Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

compromised modem/router.


  • Please log in to reply
27 replies to this topic

#1 pflame90

pflame90

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 18 May 2015 - 06:22 AM

Hi All,

 

This is a carry forward of a topic from the forum "Virus, Trojan, Spyware, and Malware Removal Logs". Nasdaq, who was helping me there, suggested I take it forward to this forum. The earlier forum discussion can be found here:

http://www.bleepingcomputer.com/forums/t/574341/2-pc-get-affected-several-processes-showed-exe32-including-antivirus/

 

Brief History:

-----------------

My 2 PC were infected with the some malware, browsers keep pop out those websites that i don't search for it. And thx for my avast antivirus,it blocked all these websites and report these websites as rat. Nasdaq had concluded that my router/modem had been infected, so I am seeking help from u guys.  Here is Minitoolbox the log of it, by the way sorry for my broken english.

 

MiniToolBox by Farbar  Version: 11-05-2015 01

Ran by User040415 (administrator) on 18-05-2015 at 18:54:00
Running from "C:\Users\User040415\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection 2 (Connected)
Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : User040415-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-23-54-A8-C8-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::780f:3aaf:b508:691b%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, 18 May, 2015 6:51:00 PM
   Lease Expires . . . . . . . . . . : Thursday, 21 May, 2015 6:51:00 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 301998932
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-B0-98-CE-00-23-54-A8-C6-B9
   DNS Servers . . . . . . . . . . . : 37.48.127.131
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-23-54-A8-C6-B9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{6EEB41CD-B4E1-434E-A62B-92B4333C2250}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A84B71D4-AC80-4332-9CA2-E1FFB851E7AB}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  37.48.127.131
 
 
Pinging google.com [1.9.57.157] with 32 bytes of data:
Reply from 1.9.57.157: bytes=32 time=42ms TTL=59
Reply from 1.9.57.157: bytes=32 time=44ms TTL=59
 
Ping statistics for 1.9.57.157:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 44ms, Average = 43ms
Server:  UnKnown
Address:  37.48.127.131
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=284ms TTL=52
Reply from 98.138.253.109: bytes=32 time=277ms TTL=52
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 277ms, Maximum = 284ms, Average = 280ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...00 23 54 a8 c8 0c ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
 11...00 23 54 a8 c6 b9 ......Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    276
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 13    276 fe80::/64                On-link
 13    276 fe80::780f:3aaf:b508:691b/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/18/2015 06:38:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/18/2015 06:31:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/18/2015 06:22:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/18/2015 06:20:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: rndlresolversvc.exe, version: 0.0.0.0, time stamp: 0x53ea5e45
Faulting module name: rndlresolversvc.exe, version: 0.0.0.0, time stamp: 0x53ea5e45
Exception code: 0xc0000005
Fault offset: 0x00003063
Faulting process id: 0x514
Faulting application start time: 0xrndlresolversvc.exe0
Faulting application path: rndlresolversvc.exe1
Faulting module path: rndlresolversvc.exe2
Report Id: rndlresolversvc.exe3
 
Error: (05/17/2015 09:07:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/17/2015 09:04:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
 
Error: (05/17/2015 09:04:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
 
Error: (05/17/2015 09:04:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest.
 
Error: (05/17/2015 02:45:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2015 10:08:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/18/2015 06:38:16 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error: 
%%5
 
Error: (05/18/2015 06:38:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error: 
%%5
 
Error: (05/18/2015 06:38:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/18/2015 06:38:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
kavbootc
 
Error: (05/18/2015 06:38:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (05/18/2015 06:38:13 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error: 
%%5
 
Error: (05/18/2015 06:37:56 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Description with the following error: 
%%5
 
Error: (05/18/2015 06:31:16 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error: 
%%5
 
Error: (05/18/2015 06:31:16 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Security with the following error: 
%%5
 
