Jump to content

Search the Community

Showing results for tags 'networking'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 5 results

  1. Hello all, first time poster. I have started coming across weird networking/firewall issues after prolonged use of my computer (I leave my computer on for the most part.) I'd say after about 2-3 days of being on, these issues will suddenly start occurring. Such issues include - OBS Studio will not authenticate with Twitch to provide API elements (The chat and stream info windows will not appear, resuilting with the error: failed to authenticate with twitch) Loading webpages taking a longer time than before... about 10 seconds to load up a google search page. Microsoft Remote Desktop Protocol (RDP) will not work period - either via the internet or locally to my home server. My computer can ping my home server, but the server cannot ping my computer from command prompt.... despite my computers DHCP-assigned static IP showing up when using arp -a. Windows Defenders Firewall WILL NOT load (Although I hear that MBAM may set the Windows Defender processes to be Manual rather than automatic so that may explain this) When creating sessions in games like Monster Hunter World, the session takes F O R E V E R to load. Likewise, using Splashtop (my work's remote access software) to remotely access client computers also can take a prolonged time than normal. Restarting the computer resolves all these issues and everything works as normal. Me being in IT, I thought a networking issue might have been causing this (Specifically thinking that port 443 was being blocked or something) but after running several port checks, updating my routers firmware, updating my LAN driver on my pc ect I determined that the issue is isolated to my system. Then I found this post on Bleeping Computer (Hopefully link sharing is not against the rules here..): https://www.bleepingcomputer.com/forums/t/716117/cannot-open-windows-firewall/ And noticed all the similarities between me and this poster's issues - specifically that we both have MBAM Premium. After finding this revelation, I have come here to seek help on the matter. I am running Windows 10 1909 with MBAM Premium 4.1.0.56. I apologize if this issue has been posted before but it is kind of difficult searching up this topic..
  2. I'm not very computer savvy, so these are probably stupid questions. I work with a Windows 10 PC at a small business which is part of a network. The files I work with are all saved on a "shared drive" on the server computer". Sometimes I save files to my Desktop or download files to my Downloads folder on the C:\ Drive, before saving an updated copy to the "shared drive" at the end of the week. When I right-click and view properties for C:\ and view the "Sharing" tab, it says this drive is "Not Shared". Questions: 1) Does "Not Shared" mean that C:\ is not a part of the company's network and can't be accessed /viewed from the other computers? 2) If it's not shared, does that mean that all the work I've been saving to C:\ hasn't been getting backed-up? 3) Sometimes during my break, I create and work on documents (I write a lot) that aren't company related. Before my break ends, I copy the file to a USB flash drive and delete the original from the C:\ drive. Sometimes I also access files on the USB flash drive, and save changes I make to them. Since all the work is happening on C:\ and the USB flash drive, will it show up on any network event logs / file audits? It was nothing illegal and I've done this a few times now without any incident, but I want to avoid any trouble this might cause. 4) If I download a PDF file off the internet and it gets saved to the "Downloads" folder on C:\, will it get automatically backed up to the company "shared drive", or would I have to manually make a copy to the "shared drive" to make sure that it gets backed up too? Thanks, T-Ruth
  3. Hello, hopefully someone can help me. I'm running Windows 7 x64 and connected my PC directly from my PC to the modem. I have been having incredibly irritating internet issues that myself and my ISP cannot solve. I would be able to open webpages with no problems but when II play WoW, Overwatch, GTA5, Terraria with buds, I always seem to lag hardcore or just bluntly get disconnected from the session entirely. It doesn't last longer than a few seconds to a minute though, but it always happens again anywhere between 5-40 mins later. I talked to my ISP many, many times, most times the guy I get says my connection is fine with no problems. A few times they said there were kinda unusual readings. One time he said there was upload packet loss. I have even had an ISP tech come and check my connection a few times. One said everything was fine and said I would have to call when it's happening (which doesn't help because it doesn't last longer than a few seconds or so, especially when I have to spend 5 to 10 minutes navigating their stupid auto menus. And one said that the connection here was fine but down the road it might be interfering with my service (although he seemed to want to end the day because he had a trainee with him and just wanted to pass the problem off to another tech). Things I have tried: DNS Flush. Set the connection from Automatically find a DNS ip to various free DNS's out there from Google and OpenDNS. Update Windows. Many resets and reboots of the modem and my computer. Double and triple check my physical cord and internal PC components for looseness or damage. Did a malware and rootkit scan with Malwarebytes, Security Essentials, Avira and Housecall, all with no results. However I suspect it might be something that can't be easily discovered. Mostly because I also recently found out I have been having difficulty downloading Windows Updates (just recently got this issue sort of resolved but unsure what caused it in the first place. My computer is the only one this is happening to, however I don't have access to another PC that can play some of these games to test, or a friend to help out with it. However multiple devices are connected at different times with no issues. I am frustrated beyond belief, I hope someone can help me out here. Thanks for reading. I also scanned with Hijack This. While I do have this file, it also told me this "For some reason, your system denied access to the Hosts file. If any hijacked domains are in this file, Hijack This may not be able to fix this. ."
