Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I still infected?


  • Please log in to reply
9 replies to this topic

#1 Putrid

Putrid

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 28 September 2010 - 05:42 PM

I've been dealing with a few issues this past week with hijacking and hacking. Found a few trojans and keyloggers that were removed, and I had this really annoying browser redirect issue described here. I was able to resolve that last issue with your help but before finishing all problems I could find, my GMail password had been changed on me and accessed from an IP in Canada. A few weeks ago my WoW account was compromised (confirmed by a customer service rep at blizz) which I "resolved" by getting the android's authenticator. I'm concerned about my security and identity as I access all my financial institutions from this computer. I fear changing the passwords to these sites would be ineffective if a trojan/keylogger remains.

So, question is, How do I know as best as possible that I am not infected?

Basically, I've used my standard Avast! Anti-virus software scans, and upon discovering something was amiss I used Spybot S&D, Malwarebytes, and the online ESET scans. Each one found a few things here and there but i did notice one entry of a keylogger and 2 entries of trojans.

I've also used hijackthis in an attempt to remove the "results.google-analytics.com" problem before I found the aforementioned resource but the only thing of consequence that I found was that there were over a dozen of "O23" services reported "file missing"

Stuff like this:

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

Currently running Win7 Ultimate x64
Software versions:
Avast!: Program - 5.0.677 / Definitions - 100928-1
Spybot S&D: Program - 1.6.2.46 / Definitions - Updated 9/22/10
Malwarebytes: Program - 1.46 / Database: 4713

Thanks for your time

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:14 PM

Posted 29 September 2010 - 04:20 PM

Were you using an easy password? Its possible they brute forced your password if it was easy. Easy passwords are ones that you can find in a dictionary or common names.

As for the file missing files in hijackthis, hijackthis is not good with listing services in Windows 7 and Vista. YOu should manually check to see if those files actually still exist as they are legitimate files.

#3 Putrid

Putrid
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 29 September 2010 - 05:00 PM

No, my passwords are strong somewhat random. None are the same. All my passwords contain letters and numbers, at least 1 capital and at least 1 symbol.

Yeah I had a feeling it was because it was Win7.

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:14 PM

Posted 29 September 2010 - 05:24 PM

Post a tcpview log and let's see if anything strange is running.

#5 Putrid

Putrid
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 29 September 2010 - 05:30 PM

Note: "phonymypc" is a legitimate remote management service i use to control my PC from my android.

