TechSpot

Internet not working after AVG scan

By MrHippopotamus
Nov 12, 2011
  1. First of all, I'm translating from Dutch so some errors might actually have a slightly different wording. After running an AVG scan (my PC was completely buggered due to my slacking) the internet isn't working anymore, unable to get a network adress. The log from the scan is: http://pastebin.com/fc4fVfzn

    first tried solution:
    ipconfig /flushdns
    ipconfig /renew

    then there was an error saying the rpc-server is not available, the following was tried:
    netsh int ip reset reset.log
    netsh winsock reset catalog
    rebooted
    didn't work

    I then tried the following:
    http://kaliphonia.com/content/windo...rvice-does-not-exist-or-has-been-marked-for-d
    net stop winmgmt
    ren %windir%\System32\Wbem\Repository Repository_old
    net start winmgmt
    rundll32 wbemupgd, UpgradeRepository
    There has been an eroor in wbemupgd, this is missing: upgraderepository

    I don't have the windows XP disc available at the moment. Any help would be much appreciated.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Users, Partitions and Memory size
    Click Go and post the result.

    ===================================================================

    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  3. MrHippopotamus

    MrHippopotamus TS Rookie Topic Starter

    Thank you for your response. I have ran MiniToolBox and FSS, the results are added as attachment.
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please observe forum rules.
    All logs have to be pasted.
     
  5. MrHippopotamus

    MrHippopotamus TS Rookie Topic Starter

    FFS.txt:

    Farbar Service Scanner
    Ran by Wouter (administrator) on 13-11-2011 at 21:18:40
    Microsoft Windows XP Service Pack 3 (X86)
    ********************************************************

    Service Check:
    ==============
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    NetBt Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open NetBt registry key. The service might not exist.
    Checking ImagePath: Attention! Unable to open NetBt registry key. The service might not exist.


    File Check:
    ===========
    C:\WINDOWS\system32\dhcpcsvc.dll
    [2006-04-10 13:00] - [2008-04-14 18:02] - 0126976 ____A (Microsoft Corporation) 146AB038F5DBB366122D28444999AB2C

    C:\WINDOWS\system32\Drivers\netbt.sys
    [2006-04-10 13:00] - [2008-04-13 20:21] - 0162816 ____A () 50712769C97FF23E49DAB936C3CCD9BB


    Connection Status:
    ==================
    Localhost is accessible.
    There is no connection to network.
    Attempt to Google returned error: Google site is unreachable
    Attemp to yahoo returend error: Yahoo site is unreachable

    **** End of log ****
     
  6. MrHippopotamus

    MrHippopotamus TS Rookie Topic Starter

    MiniToolBox by Farbar
    Ran by Wouter (administrator) on 13-11-2011 at 21:27:01
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    Hosts file not detected in the default directory
    ========================= IP Configuration: ================================

    # ----------------------------------
    # IP-configuratie van interface
    # ----------------------------------
    pushd interface ip


    # IP-configuratie van interface voor "{0B6758D8-5558-4224-801B-FB99D2F23258}"

    set address name="{0B6758D8-5558-4224-801B-FB99D2F23258}" source=dhcp
    set dns name="{0B6758D8-5558-4224-801B-FB99D2F23258}" source=dhcp register=PRIMARY
    set wins name="{0B6758D8-5558-4224-801B-FB99D2F23258}" source=dhcp

    # IP-configuratie van interface voor "LAN-verbinding"

    set address name="LAN-verbinding" source=dhcp
    set dns name="LAN-verbinding" source=dhcp register=PRIMARY
    set wins name="LAN-verbinding" source=dhcp


    popd
    # Einde van IP-configuratie van interface




    Windows IP-configuratie



    Host-naam . . . . . . . . . . . .: sindarin

    Primair DNS-achtervoegsel. . . . .:

    Knooppunttype: . . . . . . . . . .: onbekend

    IP-routering ingeschakeld. . . . .: nee

    WINS-proxy ingeschakeld . . . . . : nee



    Ethernet-adapter {0B6758D8-5558-4224-801B-FB99D2F23258}:



