Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Registry Entries


  • This topic is locked This topic is locked
36 replies to this topic

#1 maheshursekar

maheshursekar

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 30 April 2015 - 10:00 AM

Hi !

 

As advised by noknojon, I am creating a new topic about my problem in this forum. Below is the description of the problem and attached are the log files created after running the Farbar Recovery Scan Tool.

 

My computer was infected with the adultube.info virus. Following the last set of instructions in the below link:

 

http://www.bleepingcomputer.com/forums/t/570064/could-someone-help-me-through-the-steps-to-remove-the-adulttubeinfo-virus/

 

I reset my router and rebooted my PC and the virus disappeared.

 

However, before doing any of this, my Malwarebytes anti-virus kept popping the below message:

Malicious website blocked

IP 46.161.41.146

Type Outbound

Process c:\windows\system 32\svchost.exe.

 

When I had searched my registry at that time (i.e. before disinfection), under the below keys, the DhcpNameServer parameter was set to: 46.161.41.146 8.8.8.8 192.168.0.1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}

 

One day after the virus was eliminated, I did a registry search again and found these new entries with the DhcpNameServer parameter set to 46.161.41.146 8.8.8.8 192.168.0.1 (the original ones were unchanged).

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}

 

Does that mean I am still infected with the virus?

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 04 May 2015 - 08:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

ShortcutTarget: Dropbox.lnk -> C:\Users\Mahesh\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1424469396-2127992090-2097338594-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1424469396-2127992090-2097338594-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Tcpip\Parameters: [DhcpNameServer] 46.161.41.146 8.8.8.8 192.168.0.1
FF user.js: detected! => C:\Users\Mahesh\AppData\Roaming\Mozilla\Firefox\Profiles\kqjqv9tv.default-1429950814916\user.js [2015-04-25]
S3 nosGetPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper_3004.dll [X]
S3 catchme; \??\C:\Users\Mahesh\AppData\Local\Temp\catchme.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:A3DD5234
AlternateDataStreams: C:\ProgramData\TEMP:C68DE4A3

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

How is the computer running now?

#3 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 05 May 2015 - 01:13 AM

Hi Nasdaq:

 

Thanks for your help. Have done as suggested.

 

Attached is Fixlog.txt from FRST run.

 

Below is content of Notepad Report from Rogue Killer (I did not find RTreport[1].txt on my desktop):

 

RogueKiller V10.6.2.0 [May  4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mahesh [Administrator]
Started from : C:\Users\Mahesh\Desktop\RogueKiller.exe
Mode : Delete -- Date : 05/05/2015  11:28:40

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9B3E\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Replaced (explorer.exe)
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D} | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D} | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D} | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9B3E\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_9B3E\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 5c442297d6f98e8c200d090fdd75150e
[BSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31555584 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31760384 | Size: 289736 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05052015_112807.log

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 05 May 2015 - 07:37 AM

How is the computer running now?

#5 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 05 May 2015 - 07:49 AM

Post resetting my router, I've not been having any visible virus issues. However, the suspicious Registry entries mentioned earlier have been a cause of concern for me. Do they indicate that the virus has not been removed completely?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 05 May 2015 - 08:14 AM

Resetting you router may have been the way to clean this.

Wait a day or two. If any problems run the RogueKiller tool and post the log for my review.

#7 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 05 May 2015 - 08:17 AM

Ok, will do. Based on the report, I thought Rogue Killer removed the malicious registry entries. But some of them are still present. Do I need to worry?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 05 May 2015 - 01:15 PM

Reset your router.

Restart the computer normally.

Run the RogueKiller and post the log for my review.

#9 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 06 May 2015 - 08:55 AM

Done as advised. Below is the Rogue Killer Report. Searched the Registry - Suspicious IP not found !!

 

RogueKiller V10.6.2.0 [May  4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mahesh [Administrator]
Started from : C:\Users\Mahesh\Desktop\RogueKiller.exe
Mode : Delete -- Date : 05/06/2015  19:19:10

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D} | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D} | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D} | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_F72A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_F72A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 5c442297d6f98e8c200d090fdd75150e
[BSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31555584 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31760384 | Size: 289736 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05052015_112807.log - RKreport_DEL_05052015_112840.log - RKreport_SCN_05062015_191845.log



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 06 May 2015 - 10:23 AM

Let me know in a day or two if all is well.

#11 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 06 May 2015 - 10:25 AM

Ok, will do! Thanks!

#12 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 07 May 2015 - 06:28 AM

The suspicious registry entries are back! The DhcpNameServer parameter is to: 46.161.41.146 8.8.8.8 192.168.0.1 under the following keys:

 

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:52 AM

Posted 07 May 2015 - 08:33 AM

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

===

Restart the computer normally when done.

When done run the FogueKiller tool and let me know if the problem persists.

#14 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 09 May 2015 - 05:06 AM

Hi - Sorry for the delay in getting back.

 

(1) When you told me to reset the router the last time around, I had done it by pressing the Reset button at the bottom on my router. This time (to see if there it made any difference), I used the "Restore Factory Defaults" option on my Router web-page (see attachment Reset Router.jpg). Nothing significant changed except that, this time, a Registry search after reboot did find the suspicious IP address.

 

(2) The status page of my Router shows the suspicious IP as DNS1. I don't know why this value is not reset to the factory default. Even with a hard-reset (last time around), this value was unchanged . See Status.jpg attached.

 

(3) My Router Setup page (see Basic Setup.jpg) has no value for Static DNS 1, so I'm not sure how Status shows the above value for DNS1.

 

(4) Since I am not an expert on setting up the Router manually, I use the Setup CD that came with my Router to set it up. Hope that is ok.

 

(5) Below is the Rogue Killer Report:

 

RogueKiller V10.6.2.0 [May  4 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mahesh [Administrator]
Started from : C:\Users\Mahesh\Desktop\RogueKiller.exe
Mode : Delete -- Date : 05/09/2015  14:59:13

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D} | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D} | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[VT.Bad.Ip|PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D} | DhcpNameServer : 46.161.41.146 8.8.8.8 192.168.0.1 [RU][-][-]  -> Replaced ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_D8A7\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_D8A7\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 5c442297d6f98e8c200d090fdd75150e
[BSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 98304 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31555584 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31760384 | Size: 289736 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05052015_112807.log - RKreport_DEL_05052015_112840.log - RKreport_SCN_05062015_191845.log - RKreport_DEL_05062015_191910.log
RKreport_SCN_05092015_145838.log

 

Attached Files



#15 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 09 May 2015 - 06:25 AM

There is a new version of firmware (v2.0.07) available for my E1200 router (http://www.linksys.com/in/support-article?articleNum=148523). Should I upgrade?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users