My computer said it detected backdoor:win32/cycbot.b and said it was removed

K

kiuppo

New Member
However, my mouse keeps getting the spinning circle like it's processing something and I have some weird process running such as 3jnm9v7n and mmc104.exe. Here is a log of my Hijack this:

Code: 
Logfile of Trend Micro HijackThis v2.0.4

 
Scan saved at 8:30:01 AM, on 4/21/2011

 
Platform: Windows Vista SP2 (WinNT 6.00.1906)

 
MSIE: Internet Explorer v7.00 (7.00.6002.18005)

 
Boot mode: Normal

 
 

 
Running processes:

 
C:\Windows\system32\taskeng.exe

 
C:\Windows\system32\Dwm.exe

 
C:\Windows\Explorer.EXE

 
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

 
C:\WINDOWS\RtHDVCpl.exe

 
C:\WINDOWS\PixArt\Pac207\Monitor.exe

 
C:\Program Files\Common Files\Java\Java Update\jusched.exe

 
C:\WINDOWS\System32\hkcmd.exe

 
C:\WINDOWS\System32\igfxpers.exe

 
C:\Windows\system32\schtasks.exe

 
C:\Program Files\Windows Sidebar\sidebar.exe

 
C:\WINDOWS\ehome\ehtray.exe

 
C:\Program Files\Windows Media Player\wmpnscfg.exe

 
C:\Windows\system32\igfxsrvc.exe

 
C:\Windows\ehome\ehmsas.exe

 
C:\Program Files\Common Files\Java\Java Update\jucheck.exe

 
C:\Program Files\Mozilla Firefox\firefox.exe

 
C:\Program Files\Mozilla Firefox\plugin-container.exe

 
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

 
C:\Program Files\Java\jre6\bin\java.exe

 
C:\Users\Crystal\AppData\Local\Temp\3jnm9v7n.exe

 
C:\Users\Crystal\AppData\Roaming\Adobe\plugs\mmc104.exe

 
C:\Windows\system32\rundll32.exe

 
C:\Users\Crystal\AppData\Roaming\dwm.exe

 
C:\Users\Crystal\AppData\Local\Temp\csrss.exe

 
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 
C:\Users\Crystal\AppData\Roaming\Adobe\plugs\mmc104.exe

 
C:\Users\Crystal\AppData\Roaming\Adobe\plugs\mmc104.exe

 
C:\Users\Crystal\AppData\Roaming\Adobe\plugs\mmc104.exe

 
C:\Users\Crystal\AppData\Roaming\Adobe\plugs\mmc104.exe

 
 

 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/URL]

 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]

 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]

 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop"]AOL.com - Welcome to AOL[/URL]

 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet 
Settings,ProxyServer = http=127.0.0.1:63899

 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet 
Settings,ProxyOverride = *.local

 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

 
F3 - REG:win.ini: load=C:\Users\Crystal\AppData\Local\Temp\csrss.exe

 
O1 - Hosts: ::1 localhost

 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 
O2 - BHO: Adobe PDF Reader Link Helper - 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common 
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

 
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - 
C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL

 
O2 - BHO: Spybot-S&D IE Protection - 
{53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - 
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program 
Files\Java\jre6\bin\jp2ssv.dll

 
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows 
Defender\MSASCui.exe -hide


 
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen 
OSD Indicator\OSD.exe"

 
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

 
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

 
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common 
Files\Java\Java Update\jusched.exe"

 
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

 
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

 
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program 
Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

 
O4 - HKLM\..\Run: [conhost] 
C:\Users\Crystal\AppData\Roaming\Microsoft\conhost.exe

 
O4 - HKLM\..\Run: [Ddecimogudo] rundll32.exe 
"C:\Users\Crystal\AppData\Local\ivizevax.dll",Startup

 
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

 
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe 
/autoRun

 
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe 
oobefldr.dll,ShowWelcomeCenter

 
O4 - HKCU\..\Run: [Google Update] 
"C:\Users\Crystal\AppData\Local\Google\Update\GoogleUpdate.exe" /c

 
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

 
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media 
Player\WMPNSCFG.exe

 
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common 
Files\Adobe\Updater5\AdobeUpdater.exe"

 
O4 - HKCU\..\Run: [Wzetilowadila] rundll32.exe  
"C:\Users\Crystal\AppData\Local\tbrtui.dll",Startup

 
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] 
C:\Windows\system32\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin

 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows 
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

 
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe 
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows 
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

 
O8 - Extra context menu item: Add to Google Photos Screensa&ver - 
res://C:\Windows\system32\GPhotos.scr/200

 
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - 
C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - 
C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - 
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

 
O22 - SharedTaskScheduler: Component Categories cache daemon - 
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

 
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program 
Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

 
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common 
Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