    Status van medium . . . . . . . . : medium ontkoppeld

    Beschrijving . . . . . . . . . . .:

    Anchorfree HSS Adapter

    Fysiek adres. . . . . . . . . . . : 00-FF-0B-67-58-D8



    Ethernet-adapter LAN-verbinding:



    Verbindingsspec. DNS-achtervoegsel: lan

    Beschrijving . . . . . . . . . . .:

    VIA Compatable Fast Ethernet Adapter

    Fysiek adres. . . . . . . . . . . : 00-16-17-E4-C3-18

    DHCP ingeshakeld. . . . . . . . . : ja

    Autom. configuratie ingeschakeld. : ja

    IP-adres. . . . . . . . . . . . . : 0.0.0.0

    Subnetmasker. . . . . . . . . . . : 0.0.0.0

    Standaardgateway. . . . . . . . . :

    DHCP-server . . . . . . . . . . . : 192.168.1.254

    DNS-servers . . . . . . . . . . . : 192.168.1.254

    NetBIOS over TCPIP. . . . . . . . : uitgeschakeld

    Server: UnKnown
    Address: 127.0.0.1

    Ping-aanvraag kan host google.com niet vinden. Controleer de naam en probeer het

    opnieuw.

    Server: UnKnown
    Address: 127.0.0.1

    Ping-aanvraag kan host yahoo.com niet vinden. Controleer de naam en probeer het

    opnieuw.



    Pingen naar 127.0.0.1 met 32 byte gegevens:



    Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128

    Antwoord van 127.0.0.1: bytes=32 tijd<1 ms TTL=128



    Ping-statistieken voor 127.0.0.1:

    Pakketten: verzonden = 2, ontvangen = 2, verloren = 0

    (0% verlies).De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:

    Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms

    ===========================================================================
    Interfacelijst
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 ff 0b 67 58 d8 ...... Anchorfree HSS Adapter
    0x10004 ...00 16 17 e4 c3 18 ...... VIA Compatable Fast Ethernet Adapter
    ===========================================================================
    ===========================================================================
    Actieve routes:
    Netwerkadres Netmask Gateway Interface Metric
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    255.255.255.255 255.255.255.255 255.255.255.255 10004 1
    255.255.255.255 255.255.255.255 255.255.255.255 2 1
    ===========================================================================
    Permanente routes:
    Geen
    ========================= Winsock entries =====================================

    Catalog5 01 mswsock.dll [File Not found] ()
    Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
    Catalog5 03 mswsock.dll [File Not found] ()
    Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
    Catalog9 01 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 16 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 17 C:\Windows\system32\mswsock.dll [247296] (Microsoft Corporation)
    Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
    Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (11/13/2011 00:18:36 PM) (Source: WinMgmt) (User: )
    Description: Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\CLR.MOF niet laden tijdens het herstellen van opslagplaatsbestand.

    Error: (11/13/2011 00:18:36 PM) (Source: WinMgmt) (User: )
    Description: Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\MUI\0413\SERVICEMODEL.MFL niet laden tijdens het herstellen van opslagplaatsbestand.

    Error: (11/13/2011 00:18:36 PM) (Source: WinMgmt) (User: )
    Description: Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SERVICEMODEL.MOF niet laden tijdens het herstellen van opslagplaatsbestand.

    Error: (11/13/2011 00:18:35 PM) (Source: WinMgmt) (User: )
    Description: Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF niet laden tijdens het herstellen van opslagplaatsbestand.

    Error: (11/13/2011 00:18:33 PM) (Source: WinMgmt) (User: )
    Description: Kan MOF C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF niet laden tijdens het herstellen van opslagplaatsbestand.

    Error: (11/13/2011 02:20:41 AM) (Source: Application Error) (User: )
    Description: Vastgelopen toepassing: msiexec.exe, versie: 3.1.4001.5512, vastgelopen module: unknown, versie: 0.0.0.0, vastgelopen op: 0x00ee94ac.
    Verwerken van mediaspecifieke gebeurtenis voor [msiexec.exe!ws!]

