Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Swellsearchsystem hijack & AV software disabled.


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Start, Run, cmd, OK

Type with an Enter after each line:

netstat  -an  >  \junk.txt
netstat  -rn  >>  \junk.txt
ping  -n  30  8.8.8.8  >>  \junk.txt
(The ping will take a minute or two to finish - just wait for the cursor to return.)
notepad  \junk.txt


Copy the text from notepad and paste it into a Reply.
  • 0

Advertisements


#17
amberleaf

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi


Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1266 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:1327 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1347 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:1350 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:1478 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1518 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12080 127.0.0.1:1266 ESTABLISHED
TCP 127.0.0.1:12080 127.0.0.1:1303 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1304 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1305 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1306 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1307 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1308 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1332 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1347 ESTABLISHED
TCP 127.0.0.1:12080 127.0.0.1:1350 ESTABLISHED
TCP 127.0.0.1:12080 127.0.0.1:1363 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1446 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1511 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1518 ESTABLISHED
TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12465 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12563 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12993 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12995 0.0.0.0:0 LISTENING
TCP 127.0.0.1:21534 0.0.0.0:0 LISTENING
TCP 127.0.0.1:22913 0.0.0.0:0 LISTENING
TCP 192.168.0.2:139 0.0.0.0:0 LISTENING
TCP 192.168.0.2:1032 168.161.242.104:443 CLOSE_WAIT
TCP 192.168.0.2:1033 168.161.242.104:443 CLOSE_WAIT
TCP 192.168.0.2:1171 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1192 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1194 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1198 209.85.143.120:80 TIME_WAIT
TCP 192.168.0.2:1217 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1247 209.85.147.101:80 TIME_WAIT
TCP 192.168.0.2:1262 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1268 74.125.230.156:80 ESTABLISHED
TCP 192.168.0.2:1272 88.221.88.72:80 TIME_WAIT
TCP 192.168.0.2:1276 209.85.147.101:80 TIME_WAIT
TCP 192.168.0.2:1289 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1290 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1291 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1292 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1296 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1301 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1318 209.85.169.95:80 TIME_WAIT
TCP 192.168.0.2:1319 209.85.169.95:80 TIME_WAIT
TCP 192.168.0.2:1341 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1344 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1351 88.221.88.67:80 TIME_WAIT
TCP 192.168.0.2:1355 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1358 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1359 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1361 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1366 88.221.216.65:80 TIME_WAIT
TCP 192.168.0.2:1373 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1374 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1375 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1376 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1377 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1378 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1381 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1382 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1386 74.125.230.154:443 TIME_WAIT
TCP 192.168.0.2:1387 74.125.230.154:443 TIME_WAIT
TCP 192.168.0.2:1390 195.59.44.42:80 TIME_WAIT
TCP 192.168.0.2:1391 195.59.44.42:80 TIME_WAIT
TCP 192.168.0.2:1395 69.171.242.39:80 TIME_WAIT
TCP 192.168.0.2:1400 88.221.88.25:80 TIME_WAIT
TCP 192.168.0.2:1405 88.221.88.25:80 TIME_WAIT
TCP 192.168.0.2:1420 92.123.75.18:80 TIME_WAIT
TCP 192.168.0.2:1436 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1438 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1450 209.85.169.104:80 TIME_WAIT
TCP 192.168.0.2:1467 209.85.169.106:80 TIME_WAIT
TCP 192.168.0.2:1469 209.85.169.105:80 TIME_WAIT
TCP 192.168.0.2:1494 204.145.81.68:80 LAST_ACK
TCP 192.168.0.2:1499 204.145.81.68:80 CLOSE_WAIT
TCP 192.168.0.2:1502 93.184.220.20:80 LAST_ACK
TCP 192.168.0.2:1506 204.145.81.68:80 LAST_ACK
TCP 192.168.0.2:1507 204.145.81.68:80 LAST_ACK
TCP 192.168.0.2:1508 204.145.81.68:80 LAST_ACK
TCP 192.168.0.2:1509 199.16.173.20:80 CLOSE_WAIT
TCP 192.168.0.2:1519 50.16.195.73:80 CLOSE_WAIT
TCP 192.168.0.2:1522 209.85.143.101:443 ESTABLISHED
TCP 192.168.0.2:1523 209.85.143.101:443 ESTABLISHED
TCP 192.168.0.2:1524 209.85.143.120:443 ESTABLISHED
TCP 192.168.0.2:1527 209.85.143.120:443 ESTABLISHED
TCP 192.168.0.2:1589 192.168.0.1:5000 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1039 *:*
UDP 127.0.0.1:1169 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.0.2:123 *:*
UDP 192.168.0.2:137 *:*
UDP 192.168.0.2:138 *:*
UDP 192.168.0.2:1900 *:*
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 01 6c 04 01 f0 ...... Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 10
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 10
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 10
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

