Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Router and Modem issues in relation to "body4u" and "asnbm" possible ddos attack


  • Please log in to reply
34 replies to this topic

#1 stuffandthings

stuffandthings

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:07 AM

Posted 27 June 2014 - 01:46 PM

Please refer to the following links for an explanation of my problem:

1)   http://www.bleepingcomputer.com/forums/t/537931/need-help-re-body4udiymyricecom-post/


2)   http://www.bleepingcomputer.com/forums/t/538051/regarding-my-body4udiymyricecom-post-post-reformat-logs/


Key Points:

"So, with all of that being said, I come to my current point.  I took steps to try to put all the data on my notebook that I wanted to save into a zip file, and to transfer that file over my home network to my partners computer, because I lack an external drive to do so at the moment, and the money to acquire said external drive.  (The pings are continuously being blocked by peerblock, but keep coming in a steady stream.)  I managed to make a zip file.  The problem happened when I tried to transfer it.  It got about 5% through - and then my internet connection suspiciously stopped working properly on my notebook, while working fine on my partners computer.

I have a modem, and a wireless router, and I noticed that instead of seeing it trying to connect to the router which has a name we have assigned it, it was saying "unidentified network" as the thing it was trying to connect to.

I went in to try to troubleshoot the problem with Windows Network Diagnostics.  It came back at me with an error message that said, "Wireless Network Connection" doesn't have a valid IP configuration."

Later:

"I would have had this up sooner, but the virus seemed to have disabled my ability to access the internet - first on my laptop as I have previously stated, but then it also happened on my partners desktop computer as of this morning.  Same error message.

I had to call my ISP and ask them if it was the modem, because it was doing some really weird stuff with orange lights, etc.  They said that the modem was fine, but after looking into my computer the guy said "Yea, it looks like you have a DDOS malware problem.  This is not good.  You're going to have to delete all of your content on your computer and totally wipe it."

I told him I had recovery disks and he said I needed to make sure to delete everything first, and then do a full reformat."


Later:

"When I did the second reformat, I made sure to shut off my modem and wireless router, and not turn them back on until my computer was done with the recovery, when the box displaying "press continue to let your computer prepare the desktop" or some such thing.  I RESET the modem and the router.  I held down the reset buttons on each one for several seconds.  I clicked them multiple times just to be sure.  I didn't do that the first time and thought maybe it might help to really flush out the virus."


Later:

"I read what you said and I reset my router.

I then realized that I hadn't checked first on how to reconfigure it to the settings that I had before, and I didn't know how to set it up, and nothing was popping up.

I ended up connecting directly to my modem with an ethernet cord.

When I did this, it came up with the same error message as before....but this time it was on my MODEM and not the router.  I think it said "IP configuration not correct" or something like that.  I thought I was screwed again, panicked a little, and after the windows 7 troubleshooting for the network devices didn't work, I decided to shut down the computer to do another reformat.

...I unplugged the modem from the cable cord, and kept it on with the plug, and reset it by holding it down for 10 seconds and then waiting 10 seconds.  I plugged the cable cord back in, and then I reconnected the ethernet cord back to the notebook."


Later:


"I also want to add that tonight I have tried reconfiguring my router in order to have wireless net in my place, instead of just staying directly hooked directly to the modem itself. I did this according to the instructions for the router I have at the following link:
http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=eaa3127db5f4402584c959a7251e754c_4008.xml&pid=96&slnid=3

Something odd happened when I did this.  I made sure to follow the instructions it gave, and it gave me that same error - "unidentified network - no internet access".  Then when I tried to reconnect to my modem directly, I got that "incorrect IP configuration" error.  I decided to restart my computer as I did before (this time without any updates installing themselves, i figured out the setting for that), and when it rebooted, the computer seems to be on the net fine again.

I just thought this might lend more clues as to what sort of malware this is and how to make sure it's removed.  I definitely don't want to use this computer and hardware devices for things like banking and conducting all of my lifes work on the net when I have some kind of malware on my computer.  Regardless if the computer is able to go online or not, I need to make sure that the malware is gone.  I also hope to figure out why the router and modem seem to be acting so odd.  If the malware knows how to "jump" from device to device, I really want to know that also, so that I can make sure I know how to clean each computer and each device."


