Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack this file please help


  • This topic is locked This topic is locked
2 replies to this topic

#1 yekduy

yekduy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 30 January 2009 - 06:35 PM

hello, i have had some guest stay over for about a week, and now i have a hijack problem after they used my pc heres the log file i think this is what im sopposed post if not let me know

#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-11 04:43:17
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-11 04:43:17 192.168.1.1 3260 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/akspfikgmb - - Connection_Abandoned_By_AppPool -
2009-01-11 07:13:35 192.168.1.1 3301 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dylfzrnxmc - - Connection_Abandoned_By_AppPool -
2009-01-11 10:13:56 192.168.1.1 3351 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hqgsxruujm - - Connection_Abandoned_By_AppPool -
2009-01-11 13:44:22 192.168.1.1 3409 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/sgvnsuixit - - Connection_Abandoned_By_AppPool -
2009-01-11 14:14:28 192.168.1.1 3418 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gapcuqvesi - - Connection_Abandoned_By_AppPool -
2009-01-11 14:44:32 192.168.1.1 3429 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/agepphrjel - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-13 03:49:34
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-13 03:49:34 192.168.1.1 3945 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vctczupacp - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-13 18:51:11
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-13 18:51:11 192.168.1.1 4035 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/cydjiebvcz - - Connection_Abandoned_By_AppPool -
2009-01-13 19:21:16 192.168.1.1 4046 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dufcomhkrb - - Connection_Abandoned_By_AppPool -
2009-01-13 19:51:20 192.168.1.1 4057 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/fcyeumbliu - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-13 21:21:32
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-13 21:21:32 192.168.1.1 4084 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/lhjabxktdh - - Connection_Abandoned_By_AppPool -
2009-01-13 21:51:37 192.168.1.1 4094 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/jdehkmtkxz - - Connection_Abandoned_By_AppPool -
2009-01-13 22:21:41 192.168.1.1 4105 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/kgocdilhxb - - Connection_Abandoned_By_AppPool -
2009-01-13 23:21:50 192.168.1.1 4124 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vglwnxknfi - - Connection_Abandoned_By_AppPool -
2009-01-13 23:51:55 192.168.1.1 4134 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/clxxlrhmym - - Connection_Abandoned_By_AppPool -
2009-01-14 01:52:12 192.168.1.1 4169 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ejihcybksm - - Connection_Abandoned_By_AppPool -
2009-01-14 02:52:21 192.168.1.1 4188 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/jcyjcdnudi - - Connection_Abandoned_By_AppPool -
2009-01-14 04:52:35 192.168.1.1 4222 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/aukvjqmneq - - Connection_Abandoned_By_AppPool -
2009-01-14 05:22:43 192.168.1.1 4232 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/cyiadtwrwi - - Connection_Abandoned_By_AppPool -
2009-01-14 08:23:12 192.168.1.1 4286 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/tjpfkfqwop - - Connection_Abandoned_By_AppPool -
2009-01-14 08:53:16 192.168.1.1 4296 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hnjwjtcwcs - - Connection_Abandoned_By_AppPool -
2009-01-14 09:23:21 192.168.1.1 4307 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/rbypqurjky - - Connection_Abandoned_By_AppPool -
2009-01-14 09:53:26 192.168.1.1 4318 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/uhdatjchab - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-14 19:24:38
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-14 19:24:38 192.168.1.1 4361 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/emgxsdktiq - - Connection_Abandoned_By_AppPool -
2009-01-14 19:54:43 192.168.1.1 4371 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/lvloekeflj - - Connection_Abandoned_By_AppPool -
2009-01-14 20:24:47 192.168.1.1 4382 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/raomuanesx - - Connection_Abandoned_By_AppPool -