 
O23 - Service: Bonjour Service - Apple Inc. - C:\Program 
Files\Bonjour\mDNSResponder.exe

 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program 
Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program 
Files\Hewlett-Packard\HP Health Check\hphc_service.exe

 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision 
Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 
32\IDriverT.exe

 
O23 - Service: iPod Service - Apple Inc. - C:\Program 
Files\iPod\bin\iPodService.exe

 
O23 - Service: LightScribeService Direct Disc Labeling Service 
(LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common 
Files\LightScribe\LSSrvc.exe

 
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common 
Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

 
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer 
Networking Ltd. - C:\Program Files\Spybot - Search & 
Destroy\SDWinSec.exe

 
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program 
Files\Common Files\SureThing Shared\stllssvr.exe

 
O23 - Service: XAudioService - Conexant Systems, Inc. - 
C:\Windows\system32\DRIVERS\xaudio.exe

 
 

 
--

 
End of file - 7730 bytes

I don't know what this means, any help is appreciated, computer seems to be getting slower and slower
 
Last edited by a moderator:

My Computer

System One

Could 023 Arcsoft Daemon be the culprit?
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilon Elite
    CPU
    Intel(R)Core(TM)2 Quad CPU [email protected]
    Motherboard
    ASUS eK Berkeley
    Memory
    4GB
    Monitor(s) Displays
    HP w2408 Vivid Color Widescreen LCD
    Cooling
    That's where I keep my beer
    Keyboard
    MS WIRELESS
    Mouse
    MS WIRELESS
    Internet Speed
    AT&T Uverse DSL
Not sure....any idea what the heck process "C:\Users\Crystal\AppData\Local\Temp\3jnm9v7n.exe" is? I can't find any information when I type it into google.
 

My Computer

System One

Couldn't find anything real quick but it looks like a TEMP file.
Run MBAM scan then SuperSpywareAntivirus scan.
Then post you findings.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilon Elite
    CPU
    Intel(R)Core(TM)2 Quad CPU [email protected]
    Motherboard
    ASUS eK Berkeley
    Memory
    4GB
    Monitor(s) Displays
    HP w2408 Vivid Color Widescreen LCD
    Cooling
    That's where I keep my beer
    Keyboard
    MS WIRELESS
    Mouse
    MS WIRELESS
    Internet Speed
    AT&T Uverse DSL
C:\Users\Crystal\AppData\Local\Temp\3jnm9v7n.exe

this is undoubtedly causing at least one of your problems. If you are the former drummer from the Band "The Mess" you should give the former Bass player a call! I can help you!
 

My Computer

System One

This is a backdoor Bot ... Local\Temp\csrss.exe, which is a password and critical identity thief. :(

Download ATF Cleaner Welcome to the Frontpage - www.atribune.org
Click "Main" > check 'select all' (except "Prefetch") this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.
Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".

Now,
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop. Right click and run as Administrator. Your computer will reboot/restart itself.

Next, download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.50.1.1100 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
 

My Computer

System One

  • Manufacturer/Model
    Bruce ... somewhere in his 40's
    CPU
    Intel(R) Core(TM)2 Quad CPU
    Motherboard
    INTEL/D975XBX2
    Memory
    4 GB
    Graphics Card(s)
    ATI Radeon HD 2600 Pro
    Monitor(s) Displays
    Samsung SyncMaster 914v
    Screen Resolution
    1280 x 1024
    Hard Drives
    2/500GB each ... ST3500630AS ATA Device.
    One is not connected
    PSU
    Rocketfish 700 W
    Case
    G.Skill Gigabyte Chassis
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    Microsoft PS/2 Mouse
    Internet Speed
    DSL
    Other Info
    ATI HDMI Audio
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Database version: 6415

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

4/21/2011 3:24:10 PM
mbam-log-2011-04-21 (15-24-10).txt

Scan type: Quick scan
Objects scanned: 177355
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Crystal\AppData\Local\ivizevax.dll (Trojan.Agent.U) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ddecimogudo (Trojan.Agent.U) -> Value: Ddecimogudo -> Delete on reboot.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\Crystal\AppData\Roaming\windows system defender (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Crystal\downloads\mywebfacesetup2.3.50.45.grfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Crystal\local settings\application data\tbrtui.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Crystal\AppData\Roaming\Adobe\plugs\mmc104.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Crystal\AppData\Local\ivizevax.dll (Trojan.Agent.U) -> Delete on reboot.
c:\Users\Crystal\AppData\Roaming\windows system defender\cookies.sqlite (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.