Current Setup:

 

HP Windows Home Premium 64-bit notebook is connected to the modem directly through ethernet cord.

Cisco Linksys E2000 router does not appear to be working as described in the above links and excerpts, and is currently off and unplugged.

I'm about 4 feet away from the modem and router.

I have cable internet.

 

 

Here is my MiniToolBox log:

 

 

MiniToolBox by Farbar  Version: 25-06-2014
Ran by Celia (administrator) on 27-06-2014 at 14:40:48
Running from "C:\Users\Celia\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)
Realtek RTL8188CE 802.11b/g/n WiFi Adapter = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Celia-HP
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : maine.rr.com

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : maine.rr.com
   Description . . . . . . . . . . . : Realtek RTL8188CE 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : AC-81-12-92-1A-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : maine.rr.com
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 10-1F-74-C1-14-CE
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2604:6000:9fc0:34:d19a:dee3:d344:4cd0(Preferred)
   Lease Obtained. . . . . . . . . . : Wednesday, June 25, 2014 11:08:51 AM
   Lease Expires . . . . . . . . . . : Monday, June 30, 2014 11:06:56 AM
   Link-local IPv6 Address . . . . . : fe80::f574:b008:8c0f:b8f2%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 74.75.153.69(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, June 25, 2014 11:08:50 AM
   Lease Expires . . . . . . . . . . : Saturday, June 28, 2014 3:42:04 AM
   Default Gateway . . . . . . . . . : fe80::226:99ff:fe8a:32d9%11
                                       74.75.153.1
   DHCP Server . . . . . . . . . . . : 142.254.209.1
   DHCPv6 IAID . . . . . . . . . . . : 235937652
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-35-18-64-10-1F-74-C1-14-CE
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.maine.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : maine.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2812:e91:b5b4:66ba(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2812:e91:b5b4:66ba%13(Preferred)
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4006:802::1002
      173.194.43.34
      173.194.43.35
      173.194.43.36
      173.194.43.37
      173.194.43.38
      173.194.43.39
      173.194.43.40
      173.194.43.41
      173.194.43.46
      173.194.43.32
      173.194.43.33


Pinging google.com [2607:f8b0:4006:807::1002] with 32 bytes of data:
Reply from 2607:f8b0:4006:807::1002: time=44ms
Reply from 2607:f8b0:4006:807::1002: time=46ms

Ping statistics for 2607:f8b0:4006:807::1002:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 44ms, Maximum = 46ms, Average = 45ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
General failure.
General failure.

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...ac 81 12 92 1a 35 ......Realtek RTL8188CE 802.11b/g/n WiFi Adapter
 11...10 1f 74 c1 14 ce ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      74.75.153.1     74.75.153.69     20
      74.75.153.0    255.255.255.0         On-link      74.75.153.69    276
     74.75.153.69  255.255.255.255         On-link      74.75.153.69    276
    74.75.153.255  255.255.255.255         On-link      74.75.153.69    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      74.75.153.69    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      74.75.153.69    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 11    276 ::/0                     fe80::226:99ff:fe8a:32d9
  1    306 ::1/128                  On-link
 13     58 2001::/32                On-link
 13    306 2001:0:9d38:6ab8:2812:e91:b5b4:66ba/128
                                    On-link
 11    276 2604:6000:9fc0:34:d19a:dee3:d344:4cd0/128
                                    On-link
 11    276 fe80::/64                On-link
 13    306 fe80::/64                On-link
 13    306 fe80::2812:e91:b5b4:66ba/128
                                    On-link
 11    276 fe80::f574:b008:8c0f:b8f2/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/26/2014 06:47:35 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/25/2014 02:46:47 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/25/2014 02:46:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/25/2014 02:46:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/25/2014 02:46:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/25/2014 02:46:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/25/2014 11:07:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 10:31:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 09:32:27 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 01:55:54 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/25/2014 10:51:26 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/25/2014 10:44:53 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/23/2014 00:46:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2957689).

Error: (06/23/2014 00:42:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (06/23/2014 00:38:19 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004002

Error: (06/23/2014 00:38:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%32

Error: (06/23/2014 00:38:14 PM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error:
%%1053

Error: (06/23/2014 00:38:14 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

Error: (06/23/2014 00:38:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Font Cache Service service terminated with the following error:
%%32

Error: (06/23/2014 11:50:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 2 for x64-based Systems (KB973688).