Route Table


Pinging 8.8.8.8 with 32 bytes of data:



Reply from 8.8.8.8: bytes=32 time=394ms TTL=50

Reply from 8.8.8.8: bytes=32 time=362ms TTL=52

Reply from 8.8.8.8: bytes=32 time=364ms TTL=51

Reply from 8.8.8.8: bytes=32 time=409ms TTL=51

Reply from 8.8.8.8: bytes=32 time=402ms TTL=50

Reply from 8.8.8.8: bytes=32 time=403ms TTL=50

Reply from 8.8.8.8: bytes=32 time=448ms TTL=51

Reply from 8.8.8.8: bytes=32 time=336ms TTL=52

Reply from 8.8.8.8: bytes=32 time=340ms TTL=52

Reply from 8.8.8.8: bytes=32 time=368ms TTL=52

Reply from 8.8.8.8: bytes=32 time=409ms TTL=50

Reply from 8.8.8.8: bytes=32 time=367ms TTL=51

Reply from 8.8.8.8: bytes=32 time=302ms TTL=51

Reply from 8.8.8.8: bytes=32 time=295ms TTL=51

Reply from 8.8.8.8: bytes=32 time=301ms TTL=50

Reply from 8.8.8.8: bytes=32 time=291ms TTL=52

Reply from 8.8.8.8: bytes=32 time=330ms TTL=52

Reply from 8.8.8.8: bytes=32 time=293ms TTL=50

Reply from 8.8.8.8: bytes=32 time=278ms TTL=50

Reply from 8.8.8.8: bytes=32 time=245ms TTL=52

Reply from 8.8.8.8: bytes=32 time=285ms TTL=52

Reply from 8.8.8.8: bytes=32 time=261ms TTL=52

Reply from 8.8.8.8: bytes=32 time=244ms TTL=52

Reply from 8.8.8.8: bytes=32 time=246ms TTL=52

Reply from 8.8.8.8: bytes=32 time=302ms TTL=52

Reply from 8.8.8.8: bytes=32 time=283ms TTL=51

Reply from 8.8.8.8: bytes=32 time=261ms TTL=52

Reply from 8.8.8.8: bytes=32 time=225ms TTL=52

Reply from 8.8.8.8: bytes=32 time=246ms TTL=51

Reply from 8.8.8.8: bytes=32 time=257ms TTL=51



Ping statistics for 8.8.8.8:

Packets: Sent = 30, Received = 30, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 225ms, Maximum = 448ms, Average = 318ms

Thanks
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
I'm not seeing any strange connections. Just lots of Google.com. Ping times seem a bit long but 8.8.8.8 is in Mountain View California so on the other side of the world from you.

Since you are in the UK let's try a ping to a site that's closer to home. This one is f1.com which is supposed to be NW of Leeds.

Start, Run, cmd, OK

Type with an Enter after each line:

ping  -n  30  195.69.153.8  >>  \junk.txt
(The ping will take a minute or two to finish - just wait for the cursor to return.)
notepad  \junk.txt


Copy the text from notepad and paste it into a Reply.