Error: (05/18/2015 06:31:16 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (05/18/2015 06:38:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/18/2015 06:31:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/18/2015 06:22:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/18/2015 06:20:45 PM) (Source: Application Error)(User: )
Description: rndlresolversvc.exe0.0.0.053ea5e45rndlresolversvc.exe0.0.0.053ea5e45c00000050000306351401d091543a945598C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe8afd5540-fd47-11e4-a835-002354a8c6b9
 
Error: (05/17/2015 09:07:27 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe
 
Error: (05/17/2015 09:04:53 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe
 
Error: (05/17/2015 09:04:53 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe
 
Error: (05/17/2015 09:04:52 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifestC:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe
 
Error: (05/17/2015 02:45:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/16/2015 10:08:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
=========================== Installed Programs ============================
 
360安全卫士 (HKLM-x32\...\360安全卫士) (Version: 10.0.0.2002 - 360安全中心)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.26.9 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
K-Lite Mega Codec Pack 11.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 zh-CN) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 zh-CN)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{BE282C23-5484-47FF-B2C1-EBEA5C892052}) (Version: 8.3.31 - Nero AG)
RealDownloader (HKLM-x32\...\{6935C750-2D8C-4705-B4F9-052F550D225D}) (Version: 1.3.4 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - ATK (MTsensor) System  (07/16/2009 1043.6.0.0) (HKLM\...\55AAC8B3C1559D5D378114A88513466A7ECEC7BD) (Version: 07/16/2009 1043.6.0.0 - ATK)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version:  - Google Inc.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 73%
Total physical RAM: 2047.05 MB
Available physical RAM: 547.76 MB
Total Pagefile: 4094.11 MB
Available Pagefile: 2211.99 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.91 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:244.14 GB) (Free:201.21 GB) NTFS
3 Drive d: () (Fixed) (Total:157.06 GB) (Free:156.37 GB) NTFS
4 Drive e: () (Fixed) (Total:194.97 GB) (Free:194.59 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USER040415-PC
 
Administrator            Guest                    User040415               
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
13-05-2015 11:24:43 Windows Update
13-05-2015 11:26:07 Windows Update
13-05-2015 11:28:02 Windows Update
13-05-2015 11:29:10 Windows Update
13-05-2015 11:30:25 Windows Update
13-05-2015 11:33:38 Windows Update
13-05-2015 11:34:26 Windows Update
13-05-2015 11:35:14 Windows Update
14-05-2015 10:48:14 Removed AVG 2015
14-05-2015 10:54:50 Removed AVG 2015
14-05-2015 11:26:44 Removed QuickTime 7
15-05-2015 12:04:32 Windows Modules Installer
15-05-2015 12:48:13 avast! antivirus system restore point
 
**** End of log ****
 
 
 
My modem/router is TP-Link, model: TD-W8901G
Both pc connected by cable.
 


BC AdBot (Login to Remove)

 


#2 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 18 May 2015 - 08:16 AM

Is your PC set up for static IP/DNS or is it DHCP?

 

right click your network icon by the clock and click  Open Network and Sharing Center, on the left click Change Adapter settings, right click the Local area Connection, click Properties. In the list click IPv4 and below that and to the right click Properties.

 

Is it set to Obtain IP and DNS automatically or Use the following? If they are both set to Obtain leave it and just click Cancel and then OK. If either is set to Use the following, click by Obtain and click OK and OK again.

 

Report your finding. Once this is known we'll move on =)

 


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#3 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 18 May 2015 - 10:28 AM

You appear to have a invalid dns entry.  You should remove it.

 

DNS Servers . . . . . . . . . . . : 37.48.127.131 is not a dns server. It resolves to lw1033.ua-hosting.company


Edited by Wand3r3r, 18 May 2015 - 10:33 AM.


#4 pflame90

pflame90
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 19 May 2015 - 06:23 AM

Hi all, thks for help.

 

1.both set as obtain IP and DNS automatically, so I assume my set up is DHCP, right?

 

2. any tool or help to delete the invalid dns entry? like RogueKiller?

 

By the way, today when me use the  google chrome, the avast antivirus like deleted or blocked some extension which i don't paid attention to it and now it won't pop out those things already. I had installed the avast online security at my chrome and it is temporary or i 'm free of malware now?



#5 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 19 May 2015 - 08:50 AM

If both are set to obtain, then I would wager that DNS is coming from your router. I would reset it back to factory defaults and do a fresh setup on it.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#6 pflame90

pflame90
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 19 May 2015 - 10:10 AM

Actually I had just reset my modem router by last 2 weeks ago, anyway i will reset it again n clean my pc with RogueKiller then only connect the modem router. Maybe last time i was not clean the malware of the pc so it infected the router again. However if i still can't get rid of it, i will buy a new modem/router. If tomorrow i have reset my modem, I will post the minitoolbox 's log at here. Lastly thanks for any help and sorry for my broken English.



#7 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 19 May 2015 - 10:24 AM

How did you reset it? You need to hold the reset button on the back for 10 seconds(a real 10 seconds, like count it slowly) OR inside the router, on the left under System Tools, Factory Defaults, and then the Restore button up and on the right.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#8 pflame90

pflame90
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 19 May 2015 - 08:49 PM

I hold the button at the back for few seconds to reset it but I didn't count for 10 seconds(now only I know need to count for 10 seconds). Later I will try to hold it for 10 seconds, thanks for your advice.



#9 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 19 May 2015 - 09:00 PM

I'd just surf into it and do it from inside. That way you know. but either way is fine.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#10 pflame90

pflame90
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 20 May 2015 - 04:03 AM

Hahaha by the way, I had just found another unlucky guy like me,

http://www.bleepingcomputer.com/forums/t/570912/dns-changer-virus-infected-all-my-laptops-and-mobiles-on-wifi-network/page-3

 

same type of modem/router, maybe this model is easy to infect.



#11 pflame90

pflame90
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 20 May 2015 - 07:08 AM

Hi all, I had reset my modem, and here is the minitoolbox log

 

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by User040415 (administrator) on 20-05-2015 at 20:07:01
Running from "C:\Users\User040415\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection 2 (Connected)
Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : User040415-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection 2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-23-54-A8-C8-0C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::780f:3aaf:b508:691b%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, 20 May, 2015 7:55:00 PM
   Lease Expires . . . . . . . . . . : Saturday, 23 May, 2015 7:55:01 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 301998932
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-B0-98-CE-00-23-54-A8-C6-B9
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-23-54-A8-C6-B9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{6EEB41CD-B4E1-434E-A62B-92B4333C2250}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:ca47:63c2:cc9:39bf:3f57:fefc(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::cc9:39bf:3f57:fefc%15(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2404:6800:4001:806::200e
 173.194.120.103
 173.194.120.100
 173.194.120.99
 173.194.120.96
 173.194.120.110
 173.194.120.98
 173.194.120.104
 173.194.120.101
 173.194.120.102
 173.194.120.97
 173.194.120.105
 
 
Pinging google.com [173.194.126.69] with 32 bytes of data:
Reply from 173.194.126.69: bytes=32 time=47ms TTL=57
Reply from 173.194.126.69: bytes=32 time=47ms TTL=57
 
Ping statistics for 173.194.126.69:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 47ms, Maximum = 47ms, Average = 47ms
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=278ms TTL=52
Reply from 206.190.36.45: bytes=32 time=271ms TTL=52
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 271ms, Maximum = 278ms, Average = 274ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...00 23 54 a8 c8 0c ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
 11...00 23 54 a8 c6 b9 ......Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    276
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:ca47:63c2:cc9:39bf:3f57:fefc/128
                                    On-link
 13    276 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::cc9:39bf:3f57:fefc/128
                                    On-link
 13    276 fe80::780f:3aaf:b508:691b/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/20/2015 07:45:30 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/20/2015 07:45:30 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/20/2015 07:45:30 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/20/2015 07:45:26 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (05/20/2015 07:45:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2015 07:45:23 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/20/2015 07:45:23 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (05/20/2015 07:45:23 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/20/2015 07:45:22 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/20/2015 07:45:22 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
System errors:
=============
Error: (05/20/2015 07:45:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/20/2015 07:45:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (05/20/2015 07:45:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
kavbootc
 
