-
Junior Member
to answer your question
you never said what your experiencing to make you think your infected,
and you never said what your experiencing to make you think your infected,
Ken,
the reason i'm worried is because of the event logs i've been seening.
RE: THE FOLLOWING DNS event log -
I changed my computer name to remove the .LAN suffix.
haven't tested the results yet
Warning 7/27/2014 2:36:10 AM DNS Client Events 8016 (1028)
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 7/27/2014 2:36:10 AM
Event ID: 8016
Task Category: (1028)
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: e.LAN
Description:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:
Adapter Name : {4684F351-2781-4D68-9DE2-AF7E992AA295}
Host Name : e
Primary Domain Suffix : LAN
DNS server list :
64.59.184.13, 64.59.190.242
Sent update to server : <?>
IP Address(es) :
192.168.0.11
The reason the system could not register these RRs was because the DNS server failed the update request. The most likely cause of this is that the authoritative DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.
You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>8016</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1028</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2014-07-27T08:36:10.010047400Z" />
<EventRecordID>65863</EventRecordID>
<Correlation />
<Execution ProcessID="1368" ThreadID="2100" />
<Channel>System</Channel>
<Computer>e.LAN</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="AdapterName">{4684F351-2781-4D68-9DE2-AF7E992AA295}</Data>
<Data Name="HostName">e</Data>
<Data Name="AdapterSuffixName">LAN</Data>
<Data Name="DnsServerList"> 64.59.184.13, 64.59.190.242</Data>
<Data Name="Sent UpdateServer"><?></Data>
<Data Name="Ipaddress">192.168.0.11</Data>
<Data Name="ErrorCode">9002</Data>
</EventData>
</Event>...
AND
Log Name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
Source: Microsoft-Windows-Windows Firewall With Advanced Security
Date: 7/27/2014 2:42:24 AM
Event ID: 2010
Task Category: None
Level: Information
Keywords:
User: LOCAL SERVICE
Computer: e.LAN
Description:
Network profile changed on an interface.
Adapter GUID: {4684F351-2781-4D68-9DE2-AF7E992AA295}
Adapter Name: wireless_0
Old Profile: Public
New Profile: Private
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Windows Firewall With Advanced Security" Guid="{D1BC9AFF-2ABF-4D71-9146-ECB2A986EB85}" />
<EventID>2010</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2014-07-27T08:42:24.347162500Z" />
<EventRecordID>46444</EventRecordID>
<Correlation />
<Execution ProcessID="1564" ThreadID="6644" />
<Channel>Microsoft-Windows-Windows Firewall With Advanced Security/Firewall</Channel>
<Computer>e.LAN</Computer>
<Security UserID="S-1-5-19" />
</System>
<EventData>
<Data Name="InterfaceGuid">{4684F351-2781-4D68-9DE2-AF7E992AA295}</Data>
<Data Name="InterfaceName">wireless_0</Data>
<Data Name="OldProfile">4</Data>
<Data Name="NewProfile">2</Data>
</EventData>
</Event>
AND re: ABOVE EVENT ID IS 2010; also included are 2002,2011,2005,2004. all one after another.
AND
USING NETSTAT I'VE NOTICED A PERSISTENT ROUTE WHOSE NETWORK AND GATEWAY I DON'T RECOGNIZE
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 192.168.0.12 192.168.0.11 26
192.168.0.0 255.255.255.0 On-link 192.168.0.11 281
192.168.0.11 255.255.255.255 On-link 192.168.0.11 281
192.168.0.255 255.255.255.255 On-link 192.168.0.11 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.11 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.11 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.0.0 255.255.0.0 192.168.0.12 1
===========================================================================
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