  4. I've been experiencing very slow DNS resolution since a couple days ago. Website take a longer than usual time to resolve and sometimes the website don't load even after a couple minutes. Sometimes, the DNS problem disappears before coming back again. It's very erratic. When I try to "PING google.com" or even "PING localhost", there can be a delay of anywhere between 4 seconds to half a minute before the results appear. PING Google IP address is instantaneous. When I say delay, I mean the delay that comes immediately after issuing PING Google.com but before the first response text 'Pinging google.com [74.125.130.101] with....' appears. NSLookup Google.com doesn't have this problem. The problem also doesn't exist if I reboot Windows into SAFE mode with network. I'm using DSL WIFI router and I've checked other PCs that are connected to my same network, they don't have this problem. Note: By the way, Iast week, while shutting down, my PC had a large Windows update that took like 15 minutes. My resolution attempts: 1). Tried flushing DNS flush (ipconfig /flushdns) as shown in this article - http://answers.microsoft.com/en-us/windows/forum/windows_xp-networking/ping-or-browser-dns-lookup-takes-5-10-seconds-yet/d8f5375d-a095-4900-8069-0177ad271750 2). Tried resetting the host file - http://forums.anvisoft.com/viewtopic-51-4003-0.html 3). Tried disabling Windows virtual wifi miniport. 4). Tried disable ipv6 for my Wireless LAN Adapter. 5). Scan using MalwareBytes anti-malware, no malicious items found. 6). Did a complete scan using Avira Pro which I've been using and activated for 2 years, nothing detected. 7). While surfing Internet, I discovered that AVAST can do a reboot scan so I downloaded AVAST free and did a bootscan scanned with all the options checked, also nothing found. I immediately uninstalled AVAST after that. 8). I've tried disabling Windows firewall to see if it's due to Windows. 9). Tried using CCLEANER. 10). Tried changing LAN adapter - still same. My environment: 1). OS: Windows 7 Home 2). Antivirus: Avira Pro 3). Firewall: Windows Firewall with Windows 8 Firewall Control 4). Network: Intel® Centrino® WIFI 5). Ipconfig: Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN Physical Address. . . . . . . . . : 00-24-D7-******** DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::d77:************(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.0.***(Preferred) Subnet Mask . . . . . . . . . . . : 255.25****** Lease Obtained. . . . . . . . . . : Wednesday, 30 July, 2014 4:40:19 PM Lease Expires . . . . . . . . . . : Thursday, 31 July, 2014 4:40:18 PM Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 218113239 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-56-98-33-8C-73-6E-75-A7-56 DNS Servers . . . . . . . . . . . : 192.168.0.1 --> This is my router as I'm using DHCP. On my router, my ISP DNS servers are listed. NetBIOS over Tcpip. . . . . . . . : EnabledI've attached HijackThis, JRT, RogueKiller and MiniBoxTool logs as follows. Please help me. HijackThis v2.0.4 LogLogfile of Trend Micro HijackThis v2.0.4Scan saved at 11:03:49 AM, on 30/7/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17207)Boot mode: NormalRunning processes:c:\Program Files\Softex\OmniPass\hook\OpHook32BitProcess.exeC:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exeC:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Fujitsu\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tunein.com/radio/Class-95-FM-950-s25599/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dllO3 - Toolbar: (no name) - {F348E1B0-CBFE-47C3-81B4-9F44B3B5A618} - (no file)O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeO4 - HKLM\..\Run: [LauncherM215fw] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint M215 fwO4 - HKLM\..\Run: [M215fw RUN] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe"O4 - HKLM\..\Run: [StatusAutoRunmM215fw] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe" FX DocuPrint M215 fw,hide,\SO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exeO4 - HKCU\..\Run: [Google Update] "C:\Users\Fujitsu\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - Global Startup: AlertDispatcherTray.lnk = C:\Program Files (x86)\AlertDispatcher\AlertDispatcherTray.