    Error: (11/13/2011 02:10:19 AM) (Source: Application Error) (User: )
    Description: Vastgelopen toepassing: iexplore.exe, versie: 7.0.6000.17103, vastgelopen module: unknown, versie: 0.0.0.0, vastgelopen op: 0x00f50000.
    Verwerken van mediaspecifieke gebeurtenis voor [iexplore.exe!ws!]

    Error: (11/13/2011 02:08:25 AM) (Source: Application Error) (User: )
    Description: Vastgelopen toepassing: skype.exe, versie: 5.5.0.124, vastgelopen module: mswsock.dll, versie: 5.1.2600.5625, vastgelopen op: 0x0001089a.
    Verwerken van mediaspecifieke gebeurtenis voor [skype.exe!ws!]

    Error: (11/13/2011 02:04:57 AM) (Source: Application Error) (User: )
    Description: Vastgelopen toepassing: skype.exe, versie: 5.5.0.124, vastgelopen module: ntdll.dll, versie: 5.1.2600.6055, vastgelopen op: 0x00010f1e.
    Verwerken van mediaspecifieke gebeurtenis voor [skype.exe!ws!]

    Error: (11/13/2011 02:01:46 AM) (Source: Application Error) (User: )
    Description: Vastgelopen toepassing: skype.exe, versie: 5.5.0.124, vastgelopen module: ntdll.dll, versie: 5.1.2600.6055, vastgelopen op: 0x00010a19.
    Verwerken van mediaspecifieke gebeurtenis voor [skype.exe!ws!]


    System errors:
    =============
    Error: (11/13/2011 09:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At46.job niet starten vanwege de volgende fout:
    %%2147942402

    Error: (11/13/2011 09:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At22.job niet starten vanwege de volgende fout:
    %%2147942402

    Error: (11/13/2011 08:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At45.job niet starten vanwege de volgende fout:
    %%2147942402

    Error: (11/13/2011 08:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At21.job niet starten vanwege de volgende fout:
    %%2147942402

    Error: (11/13/2011 07:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At44.job niet starten vanwege de volgende fout:
    %%2147942402

    Error: (11/13/2011 07:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At20.job niet starten vanwege de volgende fout:
    %%2147942402

    Error: (11/13/2011 06:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At43.job niet starten vanwege de volgende fout:
    %%2147942402

    Error: (11/13/2011 06:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At19.job niet starten vanwege de volgende fout:
    %%2147942402

    Error: (11/13/2011 05:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At42.job niet starten vanwege de volgende fout:
    %%2147942402

    Error: (11/13/2011 05:00:00 PM) (Source: Schedule) (User: )
    Description: Kan de opdracht At18.job niet starten vanwege de volgende fout:
    %%2147942402


    Microsoft Office Sessions:
    =========================

    ========================= Memory info: ===================================

    Percentage of memory in use: 56%
    Total physical RAM: 1022.42 MB
    Available physical RAM: 447.99 MB
    Total Pagefile: 2459.55 MB
    Available Pagefile: 1789.05 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1987.68 MB

    ========================= Partitions: =====================================

    1 Drive c: (Lokaal station) (Fixed) (Total:278.55 GB) (Free:3.51 GB) NTFS
    2 Drive d: (RECOVER) (Fixed) (Total:19.53 GB) (Free:12.59 GB) NTFS
    4 Drive f: () (Removable) (Total:1.86 GB) (Free:0.69 GB) FAT
    6 Drive h: (TheFrozenThrone) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS

    ========================= Users: ========================================

    Gebruikersaccounts voor \\SINDARIN

    Administrator ASPNET Gast
    HelpAssistant SUPPORT_388945a0 Wouter
    De opdracht is voltooid.


    **** End of log ****
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    OK, we have several issues there starting with important registry key missing.

    Do you have another computer running XP so we can copy that missing key from it?
     