Microsoft Office Sessions:
=========================
Error: (06/26/2014 06:47:35 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (06/25/2014 02:46:47 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Celia\Desktop\esetsmartinstaller_enu.exe

Error: (06/25/2014 02:46:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Celia\Desktop\esetsmartinstaller_enu.exe

Error: (06/25/2014 02:46:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Celia\Desktop\esetsmartinstaller_enu.exe

Error: (06/25/2014 02:46:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Celia\Desktop\esetsmartinstaller_enu.exe

Error: (06/25/2014 02:46:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Celia\Downloads\esetsmartinstaller_enu.exe

Error: (06/25/2014 11:07:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 10:31:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 09:32:27 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 01:55:54 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



=========================== Installed Programs ============================
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Fuel (Version: 2011.0228.1151.21177 - AMD) Hidden
ATI Catalyst Install Manager (HKLM\...\{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0228.1151.21177 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0228.1151.21177 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0228.1151.21177 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help English (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help French (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help German (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0228.1150.21177 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0228.1151.21177 - ATI) Hidden
ccc-utility64 (Version: 2011.0228.1151.21177 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.3922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{99CEB89F-50EC-4979-BDF6-148645D7EB35}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{F1BB1C5F-E94E-454C-B385-23016566644F}) (Version: 1.2.1 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{294C2687-77C0-4E1D-83DE-97680786602C}) (Version: 2.4.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6319.0 - IDT)
Java Auto Updater (x32 Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0323 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 3834.9 MB
Available physical RAM: 1128.09 MB
Total Pagefile: 7667.98 MB
Available Pagefile: 4086.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:451.65 GB) (Free:416.11 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:13.82 GB) (Free:1.54 GB) NTFS

========================= Users: ========================================

User accounts for \\CELIA-HP

Administrator            Celia                    Guest                   

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

19-06-2014 20:06:21 First_User_Boot
19-06-2014 20:10:58 Windows Update
23-06-2014 15:17:44 Windows Update
23-06-2014 19:19:40 Windows Update
25-06-2014 14:41:18 ComboFix created restore point

**** End of log ****
 

 

Thanks!


If you are part of the 99%, you are automatically a part of the Occupy movement.


BC AdBot (Login to Remove)

 


#2 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:05:07 AM

Posted 11 July 2014 - 05:10 PM

Hello.

 

Before I offer you assistance, I first, want to make sure that you are still in need of assistance since your topic is over a week old.

 

If you reply and state that you are still in need of help I will see what I can do to help you resolve this issue.

 

Bruce.


Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 45 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:


#3 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:07 AM

Posted 11 July 2014 - 05:17 PM

Yes I am, thanks MrBruce. 


If you are part of the 99%, you are automatically a part of the Occupy movement.


#4 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:05:07 AM

Posted 11 July 2014 - 05:46 PM

Okay, I have read several topics and posts made by you. That adds up to a lot of information on one plate (so to speak).

 

You were given a clean bill of health in your malware logs topic.

 

Your current issue is that your computer can not access the Internet through your router is this correct?

 

Bruce.


Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 45 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:


#5 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:07 AM

Posted 11 July 2014 - 10:59 PM

I think so, yes.  For the past couple of weeks, I have stayed directly plugged into my modem with an ethernet cord and kept the router off, because when I was using the router, it was giving me a caution sign and booting me off my net for some reason, at random times, and the only solution was to restart my computer. 

 

However, I have also had this issue with my modem - just not as frequently. 

 

Additionally, I've had a lot of strange occurrences with performance on my notebook since my malware thread was closed - peerblock keeps closing and opening on its own sometimes - especially when I go to start it up, it will open for me, but then close itself.  Sometimes it does this a couple of times in a row before it stays on.  Also, stuff seems to be lagging in some areas and not in others.  My browser has definitely been acting odd sometimes, crashing weirdly, the plugins freezing often, and when I run ccleaner (not the registry cleaner, just the regular cleaner) with the session box unchecked, it still seems to be having trouble with wiping my session.  I know before anything happened, my notebook would do that once in a great while, but now it's done it about 3 times in 1 week.  I cant remember every symptom that's been going on, but I think there's definitely still something wrong. I figure that it might very well be solved by putting the pieces together from other stuff that happened, and what logs about my modem and router might yield. 

 

Hope this helps somehow. 


If you are part of the 99%, you are automatically a part of the Occupy movement.


#6 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:05:07 AM

Posted 12 July 2014 - 01:10 AM

Okay, just out of curiosity, have you checked your computer's HOSTS file and see what text it contains?

 

I may appear a bit slow at helping you resolve this issue, but I have been there, done that before and ended up resolving the problem, so please bear with me and please understand I will stick with you until we correct the problem.

 

Any questions I ask may be to questions you already answered elsewhere, or perhaps even at the opening statement of this topic, but please realize, I have a lot of text I have to put into my mind at one time.

 

Just to share something with you, I had a Netgear WNR2000 router that I allowed someone to use on their cable modem and their computer was infected with all kinds of malware just about every week time and time again, so bad numerous reformats had to be performed. The router did have a firewall and it was set to restrict porn, but the kids still tried to find that porn and download and install freeware that included sweet IM and tons of other browser high-jackers. The logs showed tons of DOS attacks.

 

When I got my router back, I did not use it for a while and put it away. When I went to put it in service, the thing was acting weird, it did not work right, my computer was constantly being disconnected and doing windows network diagnostics could not find the problem.

 

Resetting the router fixed the problem and a firmware update was done, only for things to go back as they were, an exclamation mark over the network icon again and windows network diagnostic could not fix the problem.

 

Linksys routers were listed as hackable in numerous network forum boards but my router was not listed. The solution was to trash the router and I bought another of the same make and model number. All my problems ended.

 

Just figured I'd share that experience with you. End of story is that router was hacked and it's firmware compromised, so it was toast.

 

Your router may be experiencing the same issue and may be permanently compromised.

 

Please check out this thread from our forum board;

 

More Hacked Routers brand

http://www.bleepingcomputer.com/forums/t/526443/more-hacked-routers-brand/

 

Bruce.


Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 45 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:


#7 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:07 AM

Posted 12 July 2014 - 10:13 AM

Yes, I am and will be patient, I understand I have a lot of stuff about my case here that has been written down.  

 

I am not a very advanced computer user, and really only understand computers to a somewhat basic level, although I feel I have a handle on them slightly better than perhaps many mainstream users might have. 

 

I am not familiar with HOST files, so I am not sure what you mean by that, and what I would need to do in order to accomplish doing that. 

 

Thank you for relaying your story with me.  The initial contact with anyone about this issue was with my ISP tech guy, and he took one look at my system from his end (somehow) and said that I had a "DDOS malware" on my computer itself, and basically sounded like all hope was lost, and that I should take my computer to a shop.  Well, I would take any computer I own to a shop if hell froze over first.  At any rate, I came here instead and decided to try to seek alternative help. 

 

The modem is from my ISP, and my router is a linksys.  I am willing to come to terms with the theory that the router is toast, although my partner (who is more tech savvy than I am, but still not quite advanced enough to know exactly how to fix this issue) has said that he thinks the solution would be not only to reset the router and update firmware, but to first let the batteries inside die out first?  Basically to leave it off for a while?  He said if the malware is sitting in the router, the theory to that solution is that it can't survive if the unit itself dies out, and so essentially "forgets" what it was supposed to be doing, killing off the malware.  I don't know if that would be a good solution. 

 

The thing that confuses me is that I'm using an ethernet cord directly plugged into the modem, and I have still been getting trouble happening, albeit not as often with the internet crashing, but it does happen. 

 

I have learned that if I simply unplug the ethernet cord from my notebook and plug it back in, it seems to work.  But of course, I'm worried and really want to figure out if I've solved this completely and how.  However, the other user who helped me on the malware forums told me there is never any way to fully know if you have erased malware from a computer or not.  And I am willing to accept that, I just want to know what limits I am really personally capable of going to in order to extend myself and my brainpower to try my best to know whether or not it's okay.  If it ends up being a situation where I just need to put up with the weird occurrences until I can afford a new computer and new internet equipment, then that might be what I need to settle for. 

 

I got a response to a post I made on another forum, for the addon noscript (when i thought it had something to do with that) and someone had posted that, as a result of my VPN use previously to this problem, it could have been this:  http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Security

 

Based on what that says, it seems like it nullifies any reason for anyone to ever use a VPN unless they are an advanced computer user that knows how to detect and stop that sort of thing if and when it happens. 