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\agilent\io libraries suite\lximdnsnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: http://radio.mediacorp.sgO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllO20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLLO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXEO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exeO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: FXcnStatutsDatabase (FXNADB) - Fuji Xerox Co., Ltd. - C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exeO23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXEO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exeO23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: MySQL - Unknown owner - D:\data\MariaDB5.5\bin\mysqld.exeO23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exeO23 - Service: Open DHCP Server (OpenDHCPServer) - Unknown owner - C:\OpenDHCPServer\OpenDHCPServer.exeO23 - Service: OTPServer - Click And Deploy Pte Ltd - D:\Data\ClickAndDeploy\OTPServer\otpserver\test\otpserver.exeO23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: RabbitMQ - Unknown owner - C:\Program Files (x86)\erl5.10.3\erts-5.10.3\bin\erlsrv.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: syslogd - Unknown owner - C:\Program Files (x86)\syslog\syslogd.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exeO23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: Windows8FirewallService - Sphinx Software - C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exeO23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)JRT Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Premium x64Ran by Fujitsu on Wed 30/07/2014 at 16:00:44.42~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfreeSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS~~~ FilesSuccessfully deleted: [File] C:\Windows\syswow64\sho406B.tmpSuccessfully deleted: [File] C:\Windows\syswow64\sho4635.tmpSuccessfully deleted: [File] C:\Windows\syswow64\sho4ADA.tmpSuccessfully deleted: [File] C:\Windows\syswow64\sho8CEB.tmpSuccessfully deleted: [File] C:\Windows\syswow64\shoA676.tmpSuccessfully deleted: [File] C:\Windows\syswow64\shoB676.tmp~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\Users\Fujitsu\AppData\Roaming\getrighttogo"Successfully deleted: [Folder] "C:\Users\Fujitsu\appdata\locallow\boost_interprocess"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 30/07/2014 at 16:14:19.19End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~RogueKiller LogRogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Fujitsu [Admin rights]Mode : Scan -- Date : 07/30/2014 15:55:21¤¤¤ Bad processes : 3 ¤¤¤[Suspicious.Path] Core Temp.exe -- C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe[-] -> KILLED [TermProc][Suspicious.Path] GoogleCrashHandler.exe -- C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe[7] -> KILLED [TermProc][Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\Fujitsu\AppData\Local\Temp\ALSysIO64.sys[x] -> STOPPED¤¤¤ Registry Entries : 19 ¤¤¤[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HideFile -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HideFile -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO -> FOUND[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HideFile -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150 -> FOUND[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[Suspicious.Path] \\Core Temp Autostart Fujitsu -- "C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe" -> FOUND¤¤¤ Files : 0 ¤¤¤¤¤¤ HOSTS File : 0 ¤¤¤¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\SiRemFil @ Unknown (\SystemRoot\System32\drivers\fwpkclnt.sys)¤¤¤ Web browsers : 2 ¤¤¤[PUM.Proxy][FIREFX:Config] 9drj6ma0.default : user_pref("network.proxy.http", "proxy.singnet.com.sg"); -> FOUND[PUM.Proxy][FIREFX:Config] 9drj6ma0.default : user_pref("network.proxy.http_port", 8080); -> FOUND¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD5000BPKT-00PK4T0 +++++--- User ---[MBR] b05a6bca9e52e4afb1ff539e0bd2bf39[BSP] 76275fc33034f9b3a520de17248a8ec4 : HP MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16395 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 33579008 | Size: 200 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 33988608 | Size: 122159 MB3 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 284170240 | Size: 338185 MBUser = LL1 ... OKUser = LL2 ... OKMiniBoxTool log: MiniToolBox by Farbar Version: 21-07-2014Ran by user (administrator) on 01-08-2014 at 00:35:05Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal***************************************************************************========================= Flush DNS: ===================================Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========================= Hosts content: =================================127.0.0.1 localhost127.0.0.1 localhost========================= IP Configuration: ================================Intel(R) Centrino(R) Ultimate-N 6300 AGN = Wireless Network Connection (Connected)Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Hardware not present)VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 6 (Hardware not present)Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)# ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4resetset global icmpredirects=enabledset interface interface="Local Area Connection 6" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabledadd address name="Local Area Connection 6" address=10.150.10.33 mask=255.255.255.255add address name="Local Area Connection 6" address=10.150.9.68 mask=255.255.255.255add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0popd# End of IPv4 configurationWindows IP Configuration Host Name . . . . . . . . . . . . : notebook Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet Physical Address. . . . . . . . . : 8C-73-6E-75-A7-56 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 00-24-D7-0B-D9-B9 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN Physical Address. . . . . . . . . : 00-24-D7-0B-D9-B8 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::d77:5aa5:9321:25b7%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.111(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, 31 July, 2014 10:36:09 PM Lease Expires . . . . . . . . . . : Friday, 1 August, 2014 11:48:07 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 218113239 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-56-98-33-8C-73-6E-75-A7-56 DNS Servers . . . . . . . . . . . : 8.8.8.8 8.8.4.4 NetBIOS over Tcpip. . . . . . . . : EnabledTunnel adapter isatap.{354DEDCD-EDE5-4FCA-A0DE-C75F32623F06}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.{DB275B59-550E-4D86-8056-6225288D7B8E}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.{0986B670-9564-4652-9241-A286EA7A40C5}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesTunnel adapter Local Area Connection* 26: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2833:3c6b:2300:a5b(Preferred) Link-local IPv6 Address . . . . . : fe80::2833:3c6b:2300:a5b%30(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : DisabledServer: google-public-dns-a.google.comAddress: 8.8.8.8Name: google.comAddresses: 2404:6800:4003:c01::71 74.125.130.101 74.125.130.113 74.125.130.139 74.125.130.138 74.125.130.102 74.125.130.100Pinging google.com [74.125.130.100] with 32 bytes of data:Reply from 74.125.130.100: bytes=32 time=137ms TTL=43Reply from 74.125.130.100: bytes=32 time=8ms TTL=43Ping statistics for 74.125.130.100: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 8ms, Maximum = 137ms, Average = 72msServer: google-public-dns-a.google.comAddress: 8.8.8.8Name: yahoo.comAddresses: 98.139.183.24 98.138.253.109 206.190.36.45Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=267ms TTL=45Reply from 98.139.183.24: bytes=32 time=273ms TTL=45Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 267ms, Maximum = 273ms, Average = 270msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================Interface List 12...8c 73 6e 75 a7 56 ......Broadcom NetLink (TM) Gigabit Ethernet 18...00 24 d7 0b d9 b9 ......Microsoft Virtual WiFi Miniport Adapter 13...00 24 d7 0b d9 b8 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN 1...........................Software Loopback Interface 1 44...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 45...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5 43...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7 30...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface===========================================================================IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.111 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.111 281 192.168.1.125 255.255.255.255 On-link 192.168.1.111 281 192.168.1.255 255.255.255.255 On-link 192.168.1.111 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.111 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.111 281===========================================================================Persistent Routes: NoneIPv6 Route Table===========================================================================Active Routes: If Metric Network Destination Gateway 30 58 ::/0 On-link 1 306 ::1/128 On-link 30 58 2001::/32 