You can download tcpview from:

http://live.sysinter...com/Tcpview.exe

Save it and Run it and it will show you who you are talking to. Next time you think there is a lot of unknown activity on your network, run it and do File, Save As (to your desktop) tcp.txt OK and it will put a file tcp.txt on your desktop. Copy and paste it to a reply.

Ron
  • 0

#19
amberleaf

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, similar ping times for that location


Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1266 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:1327 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1347 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:1350 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:1478 127.0.0.1:12080 TIME_WAIT
TCP 127.0.0.1:1518 127.0.0.1:12080 ESTABLISHED
TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12080 127.0.0.1:1266 ESTABLISHED
TCP 127.0.0.1:12080 127.0.0.1:1303 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1304 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1305 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1306 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1307 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1308 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1332 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1347 ESTABLISHED
TCP 127.0.0.1:12080 127.0.0.1:1350 ESTABLISHED
TCP 127.0.0.1:12080 127.0.0.1:1363 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1446 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1511 TIME_WAIT
TCP 127.0.0.1:12080 127.0.0.1:1518 ESTABLISHED
TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12465 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12563 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12993 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12995 0.0.0.0:0 LISTENING
TCP 127.0.0.1:21534 0.0.0.0:0 LISTENING
TCP 127.0.0.1:22913 0.0.0.0:0 LISTENING
TCP 192.168.0.2:139 0.0.0.0:0 LISTENING
TCP 192.168.0.2:1032 168.161.242.104:443 CLOSE_WAIT
TCP 192.168.0.2:1033 168.161.242.104:443 CLOSE_WAIT
TCP 192.168.0.2:1171 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1192 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1194 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1198 209.85.143.120:80 TIME_WAIT
TCP 192.168.0.2:1217 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1247 209.85.147.101:80 TIME_WAIT
TCP 192.168.0.2:1262 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1268 74.125.230.156:80 ESTABLISHED
TCP 192.168.0.2:1272 88.221.88.72:80 TIME_WAIT
TCP 192.168.0.2:1276 209.85.147.101:80 TIME_WAIT
TCP 192.168.0.2:1289 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1290 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1291 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1292 2.16.165.55:80 TIME_WAIT
TCP 192.168.0.2:1296 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1301 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1318 209.85.169.95:80 TIME_WAIT
TCP 192.168.0.2:1319 209.85.169.95:80 TIME_WAIT
TCP 192.168.0.2:1341 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1344 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1351 88.221.88.67:80 TIME_WAIT
TCP 192.168.0.2:1355 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1358 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1359 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1361 74.125.230.156:80 TIME_WAIT
TCP 192.168.0.2:1366 88.221.216.65:80 TIME_WAIT
TCP 192.168.0.2:1373 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1374 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1375 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1376 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1377 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1378 88.221.88.65:80 TIME_WAIT
TCP 192.168.0.2:1381 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1382 209.85.169.147:80 TIME_WAIT
TCP 192.168.0.2:1386 74.125.230.154:443 TIME_WAIT
TCP 192.168.0.2:1387 74.125.230.154:443 TIME_WAIT
TCP 192.168.0.2:1390 195.59.44.42:80 TIME_WAIT
TCP 192.168.0.2:1391 195.59.44.42:80 TIME_WAIT
TCP 192.168.0.2:1395 69.171.242.39:80 TIME_WAIT
TCP 192.168.0.2:1400 88.221.88.25:80 TIME_WAIT
TCP 192.168.0.2:1405 88.221.88.25:80 TIME_WAIT
TCP 192.168.0.2:1420 92.123.75.18:80 TIME_WAIT
TCP 192.168.0.2:1436 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1438 74.125.230.154:80 TIME_WAIT
TCP 192.168.0.2:1450 209.85.169.104:80 TIME_WAIT
TCP 192.168.0.2:1467 209.85.169.106:80 TIME_WAIT
TCP 192.168.0.2:1469 209.85.169.105:80 TIME_WAIT
TCP 192.168.0.2:1494 204.145.81.68:80 LAST_ACK
TCP 192.168.0.2:1499 204.145.81.68:80 CLOSE_WAIT
TCP 192.168.0.2:1502 93.184.220.20:80 LAST_ACK
TCP 192.168.0.2:1506 204.145.81.68:80 LAST_ACK
TCP 192.168.0.2:1507 204.145.81.68:80 LAST_ACK
TCP 192.168.0.2:1508 204.145.81.68:80 LAST_ACK
TCP 192.168.0.2:1509 199.16.173.20:80 CLOSE_WAIT
TCP 192.168.0.2:1519 50.16.195.73:80 CLOSE_WAIT
TCP 192.168.0.2:1522 209.85.143.101:443 ESTABLISHED
TCP 192.168.0.2:1523 209.85.143.101:443 ESTABLISHED
TCP 192.168.0.2:1524 209.85.143.120:443 ESTABLISHED
TCP 192.168.0.2:1527 209.85.143.120:443 ESTABLISHED
TCP 192.168.0.2:1589 192.168.0.1:5000 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1039 *:*
UDP 127.0.0.1:1169 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.0.2:123 *:*
UDP 192.168.0.2:137 *:*
UDP 192.168.0.2:138 *:*
UDP 192.168.0.2:1900 *:*
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 01 6c 04 01 f0 ...... Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.2 192.168.0.2 10
192.168.0.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.0.255 255.255.255.255 192.168.0.2 192.168.0.2 10
224.0.0.0 240.0.0.0 192.168.0.2 192.168.0.2 10
255.255.255.255 255.255.255.255 192.168.0.2 192.168.0.2 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None