2009-01-14 21:24:55 192.168.1.1 4400 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/cywiufycxn - - Connection_Abandoned_By_AppPool -
2009-01-14 21:55:00 192.168.1.1 4410 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vhjukjapwq - - Connection_Abandoned_By_AppPool -
2009-01-14 23:55:15 192.168.1.1 4444 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/qegtgxfzon - - Connection_Abandoned_By_AppPool -
2009-01-15 00:55:24 192.168.1.1 4461 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/nxovubiyku - - Connection_Abandoned_By_AppPool -
2009-01-15 02:25:35 192.168.1.1 4489 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zuzxuqzwxi - - Connection_Abandoned_By_AppPool -
2009-01-15 02:55:40 192.168.1.1 4499 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/opacrluibq - - Connection_Abandoned_By_AppPool -
2009-01-15 06:56:14 192.168.1.1 4570 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/msgpyltiuq - - Connection_Abandoned_By_AppPool -
2009-01-15 07:26:22 192.168.1.1 4581 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/umujiqyqzt - - Connection_Abandoned_By_AppPool -
2009-01-15 08:56:35 192.168.1.1 4610 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/thcunctoct - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-16 07:59:35
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-16 07:59:35 192.168.1.1 4879 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/agyouauvja - - Connection_Abandoned_By_AppPool -
2009-01-16 09:59:48 192.168.1.1 4913 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ahnbkjfkfl - - Connection_Abandoned_By_AppPool -
2009-01-16 12:00:03 192.168.1.1 4947 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/kfhvpsusqd - - Connection_Abandoned_By_AppPool -
2009-01-16 13:00:09 192.168.1.1 4966 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/tgftfvzrau - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-17 00:01:25
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-17 00:01:25 192.168.1.1 2125 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gpslnwlyxo - - Connection_Abandoned_By_AppPool -
2009-01-17 07:02:16 192.168.1.1 2232 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ckpidphxeg - - Connection_Abandoned_By_AppPool -
2009-01-17 07:32:20 192.168.1.1 2241 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/exxxgrkwul - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-17 23:34:01
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-17 23:34:01 192.168.1.1 2440 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/bxpwyjeycq - - Connection_Abandoned_By_AppPool -
2009-01-18 08:05:05 192.168.1.1 2571 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/inmamgzenp - - Connection_Abandoned_By_AppPool -
2009-01-18 09:35:16 192.168.1.1 2590 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/quvvvujjzn - - Connection_Abandoned_By_AppPool -
2009-01-18 10:05:20 192.168.1.1 2602 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vshjekjfvc - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-18 20:06:24
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-18 20:06:24 192.168.1.1 2656 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hcfcxibddq - - Connection_Abandoned_By_AppPool -
2009-01-18 22:05:59 192.168.1.1 2051 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/mfrpeekshf - - Connection_Abandoned_By_AppPool -
2009-01-18 22:05:59 192.168.1.1 2058 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/morivvpddu - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-19 19:41:48
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-19 19:41:48 192.168.1.1 2052 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/funmnmsset - - Connection_Abandoned_By_AppPool -
2009-01-19 19:41:48 192.168.1.1 2059 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hgbfwmnqdd - - Connection_Abandoned_By_AppPool -
2009-01-19 20:11:51 192.168.1.1 2077 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/xyyhcenyra - - Connection_Abandoned_By_AppPool -
2009-01-19 20:41:56 192.168.1.1 2088 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ddldtkfufa - - Connection_Abandoned_By_AppPool -
2009-01-19 21:12:01 192.168.1.1 2099 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/nztgjsdngn - - Connection_Abandoned_By_AppPool -
2009-01-19 21:42:06 192.168.1.1 2110 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vjllahbehr - - Connection_Abandoned_By_AppPool -