  8. MrHippopotamus

    MrHippopotamus TS Rookie Topic Starter

    No, my other pc is running vista.
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Call around.
    You need to find someone with XP computer.
    When found ask that person to export following registry key:
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt
    Ask them to email it to you.
     
  10. MrHippopotamus

    MrHippopotamus TS Rookie Topic Starter

    Someone send me the following:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT]
    "Type"=dword:00000001
    "Start"=dword:00000001
    "ErrorControl"=dword:00000001
    "Tag"=dword:00000006
    "ImagePath"=hex(2):53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
    52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,65,00,74,00,62,00,74,00,2e,\
    00,73,00,79,00,73,00,00,00
    "DisplayName"="NetBios over Tcpip"
    "Group"="PNP_TDI"
    "DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
    "DependOnGroup"=hex(7):00,00
    "Description"="NetBios over Tcpip"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Linkage]
    "OtherDependencies"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00
    "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\
    00,69,00,70,00,5f,00,7b,00,36,00,35,00,38,00,39,00,46,00,45,00,43,00,44,00,\
    2d,00,39,00,36,00,35,00,30,00,2d,00,34,00,32,00,38,00,34,00,2d,00,42,00,42,\
    00,44,00,34,00,2d,00,35,00,46,00,36,00,35,00,41,00,32,00,30,00,37,00,39,00,\
    31,00,32,00,38,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
    00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,30,00,34,00,33,00,44,00,44,00,\
    43,00,33,00,38,00,2d,00,38,00,38,00,33,00,44,00,2d,00,34,00,36,00,42,00,43,\
    00,2d,00,41,00,46,00,39,00,38,00,2d,00,41,00,43,00,44,00,45,00,30,00,38,00,\
    37,00,32,00,34,00,39,00,46,00,30,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
    00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,46,00,34,00,\
    37,00,46,00,39,00,37,00,39,00,34,00,2d,00,44,00,45,00,31,00,45,00,2d,00,34,\
    00,42,00,44,00,41,00,2d,00,42,00,41,00,33,00,32,00,2d,00,36,00,41,00,30,00,\
    39,00,46,00,37,00,33,00,43,00,33,00,41,00,45,00,34,00,7d,00,00,00,5c,00,44,\
    00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,\
    7b,00,32,00,33,00,30,00,44,00,42,00,41,00,43,00,34,00,2d,00,31,00,39,00,41,\
    00,46,00,2d,00,34,00,44,00,44,00,41,00,2d,00,41,00,44,00,34,00,30,00,2d,00,\
    37,00,45,00,36,00,33,00,38,00,37,00,37,00,46,00,36,00,38,00,35,00,32,00,7d,\
    00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,\
    69,00,70,00,5f,00,7b,00,32,00,42,00,34,00,38,00,43,00,34,00,43,00,34,00,2d,\
    00,32,00,41,00,34,00,43,00,2d,00,34,00,30,00,39,00,43,00,2d,00,42,00,43,00,\
    42,00,36,00,2d,00,37,00,32,00,33,00,41,00,44,00,45,00,31,00,33,00,41,00,36,\
    00,41,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
    54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,32,00,45,00,36,00,35,00,39,00,41,\
    00,37,00,36,00,2d,00,36,00,39,00,39,00,31,00,2d,00,34,00,44,00,31,00,41,00,\
    2d,00,41,00,31,00,41,00,37,00,2d,00,46,00,30,00,32,00,33,00,46,00,37,00,46,\
    00,43,00,41,00,45,00,39,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
    63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,30,00,38,00,30,\
    00,35,00,38,00,33,00,34,00,44,00,2d,00,34,00,35,00,46,00,34,00,2d,00,34,00,\
    43,00,36,00,33,00,2d,00,39,00,37,00,42,00,37,00,2d,00,33,00,35,00,34,00,42,\
    00,46,00,33,00,33,00,41,00,42,00,37,00,34,00,38,00,7d,00,00,00,5c,00,44,00,\
