00,00,00,90,6e,bb,cd,91,bf
"DhcpGatewayHardwareCount"=dword:00000001
"DhcpNameServer"="209.18.47.61 209.18.47.62"
"DhcpDefaultGateway"=hex(7):31,39,32,2e,31,36,38,2e,30,2e,31,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,32,35,35,2e,32,35,35,2e,30,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{181A8484-BE1A-4D4F-9A96-9A58E7218F38}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:00000000
"T1"=dword:00000000
"T2"=dword:00000000
"LeaseTerminatesTime"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000001
"DhcpNetworkHint"="071696460277966696025353020756270286F65727"
"DhcpGatewayHardware"=hex:c0,a8,01,01,06,00,00,00,2c,b0,5d,9a,dd,fc
"DhcpGatewayHardwareCount"=dword:00000001

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{181A8484-BE1A-4D4F-9A96-9A58E7218F38}\76F68416374796E67637F56627565677966696]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="10.10.10.191"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="10.10.10.1"
"Lease"=dword:00001c20
"LeaseObtainedTime"=dword:504dde0c
"T1"=dword:504dec1c
"T2"=dword:504df6a8
"LeaseTerminatesTime"=dword:504dfa2c
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000001
"DhcpNetworkHint"="76F68416374796E67637F56627565677966696"
"DhcpInterfaceOptions"=hex:06,00,00,00,00,00,00,00,08,00,00,00,00,00,00,00,2c,\
fa,4d,50,48,1a,9c,9d,48,1a,9c,9e,03,00,00,00,00,00,00,00,04,00,00,00,00,00,\
00,00,2c,fa,4d,50,0a,0a,0a,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,\
00,2c,fa,4d,50,ff,ff,ff,00,33,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,\
2c,fa,4d,50,00,00,1c,20,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,2c,\
fa,4d,50,0a,0a,0a,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,2c,fa,\
4d,50,05,00,00,00
"DhcpGatewayHardware"=hex:0a,0a,0a,01,06,00,00,00,00,0c,42,52,9a,a1
"DhcpGatewayHardwareCount"=dword:00000001
"DhcpNameServer"="72.26.156.157 72.26.156.158"
"DhcpDefaultGateway"=hex(7):31,30,2e,31,30,2e,31,30,2e,31,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,32,35,35,2e,32,35,35,2e,30,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{181A8484-BE1A-4D4F-9A96-9A58E7218F38}\E4544574541425]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="192.168.1.11"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.1.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:504dd2e8
"T1"=dword:504e7ba8
"T2"=dword:504efa38
"LeaseTerminatesTime"=dword:504f2468
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000
"DhcpNetworkHint"="E4544574541425"
"DhcpInterfaceOptions"=hex:06,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,68,\
24,4f,50,c0,a8,01,01,03,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,68,24,\
4f,50,c0,a8,01,01,01,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,68,24,4f,\
50,ff,ff,ff,00,36,00,00,00,00,00,00,00,04,00,00,00,00,00,00,00,68,24,4f,50,\
c0,a8,01,01,35,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,68,24,4f,50,05,\
00,00,00,fc,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,eb,d2,4d,50,33,00,\
00,00,00,00,00,00,04,00,00,00,00,00,00,00,68,24,4f,50,00,01,51,80
"DhcpGatewayHardware"=hex:c0,a8,01,01,06,00,00,00,00,26,f2,bc,34,96
"DhcpGatewayHardwareCount"=dword:00000001
"DhcpNameServer"="192.168.1.1"
"DhcpDefaultGateway"=hex(7):31,39,32,2e,31,36,38,2e,31,2e,31,00,00
"DhcpSubnetMaskOpt"=hex(7):32,35,35,2e,32,35,35,2e,32,35,35,2e,30,00,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{3E3D20D2-2F2C-4938-86AE-58D0CC652470}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:00000000
"T1"=dword:00000000
"T2"=dword:00000000
"LeaseTerminatesTime"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{96ED2C70-F801-48A5-A8A1-FDFA93553380}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:00000000
"T1"=dword:00000000
"T2"=dword:00000000
"LeaseTerminatesTime"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Interfaces\{D95504B0-0BC8-4E56-8A51-C5953F52253B}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:00000000
"T1"=dword:00000000
"T2"=dword:00000000
"LeaseTerminatesTime"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpConnForceBroadcastFlag"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\Winsock]
"HelperDllName"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,\
6d,33,32,5c,77,73,68,74,63,70,69,70,2e,64,6c,6c,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:08,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,02,00,\
00,00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,\
00,00,00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,ff,00,00,00,02,00,00,00,\
03,00,00,00,00,00,00,00
"UseDelayedAcceptance"=dword:00000000

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:08 AM

Posted 17 September 2012 - 11:54 PM

I guess you still have combofix installed on those machines.

Can you restore to a date before you ran combofix?

If you have issues doing a system restore

Go to

C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe

Double click on it and click ok ,this should restore back up registry hives.

Restart the PC and see if you're able to connect now.

#4 guy1511

guy1511
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 18 September 2012 - 07:51 AM

Wow, that did it. Thank you.

For reference I had to right click and run as admin.
I tried running it just by clicking and got all kinds of errors and thought it was not going to work but then tried the admin and worked perfectly.

Thank you much!

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:08 AM

Posted 18 September 2012 - 08:02 AM

Hi,

could you show us the export of ipconfig /all now that it is working so we can compare it?

Thanks!

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 guy1511

guy1511
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 18 September 2012 - 08:49 AM

Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\JC>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : JCMAC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : PdaNet Broadband Adapter
Physical Address. . . . . . . . . : 00-26-37-BD-39-42
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 10-93-E9-00-17-B1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
Physical Address. . . . . . . . . : 10-93-E9-00-17-B0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c1b6:6f04:1823:d0d%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 18, 2012 8:40:44 AM
Lease Expires . . . . . . . . . . : Tuesday, September 18, 2012 8:42:21 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 235967465
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-40-35-2C-10-93-E9-00-17-B0

DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{96ED2C70-F801-48A5-A8A1-FDFA93553380}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3E3D20D2-2F2C-4938-86AE-58D0CC652470}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.arad.ro.eu.nomadix.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:08 AM

Posted 18 September 2012 - 04:59 PM

Hi guy1511,

thanks for those logs! Could you please help us one more time to further identify how the issue was created. All we would need from you, is to upload us the following system hives:
C:\Windows\System32\config\system.BAK
C:\WINDOWS\ERDNT\Hiv-backup\System

As those are rather large files, you won't be able to attach them here. Instead please click here and submit the files through the interface: http://www.bleepingcomputer.com/submit-malware.php?channel=4&lm=1

Thanks again,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users