2009-01-19 22:12:09 192.168.1.1 2121 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/cauhlgbzca - - Connection_Abandoned_By_AppPool -
2009-01-19 22:42:15 192.168.1.1 2132 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ljmjlkvelj - - Connection_Abandoned_By_AppPool -
2009-01-19 23:12:21 192.168.1.1 2143 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/mmzlctnnfq - - Connection_Abandoned_By_AppPool -
2009-01-19 23:42:25 192.168.1.1 2153 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/pwsccpqoor - - Connection_Abandoned_By_AppPool -
2009-01-20 02:42:49 192.168.1.1 2219 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hurjyksmhr - - Connection_Abandoned_By_AppPool -
2009-01-20 03:12:54 192.168.1.1 2228 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/jhojjxlinb - - Connection_Abandoned_By_AppPool -
2009-01-20 03:42:58 192.168.1.1 2238 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ehgacfwtia - - Connection_Abandoned_By_AppPool -
2009-01-20 04:13:03 192.168.1.1 2249 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dqbhjhbwkn - - Connection_Abandoned_By_AppPool -
2009-01-20 04:43:07 192.168.1.1 2261 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/nuhzdpmwhc - - Connection_Abandoned_By_AppPool -
2009-01-20 05:13:10 192.168.1.1 2272 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/uxytemvleq - - Connection_Abandoned_By_AppPool -
2009-01-20 05:43:14 192.168.1.1 2283 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dirytmvgze - - Connection_Abandoned_By_AppPool -
2009-01-20 06:13:19 192.168.1.1 2294 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/rvaznhlvvb - - Connection_Abandoned_By_AppPool -
2009-01-20 06:43:23 192.168.1.1 2304 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zltustguit - - Connection_Abandoned_By_AppPool -
2009-01-20 07:13:27 192.168.1.1 2316 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/sjrhpnfodx - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-20 10:43:54
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-20 10:43:54 192.168.1.1 2389 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/wbjixybhcr - - Connection_Abandoned_By_AppPool -
2009-01-20 10:43:54 192.168.1.1 2397 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/opdbthasyc - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-20 18:44:59
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-20 18:44:59 192.168.1.1 2439 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/uwpanwatac - - Connection_Abandoned_By_AppPool -
2009-01-20 19:15:04 192.168.1.1 2448 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hdoodwkeoi - - Connection_Abandoned_By_AppPool -
2009-01-20 19:45:09 192.168.1.1 2460 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/rcdutfudjx - - Connection_Abandoned_By_AppPool -
2009-01-20 20:15:13 192.168.1.1 2471 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gytetqfqro - - Connection_Abandoned_By_AppPool -
2009-01-20 20:45:17 192.168.1.1 2483 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/yzcyikvljf - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-21 02:16:05
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-21 02:16:05 192.168.1.1 2668 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ctpbxkdrti - - Connection_Abandoned_By_AppPool -
2009-01-21 02:16:05 192.168.1.1 2676 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/kiqylhbnst - - Connection_Abandoned_By_AppPool -
2009-01-21 02:46:10 192.168.1.1 2689 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/iqklursrjz - - Connection_Abandoned_By_AppPool -
2009-01-21 03:16:16 192.168.1.1 2700 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/bskwurrldn - - Connection_Abandoned_By_AppPool -
2009-01-21 03:46:21 192.168.1.1 2711 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ovsfjyvunb - - Connection_Abandoned_By_AppPool -
2009-01-21 04:16:26 192.168.1.1 2722 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/crswuufazb - - Connection_Abandoned_By_AppPool -
2009-01-21 04:46:30 192.168.1.1 2733 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/jvnlrfvway - - Connection_Abandoned_By_AppPool -
2009-01-21 05:16:34 192.168.1.1 2744 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hddadnlxly - - Connection_Abandoned_By_AppPool -
2009-01-21 05:46:40 192.168.1.1 2755 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/cwwuefksxy - - Connection_Abandoned_By_AppPool -
2009-01-21 06:16:44 192.168.1.1 2765 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gyrcxyyttm - - Connection_Abandoned_By_AppPool -