[System Process] 0 TCP Alex-PC 12080 localhost 50705 TIME_WAIT
AvastSvc.exe 1424 TCP Alex-PC 12025 Alex-PC 0 LISTENING
AvastSvc.exe 1424 TCP Alex-PC 12080 Alex-PC 0 LISTENING
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost:50784 50784 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost:50733 50733 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50695 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost:50767 50767 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost:50779 50779 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50701 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50702 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50707 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50709 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50711 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50713 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50715 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50719 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50721 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50722 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50725 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50726 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50727 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50731 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50732 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50734 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50739 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50740 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50743 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50744 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50745 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50746 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50747 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50748 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50749 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50757 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50759 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50760 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50765 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50766 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost:50782 50782 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50768 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost 50775 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost:50693 50693 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost:50699 50699 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12080 localhost:50696 50696 ESTABLISHED
AvastSvc.exe 1424 TCP Alex-PC 12110 Alex-PC 0 LISTENING
AvastSvc.exe 1424 TCP Alex-PC 12119 Alex-PC 0 LISTENING
AvastSvc.exe 1424 TCP Alex-PC 12143 Alex-PC 0 LISTENING
AvastSvc.exe 1424 TCP Alex-PC 12465 Alex-PC 0 LISTENING
AvastSvc.exe 1424 TCP Alex-PC 12563 Alex-PC 0 LISTENING
AvastSvc.exe 1424 TCP Alex-PC 12993 Alex-PC 0 LISTENING
AvastSvc.exe 1424 TCP Alex-PC 12995 Alex-PC 0 LISTENING
AvastSvc.exe 1424 TCP alex-pc 50667 channel-12-17.01.snc6.tfbnw.net http ESTABLISHED 1 1,074 1 151
AvastSvc.exe 1424 TCP alex-pc 50694 www.bleepingcomputer.com http CLOSE_WAIT
AvastSvc.exe 1424 TCP alex-pc 50697 www.bleepingcomputer.com http CLOSE_WAIT
AvastSvc.exe 1424 TCP alex-pc 50698 www.bleepingcomputer.com http CLOSE_WAIT
AvastSvc.exe 1424 TCP alex-pc 50700 hades.bleepingcomputer.com http CLOSE_WAIT
AvastSvc.exe 1424 TCP alex-pc 50703 www.bleepingcomputer.com http CLOSE_WAIT
AvastSvc.exe 1424 TCP alex-pc 50704 www.bleepingcomputer.com http CLOSE_WAIT
AvastSvc.exe 1424 TCP alex-pc 50708 www.bleepingcomputer.com http CLOSE_WAIT
AvastSvc.exe 1424 TCP alex-pc 50710 vx-in-f101.1e100.net http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50712 iad04s01-in-f101.1e100.net http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50714 yo-in-f113.1e100.net http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50716 iad04s01-in-f104.1e100.net http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50720 207.46.16.252 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50723 209.107.222.122 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50724 209.107.222.122 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50728 209.107.222.131 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50729 209.107.222.131 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50730 209.107.222.131 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50735 206.33.41.126 http CLOSE_WAIT
AvastSvc.exe 1424 TCP alex-pc 50736 209.107.222.131 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50737 209.107.222.131 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50738 209.107.222.131 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50741 a204-2-179-64.deploy.akamaitechnologies.com http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50742 64.4.30.89 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50750 209.107.222.114 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50751 204.2.187.40 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50752 204.2.187.40 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50753 204.2.187.40 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50754 204.2.187.40 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50755 204.2.187.40 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50756 204.2.187.40 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50762 65.55.249.68 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50764 65.55.197.248 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50770 209.107.222.122 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50771 209.107.222.122 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50772 209.107.222.122 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50773 209.107.222.122 http ESTABLISHED
AvastSvc.exe 1424 TCP alex-pc 50780 cds61.iad9.msecn.net http CLOSE_WAIT
AvastSvc.exe 1424 TCP alex-pc 50785 209.107.222.112 http ESTABLISHED
chrome.exe 1104 TCP alex-pc 50602 iad04s01-in-f18.1e100.net https ESTABLISHED 3 1,891 1 380
chrome.exe 1104 TCP alex-pc 50604 iad04s01-in-f18.1e100.net https ESTABLISHED 2 1,688 6 617
chrome.exe 3144 TCP Alex-PC 50610 localhost 50609 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50666 localhost 12080 ESTABLISHED 1 1,074 2 201
chrome.exe 1104 TCP Alex-PC 50693 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50695 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50696 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50699 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50701 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50702 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50707 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50709 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50711 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50713 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50715 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50719 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50721 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50722 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50725 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50726 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50727 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50731 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50732 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50733 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50734 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50739 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50740 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50743 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50744 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50745 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50746 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50747 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50748 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50749 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50757 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50759 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50760 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50765 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50766 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50767 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50768 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50775 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50779 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50782 localhost 12080 ESTABLISHED
chrome.exe 1104 TCP Alex-PC 50784 localhost 12080 ESTABLISHED
CurseClient.exe 3416 TCP Alex-PC 49189 Alex-PC 0 LISTENING
CurseClient.exe 3416 UDP Alex-PC 49730 * *
googletalkplugin.exe 660 TCP Alex-PC 50609 Alex-PC 0 LISTENING
googletalkplugin.exe 660 TCP Alex-PC 50609 localhost 50610 ESTABLISHED