    65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
    00,30,00,31,00,41,00,32,00,44,00,33,00,31,00,39,00,2d,00,38,00,45,00,35,00,\
    41,00,2d,00,34,00,33,00,41,00,38,00,2d,00,38,00,42,00,31,00,36,00,2d,00,44,\
    00,32,00,37,00,42,00,42,00,41,00,45,00,31,00,31,00,42,00,30,00,41,00,7d,00,\
    00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,\
    00,70,00,5f,00,7b,00,36,00,45,00,44,00,30,00,32,00,36,00,37,00,35,00,2d,00,\
    35,00,34,00,43,00,46,00,2d,00,34,00,34,00,33,00,36,00,2d,00,42,00,34,00,42,\
    00,35,00,2d,00,39,00,34,00,35,00,46,00,41,00,45,00,44,00,38,00,30,00,30,00,\
    46,00,41,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,\
    00,63,00,70,00,69,00,70,00,5f,00,7b,00,36,00,43,00,46,00,43,00,38,00,44,00,\
    30,00,31,00,2d,00,34,00,37,00,39,00,44,00,2d,00,34,00,38,00,34,00,42,00,2d,\
    00,38,00,35,00,33,00,30,00,2d,00,42,00,44,00,35,00,36,00,42,00,45,00,30,00,\
    30,00,30,00,46,00,30,00,42,00,7d,00,00,00,00,00
    "Route"=hex(7):22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,36,\
    00,35,00,38,00,39,00,46,00,45,00,43,00,44,00,2d,00,39,00,36,00,35,00,30,00,\
    2d,00,34,00,32,00,38,00,34,00,2d,00,42,00,42,00,44,00,34,00,2d,00,35,00,46,\
    00,36,00,35,00,41,00,32,00,30,00,37,00,39,00,31,00,32,00,38,00,7d,00,22,00,\
    00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,30,00,34,\
    00,33,00,44,00,44,00,43,00,33,00,38,00,2d,00,38,00,38,00,33,00,44,00,2d,00,\
    34,00,36,00,42,00,43,00,2d,00,41,00,46,00,39,00,38,00,2d,00,41,00,43,00,44,\
    00,45,00,30,00,38,00,37,00,32,00,34,00,39,00,46,00,30,00,7d,00,22,00,00,00,\
    22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,46,00,34,00,37,\
    00,46,00,39,00,37,00,39,00,34,00,2d,00,44,00,45,00,31,00,45,00,2d,00,34,00,\
    42,00,44,00,41,00,2d,00,42,00,41,00,33,00,32,00,2d,00,36,00,41,00,30,00,39,\
    00,46,00,37,00,33,00,43,00,33,00,41,00,45,00,34,00,7d,00,22,00,00,00,22,00,\
    54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,32,00,33,00,30,00,44,\
    00,42,00,41,00,43,00,34,00,2d,00,31,00,39,00,41,00,46,00,2d,00,34,00,44,00,\
    44,00,41,00,2d,00,41,00,44,00,34,00,30,00,2d,00,37,00,45,00,36,00,33,00,38,\
    00,37,00,37,00,46,00,36,00,38,00,35,00,32,00,7d,00,22,00,00,00,22,00,54,00,\
    63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,32,00,42,00,34,00,38,00,43,\
    00,34,00,43,00,34,00,2d,00,32,00,41,00,34,00,43,00,2d,00,34,00,30,00,39,00,\
    43,00,2d,00,42,00,43,00,42,00,36,00,2d,00,37,00,32,00,33,00,41,00,44,00,45,\
    00,31,00,33,00,41,00,36,00,41,00,33,00,7d,00,22,00,00,00,22,00,54,00,63,00,\
    70,00,69,00,70,00,22,00,20,00,22,00,4e,00,64,00,69,00,73,00,57,00,61,00,6e,\
    00,49,00,70,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,\
    22,00,7b,00,36,00,43,00,46,00,43,00,38,00,44,00,30,00,31,00,2d,00,34,00,37,\
    00,39,00,44,00,2d,00,34,00,38,00,34,00,42,00,2d,00,38,00,35,00,33,00,30,00,\
    2d,00,42,00,44,00,35,00,36,00,42,00,45,00,30,00,30,00,30,00,46,00,30,00,42,\
    00,7d,00,22,00,00,00,00,00
    "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,\
    00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,36,00,35,00,\
    38,00,39,00,46,00,45,00,43,00,44,00,2d,00,39,00,36,00,35,00,30,00,2d,00,34,\
    00,32,00,38,00,34,00,2d,00,42,00,42,00,44,00,34,00,2d,00,35,00,46,00,36,00,\
    35,00,41,00,32,00,30,00,37,00,39,00,31,00,32,00,38,00,7d,00,00,00,5c,00,44,\
    00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,\
    54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,30,00,34,00,33,00,44,00,44,00,43,\
    00,33,00,38,00,2d,00,38,00,38,00,33,00,44,00,2d,00,34,00,36,00,42,00,43,00,\
