Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Back Door Trojan


  • Please log in to reply
1 reply to this topic

#1 jcurrin

jcurrin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 09 November 2007 - 04:26 PM

I don't know what I got into on my computer but it was bad! I have already run hijackthis and got rid of everything that was spyware here have a look and see if any of you can see any spyware in my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:26 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\avgarkt.exe
C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\16fqwU.exe
F:\PC Tools\HiJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wral.com/index.html
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 5897 bytes

Anyway I have run Avast, BitDefender online scan, A-squared online scan, Ewido online scan, F-secure online scan, Windows live one care online scan, and xcleaner online scan. After all this I use a program called CurrPorts to see what's trying to get access to the internet ports and I'm getting some strange ports that are showing up when I open internet explorer. I will post the log of the ports below.

==================================================
Process Name : ashMaiSv.exe
Process ID : 2556
Protocol : TCP
Local Port : 12143
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Product Name : avast! Antivirus
File Description : avast! e-Mail Scanner Service
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Mail Scanner
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : ashMaiSv.exe
Process ID : 2556
Protocol : TCP
Local Port : 12119
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Product Name : avast! Antivirus
File Description : avast! e-Mail Scanner Service
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Mail Scanner
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : ashMaiSv.exe
Process ID : 2556
Protocol : TCP
Local Port : 12110
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Product Name : avast! Antivirus
File Description : avast! e-Mail Scanner Service
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Mail Scanner
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1100
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1101
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1098
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1104
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:09 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1106
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:09 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1108
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:09 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1110
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:11 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1117
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:13 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1119
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:13 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1121
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1123
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 12080
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 1125
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : ashMaiSv.exe
Process ID : 2556
Protocol : TCP
Local Port : 12025
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
Product Name : avast! Antivirus
File Description : avast! e-Mail Scanner Service
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Mail Scanner
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : Kodak Software Updater.exe
Process ID : 2080
Protocol : UDP
Local Port : 9370
Local Port Name :
Local Address : 0.0.0.0
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Product Name :
File Description :
File Version :
Company :
Process Created On: 11/9/2007 12:22:19 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : wcescomm.exe
Process ID : 1596
Protocol : TCP
Local Port : 7438
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\Program Files\Microsoft ActiveSync\wcescomm.exe
Product Name : Microsoft ActiveSync
File Description : ActiveSync Connection Manager
File Version : 4.1.4841.0
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:18 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : wcescomm.exe
Process ID : 1596
Protocol : TCP
Local Port : 5679
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\Program Files\Microsoft ActiveSync\wcescomm.exe
Product Name : Microsoft ActiveSync
File Description : ActiveSync Connection Manager
File Version : 4.1.4841.0
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:18 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : lsass.exe
Process ID : 752
Protocol : UDP
Local Port : 4500
Local Port Name :
Local Address : 0.0.0.0
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\lsass.exe
Product Name : Microsoft® Windows® Operating System
File Description : LSA Shell (Export Version)
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:05 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : PolicyAgent, ProtectedStorage, SamSs
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1168
Protocol : UDP
Local Port : 1900
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:07 PM
User Name :
Process Services : LmHosts, RemoteRegistry, SSDPSRV, WebClient
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1168
Protocol : UDP
Local Port : 1900
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:07 PM
User Name :
Process Services : LmHosts, RemoteRegistry, SSDPSRV, WebClient
Process Attributes: A
Added On : 11/9/2007 12:27:58 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1126
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 216.27.85.170
Remote Host Name :
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1125
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1124
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 66.102.1.165
Remote Host Name : he-in-f165.google.com
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1123
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1122
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 66.102.1.165
Remote Host Name : he-in-f165.google.com
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1121
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1120
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 64.233.161.165
Remote Host Name : od-in-f165.google.com
State : Sent
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:13 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1119
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:13 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1118
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 208.68.59.10
Remote Host Name : ads.adsonar.com
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:13 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1117
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:13 PM
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1116
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 66.102.1.165
Remote Host Name : he-in-f165.google.com
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1114
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 66.102.1.165
Remote Host Name : he-in-f165.google.com
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 11/9/2007 12:31:15 PM
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1132
Protocol : UDP
Local Port : 1112
Local Port Name :
Local Address : 0.0.0.0
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:07 PM
User Name :
Process Services : Dnscache
Process Attributes: A
Added On : 11/9/2007 12:31:11 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1111
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 208.68.59.10
Remote Host Name : ads.adsonar.com
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:11 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1110
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:11 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1109
Local Port Name : kpop
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 72.246.31.19
Remote Host Name : a72-246-31-19.deploy.akamaitechnologies.com
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:09 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1108
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:09 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1106
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:09 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1105
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 64.233.161.165
Remote Host Name : od-in-f165.google.com
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:09 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1104
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:09 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1103
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 72.246.31.10
Remote Host Name : a72-246-31-10.deploy.akamaitechnologies.com
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1102
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 72.246.31.10
Remote Host Name : a72-246-31-10.deploy.akamaitechnologies.com
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1101
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1100
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : ashWebSv.exe
Process ID : 2752
Protocol : TCP
Local Port : 1099
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 216.27.85.170
Remote Host Name :
State : Established
Process Path : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
Product Name : avast! Antivirus
File Description : avast! Web Scanner
File Version : 4, 7, 1043, 0
Company : ALWIL Software
Process Created On: 11/9/2007 12:22:25 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : avast! Web Scanner
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : TCP
Local Port : 1098
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port : 12080
Remote Address : 127.0.0.1
Remote Host Name : localhost
State : Established
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : iexplore.exe
Process ID : 164
Protocol : UDP
Local Port : 1097
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\Program Files\Internet Explorer\iexplore.exe
Product Name : Windows® Internet Explorer
File Description : Internet Explorer
File Version : 7.00.6000.16544 (vista_gdr.070814-1500)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:31:02 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:31:07 PM
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1094
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 204.13.201.55
Remote Host Name : www.securetrust.com
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 11/9/2007 12:30:39 PM
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 1082
Local Port Name :
Local Address : 192.168.1.146
Remote Port Name : http
Remote Port : 80
Remote Address : 72.246.31.75
Remote Host Name : a72-246-31-75.deploy.akamaitechnologies.com
State : Time Wait
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 11/9/2007 12:30:39 PM
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1132
Protocol : UDP
Local Port : 1070
Local Port Name :
Local Address : 0.0.0.0
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:07 PM
User Name :
Process Services : Dnscache
Process Attributes: A
Added On : 11/9/2007 12:30:17 PM
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1132
Protocol : UDP
Local Port : 1052
Local Port Name :
Local Address : 0.0.0.0
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:07 PM
User Name :
Process Services : Dnscache
Process Attributes: A
Added On : 11/9/2007 12:28:10 PM
==================================================