lsass.exe 604 TCP Alex-PC 49155 Alex-PC 0 LISTENING
lsass.exe 604 TCPV6 alex-pc 49155 alex-pc 0 LISTENING
Orb.exe 4428 TCP Alex-PC 954 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49173 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49174 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49179 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49180 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49182 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49183 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49185 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49185 localhost 49245 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49185 localhost 49268 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49186 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49190 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49191 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49193 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49194 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49196 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49196 localhost 49204 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49196 localhost 49205 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49196 localhost 49271 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49197 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49201 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49202 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49204 localhost 49196 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49205 localhost 49196 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49206 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49207 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49210 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49211 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49213 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49214 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49216 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49224 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49227 Alex-PC 0 LISTENING
Orb.exe 4428 TCP Alex-PC 49227 localhost 49241 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49227 localhost 49243 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49227 localhost 49255 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49227 localhost 49270 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49228 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49241 localhost 49227 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49242 localhost 29831 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49243 localhost 49227 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49245 localhost 49185 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49255 localhost 49227 ESTABLISHED
Orb.exe 4428 TCP Alex-PC 49268 localhost 49185 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 Alex-PC 0 LISTENING
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49167 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49168 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49170 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49174 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49177 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49180 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49183 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49186 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49191 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49194 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49197 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49202 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49207 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49211 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49214 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49216 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49224 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49228 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 29831 localhost 49242 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 49167 localhost 29831 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 49168 localhost 29831 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 49169 Alex-PC 0 LISTENING
OrbTray.exe 2244 TCP Alex-PC 49169 localhost 49181 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 49170 localhost 29831 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 49176 Alex-PC 0 LISTENING
OrbTray.exe 2244 TCP Alex-PC 49177 localhost 29831 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 49181 localhost 49169 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 49184 localhost 49172 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 49270 localhost 49227 ESTABLISHED
OrbTray.exe 2244 TCP Alex-PC 49271 localhost 49196 ESTABLISHED
OrbTray.exe 2244 TCP alex-pc 49274 cyb16.orb.com 85 ESTABLISHED 4 16 4 84
OrbTray.exe 2244 TCP Alex-PC 50520 Alex-PC 0 LISTENING
OrbTray.exe 2244 TCP Alex-PC 59134 Alex-PC 0 LISTENING
OrbTray.exe 2244 UDP Alex-PC ssdp * * 288 106,258
OrbTray.exe 2244 UDP Alex-PC ssdp * *
OrbTray.exe 2244 UDP Alex-PC 50520 * *
OrbTray.exe 2244 UDP Alex-PC 63356 * *
PhoneMyPC.exe 2416 TCP alex-pc 49232 henrietta.michelegalhardolinux.net https ESTABLISHED 1 25 2 50
PhoneMyPC.exe 2416 TCP Alex-PC 49300 Alex-PC 0 LISTENING
services.exe 580 TCP Alex-PC 49172 Alex-PC 0 LISTENING
services.exe 580 TCP Alex-PC 49172 localhost 49184 ESTABLISHED
services.exe 580 TCPV6 alex-pc 49172 alex-pc 0 LISTENING
sidebar.exe 3068 UDP Alex-PC 62871 * *
Steam.exe 2184 UDP Alex-PC 58051 * * 10 840 3 108
svchost.exe 868 TCP Alex-PC epmap Alex-PC 0 LISTENING
svchost.exe 936 TCP Alex-PC 49153 Alex-PC 0 LISTENING
svchost.exe 144 TCP Alex-PC 49154 Alex-PC 0 LISTENING
svchost.exe 144 UDP Alex-PC isakmp * *
svchost.exe 1956 UDP Alex-PC ssdp * * 224 64,809 292 2
svchost.exe 1956 UDP alex-pc ssdp * *
svchost.exe 1956 UDP Alex-PC ws-discovery * *
svchost.exe 1016 UDP Alex-PC ws-discovery * *
svchost.exe 1016 UDP Alex-PC ws-discovery * *
svchost.exe 1956 UDP Alex-PC ws-discovery * *
svchost.exe 144 UDP Alex-PC ipsec-msft * *
svchost.exe 1352 UDP Alex-PC llmnr * *
svchost.exe 1956 UDP Alex-PC 49266 * *
svchost.exe 1956 UDP alex-pc 60115 * *
svchost.exe 1956 UDP Alex-PC 60116 * *
svchost.exe 1016 UDP Alex-PC 60117 * *
svchost.exe 1016 UDP Alex-PC 60119 * *
svchost.exe 868 TCPV6 alex-pc epmap alex-pc 0 LISTENING
svchost.exe 5548 TCPV6 alex-pc 3587 alex-pc 0 LISTENING
svchost.exe 936 TCPV6 alex-pc 49153 alex-pc 0 LISTENING
svchost.exe 144 TCPV6 alex-pc 49154 alex-pc 0 LISTENING
svchost.exe 144 UDPV6 alex-pc 500 * *
svchost.exe 1956 UDPV6 [0:0:0:0:0:0:0:1] 1900 * *
svchost.exe 1956 UDPV6 [fe80:0:0:0:306f:926e:8b81:2176] 1900 * *
svchost.exe 5548 UDPV6 alex-pc 3540 * * 24 18,738 6,246 8
svchost.exe 1956 UDPV6 alex-pc 3702 * *
svchost.exe 1016 UDPV6 alex-pc 3702 * *
svchost.exe 1016 UDPV6 alex-pc 3702 * *
svchost.exe 1956 UDPV6 alex-pc 3702 * *
svchost.exe 144 UDPV6 alex-pc 4500 * *
svchost.exe 1352 UDPV6 alex-pc 5355 * *
svchost.exe 1956 UDPV6 alex-pc 49267 * *
svchost.exe 1956 UDPV6 [fe80:0:0:0:306f:926e:8b81:2176] 60113 * *
svchost.exe 1956 UDPV6 [0:0:0:0:0:0:0:1] 60114 * * 52 19,344
svchost.exe 1016 UDPV6 alex-pc 60118 * *
svchost.exe 1016 UDPV6 alex-pc 60120 * *
svchost.exe 1352 UDP Alex-PC 64420 * *
System 4 TCP alex-pc netbios-ssn Alex-PC 0 LISTENING
System 4 TCP Alex-PC microsoft-ds Alex-PC 0 LISTENING
System 4 TCP Alex-PC icslap Alex-PC 0 LISTENING
System 4 TCP Alex-PC wsd Alex-PC 0 LISTENING
System 4 TCP Alex-PC 10243 Alex-PC 0 LISTENING
System 4 UDP alex-pc netbios-ns * * 42 2,100 3 150
System 4 UDP alex-pc netbios-dgm * *
System 4 TCPV6 alex-pc microsoft-ds alex-pc 0 LISTENING
System 4 TCPV6 alex-pc icslap alex-pc 0 LISTENING
System 4 TCPV6 alex-pc wsd alex-pc 0 LISTENING
System 4 TCPV6 alex-pc 10243 alex-pc 0 LISTENING
uTorrent.exe 2632 TCP Alex-PC 10000 Alex-PC 0 LISTENING
uTorrent.exe 2632 TCP Alex-PC 54401 Alex-PC 0 LISTENING 17 547
uTorrent.exe 2632 UDP alex-pc ssdp * *
uTorrent.exe 2632 UDP Alex-PC 54401 * *
uTorrent.exe 2632 UDP alex-pc 64927 * *
uTorrent.exe 2632 TCP alex-pc 50792 203.99.175.179 58796 SYN_SENT
uTorrent.exe 2632 TCP alex-pc 50793 119.153.63.172 58796 SYN_SENT
uTorrent.exe 2632 TCP alex-pc 50794 117.201.4.113 47059 SYN_SENT
uTorrent.exe 2632 TCP alex-pc 50795 109.124.138.160 24925 SYN_SENT
uTorrent.exe 2632 TCP alex-pc 50796 65.30.186.174 11867 SYN_SENT
uTorrent.exe 2632 TCP alex-pc 50797 24.147.81.48 51413 SYN_SENT
uTorrent.exe 2632 TCP alex-pc 50798 24.49.122.199 16960 SYN_SENT
wininit.exe 520 TCP Alex-PC 49152 Alex-PC 0 LISTENING
wininit.exe 520 TCPV6 alex-pc 49152 alex-pc 0 LISTENING
wmplayer.exe 3528 UDP Alex-PC 58010 * *
wmpnetwk.exe 6068 TCP Alex-PC rtsp Alex-PC 0 LISTENING
wmpnetwk.exe 6068 UDP Alex-PC 5004 * *
wmpnetwk.exe 6068 UDP Alex-PC 5005 * *
wmpnetwk.exe 6068 TCPV6 alex-pc rtsp alex-pc 0 LISTENING
wmpnetwk.exe 6068 UDPV6 alex-pc 5004 * *
wmpnetwk.exe 6068 UDPV6 alex-pc 5005 * *