    2d,00,41,00,46,00,39,00,38,00,2d,00,41,00,43,00,44,00,45,00,30,00,38,00,37,\
    00,32,00,34,00,39,00,46,00,30,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
    63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,\
    00,70,00,5f,00,7b,00,46,00,34,00,37,00,46,00,39,00,37,00,39,00,34,00,2d,00,\
    44,00,45,00,31,00,45,00,2d,00,34,00,42,00,44,00,41,00,2d,00,42,00,41,00,33,\
    00,32,00,2d,00,36,00,41,00,30,00,39,00,46,00,37,00,33,00,43,00,33,00,41,00,\
    45,00,34,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,\
    00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,\
    32,00,33,00,30,00,44,00,42,00,41,00,43,00,34,00,2d,00,31,00,39,00,41,00,46,\
    00,2d,00,34,00,44,00,44,00,41,00,2d,00,41,00,44,00,34,00,30,00,2d,00,37,00,\
    45,00,36,00,33,00,38,00,37,00,37,00,46,00,36,00,38,00,35,00,32,00,7d,00,00,\
    00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,\
    54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,32,00,42,00,34,00,38,\
    00,43,00,34,00,43,00,34,00,2d,00,32,00,41,00,34,00,43,00,2d,00,34,00,30,00,\
    39,00,43,00,2d,00,42,00,43,00,42,00,36,00,2d,00,37,00,32,00,33,00,41,00,44,\
    00,45,00,31,00,33,00,41,00,36,00,41,00,33,00,7d,00,00,00,5c,00,44,00,65,00,\
    76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,\
    00,70,00,69,00,70,00,5f,00,7b,00,32,00,45,00,36,00,35,00,39,00,41,00,37,00,\
    36,00,2d,00,36,00,39,00,39,00,31,00,2d,00,34,00,44,00,31,00,41,00,2d,00,41,\
    00,31,00,41,00,37,00,2d,00,46,00,30,00,32,00,33,00,46,00,37,00,46,00,43,00,\
    41,00,45,00,39,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,\
    00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,\
    5f,00,7b,00,30,00,38,00,30,00,35,00,38,00,33,00,34,00,44,00,2d,00,34,00,35,\
    00,46,00,34,00,2d,00,34,00,43,00,36,00,33,00,2d,00,39,00,37,00,42,00,37,00,\
    2d,00,33,00,35,00,34,00,42,00,46,00,33,00,33,00,41,00,42,00,37,00,34,00,38,\
    00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,\
    74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,30,00,31,\
    00,41,00,32,00,44,00,33,00,31,00,39,00,2d,00,38,00,45,00,35,00,41,00,2d,00,\
    34,00,33,00,41,00,38,00,2d,00,38,00,42,00,31,00,36,00,2d,00,44,00,32,00,37,\
    00,42,00,42,00,41,00,45,00,31,00,31,00,42,00,30,00,41,00,7d,00,00,00,5c,00,\
    44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,\
    00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,36,00,45,00,44,00,30,00,32,00,\
    36,00,37,00,35,00,2d,00,35,00,34,00,43,00,46,00,2d,00,34,00,34,00,33,00,36,\
    00,2d,00,42,00,34,00,42,00,35,00,2d,00,39,00,34,00,35,00,46,00,41,00,45,00,\
    44,00,38,00,30,00,30,00,46,00,41,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
    00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,\
    69,00,70,00,5f,00,7b,00,36,00,43,00,46,00,43,00,38,00,44,00,30,00,31,00,2d,\
    00,34,00,37,00,39,00,44,00,2d,00,34,00,38,00,34,00,42,00,2d,00,38,00,35,00,\
    33,00,30,00,2d,00,42,00,44,00,35,00,36,00,42,00,45,00,30,00,30,00,30,00,46,\
    00,30,00,42,00,7d,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
    "NbProvider"="_tcp"
    "NameServerPort"=dword:00000089
    "CacheTimeout"=dword:000927c0
    "BcastNameQueryCount"=dword:00000003
    "BcastQueryTimeout"=dword:000002ee
    "NameSrvQueryCount"=dword:00000003
    "NameSrvQueryTimeout"=dword:000005dc
    "Size/Small/Medium/Large"=dword:00000001
    "SessionKeepAlive"=dword:0036ee80
    "TransportBindName"="\\Device\\"
    "EnableLMHOSTS"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{01A2D319-8E5A-43A8-8B16-D27BBAE11B0A}]
    "NameServerList"=hex(7):00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{043DDC38-883D-46BC-AF98-ACDE087249F0}]
    "NameServerList"=hex(7):00,00
    "NetbiosOptions"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{0805834D-45F4-4C63-97B7-354BF33AB748}]
    "NameServerList"=hex(7):00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{230DBAC4-19AF-4DDA-AD40-7E63877F6852}]
    "NameServerList"=hex(7):00,00
    "NetbiosOptions"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{2B48C4C4-2A4C-409C-BCB6-723ADE13A6A3}]
    "NameServerList"=hex(7):00,00
    "NetbiosOptions"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{2E659A76-6991-4D1A-A1A7-F023F7FCAE9B}]
    "NameServerList"=hex(7):00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{6589FECD-9650-4284-BBD4-5F65A2079128}]
    "NameServerList"=hex(7):00,00
    "NetbiosOptions"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{6CFC8D01-479D-484B-8530-BD56BE000F0B}]
    "NameServerList"=hex(7):00,00
    "NetbiosOptions"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{6ED02675-54CF-4436-B4B5-945FAED800FA}]
    "NameServerList"=hex(7):00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_{F47F9794-DE1E-4BDA-BA32-6A09F73C3AE4}]
    "NameServerList"=hex(7):00,00
    "NetbiosOptions"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Security]
    "Security"=hex:01,00,14,80,e8,00,00,00,f4,00,00,00,14,00,00,00,30,00,00,00,02,\
    00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
    00,00,02,00,b8,00,08,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
    05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
    23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
    02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\
    00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,14,\
    00,40,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,40,00,00,00,\
    01,01,00,00,00,00,00,05,14,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,\
    00,00,05,20,00,00,00,2c,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
    00,00,00,00,00,05,12,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Enum]
    "0"="Root\\LEGACY_NETBT\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Very well.
    Attached is zipped netbt.reg file.
    Unzip it and double click on netbt.reg.
    Allow registry merge.

    Restart computer and check your internet connection.
     

    Attached Files:

  12. MrHippopotamus

    MrHippopotamus TS Rookie Topic Starter

    The following error occurs when double clicking:

    "can not import C:\.....netbt.reg: the file is no registryscript. You can only import binairy registryfiles from the registry-editor."


    Open regedit and import it there?
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I apologize. My mistake. Wrong file.
    Try again with new file attached.
     

    Attached Files:

  14. MrHippopotamus

    MrHippopotamus TS Rookie Topic Starter

    Followed instructions and internet is working now. Thanks for that already :)
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Perfect!

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  16. MrHippopotamus

    MrHippopotamus TS Rookie Topic Starter

    I will get to this, but I'm currently not close to my own apartment. I will respond sooner or later.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    OK......................
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Still with me?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...