==================================================
Process Name : alg.exe
Process ID : 2848
Protocol : TCP
Local Port : 1029
Local Port Name :
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\System32\alg.exe
Product Name : Microsoft® Windows® Operating System
File Description : Application Layer Gateway Service
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:26 PM
User Name :
Process Services : ALG
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : rapimgr.exe
Process ID : 2328
Protocol : TCP
Local Port : 990
Local Port Name :
Local Address : 0.0.0.0
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\PROGRA~1\MI3AA1~1\rapimgr.exe
Product Name : Microsoft ActiveSync
File Description : ActiveSync RAPI Manager
File Version : 4.1.4841.0
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:20 PM
User Name : DELLXPS\User
Process Services :
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : lsass.exe
Process ID : 752
Protocol : UDP
Local Port : 500
Local Port Name : isakmp
Local Address : 0.0.0.0
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\lsass.exe
Product Name : Microsoft® Windows® Operating System
File Description : LSA Shell (Export Version)
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:05 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : PolicyAgent, ProtectedStorage, SamSs
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 445
Local Port Name : microsoft-ds
Local Address : 0.0.0.0
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 139
Local Port Name : netbios-ssn
Local Address : 192.168.1.146
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 11/9/2007 12:27:58 PM
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : UDP
Local Port : 138
Local Port Name : netbios-dgm
Local Address : 192.168.1.146
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 11/9/2007 12:27:58 PM
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : UDP
Local Port : 137
Local Port Name : netbios-ns
Local Address : 192.168.1.146
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 11/9/2007 12:27:58 PM
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1008
Protocol : TCP
Local Port : 135
Local Port Name : epmap
Local Address : 0.0.0.0
Remote Port Name :
Remote Port :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:07 PM
User Name :
Process Services : RpcSs
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1052
Protocol : UDP
Local Port : 123
Local Port Name : ntp
Local Address : 127.0.0.1
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:07 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, HidServ, lanmanserver, lanmanworkstation, Netman, Nla, RasMan
Process Attributes: A
Added On : 11/9/2007 12:27:50 PM
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1052
Protocol : UDP
Local Port : 123
Local Port Name : ntp
Local Address : 192.168.1.146
Remote Port Name :
Remote Port :
Remote Address :
Remote Host Name :
State :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Generic Host Process for Win32 Services
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Company : Microsoft Corporation
Process Created On: 11/9/2007 12:22:07 PM
User Name : NT AUTHORITY\SYSTEM
Process Services : AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, HidServ, lanmanserver, lanmanworkstation, Netman, Nla, RasMan
Process Attributes: A
Added On : 11/9/2007 12:27:58 PM
==================================================

Please help me.

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:52 AM

Posted 10 November 2007 - 04:46 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jcurrin :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users