Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something Odd


  • Please log in to reply
15 replies to this topic

#1 coxchris

coxchris

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:02:16 AM

Posted 12 June 2010 - 03:11 PM

Something is suspicious on my laptop Have run Avast 5 and Anti-spyware in safe mode they found nothing.

Recently I notice that all my browser is redirecting me back to the previous page. for example my home page is set to Google.com when i type in a search field and hit search it redirects me back to the home page. and any other website i put in the address bar. I have to reset my laptop in order to stop this. I notice when i do cmd>netstat I notice some a bunch of loopbacks.

Posted Image

Is this normal computer behavior

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:16 AM

Posted 12 June 2010 - 03:52 PM

Have you ran the tools from within Windows Normal mode?

Can you do a more advanced netstat such as:

netstat -ano

and post the results.

#3 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:02:16 AM

Posted 12 June 2010 - 04:35 PM

cryptodan

Thank you for the reply

I am double checking with Avast and Superantispyware again

Posted Image
Posted Image

Could It be Google redirect?

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:16 AM

Posted 12 June 2010 - 04:41 PM

Can you copy and paste the stuff from the command prompt? Your images make the read out impossible to read.

#5 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:03:16 AM

Posted 12 June 2010 - 04:47 PM

Copy To the Clipboard From the Windows Command Prompt
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#6 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:02:16 AM

Posted 12 June 2010 - 05:01 PM

Sorry about that here is your info:)

Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Users\chris>netstat -ano

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 688
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING 3292
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING 396
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING 792
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING 852
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING 500
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING 456
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING 1820
TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:12080 127.0.0.1:51283 ESTABLISHED 1284
TCP 127.0.0.1:12080 127.0.0.1:51437 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51441 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51507 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51509 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51513 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51515 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51517 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51519 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51521 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51523 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51525 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51526 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51531 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51533 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51537 ESTABLISHED 1284
TCP 127.0.0.1:12080 127.0.0.1:51539 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51540 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51543 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51545 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51547 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51551 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51553 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51555 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51557 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51559 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51561 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51567 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51569 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51571 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51573 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51575 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51577 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51579 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51580 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51583 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51584 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51589 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51593 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51595 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51597 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51598 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51601 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51603 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51605 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51607 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51608 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51611 TIME_WAIT 0
TCP 127.0.0.1:12080 127.0.0.1:51617 TIME_WAIT 0
TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:12465 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:12563 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:12993 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:12995 0.0.0.0:0 LISTENING 1284
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 1800
TCP 127.0.0.1:51283 127.0.0.1:12080 ESTABLISHED 704
TCP 127.0.0.1:51477 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:51481 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:51511 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:51529 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:51537 127.0.0.1:12080 ESTABLISHED 704
TCP 127.0.0.1:51540 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:51549 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:51563 127.0.0.1:12080 TIME_WAIT 0
TCP 127.0.0.1:51565 127.0.0.1:12080 TIME_WAIT 0
TCP 192.168.1.100:139 0.0.0.0:0 LISTENING 4
TCP 192.168.1.100:51127 192.168.1.102:445 ESTABLISHED 4
TCP 192.168.1.100:51284 66.220.145.36:80 ESTABLISHED 1284
TCP 192.168.1.100:51506 204.9.177.132:80 TIME_WAIT 0
TCP 192.168.1.100:51536 168.75.65.85:80 TIME_WAIT 0
TCP 192.168.1.100:51538 72.14.204.148:80 ESTABLISHED 1284
TCP 192.168.1.100:51614 67.148.147.122:80 TIME_WAIT 0
TCP 192.168.1.100:51616 96.17.85.115:80 TIME_WAIT 0
TCP [::]:135 [::]:0 LISTENING 688
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:554 [::]:0 LISTENING 3292
TCP [::]:2869 [::]:0 LISTENING 4
TCP [::]:3587 [::]:0 LISTENING 2588
TCP [::]:5357 [::]:0 LISTENING 4
TCP [::]:10243 [::]:0 LISTENING 4
TCP [::]:49152 [::]:0 LISTENING 396
TCP [::]:49153 [::]:0 LISTENING 792
TCP [::]:49154 [::]:0 LISTENING 852
TCP [::]:49155 [::]:0 LISTENING 500
TCP [::]:49156 [::]:0 LISTENING 456
UDP 0.0.0.0:3544 *:* 852
UDP 0.0.0.0:3702 *:* 1012
UDP 0.0.0.0:3702 *:* 1012
UDP 0.0.0.0:3702 *:* 1012
UDP 0.0.0.0:3702 *:* 2308
UDP 0.0.0.0:3702 *:* 1012
UDP 0.0.0.0:3702 *:* 2308
UDP 0.0.0.0:5004 *:* 3292
UDP 0.0.0.0:5005 *:* 3292
UDP 0.0.0.0:5355 *:* 1144
UDP 0.0.0.0:49152 *:* 1820
UDP 0.0.0.0:56563 *:* 2308
UDP 0.0.0.0:56565 *:* 1012
UDP 0.0.0.0:57557 *:* 1820
UDP 0.0.0.0:61456 *:* 1012
UDP 0.0.0.0:62996 *:* 1012
UDP 127.0.0.1:1900 *:* 2308
UDP 127.0.0.1:49791 *:* 908
UDP 127.0.0.1:51068 *:* 3296
UDP 127.0.0.1:55861 *:* 2308
UDP 127.0.0.1:63543 *:* 704
UDP 192.168.1.100:137 *:* 4
UDP 192.168.1.100:138 *:* 4
UDP 192.168.1.100:1900 *:* 2308
UDP 192.168.1.100:5353 *:* 1820
UDP 192.168.1.100:55860 *:* 2308
UDP 192.168.1.100:59153 *:* 852
UDP [::]:3540 *:* 2588
UDP [::]:3702 *:* 2308
UDP [::]:3702 *:* 1012
UDP [::]:3702 *:* 1012
UDP [::]:3702 *:* 1012
UDP [::]:3702 *:* 2308
UDP [::]:3702 *:* 1012
UDP [::]:5004 *:* 3292
UDP [::]:5005 *:* 3292
UDP [::]:5355 *:* 1144
UDP [::]:49153 *:* 1820
UDP [::]:56564 *:* 2308
UDP [::]:56566 *:* 1012
UDP [::]:61457 *:* 1012
UDP [::]:62997 *:* 1012
UDP [::1]:1900 *:* 2308
UDP [::1]:55859 *:* 2308
UDP [fe80::d0d:1586:ad0c:3de4%12]:1900 *:*
2308
UDP [fe80::d0d:1586:ad0c:3de4%12]:55858 *:*
2308