2009-01-21 06:46:48 192.168.1.1 2777 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/igsczaaywh - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-21 08:17:00
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-21 08:16:59 192.168.1.1 2820 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/mjdddnjxnh - - Connection_Abandoned_By_AppPool -
2009-01-21 09:17:10 192.168.1.1 2842 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gbtrqypxhl - - Connection_Abandoned_By_AppPool -
2009-01-21 09:47:15 192.168.1.1 2853 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ihhfxaqqcs - - Connection_Abandoned_By_AppPool -
2009-01-21 10:17:19 192.168.1.1 2864 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hwshiwuhno - - Connection_Abandoned_By_AppPool -
2009-01-21 10:47:25 192.168.1.1 2875 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zzwaemhbjx - - Connection_Abandoned_By_AppPool -
2009-01-21 11:17:28 192.168.1.1 2886 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/pbcnsjodpc - - Connection_Abandoned_By_AppPool -
2009-01-21 11:47:33 192.168.1.1 2897 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/inaojgbjvy - - Connection_Abandoned_By_AppPool -
2009-01-21 12:17:36 192.168.1.1 2907 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/qqjqufrigw - - Connection_Abandoned_By_AppPool -
2009-01-21 12:47:40 192.168.1.1 2919 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gxlqxtdlrc - - Connection_Abandoned_By_AppPool -
2009-01-21 13:17:45 192.168.1.1 2930 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/mgnnutpako - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-21 19:18:31
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-21 19:18:31 192.168.1.1 2950 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/lluuepriqc - - Connection_Abandoned_By_AppPool -
2009-01-21 19:18:31 192.168.1.1 2957 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/sxgwsiwdir - - Connection_Abandoned_By_AppPool -
2009-01-21 20:20:45 192.168.1.1 2052 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/qimwkgtnpb - - Connection_Abandoned_By_AppPool -
2009-01-21 20:20:45 192.168.1.1 2059 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zreogfqipk - - Connection_Abandoned_By_AppPool -
2009-01-21 20:50:48 192.168.1.1 2074 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ooixuuzsgv - - Connection_Abandoned_By_AppPool -
2009-01-21 21:20:54 192.168.1.1 2083 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/fiohuqjibg - - Connection_Abandoned_By_AppPool -
2009-01-21 21:51:01 192.168.1.1 2093 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/qpholsvuer - - Connection_Abandoned_By_AppPool -
2009-01-21 22:21:04 192.168.1.1 2104 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/lforunsoqo - - Connection_Abandoned_By_AppPool -
2009-01-21 22:51:09 192.168.1.1 2115 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/cfzcrjskbt - - Connection_Abandoned_By_AppPool -
2009-01-21 23:21:12 192.168.1.1 2126 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ajlrvaxdku - - Connection_Abandoned_By_AppPool -
2009-01-21 23:51:17 192.168.1.1 2136 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/iqvfgrlnuo - - Connection_Abandoned_By_AppPool -
2009-01-22 00:21:21 192.168.1.1 2148 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/atgogtqwsn - - Connection_Abandoned_By_AppPool -
2009-01-22 00:51:24 192.168.1.1 2158 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/buwbnjsdmu - - Connection_Abandoned_By_AppPool -
2009-01-22 02:51:41 192.168.1.1 2197 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/fsblpxmaka - - Connection_Abandoned_By_AppPool -
2009-01-22 03:21:45 192.168.1.1 2207 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/myhdmkpvnj - - Connection_Abandoned_By_AppPool -
2009-01-22 03:51:48 192.168.1.1 2219 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/rujzivlrzi - - Connection_Abandoned_By_AppPool -
2009-01-22 04:21:54 192.168.1.1 2230 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/jziewfdjfe - - Connection_Abandoned_By_AppPool -
2009-01-22 05:22:01 192.168.1.1 2252 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ezpegmczkq - - Connection_Abandoned_By_AppPool -
2009-01-22 05:52:05 192.168.1.1 2264 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/oeluehdmhc - - Connection_Abandoned_By_AppPool -
2009-01-22 06:22:08 192.168.1.1 2274 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/lpovqgpdkk - - Connection_Abandoned_By_AppPool -