This is what I get when doing a netstat -an

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Crystal>
C:\Users\Crystal>netstat -an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5938 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49162 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5939 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5939 127.0.0.1:49165 ESTABLISHED
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49157 127.0.0.1:49158 ESTABLISHED
TCP 127.0.0.1:49158 127.0.0.1:49157 ESTABLISHED
TCP 127.0.0.1:49163 127.0.0.1:49164 ESTABLISHED
TCP 127.0.0.1:49164 127.0.0.1:49163 ESTABLISHED
TCP 127.0.0.1:49165 127.0.0.1:5939 ESTABLISHED
TCP 127.0.0.1:49170 127.0.0.1:49171 ESTABLISHED
TCP 127.0.0.1:49171 127.0.0.1:49170 ESTABLISHED
TCP 127.0.0.1:49172 127.0.0.1:49173 ESTABLISHED
TCP 127.0.0.1:49173 127.0.0.1:49172 ESTABLISHED
TCP 192.168.1.3:139 0.0.0.0:0 LISTENING
TCP 192.168.1.3:49168 188.120.246.231:5938 ESTABLISHED
TCP 192.168.1.3:49258 74.125.115.106:80 ESTABLISHED
TCP 192.168.1.3:49279 74.125.224.187:80 TIME_WAIT
TCP 192.168.1.3:49292 174.76.227.42:80 ESTABLISHED
TCP 192.168.1.3:49297 98.158.194.154:80 TIME_WAIT
TCP 192.168.1.3:49298 98.158.194.154:80 TIME_WAIT
TCP 192.168.1.3:49299 98.158.194.154:80 TIME_WAIT
TCP 192.168.1.3:49300 98.158.194.154:80 TIME_WAIT
TCP 192.168.1.3:49301 98.158.194.154:80 TIME_WAIT
TCP 192.168.1.3:49302 98.158.194.154:80 TIME_WAIT
TCP 192.168.1.3:49311 98.158.194.154:80 TIME_WAIT
TCP 192.168.1.3:49312 98.158.194.154:80 TIME_WAIT
TCP 192.168.1.3:49314 174.76.228.17:80 TIME_WAIT
TCP 192.168.1.3:49316 98.158.194.195:80 TIME_WAIT
TCP 192.168.1.3:49318 208.71.123.131:80 TIME_WAIT
TCP 192.168.1.3:49320 208.71.123.1:80 ESTABLISHED
TCP 192.168.1.3:49321 74.125.224.187:80 TIME_WAIT
TCP 192.168.1.3:49324 98.158.195.187:80 TIME_WAIT
TCP 192.168.1.3:49325 74.125.224.202:80 TIME_WAIT
TCP 192.168.1.3:49327 98.174.31.160:80 TIME_WAIT
TCP 192.168.1.3:49329 98.174.31.160:80 TIME_WAIT
TCP 192.168.1.3:49334 95.211.100.72:80 TIME_WAIT
TCP 192.168.1.3:49335 95.211.100.72:80 TIME_WAIT
TCP 192.168.1.3:49336 173.239.65.21:80 TIME_WAIT
TCP 192.168.1.3:49338 173.239.65.40:80 TIME_WAIT
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49156 [::]:0 LISTENING
TCP [::]:49162 [::]:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:49152 *:*
UDP 0.0.0.0:49154 *:*
UDP 0.0.0.0:53935 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:52953 *:*
UDP 127.0.0.1:57822 *:*
UDP 192.168.1.3:137 *:*
UDP 192.168.1.3:138 *:*
UDP 192.168.1.3:1900 *:*
UDP 192.168.1.3:5353 *:*
UDP 192.168.1.3:57821 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5355 *:*
UDP [::]:49153 *:*
UDP [::]:49155 *:*
UDP [::1]:1900 *:*
UDP [::1]:57819 *:*
UDP [fe80::101e:16d4:3f57:fefc%9]:1900 *:*
UDP [fe80::101e:16d4:3f57:fefc%9]:57820 *:*
UDP [fe80::a104:e9bb:f0c3:ff2c%13]:546 *:*
UDP [fe80::a104:e9bb:f0c3:ff2c%13]:1900 *:*
UDP [fe80::a104:e9bb:f0c3:ff2c%13]:57817 *:*
UDP [fe80::f09c:9874:8a33:42a9%8]:1900 *:*
UDP [fe80::f09c:9874:8a33:42a9%8]:57818 *:*

C:\Users\Crystal>
 

My Computer

System One

Did you put the bugs in QUARANTINE?
Now rung SAS...SuperAntivirusSpyware and see what it tells you.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilon Elite
    CPU
    Intel(R)Core(TM)2 Quad CPU [email protected]
    Motherboard
    ASUS eK Berkeley
    Memory
    4GB
    Monitor(s) Displays
    HP w2408 Vivid Color Widescreen LCD
    Cooling
    That's where I keep my beer
    Keyboard
    MS WIRELESS
    Mouse
    MS WIRELESS
    Internet Speed
    AT&T Uverse DSL
You must log in or register to reply here.
Back
Top