Route Table


Pinging 8.8.8.8 with 32 bytes of data:



Reply from 8.8.8.8: bytes=32 time=394ms TTL=50

Reply from 8.8.8.8: bytes=32 time=362ms TTL=52

Reply from 8.8.8.8: bytes=32 time=364ms TTL=51

Reply from 8.8.8.8: bytes=32 time=409ms TTL=51

Reply from 8.8.8.8: bytes=32 time=402ms TTL=50

Reply from 8.8.8.8: bytes=32 time=403ms TTL=50

Reply from 8.8.8.8: bytes=32 time=448ms TTL=51

Reply from 8.8.8.8: bytes=32 time=336ms TTL=52

Reply from 8.8.8.8: bytes=32 time=340ms TTL=52

Reply from 8.8.8.8: bytes=32 time=368ms TTL=52

Reply from 8.8.8.8: bytes=32 time=409ms TTL=50

Reply from 8.8.8.8: bytes=32 time=367ms TTL=51

Reply from 8.8.8.8: bytes=32 time=302ms TTL=51

Reply from 8.8.8.8: bytes=32 time=295ms TTL=51

Reply from 8.8.8.8: bytes=32 time=301ms TTL=50

Reply from 8.8.8.8: bytes=32 time=291ms TTL=52

Reply from 8.8.8.8: bytes=32 time=330ms TTL=52

Reply from 8.8.8.8: bytes=32 time=293ms TTL=50

Reply from 8.8.8.8: bytes=32 time=278ms TTL=50

Reply from 8.8.8.8: bytes=32 time=245ms TTL=52

Reply from 8.8.8.8: bytes=32 time=285ms TTL=52

Reply from 8.8.8.8: bytes=32 time=261ms TTL=52

Reply from 8.8.8.8: bytes=32 time=244ms TTL=52

Reply from 8.8.8.8: bytes=32 time=246ms TTL=52

Reply from 8.8.8.8: bytes=32 time=302ms TTL=52

Reply from 8.8.8.8: bytes=32 time=283ms TTL=51

Reply from 8.8.8.8: bytes=32 time=261ms TTL=52

Reply from 8.8.8.8: bytes=32 time=225ms TTL=52

Reply from 8.8.8.8: bytes=32 time=246ms TTL=51

Reply from 8.8.8.8: bytes=32 time=257ms TTL=51



Ping statistics for 8.8.8.8:

Packets: Sent = 30, Received = 30, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 225ms, Maximum = 448ms, Average = 318ms



Pinging 195.69.153.8 with 32 bytes of data:



Reply from 195.69.153.8: bytes=32 time=347ms TTL=120

Reply from 195.69.153.8: bytes=32 time=281ms TTL=120

Reply from 195.69.153.8: bytes=32 time=300ms TTL=120

Reply from 195.69.153.8: bytes=32 time=292ms TTL=120

Reply from 195.69.153.8: bytes=32 time=245ms TTL=120

Reply from 195.69.153.8: bytes=32 time=248ms TTL=120

Reply from 195.69.153.8: bytes=32 time=269ms TTL=120

Reply from 195.69.153.8: bytes=32 time=431ms TTL=120

Reply from 195.69.153.8: bytes=32 time=444ms TTL=120

Reply from 195.69.153.8: bytes=32 time=390ms TTL=120

Reply from 195.69.153.8: bytes=32 time=433ms TTL=120

Reply from 195.69.153.8: bytes=32 time=468ms TTL=120

Reply from 195.69.153.8: bytes=32 time=338ms TTL=120

Reply from 195.69.153.8: bytes=32 time=385ms TTL=120

Reply from 195.69.153.8: bytes=32 time=366ms TTL=120

Reply from 195.69.153.8: bytes=32 time=397ms TTL=120

Reply from 195.69.153.8: bytes=32 time=392ms TTL=120

Reply from 195.69.153.8: bytes=32 time=261ms TTL=120

Reply from 195.69.153.8: bytes=32 time=253ms TTL=120

Reply from 195.69.153.8: bytes=32 time=306ms TTL=120

Reply from 195.69.153.8: bytes=32 time=230ms TTL=120

Reply from 195.69.153.8: bytes=32 time=208ms TTL=120

Reply from 195.69.153.8: bytes=32 time=171ms TTL=120

Reply from 195.69.153.8: bytes=32 time=260ms TTL=120

Reply from 195.69.153.8: bytes=32 time=254ms TTL=120

Reply from 195.69.153.8: bytes=32 time=277ms TTL=120

Reply from 195.69.153.8: bytes=32 time=256ms TTL=120

Reply from 195.69.153.8: bytes=32 time=277ms TTL=120

Reply from 195.69.153.8: bytes=32 time=254ms TTL=120

Reply from 195.69.153.8: bytes=32 time=259ms TTL=120



Ping statistics for 195.69.153.8:

Packets: Sent = 30, Received = 30, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 171ms, Maximum = 468ms, Average = 309ms


Internet icon shows something constantly streaming, the following log was saved when I had only IE open on this page