2009-01-22 06:52:12 192.168.1.1 2285 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ecytmbejbu - - Connection_Abandoned_By_AppPool -
2009-01-22 07:22:16 192.168.1.1 2296 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hbcxdgaynk - - Connection_Abandoned_By_AppPool -
2009-01-22 07:52:21 192.168.1.1 2307 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/aghlsmnfxd - - Connection_Abandoned_By_AppPool -
2009-01-22 08:22:26 192.168.1.1 2319 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gszrnblsai - - Connection_Abandoned_By_AppPool -
2009-01-22 08:52:31 192.168.1.1 2330 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/fxlyrrqvbm - - Connection_Abandoned_By_AppPool -
2009-01-22 09:22:35 192.168.1.1 2341 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/wrdapqitmd - - Connection_Abandoned_By_AppPool -
2009-01-22 09:52:39 192.168.1.1 2352 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zsyguazgqy - - Connection_Abandoned_By_AppPool -
2009-01-22 10:22:44 192.168.1.1 2362 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/pfebzafday - - Connection_Abandoned_By_AppPool -
2009-01-22 10:52:47 192.168.1.1 2374 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/jnsvrgnhma - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-22 18:23:38
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-22 18:23:38 192.168.1.1 2393 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ecxostydax - - Connection_Abandoned_By_AppPool -
2009-01-22 18:23:38 192.168.1.1 2401 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/crebzcuwmk - - Connection_Abandoned_By_AppPool -
2009-01-22 20:23:57 192.168.1.1 2451 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/qkgmcpyofs - - Connection_Abandoned_By_AppPool -
2009-01-22 22:24:24 192.168.1.1 2492 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gjtqdxhzkp - - Connection_Abandoned_By_AppPool -
2009-01-22 22:54:28 192.168.1.1 2503 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vewhzsjdqg - - Connection_Abandoned_By_AppPool -
2009-01-22 23:24:32 192.168.1.1 2514 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/flhywkoptb - - Connection_Abandoned_By_AppPool -
2009-01-22 23:54:35 192.168.1.1 2525 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/iislrshjyq - - Connection_Abandoned_By_AppPool -
2009-01-23 00:24:40 192.168.1.1 2536 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ujrwprxkca - - Connection_Abandoned_By_AppPool -
2009-01-23 00:54:44 192.168.1.1 2546 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vabanbgrea - - Connection_Abandoned_By_AppPool -
2009-01-23 01:24:50 192.168.1.1 2557 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dbfsdosdhw - - Connection_Abandoned_By_AppPool -
2009-01-23 01:54:54 192.168.1.1 2569 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gpiblszeau - - Connection_Abandoned_By_AppPool -
2009-01-23 02:24:58 192.168.1.1 2583 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zxhsqrnffe - - Connection_Abandoned_By_AppPool -
2009-01-23 02:55:04 192.168.1.1 2594 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/kzwcadbghm - - Connection_Abandoned_By_AppPool -
2009-01-23 03:25:09 192.168.1.1 2605 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/lhyeqbrejw - - Connection_Abandoned_By_AppPool -
2009-01-23 03:55:14 192.168.1.1 2616 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/mgliskfklf - - Connection_Abandoned_By_AppPool -
2009-01-23 04:25:20 192.168.1.1 2626 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/oyivgigjqp - - Connection_Abandoned_By_AppPool -
2009-01-23 04:55:24 192.168.1.1 2638 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/udgwjwyuaz - - Connection_Abandoned_By_AppPool -
2009-01-23 05:25:28 192.168.1.1 2648 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/iqinjsnkwj - - Connection_Abandoned_By_AppPool -
2009-01-23 05:55:32 192.168.1.1 2660 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/nwdcxtnkyb - - Connection_Abandoned_By_AppPool -
2009-01-23 06:25:37 192.168.1.1 2671 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/rbzfbsdskn - - Connection_Abandoned_By_AppPool -
2009-01-23 06:55:43 192.168.1.1 2682 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/nwhqjkwwfx - - Connection_Abandoned_By_AppPool -
2009-01-23 07:25:49 192.168.1.1 2693 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dwsvghcjao - - Connection_Abandoned_By_AppPool -
2009-01-23 07:55:54 192.168.1.1 2703 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dfqwwutzla - - Connection_Abandoned_By_AppPool -
2009-01-23 08:25:59 192.168.1.1 2716 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/npnzqccyys - - Connection_Abandoned_By_AppPool -
2009-01-23 08:56:03 192.168.1.1 2727 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/pijiuunlrh - - Connection_Abandoned_By_AppPool -
2009-01-23 09:26:08 192.168.1.1 2738 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/msgwjnwhaf - - Connection_Abandoned_By_AppPool -
2009-01-23 09:56:14 192.168.1.1 2748 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/khxcrgtnbf - - Connection_Abandoned_By_AppPool -
2009-01-23 10:26:18 192.168.1.1 2759 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/nglktvlpnv - - Connection_Abandoned_By_AppPool -
2009-01-23 10:56:24 192.168.1.1 2771 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ixqmvtyecc - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-23 19:27:28
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-23 19:27:28 192.168.1.1 2815 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/iuytvbpwmi - - Connection_Abandoned_By_AppPool -
2009-01-23 19:27:28 192.168.1.1 2822 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/spvrmfyixu - - Connection_Abandoned_By_AppPool -
2009-01-23 19:57:31 192.168.1.1 2839 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dxlfuzdcfz - - Connection_Abandoned_By_AppPool -
2009-01-23 20:27:37 192.168.1.1 2851 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ohdiuttlhk - - Connection_Abandoned_By_AppPool -
2009-01-23 20:57:41 192.168.1.1 2862 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/aamexmopsi - - Connection_Abandoned_By_AppPool -
2009-01-23 21:27:46 192.168.1.1 2873 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/uogjjfydde - - Connection_Abandoned_By_AppPool -
2009-01-23 21:57:49 192.168.1.1 2884 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gcbkeiojhe - - Connection_Abandoned_By_AppPool -
2009-01-23 22:27:53 192.168.1.1 2895 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vouceywvfl - - Connection_Abandoned_By_AppPool -
2009-01-23 22:57:58 192.168.1.1 2905 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vclhiuyioh - - Connection_Abandoned_By_AppPool -
2009-01-23 23:28:01 192.168.1.1 2916 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/lnjdhjolwa - - Connection_Abandoned_By_AppPool -
2009-01-23 23:58:04 192.168.1.1 2927 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/xypidcwtwa - - Connection_Abandoned_By_AppPool -
2009-01-24 00:28:08 192.168.1.1 2939 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/pxzryvrvum - - Connection_Abandoned_By_AppPool -
2009-01-24 00:58:12 192.168.1.1 2949 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/sdqjlvjgkf - - Connection_Abandoned_By_AppPool -
2009-01-24 01:28:15 192.168.1.1 2961 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/eatamqxjnb - - Connection_Abandoned_By_AppPool -
2009-01-24 01:58:19 192.168.1.1 2972 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vfdtziwgmq - - Connection_Abandoned_By_AppPool -
2009-01-24 02:28:24 192.168.1.1 2983 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zpskcfgjmc - - Connection_Abandoned_By_AppPool -
2009-01-24 02:58:27 192.168.1.1 2994 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/wrxyqxpzvq - - Connection_Abandoned_By_AppPool -
2009-01-24 03:28:33 192.168.1.1 3005 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hmykolywlp - - Connection_Abandoned_By_AppPool -
2009-01-24 03:58:38 192.168.1.1 3015 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/myyceehuxg - - Connection_Abandoned_By_AppPool -
2009-01-24 04:28:42 192.168.1.1 3027 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/xsazjzgate - - Connection_Abandoned_By_AppPool -
2009-01-24 04:58:47 192.168.1.1 3038 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zdhyqddrhd - - Connection_Abandoned_By_AppPool -
2009-01-24 05:28:55 192.168.1.1 3049 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/ylnuggcdll - - Connection_Abandoned_By_AppPool -
2009-01-24 05:59:00 192.168.1.1 3060 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/gyblbkfedh - - Connection_Abandoned_By_AppPool -
2009-01-24 06:29:03 192.168.1.1 3071 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/rehfeqkved - - Connection_Abandoned_By_AppPool -
2009-01-24 06:59:07 192.168.1.1 3082 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/kfebnczmzb - - Connection_Abandoned_By_AppPool -
2009-01-24 07:59:15 192.168.1.1 3104 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/yxldxokoal - - Connection_Abandoned_By_AppPool -
2009-01-24 08:29:20 192.168.1.1 3116 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/rletvlxmiv - - Connection_Abandoned_By_AppPool -
2009-01-24 09:29:28 192.168.1.1 3401 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zherhurjmd - - Connection_Abandoned_By_AppPool -
2009-01-24 11:29:42 192.168.1.1 3450 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vckijcposh - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-25 05:32:01
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-25 05:32:01 192.168.1.1 3582 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/kufftmavre - - Connection_Abandoned_By_AppPool -
2009-01-25 07:02:12 192.168.1.1 3609 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dorimidxma - - Connection_Abandoned_By_AppPool -
2009-01-25 07:32:17 192.168.1.1 3619 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/uhtzrzmzhg - - Connection_Abandoned_By_AppPool -
2009-01-25 11:02:46 192.168.1.1 3679 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/kyxeonlrvf - - Connection_Abandoned_By_AppPool -
2009-01-25 11:32:51 192.168.1.1 3689 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/meodxdlrgb - - Connection_Abandoned_By_AppPool -
2009-01-25 12:02:56 192.168.1.1 3699 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/lzvbyfycah - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-25 15:33:19
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-25 15:33:19 192.168.1.1 3778 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/qlbnkscnva - - Connection_Abandoned_By_AppPool -
2009-01-25 19:03:48 192.168.1.1 3846 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/idcsbtinoc - - Connection_Abandoned_By_AppPool -
2009-01-25 20:03:57 192.168.1.1 3865 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/undvzduepz - - Connection_Abandoned_By_AppPool -
2009-01-25 20:34:02 192.168.1.1 3877 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/fzxlpctnmq - - Connection_Abandoned_By_AppPool -
2009-01-26 00:34:33 192.168.1.1 3946 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/pdnpeeborq - - Connection_Abandoned_By_AppPool -
2009-01-26 01:04:37 192.168.1.1 3956 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/dyylqnjobq - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-26 03:04:55
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-26 03:04:55 192.168.1.1 4001 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/nnmraainph - - Connection_Abandoned_By_AppPool -
2009-01-26 05:05:15 192.168.1.1 4042 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/mkpzahfgeu - - Connection_Abandoned_By_AppPool -
2009-01-26 05:35:22 192.168.1.1 4053 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/skekhyjfri - - Connection_Abandoned_By_AppPool -
2009-01-26 06:35:29 192.168.1.1 4071 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/hmlhvramen - - Connection_Abandoned_By_AppPool -
2009-01-26 08:35:46 192.168.1.1 4099 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/njomeeyqum - - Connection_Abandoned_By_AppPool -
2009-01-26 22:37:43 192.168.1.1 4370 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/fnusejfwbd - - Connection_Abandoned_By_AppPool -
2009-01-27 01:38:09 192.168.1.1 4430 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/pqzfrqzklr - - Connection_Abandoned_By_AppPool -
2009-01-27 06:39:00 192.168.1.1 4521 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/xlcstlalkq - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-27 10:09:31
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-27 10:09:31 192.168.1.1 4595 192.168.1.105 2869 - - - - - Timer_MinBytesPerSecond -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-28 04:42:09
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-28 04:42:09 192.168.1.1 4959 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/rqoevazpbe - - Connection_Abandoned_By_AppPool -
2009-01-28 06:12:22 192.168.1.1 4987 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/vhuamuepmm - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-28 16:43:37
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-28 16:43:37 192.168.1.1 2247 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/mwdbsrmxwx - - Connection_Abandoned_By_AppPool -
2009-01-28 18:13:47 192.168.1.1 2276 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/iunfknrhjn - - Connection_Abandoned_By_AppPool -