Edited by stuffandthings, 12 July 2014 - 10:16 AM.

If you are part of the 99%, you are automatically a part of the Occupy movement.


#8 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:05:07 AM

Posted 12 July 2014 - 12:51 PM

Okay regarding the hosts file, here is how you locate it.

 

1. Click Start,

 

2. Click Run (Windows XP users only)

(Note: Windows Vista, 7 & 8 users, simply type or copy the text below into the search bar.)

 

3. Type %systemroot% \system32\drivers\etc , and then click OK.

Note: If you are using 64 bit version of Windows, type %systemroot% \SysWOW64\drivers\etc

 

(You can copy and paste my text and add to the start menu search bar)

 

You should now see a folder called ect

 

4. Click the ect folder and look for a text file called hosts this file will not have a file extension and none should be added either!

 

5. Now, right click the hosts file and choose open

 

IMPORTANT: PLEASE FOLLOW THESE INSTRUCTIONS CLOSELY!!!

 

WINDOWS 7 users:

 

6. A window will open asking which program you wish to open the hosts file with, look for a box where a check mark would be or is where it says:

 

Always Use The Selected Program To Open This Kind Of FIle

 

Make sure that box is Empty before proceeding!!!

 

Now look for Notepad and choose that program.

 

This will open the hosts file like a text file.

 

Contents will look like this:

 

 

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost

 

 

Please copy and paste all of the contents of that text into your next reply.

 

For now you can close the hosts until I ask you to access it again.

 

I will work on other things with you, however to avoid confusion, let's stick with the hosts file for now.

 

Bruce.


Edited by MrBruce1959, 13 July 2014 - 11:31 AM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 45 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:


#9 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:07 AM

Posted 13 July 2014 - 02:21 AM

I couldn't find any folder called ect.  :- /


If you are part of the 99%, you are automatically a part of the Occupy movement.


#10 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:05:07 AM

Posted 13 July 2014 - 04:00 AM

Save this file Edit Hosts.bat to your desktop and right click on it and select run as administrator. This should open the host file in notepad so it can be edited. When your done select "Save As"in the file menu, at the bottom change the file type to "All Files"(you should see your old host file now) select your old hosts file and click save


Edited by Sneakycyber, 13 July 2014 - 04:05 AM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#11 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:07 AM

Posted 13 July 2014 - 05:23 AM

Err where would I see my "old" host file?  and what would I be copy-pasting?


If you are part of the 99%, you are automatically a part of the Occupy movement.


#12 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:05:07 AM

Posted 13 July 2014 - 06:10 AM

Copy and paste the example host file from post #8. When saving the new host file in note pad you will see the old "HOSTS" filename after choosing the "All files type" (unless it's been deleted). The important part of choosing the "All file" type is so you don't save the new hosts file as a text document, it needs saved without the .txt. If you still have problems let me know I can write a script to do it all for you (just need to boot a Window 7 VM).
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#13 stuffandthings

stuffandthings
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:06:07 AM

Posted 13 July 2014 - 06:19 AM

Ok I saved over the old one.  This is what popped up. 

 

 

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost
 


If you are part of the 99%, you are automatically a part of the Occupy movement.


#14 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,136 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:05:07 AM

Posted 13 July 2014 - 06:27 AM

Perfect I will let Mr. Bruce take back over from here.
Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#15 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:05:07 AM

Posted 20 July 2014 - 12:22 PM

Hello, please forgive my absence from your topic and allowing it to lapse a few days.
 
I have a question for you regarding your resetting your various Internet devices.
 
Did you power off each device and then turn each one back on again with the modem being the first device you powered up, then the router, then finally one of your computers?
 
Next, while the router is powered up, did you try to access the router's setup by opening a browser and in the address bar type 192.168.1.1 then hit the Enter key?
 
If you did, did a box pop up asking for the routers log in information such as a place to provide a password?
 
One important question I have is do you have a CD disk that came with your router?

Bruce.

Edited: Adding link to Linksys E2000 owners manual to this topic for reference:

http://www.gentleentuit.be/sites/default/files/item_documents/Manual_Linksys_E2000.pdf

Edited by MrBruce1959, 20 July 2014 - 12:45 PM.

Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 45 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users