alg.exe 3176 TCP organiza-49caba 1030 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12143 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12465 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12993 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12563 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12110 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12025 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12080 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12995 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12119 organiza-49caba 0 LISTENING
BecHelperService.exe 1596 TCP organiza-49caba 22913 organiza-49caba 0 LISTENING
dcmsvc.exe 1508 TCP organiza-49caba 21534 organiza-49caba 0 LISTENING
iexplore.exe 4092 UDP organiza-49caba 1169 * * 1 1 1 1
lsass.exe 816 UDP organiza-49caba isakmp * *
lsass.exe 816 UDP organiza-49caba 4500 * *
svchost.exe 1156 TCP organiza-49caba epmap organiza-49caba 0 LISTENING
svchost.exe 1484 TCP organiza-49caba 2869 organiza-49caba 0 LISTENING
svchost.exe 1252 UDP organiza-49caba ntp * *
svchost.exe 1252 UDP organiza-49caba ntp * *
svchost.exe 1252 UDP organiza-49caba 1039 * *
svchost.exe 1484 UDP organiza-49caba 1900 * *
svchost.exe 1484 UDP organiza-49caba 1900 * *
svchost.exe 1252 TCP organiza-49caba 3325 192.168.0.1 5000 ESTABLISHED 6 3,874 6 3,299 3,874 3,299 6 6
svchost.exe 1252 TCP organiza-49caba 3326 192.168.0.1 5000 ESTABLISHED 6 3,874 5 2,724 3,874 2,724 6 5
svchost.exe 1252 TCP organiza-49caba 3327 192.168.0.1 5000 ESTABLISHED
System 4 TCP organiza-49caba microsoft-ds organiza-49caba 0 LISTENING
System 4 TCP organiza-49caba netbios-ssn organiza-49caba 0 LISTENING
System 4 UDP organiza-49caba netbios-ns * * 14 700 12 600
System 4 UDP organiza-49caba netbios-dgm * * 4 723 4
System 4 UDP organiza-49caba microsoft-ds * *
Warner Bros. Digital Copy Manager.exe 1620 TCP organiza-49caba 1032 168.161.242.104.wbol.warnerbros.com https CLOSE_WAIT
Warner Bros. Digital Copy Manager.exe 1620 TCP organiza-49caba 1033 168.161.242.104.wbol.warnerbros.com https CLOSE_WAIT
Thanks
  • 0

#20
amberleaf

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi

Ping statistics for 195.69.153.8:

Packets: Sent = 30, Received = 30, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 171ms, Maximum = 468ms, Average = 309ms



Pinging 195.69.153.8 with 32 bytes of data:



Reply from 195.69.153.8: bytes=32 time=722ms TTL=120

Reply from 195.69.153.8: bytes=32 time=734ms TTL=120

Reply from 195.69.153.8: bytes=32 time=687ms TTL=120

Reply from 195.69.153.8: bytes=32 time=699ms TTL=120

Reply from 195.69.153.8: bytes=32 time=655ms TTL=120

Reply from 195.69.153.8: bytes=32 time=700ms TTL=120

Reply from 195.69.153.8: bytes=32 time=645ms TTL=120

Reply from 195.69.153.8: bytes=32 time=839ms TTL=120

Reply from 195.69.153.8: bytes=32 time=914ms TTL=120

Reply from 195.69.153.8: bytes=32 time=837ms TTL=120

Reply from 195.69.153.8: bytes=32 time=903ms TTL=120

Reply from 195.69.153.8: bytes=32 time=833ms TTL=120

Reply from 195.69.153.8: bytes=32 time=811ms TTL=120

Reply from 195.69.153.8: bytes=32 time=773ms TTL=120

Reply from 195.69.153.8: bytes=32 time=699ms TTL=120

Reply from 195.69.153.8: bytes=32 time=712ms TTL=120

Reply from 195.69.153.8: bytes=32 time=663ms TTL=120

Reply from 195.69.153.8: bytes=32 time=672ms TTL=120

Reply from 195.69.153.8: bytes=32 time=704ms TTL=120

Reply from 195.69.153.8: bytes=32 time=772ms TTL=120

Reply from 195.69.153.8: bytes=32 time=799ms TTL=120

Reply from 195.69.153.8: bytes=32 time=778ms TTL=120

Reply from 195.69.153.8: bytes=32 time=892ms TTL=120

Reply from 195.69.153.8: bytes=32 time=929ms TTL=120

Reply from 195.69.153.8: bytes=32 time=841ms TTL=120

Reply from 195.69.153.8: bytes=32 time=791ms TTL=120

Reply from 195.69.153.8: bytes=32 time=792ms TTL=120

Reply from 195.69.153.8: bytes=32 time=776ms TTL=120

Reply from 195.69.153.8: bytes=32 time=773ms TTL=120

Reply from 195.69.153.8: bytes=32 time=804ms TTL=120



Ping statistics for 195.69.153.8:

Packets: Sent = 30, Received = 30, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 645ms, Maximum = 929ms, Average = 771ms


alg.exe 3176 TCP organiza-49caba 1030 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12143 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12465 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12993 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12563 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12110 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12025 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12080 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12995 organiza-49caba 0 LISTENING
AvastSvc.exe 1708 TCP organiza-49caba 12119 organiza-49caba 0 LISTENING
BecHelperService.exe 1596 TCP organiza-49caba 22913 organiza-49caba 0 LISTENING
dcmsvc.exe 1508 TCP organiza-49caba 21534 organiza-49caba 0 LISTENING
iexplore.exe 4092 UDP organiza-49caba 1169 * * 1 1 1 1
lsass.exe 816 UDP organiza-49caba isakmp * *
lsass.exe 816 UDP organiza-49caba 4500 * *
svchost.exe 1156 TCP organiza-49caba epmap organiza-49caba 0 LISTENING
svchost.exe 1484 TCP organiza-49caba 2869 organiza-49caba 0 LISTENING
svchost.exe 1252 UDP organiza-49caba ntp * *
svchost.exe 1252 UDP organiza-49caba ntp * *
svchost.exe 1252 UDP organiza-49caba 1039 * *
svchost.exe 1484 UDP organiza-49caba 1900 * *
svchost.exe 1484 UDP organiza-49caba 1900 * *
svchost.exe 1252 TCP organiza-49caba 3325 192.168.0.1 5000 ESTABLISHED 6 3,874 6 3,299 3,874 3,299 6 6
svchost.exe 1252 TCP organiza-49caba 3326 192.168.0.1 5000 ESTABLISHED 6 3,874 5 2,724 3,874 2,724 6 5
svchost.exe 1252 TCP organiza-49caba 3327 192.168.0.1 5000 ESTABLISHED
System 4 TCP organiza-49caba microsoft-ds organiza-49caba 0 LISTENING
System 4 TCP organiza-49caba netbios-ssn organiza-49caba 0 LISTENING
System 4 UDP organiza-49caba netbios-ns * * 14 700 12 600
System 4 UDP organiza-49caba netbios-dgm * * 4 723 4
System 4 UDP organiza-49caba microsoft-ds * *
Warner Bros. Digital Copy Manager.exe 1620 TCP organiza-49caba 1032 168.161.242.104.wbol.warnerbros.com https CLOSE_WAIT
Warner Bros. Digital Copy Manager.exe 1620 TCP organiza-49caba 1033 168.161.242.104.wbol.warnerbros.com https CLOSE_WAIT
Thanks
  • 0

#21
amberleaf

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Double posted the tcp.txt log sorry but the ping times are greater on the second run i did?
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Definitely something funny going on judging by the super long times in your ping but can't see what it is.
Right click on your clock and select Task Manager. There should be a tab for Networking. If you click on it and wait a while you will see a graph of your network traffic.
This should normally be close to zero unless you are doing something like surfing or downloading a program. If it is not near zero:

Let's Download save and Install the free version of Online Armor on the bottom of this page.

http://www.online-ar...m/downloads.php

It will block any traffic entering or leaving your PC without your permission. Be careful what you allow.

Before you let anything run check the Networking tab in Task Manager and see if allowing the connection causes the graph to go back up.

Ron
  • 0

#23
amberleaf

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Network usage is close to zero unless I am browsing etc

Installed Online Armour anyways

I have a constant inbound of 3.37 kbs & constant outbound of 3.98 kbs

Cants see anything in programs that looks suspicious though
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Since you get the activity with a browser. Try disabling all Add-ons. http://www.killertec...without-addons/ Do you still get the activity?

If it is still there then try rebooting into Safe Mode with Networking and see if you still get the constant network activity.


(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.)

Ron
  • 0

#25
amberleaf

amberleaf

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for your help Ron. Everything seems to be all clear now!

Cheers.
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 27 or 7 update 0). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP