Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help infected and this person is infecting every network i attatch too.


  • Please log in to reply
No replies to this topic

#1 systematicdecline

systematicdecline

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:12:25 AM

Posted 28 May 2012 - 12:06 PM

I started a thread in Malware Nasdaq could not find anything in my logs and directed me here. please help. I am fairly informed in pcs and networking. thank you.








i have a gateway NV57H

im connected wireless and always have,

2wire from Att

15 feet from 2wire

i am currently on DSL,


MiniToolBox by Farbar Version: 14-01-2012
Ran by freddie (administrator) on 28-05-2012 at 09:59:29
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : freddie-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 08-11-96-5E-72-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 08-11-96-5E-72-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6205
Physical Address. . . . . . . . . : 08-11-96-5E-72-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5d42:940e:92db:6223%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, May 28, 2012 9:33:17 AM
Lease Expires . . . . . . . . . . : Tuesday, May 29, 2012 9:51:57 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 302518678
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-27-DB-23-DC-0E-A1-08-17-6F
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : DC-0E-A1-08-17-6F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4A7ACCBB-D6D1-46E4-A648-9ACEFFFC3471}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{82AE0BBC-07D8-49F3-B4D6-C6562A7A2A7B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:24f2:1e85:b4f0:7d95(Preferred)
Link-local IPv6 Address . . . . . : fe80::24f2:1e85:b4f0:7d95%19(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4B296A5D-8093-4BF9-B4C7-5F1E08D5525D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {4DAA4915-2954-4A1A-B8BE-CFF335C74F64}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {71486A82-ACA5-43F3-BA1D-30F1CF0339B3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.224.41
74.125.224.46
74.125.224.32
74.125.224.33
74.125.224.34
74.125.224.35
74.125.224.36
74.125.224.37
74.125.224.38
74.125.224.39
74.125.224.40


Pinging google.com [74.125.224.102] with 32 bytes of data:
Request timed out.
Reply from 74.125.224.102: bytes=32 time=23ms TTL=52

Ping statistics for 74.125.224.102:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 23ms, Average = 23ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=23ms TTL=52
Reply from 72.30.38.140: bytes=32 time=23ms TTL=52

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 23ms, Average = 23ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 2ms, Average = 2ms
===========================================================================
Interface List
14...08 11 96 5e 72 61 ......Microsoft Virtual WiFi Miniport Adapter #2
13...08 11 96 5e 72 61 ......Microsoft Virtual WiFi Miniport Adapter
12...08 11 96 5e 72 60 ......Intel® Centrino® Advanced-N 6205
11...dc 0e a1 08 17 6f ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 281
192.168.1.64 255.255.255.255 On-link 192.168.1.64 281
192.168.1.255 255.255.255.255 On-link 192.168.1.64 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
19 58 ::/0 On-link
1 306 ::1/128 On-link
19 58 2001::/32 On-link
19 306 2001:0:4137:9e76:24f2:1e85:b4f0:7d95/128
On-link
12 281 fe80::/64 On-link
19 306 fe80::/64 On-link
19 306 fe80::24f2:1e85:b4f0:7d95/128
On-link
12 281 fe80::5d42:940e:92db:6223/128
On-link
1 306 ff00::/8 On-link
19 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/28/2012 09:33:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2012 10:11:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2012 06:01:50 PM) (Source: PerfNet) (User: )
Description:

Error: (05/27/2012 05:55:50 PM) (Source: PerfNet) (User: )
Description:

Error: (05/27/2012 05:53:48 PM) (Source: PerfNet) (User: )
Description:

Error: (05/27/2012 05:18:05 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\System32\sdiagnhost.exe -Embedding; Description = Windows Live Mesh ActiveX Control for Remote Connections ; Error = 0x8007043c).

Error: (05/27/2012 05:18:02 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\System32\sdiagnhost.exe -Embedding; Description = Restore Point before Windows Live Mesh ActiveX Control for Remote Connections was removed using Program Install and Uninstall troubleshooter; Error = 0x8007043c).

Error: (05/27/2012 03:52:50 PM) (Source: Microsoft Security Client Setup) (User: freddie)freddie
Description: HRESULT:0x8004FF11
Description:Canít install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (05/27/2012 03:26:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2012 02:59:00 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not open the EventSystem service for query.

System Error:
Element not found.
.


System errors:
=============
Error: (05/28/2012 09:32:42 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (05/28/2012 09:32:33 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:24:06 AM on ?5/?28/?2012 was unexpected.

Error: (05/27/2012 10:40:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %freddie-PC60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %freddie-PC51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %freddie-PC602

Update Type: %freddie-PC604

User: freddie-PC\freddie

Current Engine Version: %freddie-PC605

Previous Engine Version: %freddie-PC606

Error code: %freddie-PC607

Error description: %freddie-PC608

Error: (05/27/2012 10:40:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %freddie-PC60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %freddie-PC51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %freddie-PC602

Update Type: %freddie-PC604

User: freddie-PC\freddie

Current Engine Version: %freddie-PC605

Previous Engine Version: %freddie-PC606

Error code: %freddie-PC607

Error description: %freddie-PC608

Error: (05/27/2012 10:40:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %freddie-PC60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %freddie-PC51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %freddie-PC602

Update Type: %freddie-PC604

User: freddie-PC\freddie

Current Engine Version: %freddie-PC605

Previous Engine Version: %freddie-PC606

Error code: %freddie-PC607

Error description: %freddie-PC608

Error: (05/27/2012 10:40:34 PM) (Source: Microsoft Antimalware) (User: )
Description: %freddie-PC60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %freddie-PC51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %freddie-PC602

Update Type: %freddie-PC604

User: freddie-PC\freddie

Current Engine Version: %freddie-PC605

Previous Engine Version: %freddie-PC606

Error code: %freddie-PC607

Error description: %freddie-PC608

Error: (05/27/2012 10:12:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/27/2012 10:12:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/27/2012 10:12:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/27/2012 10:12:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (05/28/2012 09:33:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2012 10:11:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2012 06:01:50 PM) (Source: PerfNet)(User: )
Description:

Error: (05/27/2012 05:55:50 PM) (Source: PerfNet)(User: )
Description:

Error: (05/27/2012 05:53:48 PM) (Source: PerfNet)(User: )
Description:

Error: (05/27/2012 05:18:05 PM) (Source: System Restore)(User: )
Description: C:\Windows\System32\sdiagnhost.exe -Embedding Windows Live Mesh ActiveX Control for Remote Connections 0x8007043c

Error: (05/27/2012 05:18:02 PM) (Source: System Restore)(User: )
Description: C:\Windows\System32\sdiagnhost.exe -EmbeddingRestore Point before Windows Live Mesh ActiveX Control for Remote Connections was removed using Program Install and Uninstall troubleshooter0x8007043c

Error: (05/27/2012 03:52:50 PM) (Source: Microsoft Security Client Setup)(User: freddie)freddie
Description: HRESULT:0x8004FF11
Description:Canít install Microsoft Security Essentials on a computer running in safe mode. Your computer is currently running in safe mode. To install Security Essentials, your computer must be running in normal mode. Please restart your computer in normal mode, and then try to run the Security Essentials Setup Wizard again. Error code:0x8004FF11.

Error: (05/27/2012 03:26:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2012 02:59:00 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not open the EventSystem service for query.

System Error:
Element not found.


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8043.86 MB
Available physical RAM: 5882.12 MB
Total Pagefile: 20106.05 MB
Available Pagefile: 17345.08 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.38 MB

========================= Partitions: =====================================

1 Drive c: (Gateway) (Fixed) (Total:465.66 GB) (Free:404.2 GB) NTFS
3 Drive g: (System Reserved) (Fixed) (Total:0.08 GB) (Free:0.05 GB) NTFS

========================= Users: ========================================

User accounts for \\FREDDIE-PC

Administrator freddie Guest


**** End of log ****

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users