Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unresolved firewall hits and network?


  • Please log in to reply
4 replies to this topic

#1 AndyP5000

AndyP5000

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 24 May 2017 - 08:44 PM

On request I have been transferred here... 
 
I am having firewall hits when I turn my router on. (see previous thread) https://www.bleepingcomputer.com/forums/t/646968/is-chrome-infected-fire-wall-hits/ 
 
I'm using Avasts firewall at default settings.
 
I've reset my router and still get the hits.
 
Also want to make sure I have latest firmware for my Technicolor tg852n so need a secure download for that.
 
Could a faulty cable cause the things ive been encountering? My current cable is not that much cop and i've ordered a new one as the clip keeping the aether cable in has snapped off. 
 
With this router I also have problems with phone calls dropping the internet out. I hink its over five years old now and new one might be a good idea?
 
Im thinking  i might have to result to a total fresh install 
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Andy (administrator) on 25-05-2017 at 02:35:36
Running from "C:\Users\Andy\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Aspire M3910 Manufacturer: Acer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/22/2017 09:43:23 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/21/2017 07:00:03 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (05/21/2017 02:37:02 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (05/21/2017 02:11:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (05/21/2017 11:38:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/21/2017 11:37:15 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/21/2017 11:37:15 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/21/2017 11:37:15 AM) (Source: NvStreamSvc) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
Error: (05/20/2017 02:19:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2017 07:38:04 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (05/23/2017 09:41:48 AM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.64 with the system
having network hardware address B8-A1-75-6E-6F-11. Network operations on this system may
be disrupted as a result.
 
Error: (05/23/2017 09:13:14 AM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.64 with the system
having network hardware address A8-54-B2-A7-54-BE. Network operations on this system may
be disrupted as a result.
 
Error: (05/21/2017 11:35:10 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (05/20/2017 02:08:32 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (05/20/2017 02:08:31 PM) (Source: DCOM) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (05/20/2017 02:08:03 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/20/2017 02:08:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/20/2017 02:08:02 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/20/2017 02:08:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (05/20/2017 02:08:02 PM) (Source: Service Control Manager) (User: )
Description: The Autodesk Application Manager Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (05/22/2017 09:43:23 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (05/21/2017 07:00:03 PM) (Source: Windows Backup)(User: )
Description: K:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (05/21/2017 02:37:02 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
Error: (05/21/2017 02:11:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestc:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe
 
Error: (05/21/2017 11:38:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/21/2017 11:37:15 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD initialization failed [6]
 
Error: (05/21/2017 11:37:15 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
 
Error: (05/21/2017 11:37:15 AM) (Source: NvStreamSvc)(User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
 
Error: (05/20/2017 02:19:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/20/2017 07:38:04 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005
 
 
**** End of log ****

Edited by AndyP5000, 24 May 2017 - 09:06 PM.


BC AdBot (Login to Remove)

 


#2 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 24 May 2017 - 09:42 PM

On request I have been transferred here... 
 
I am having firewall hits when I turn my router on. (see previous thread) https://www.bleepingcomputer.com/forums/t/646968/is-chrome-infected-fire-wall-hits/ 
 
I'm using Avasts firewall at default settings.
 
I've reset my router and still get the hits.


From you other post, here are some of what you reported as hits on the firewall:

23/05/2017 18:31:03 192.168.1.254 1900 192.168.1.68 60887 UDP In Public Tcp/Udp In Block
23/05/2017 18:31:03 fe80::9e97:26ff:fe48:da4a - fe80::1045:e424:1459:233f 135 ICMPv6 In Public Icmp6 Neighbor Solicit In Block
23/05/2017 18:31:04 192.168.1.64 1900 192.168.1.68 55739 UDP In Public Tcp/Udp In Block
23/05/2017 18:45:17 :: - ff02::1:ff48:da4a 135 ICMPv6 In Public Icmp6 Neighbor Solicit In Block


The first and the third listed items are using IPv4 addresses, while the second and forth appear to be IPv6 addresses.

In both cases, all the IPv4 addresses are all "private" IP addresses which such that the hits are coming from another device on your network. I cannot tell if the IPv6 addresses as also private as I am not really that familiar with IPv6.

What other devices do you have on your network? It could be something innocent that is just trying to connect to your computer or it could be something less than innocent (say another infected computer).

You also mentioned an IP address conflict in your other thread. This further suggests that there is some other network device on your network. An IP address conflict occurs when your computer tries to use an IP address that is already in use by another device.
 

Also want to make sure I have latest firmware for my Technicolor tg852n so need a secure download for that.


This appears to be a gateway (i.e. modem/router combo) rather than just a pure router. Do you rent it from your ISP? If so, then you might want to contact them about whether or not you should update the firmware and how you would go about doing it.
 

Could a faulty cable cause the things ive been encountering? My current cable is not that much cop and i've ordered a new one as the clip keeping the aether cable in has snapped off.


No to my knowledge, but it certainly does not hurt to try another cable.
 

With this router I also have problems with phone calls dropping the internet out. I hink its over five years old now and new one might be a good idea?


How do you make the phone calls? Is this VOIP service through your ISP that is handled by the gateway (i.e. you plug a phoneline into the gateway)? Or is it VOIP through some third party service that has its own device connected to the gateway by way of an ethernet cable? Or using a VOIP app on the computer or a smartphone? Or something else (it looks like the gateway is for DSL, so maybe a regular call on a regular landline that shares the DSL connection)? If it is VOIP service through your ISP using the gateway or DSL Internet that shares a phone line with a traditional landline, then you should talk to your ISP about the calls causing your Internet dropping out. If it is something else, then I will need more information to know if there is something to try.

As to a new router/gateway, that will depend. First, it will depend on if you rent it from your ISP. If so, then you will have to deal with them about getting an updated/new one. Then there is just the issue of whether you really need one. If the gateway does what you need it do, you get good Internet connection, get the speeds you are supposed get, and don't need new features (like you want to upgrade from 802.11g or 802.11n WiFi to 802.11ac or other features a newer router might have), then I see no reason to get a new router/gateway. If OTOH, you have problems with the current one or want new features, then it might be worth it.
 

Im thinking  i might have to result to a total fresh install


You mean a fresh install of Windows? If so, hold off on that. Since you already had help with scanning your system and nothing seemed to be found, it seem premature unless you have some other general reason why you want to do a fresh install.

#3 AndyP5000

AndyP5000
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 25 May 2017 - 04:48 AM

External Phone cuts off internet connection when a phone call comes in.

 

Active things connected on Wireless excluding PC

 

IPad

Kindle

Roku TV stick

Sky TV 

 

yeah ill contact my provider about updating it now i reset it to factory.



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:50 PM

Posted 25 May 2017 - 02:38 PM

"External Phone cuts off internet connection when a phone call comes in."

 

Bad filter.  Call your isp and have them replace it.



#5 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 25 May 2017 - 02:42 PM

External Phone cuts off internet connection when a phone call comes in.


This would definitely be something to talk to the ISP about. Others on the forum who are more familiar with DSL and its mechanics might be able to offer some additional input. I have no real experience with DSL, so I am not much help.
 

Active things connected on Wireless excluding PC
 
IPad
Kindle
Roku TV stick
Sky TV


You might try to figure what IP addresses they are using as well as what you computer is using and then see if those IP addresses match in the firewall hits in the log. My gut reaction is the one of those devices might be trying to connect to the computer for some reason. I have no experience with Sky TV, so I cannot if there is a reason why it might. For the iPad, the main reason it might is if you are using WiFi iTunes syncing (i.e. syncing across your WiFi network), but there could other reasons depending on the apps you might have installed on the iPad. I am less familiar with the Kindle, so I am not aware of anything off the bat that might cause it to try to connect to the computer, but again it can also depend on what apps you have installed. I am also not too familiar with a Roku Stick (I do have a more traditional Roku box that I have used the past, but it is not currently hooked up), so again I am not aware of any default action that might cause it to try to connect to the computer. 
 

yeah ill contact my provider about updating it now i reset it to factory.


Definitely a good play in my book even though many ISP's support systems can be a real pain to deal with.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users