On-link 30 306 2001:0:9d38:90d7:2833:3c6b:2300:a5b/128 On-link 13 281 fe80::/64 On-link 30 306 fe80::/64 On-link 13 281 fe80::d77:5aa5:9321:25b7/128 On-link 30 306 fe80::2833:3c6b:2300:a5b/128 On-link 1 306 ff00::/8 On-link 30 306 ff00::/8 On-link 13 281 ff00::/8 On-link===========================================================================Persistent Routes: If Metric Network Destination Gateway 0 4294967295 2620:9b::/96 On-link 0 4294967295 fe80::/10 On-link 0 4294967295 fe80::/10 On-link==================================================================================================== Winsock entries =====================================Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 13 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 14 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 15 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 16 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 17 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 18 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 19 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)========================= Devices: ================================Name: VirtualBox Host-Only Ethernet AdapterDescription: VirtualBox Host-Only Ethernet AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Oracle CorporationService: VBoxNetAdpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: vpnvaProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: Bluetooth Device (Personal Area Network)Description: Bluetooth Device (Personal Area Network)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: BthPanProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.========================= Minidump Files ==================================No minidump file found========================= Restore Points ==================================30-07-2014 14:40:59 Installed Microsoft Fix it 5040930-07-2014 14:41:48 Installed Microsoft Fix it 5040930-07-2014 14:56:07 Installed Microsoft Fix it 5044030-07-2014 16:41:59 Windows Update31-07-2014 01:25:41 Windows Update31-07-2014 02:12:46 Removed Agilent IO Libraries Suite 64-bit.31-07-2014 02:14:07 Removed Agilent IO Libraries Suite 16.3 Update 131-07-2014 02:43:21 Removed Bonjour31-07-2014 07:15:15 Windows Update**** End of log ****
  5. Thanks for a moment of your time. I am in desperate need of your help. Desperate because my computer, a 64 bit Windows Home Premium OS, HP Pavillion has been made a client machine on an unknown network admin's domain. I have done a couple years worth of investigation...learning a lot as I proceed. And I have narrowed the Hack to the exploitation of my WIRED router-in this case a Netgear WNR1000v2, but the brand is irrelevant-using a script I found that contains a reference to a program called Dnsmasq and something called MICROSOFT WINDOWS RALLY PROGRAM among others which I will include at the bottom of this text. On Netgear utility app called Genie [which denies me permission to Wireless, ReadyShare and parental controls] I try to enter a password that control,using I get a message that says " The server 192.168.0.1 at WebAdmin request a password which is not the standard PW or the one I created.. I logged on today using an ethernet cable from modem directly to my pc, but the the Netgear router [unplugged and disconnected] app called Genie indicates that I am passing through the router????????? I have lost control of my computer and have not yet been able to regain it due to a lack of knowledge regarding this open code written by someone else. Please help me understand how to remove this control from my PC. I would be so very grateful. . I tried to attach the wordpad doc that I copied from the Notepad Script but was unsuccesful. Contains many references to unknown programs. So here are some selected keywords: Binary or Source code */...bpalogin.sourceforge.net bridge.sourceforge.net/....busybox-1.4.2...dnsmasq-2.39...iptables-1.3.5 http://www.microsoft...iupnpd-20070127... ftp://ftp.samba.org/.......udhcp-0.9.8 wireless-tools-29.pre1...datalib...detcable..dni-ripd...dns-ipupdate...Oray...detwan...led-control...net-util...radvd...telnetenable...[ap91-hostapd]... hostapd...Atheros...BSD/GPL...ap91-madwifi-11n-scripts]... madwifi... wlanlog...ap91-wpatalk]...hostapd...Kernel Modules...Linux-2.6.15... ag7240-enet ag7240-gpio...ipv6-cone...netfilter...dnirtsp...ftp alg...pptp drv...netgear-rejec...urlblock....ap91-madwifi-11n.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.