Jump to content

1972vet

Experts
  • Content Count

    1,341
  • Joined

  • Last visited

Posts posted by 1972vet


  1. Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.


  2. Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.


  3. This issue appears resolved and the thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.


  4. Delete the .reg file we created and placed on the Desktop labeled deletereg.reg.

    You can reinstall Spybot Search and Destroy. You can keep the Process Explorer by Systernals, and Killbox if you like. If you choose to use them in the future, I advise that you thoroughly read the help files for each. If you should decide you don't need or want them you can safely delete the executable file (icon on the desktop) and the related folder for the Process Explorer...no uninstallation is required for either one.

    Now that your system is clean and running the way you expect, let's create a new restore point you can refer to should the need arise at some point in the future.

    Please click "Start->Programs->Accessories->System Tools->System Restore". In the new window, check the 'Create a restore point' in the right pane and click "Next". In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20090101_Clean) Click "Create" and reboot your computer.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Kerio Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Become familiar with the MalwareBytes anti-malware application. Use it often especially if you begin to notice the system performance behavior is not what it should be. Learn more about the program Here where you can also request assistance if you have some concerns about the programs findings.

    ***Note***

    The licensed version provides real time protection and other automatic features otherwise not available.

    Comodo's BOClean utility is another very good "Free" malware cleaner that runs in the background to help prevent malware intrusions.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...third download link at the bottom of that page)..

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!


  5. Excellent! ...by the way, the message:

    "Pendingfilerenameoperations registry data has been removed by external process"
    ...isn't usual but isn't critical either. It would simply mean that you should reboot manually rather than waiting for the killbox to reboot the system automatically.

    The log finally looks clean. How's it running for you now?


  6. Please print out these instructions or save them as a text file to your Desktop, as we will need to shutdown every open window later in the fix and you will not be able to read from this web site.

    Please download the following software:

    Save these to your desktop. DO NOTHING ELSE WITH THEM YET...

    Reboot the computer into Safe mode.

    • Double-click on procexp.exe (the Process Explorer that we downloaded earlier.)
    • Look in the left pane (Process listing) and locate winlogon.exe. Double-click on it
      to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
    • Once you see this screen click on each instance of vbouxx.dll found then click on the kill button. If you see any files listed that are the same name but end with .bak or .ini or are the name in reverse, you can kill those as well. (it would look like this: xxuobv.dll)
    • After you have killed all of the instances of the DLL under winlogon click on the OK button.
    • Now double-click on explorer.exe, select the Threads tab, and again click once on each instance of vbouxx.dll. Once they are highlighted click on the Kill button like you did in step 4.
    • Repeat steps 3 and 4 but this time, look for the instances of muwebv.dll
    • When this is done, click on the OK button again.
    • Now run HijackThis again, close all windows, and press the Scan button.
    • Place a check next to each of the following entries:
      O20 - AppInit_DLLs: vbouxx.dll,muwebv.dll
      O20 - Winlogon Notify: hgGabArO - C:\WINDOWS\
    • Once all the entries are checked, (make sure all other windows are closed) press the Fix button and then exit HijackThis.

    Open notepad...click start-->run, then type notepad.exe in the run box and click "OK"...

    Copy the text below in the code box and paste it into the blank notepad. Set File type to "all files" and save it as fixvundoh.reg:

    Copy the data in the code box below into notepad and save it as deletereg.reg

    Set File type to "all files"

    REGEDIT4
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGabArO] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows]"AppInit_DLLs"=-"AppInit_DLLs"=""

    Double-click that file and confirm you want to merge it with the registry.

    Open killbox.exe...First click on Tools-->Delete Temp Files.

    A box will open with a list of all user profiles.

    Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.

    Temporary Internet Files

    Temp Files

    XP Prefetch

    If you want to clean your cookies, history, and list of recent files run you may check those boxes as well...next, click on the Button titled Delete Selected Temp Files.

    Exit by clicking the Button titled Exit(Save Settings).

    Once back into the main killbox program, check the box Delete on Reboot. Now, highlight all the entries below in Bold text and then copy them.

    C:\WINDOWS\system32\hgGabArO.dll

    C:\WINDOWS\system32\vbouxx.dll

    C:\WINDOWS\system32\muwebv.dll

    C:\WINDOWS\system32\vbouxx.bak

    C:\WINDOWS\system32\vbouxx.ini

    C:\WINDOWS\system32\xxuobv.dll

    C:\WINDOWS\system32\muwebv.bak

    C:\WINDOWS\system32\muwebv.ini

    C:\WINDOWS\system32\vbewum.dll

    Then in killbox click File-->Paste from Clipboard...Now, Click the All Files button.

    Next, click the Red X ...and for the confirmation message that will appear, you will need to click Yes.

    A second message will ask to Reboot now? you will need to click Yes to allow the system to reboot.

    Note: Killbox will let you know if a file does not exist.

    If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? Answer "Yes" and allow the system to reboot.

    Reboot the computer and post back a fresh HijackThis log. Advise how the system behaves for you now. Thanks!


  7. Please download "Spybot search and destroy"

    After installation, Go to Start-->Programs-->Spybot - Search & Destroy and when the program opens, click on the mode tab at the top left of the application window and select "advanced". Notice the additional options that now appear in the left pane (column of buttons).

    Next, in the left pane, click on the Tools button (near the bottom). In the right pane, you'll see a listing of options...make sure these are checked:

    Resident

    Browser Pages

    IE tweaks

    Hosts Files

    ...there may be others checked (which is fine by the way), but make sure that at least those mentioned above all have checks in the box next to them.

    In the menu on the left hand side you should see "Resident", click there then in the right pane under "resident protection status" put a check mark in the box next to "resident SD helper (Internet explorer bad download blocker) and Remove the check from the box for Resident Tea Timer" (Protection of over-all system settings) active.

    Look again to the left pane under the Tools section. From the left pane, click the Hosts File button. Now in the right pane, click the green + Add Spybot-S&D hosts list button.

    Next, from the left pane, please click the Spybot-S&D button. From the right side pane, click the button to


  8. This issue appears resolved and the thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.


  9. the network name reverted back to "linksys" and is now unsecure. Unfortunately, whatever it is, it is still disabling my AV.

    Why is it unsecured? Are you not the system administrator?

    On most Linksys routers your username/password combination becomes empty on reset (no username) / with password "admin" (without the quotes). You need to establish a new strong password. I can't do that for you.

    Run hijackthis again and check the box next to this entry:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    ...close all open windows except for hijackthis, then click the Fix Checked button. Reboot the computer to properly record the change to the hard disk.

    Do you have your McAfee installation CD? Most software issues are resolved upon uninstall/reinstall of the software.


  10. Very glad we could help. Warmest regards...

    This issue appears resolved and the thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.


  11. I see a clean log, congratulations! Click start-->run...then copy and paste the Bold text below into the run box and click "OK":

    ComboFix /u

    Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Kerio Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Become familiar with the MalwareBytes anti-malware application. Use it often especially if you begin to notice the system performance behavior is not what it should be. Learn more about the program Here where you can also request assistance if you have some concerns about the programs findings.

    ***Note***

    The licensed version provides real time protection and other automatic features otherwise not available.

    Comodo's BOClean utility is another very good "Free" malware cleaner that runs in the background to help prevent malware intrusions.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...third download link at the bottom of that page)..

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!


  12. my IT guy said I should have Adaware and Spybot installed. Is this true? Should I go ahead and install these two programs?

    Please do not. Spybot is fine and I will give you instructions for it's proper use once we are finished with this cleanup. Adaware however would be a bit of overkill and in my opinion, would not be necessary given the fact that you will have been running your on board antivirus solution, mbam and spybot...those are sufficient.

    Please do this first:

    1. Unplug or turn off your DSL/cable modem.

    2. Locate the router's reset button.

    3. Press, and hold, the Reset button down for 30 seconds.

    4. Wait for your Power, WLAN and Internet light to turn on. (On the router)

    5. Plug in or turn on your modem.(if it is separate from the router)

    6. Open your web browser to see if you have an internet connection. If you still don't have an internet connection you may need to restart your computer.

    Once you establish an internet connection, please open another blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Once again, combofix will run again automatically. Please post back the new log that will be generated along with a fresh HijackThis log. Thanks!

    KillAll::

    Rootkit::

    c:\windows\system32\drivers\wqoxkkm.sys

    Driver::

    wqoxkkm

    Registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]


  13. Do you use netmeeting?

    Please uninstall these:

    ViewPoint View Manager

    Viewpoint Media Player

    FrostWire

    Click start-->Control Panel-->Add/Remove Programs...scroll down the list and locate the program names. Click Remove for each...then reboot when finished uninstalling.

    Please open a blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated along with a fresh HijackThis log. Thanks!

    File::

    c:\winnt\system32\cygz.dll

    c:\winnt\Tasks\AE674AD09110FBE8.job

    c:\docume~1\owner\applic~1\nurbpr~1\Antecampmp3.exe

    Folder::

    c:\documents and settings\Owner\Application Data\FrostWire

    c:\program files\FrostWire

    Registry::

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "c:\Program Files\FrostWire\FrostWire.exe"=-

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66b415f0-7f86-11dd-a417-000cf18d549f}]

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee56afba-77ae-11dd-a412-000cf18d549f}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]


  14. Excellent! Looks like that did it in spite of the fact that I explained myself backwards:

    ..and there should be no space there

    ...and that should read:

    ."..and there should be a space there." The format issue was, I believe, my own text editor removing the space at the line break when "nt" appears on the next line below "windows". My problem, not the forum.

    On to business. Let's see a fresh HijackThis log now and please advise us how the system is behaving for you. Thanks!


  15. This one is stubborn and I'm not so sure it's unrelated to a formatting issue. The only remaining problem is the AppInit_DLLs corrupted entry for rnofma.dll. The .reg file we used should have corrected the issue, however, on further examination, the entry in your log shows a space between "windows" and "nt" here:

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=rnofma.dll

    ...and there should be no space there. The .reg file we used does not contain a space. This mismatch may only be this forum software formatting but we'll see.

    Let's be sure to perform the steps below exactly as detailed:

    Copy the data in the code box below into notepad and save it as deletereg.reg

    Set File type to "all files"

    REGEDIT4
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=-"AppInit_DLLs"=""

    Double-click that file and confirm you want to merge it with the registry.

    Next, please open another blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

    Rootkit::

    c:\windows\system32\rnofma.dll


  16. This issue appears resolved and the thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.


  17. Excellent! You did good work dbntina.

    Click start-->run...then copy and paste the Bold text below into the run box and click "OK":

    ComboFix /u

    Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Kerio Personal Firewall

    Zone Alarm

    Outpost Free

    Comodo

    Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Become familiar with the MalwareBytes anti-malware application. Use it often especially if you begin to notice the system performance behavior is not what it should be. Learn more about the program Here where you can also request assistance if you have some concerns about the programs findings.

    ***Note***

    The licensed version provides real time protection and other automatic features otherwise not available.

    Comodo's BOClean utility is another very good "Free" malware cleaner that runs in the background to help prevent malware intrusions.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...third download link at the bottom of that page)..

    Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!


  18. OK, we'll try this again a different way...

    Please open another blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

    Rootkit::

    c:\windows\system32\drivers\wqoxkkm.sys

    Driver::

    wqoxkkm


  19. You didn't answer my question:

    Did you have some trouble using the .reg file from the previous instruction?

    Please open another blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

    File::

    c:\windows\system32\rnofma.dll


  20. Excellent dirtriderwjc2000...glad you have it sorted out now. For future reference, please note that you really should create a new thread with your issue rather than posting in a thread someone else started. It makes things less complicated for other users who may happen along and find the thread while perusing the forums. Thanks for understanding.

    Step 2 the zip file was not there.

    Ahh...and so it wasn't. Forgive me for failing to check those active links. Since it's not likely to reappear on the web site referenced in that link, I'll have to render a manual fix instead.

    In the future, should you (or anyone else) need to run through those steps again, substitute the .reg fix below for the step 2 from the above instructions:

    Step 2: Register the related BITS key in the Registry

    Copy the text below (in the code box) and save it as FixBits.reg...Set File type to "all files"

    Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]"Type"=dword:00000020"Start"=dword:00000002"ErrorControl"=dword:00000001"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00"DisplayName"="Background Intelligent Transfer Service""DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00"DependOnGroup"=hex(7):00,00"ObjectName"="LocalSystem""Description"="Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.""FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,68,e3,0c,\  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Parameters]"ServiceDll"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,71,00,6d,00,\  67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Security]"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS\Enum]"0"="Root\\LEGACY_BITS\\0000""Count"=dword:00000001"NextInstance"=dword:00000001

    Double-click that file and confirm you want to merge it with the registry.

    Reboot the computer.

    *************************************

    ...from here then, you can carry on with the next step. Again, sorry 'bout that.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.