Error: (05/20/2015 07:45:02 PM) (Source: Service Control Manager) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%1053
 
Error: (05/20/2015 07:45:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
 
Error: (05/20/2015 07:36:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
kavbootc
 
Error: (05/20/2015 07:32:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
kavbootc
 
Error: (05/20/2015 07:05:21 PM) (Source: Application Popup) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (05/20/2015 06:52:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/20/2015 06:52:58 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
 
Microsoft Office Sessions:
=========================
Error: (05/20/2015 07:45:30 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/20/2015 07:45:30 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/20/2015 07:45:30 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (05/20/2015 07:45:26 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (05/20/2015 07:45:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2015 07:45:23 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (05/20/2015 07:45:23 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (05/20/2015 07:45:23 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (05/20/2015 07:45:22 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
Error: (05/20/2015 07:45:22 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
=========================== Installed Programs ============================
 
360安全卫士 (HKLM-x32\...\360安全卫士) (Version: 10.0.0.2002 - 360安全中心)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.3917.58 - CyberLink Corp.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.65.11 - JMicron Technology Corp.)
K-Lite Mega Codec Pack 11.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 zh-CN) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 zh-CN)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{BE282C23-5484-47FF-B2C1-EBEA5C892052}) (Version: 8.3.31 - Nero AG)
RealDownloader (HKLM-x32\...\{6935C750-2D8C-4705-B4F9-052F550D225D}) (Version: 1.3.4 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - ATK (MTsensor) System  (07/16/2009 1043.6.0.0) (HKLM\...\55AAC8B3C1559D5D378114A88513466A7ECEC7BD) (Version: 07/16/2009 1043.6.0.0 - ATK)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version:  - Google Inc.)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 68%
Total physical RAM: 2047.05 MB
Available physical RAM: 648.56 MB
Total Pagefile: 4094.11 MB
Available Pagefile: 2208.06 MB
Total Virtual: 4095.88 MB
Available Virtual: 3944.78 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:244.14 GB) (Free:199.57 GB) NTFS
3 Drive d: () (Fixed) (Total:157.06 GB) (Free:156.37 GB) NTFS
4 Drive e: () (Fixed) (Total:194.97 GB) (Free:194.59 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\USER040415-PC
 
Administrator            Guest                    User040415               
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
13-05-2015 11:24:43 Windows Update
13-05-2015 11:26:07 Windows Update
13-05-2015 11:28:02 Windows Update
13-05-2015 11:29:10 Windows Update
13-05-2015 11:30:25 Windows Update
13-05-2015 11:33:38 Windows Update
13-05-2015 11:34:26 Windows Update
13-05-2015 11:35:14 Windows Update
14-05-2015 10:48:14 Removed AVG 2015
14-05-2015 10:54:50 Removed AVG 2015
14-05-2015 11:26:44 Removed QuickTime 7
15-05-2015 12:04:32 Windows Modules Installer
15-05-2015 12:48:13 avast! antivirus system restore point
 
**** End of log ****
 
 
Is my modem router free of malware now? Thanks for any help!!!


#12 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 20 May 2015 - 07:26 AM

You tell us, is it working correctly? The bad DNS setting is gone.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#13 pflame90

pflame90
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 20 May 2015 - 07:36 AM

no more pop out now, everything fine .Hopefully i can permanently get rid of it. Thanks for help!!!



#14 pflame90

pflame90
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 21 May 2015 - 06:38 AM

Hi, may i know also is there any tool to let me check my home network is connected by how many device and the detail of it? Thanks for help!!!



#15 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:36 PM

Posted 21 May 2015 - 09:30 AM

You're looking for LAN monitor software. Not sure how much detail something that doesn't cost will tell you.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users