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:14 PM

Posted 29 September 2010 - 05:46 PM

Is CurseClient.exe this? http://www.curse.com/ Not sure why that needs to be listening on your machine.

Otherwise everything looks clean to me.

#7 Putrid

Putrid
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 29 September 2010 - 05:50 PM

Yes. By default it installs to startup and it will listen for updates to addons.

But cool! So I'm safe?

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,462 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:14 PM

Posted 29 September 2010 - 07:37 PM

From the limited view I have, it looks like it. Keyloggers can be insidious in the sense that they dont always listen on a particular port but rather only send the keystrokes to the remote location at certain intervals. If you are concerned that you are infected with a keylogger the best bet is to always reinstall.

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:14 AM

Posted 29 September 2010 - 11:30 PM

From the limited view I have, it looks like it. Keyloggers can be insidious in the sense that they dont always listen on a particular port but rather only send the keystrokes to the remote location at certain intervals. If you are concerned that you are infected with a keylogger the best bet is to always reinstall.



And to add to this, and make sure you change your passwords on everything you use online using a known secure computer or by using a Linux LiveCD to perform this task.

#10 Putrid

Putrid
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 29 September 2010 - 11:53 PM

From the limited view I have, it looks like it. Keyloggers can be insidious in the sense that they dont always listen on a particular port but rather only send the keystrokes to the remote location at certain intervals. If you are concerned that you are infected with a keylogger the best bet is to always reinstall.



And to add to this, and make sure you change your passwords on everything you use online using a known secure computer or by using a Linux LiveCD to perform this task.


I never thought to use my knoppix. Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users