2009-01-28 19:38:13 192.168.1.1 2073 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/tjexftcqdv - - Connection_Abandoned_By_AppPool -
2009-01-28 20:08:14 192.168.1.1 2081 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/lxvvlckvur - - Connection_Abandoned_By_AppPool -
2009-01-28 20:38:16 192.168.1.1 2093 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/siocosjprp - - Connection_Abandoned_By_AppPool -
2009-01-28 21:08:19 192.168.1.1 2103 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/xcuvhnzepr - - Connection_Abandoned_By_AppPool -
2009-01-28 23:38:33 192.168.1.1 2153 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/huoutxprsb - - Connection_Abandoned_By_AppPool -
2009-01-29 00:08:37 192.168.1.1 2163 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/jpigtlmbxr - - Connection_Abandoned_By_AppPool -
#Software: Microsoft HTTP API 1.0
#Version: 1.0
#Date: 2009-01-29 02:08:50
#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-01-29 02:08:50 192.168.1.1 2222 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/reoyfwpsvo - - Connection_Abandoned_By_AppPool -
2009-01-29 02:38:54 192.168.1.1 2242 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/brcogetzhw - - Connection_Abandoned_By_AppPool -
2009-01-29 03:08:57 192.168.1.1 2262 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/jcrrhonlle - - Connection_Abandoned_By_AppPool -
2009-01-29 03:39:01 192.168.1.1 2285 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/jjtjbmjmru - - Connection_Abandoned_By_AppPool -
2009-01-29 04:09:09 192.168.1.1 2299 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/zkntmmzabm - - Connection_Abandoned_By_AppPool -
2009-01-29 04:39:19 192.168.1.1 2320 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/qcnvosoeyi - - Connection_Abandoned_By_AppPool -
2009-01-29 05:09:23 192.168.1.1 2347 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/cyvefxeemb - - Connection_Abandoned_By_AppPool -
2009-01-29 05:39:25 192.168.1.1 2359 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/epljsfloqy - - Connection_Abandoned_By_AppPool -
2009-01-29 06:09:28 192.168.1.1 2369 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/yikanzblby - - Connection_Abandoned_By_AppPool -
2009-01-29 06:39:33 192.168.1.1 2379 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/aednxnevbt - - Connection_Abandoned_By_AppPool -
2009-01-29 07:39:40 192.168.1.1 2399 192.168.1.105 2869 HTTP/1.1 NOTIFY /upnp/eventing/uklqiheann - - Connection_Abandoned_By_AppPool -


or am i sopposed to post this?


Running processes:

C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\csrss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS2\System32\alg.exe
C:\WINDOWS2\system32\NOTEPAD.EXE
C:\Documents and Settings\Bonnie\Desktop\HiJackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS2\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ThreatFire = C:\Program Files\ThreatFire\TFTray.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS2\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{11FC12D0-1A72-12D2-992D-5BC14F992BC7}] *
StubPath = C:\WINDOWS2\system32\javan.exe

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS2\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=uidmgq.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS2\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS2\System32\ssstars.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS2\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS2\Explorer\Explorer.exe: not present
C:\WINDOWS2\System\Explorer.exe: not present
C:\WINDOWS2\System32\Explorer.exe: not present
C:\WINDOWS2\Command\Explorer.exe: not present
C:\WINDOWS2\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS2\system32\macromed\flash\flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ThreatFire: C:\Program Files\ThreatFire\TFService.exe service (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS2\system32\SHELL32.dll
CDBurn: C:\WINDOWS2\system32\SHELL32.dll
WebCheck: C:\WINDOWS2\System32\webcheck.dll
SysTray: C:\WINDOWS2\System32\stobject.dll

--------------------------------------------------
End of report, 9,578 bytes
Report generated in 0.125 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by yekduy, 30 January 2009 - 06:50 PM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:50 AM

Posted 11 February 2009 - 05:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:50 AM

Posted 15 February 2009 - 03:26 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users