C:\Users\chris>

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:16 AM

Posted 12 June 2010 - 05:10 PM

What is process 1284 and 704 you can do this by running taskmanger and by going to view then select columns and selecting PID.

If those process id's are for AVAST, then here is your answer: Dozens of Port 12080 Connections opened up

Edited by cryptodan, 12 June 2010 - 05:14 PM.


#8 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:02:16 AM

Posted 12 June 2010 - 05:22 PM

ty for the help yes those are avasts

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:16 AM

Posted 12 June 2010 - 05:28 PM

Glad we got your issue your resolved. Happy bleeping.

#10 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:02:16 AM

Posted 12 June 2010 - 10:12 PM

Maybe I spoke to soon dan,

It's not responding even to windows request like open a folder in the windows directory so I rolled back with windows restore to 6/9/2010 when like 52.3MB of updates on it. So I deleted the previous and created a new restore point from here on.


I will let you know when it does it again

Sorry about that dan my issue is still open

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:09:16 AM

Posted 13 June 2010 - 03:05 AM

Now its time to look at hardware as a possible cause such as over heating.

#12 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:02:16 AM

Posted 13 June 2010 - 08:30 AM

I think its a DNS issue

When i search or go to a address like this site it will sometimes open for a briefly minute and redirect to the last page. So I have to reset my laptop. I have a clean copy of the HOST file. I have uninstall, reinstall firefox and i reset IE to defaults setting but no avail.

Edit System Specs: http://speccy.piriform.com/results/I5yTHjcRfYFG5k4YXPXzf1s

Edited by coxchris, 13 June 2010 - 09:10 AM.

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#13 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:16 AM

Posted 14 June 2010 - 11:31 AM

See if this helps ...

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop. Right click to run as Administrator. Your computer will reboot itself.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#14 coxchris

coxchris
  • Topic Starter

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Atwater
  • Local time:02:16 AM

Posted 14 June 2010 - 11:49 AM

Thanks for the help Jacee. I will save that file for a later use. Had to Wipe and Reinstall Windows 7 but I think it was in my previous system. but If it comes up again I will run it and put that into my secured programs folder.

Now I need a DSL line for the update process. Working updating in batches have a limit on what i can download in a day :huh:

Jacee from what I could understand that batch file will reset all of my network settings.

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 

LPIC-1, SUSE 


#15 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:16 AM

Posted 14 June 2010 - 04:02 PM

It resets the hosts file, releases and renews ip address, performs flushdns, resets winsock catalogs and restarts your pc.

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users