How to remove Side-By-Side remote Config

March 20, 2011 at 13:48:46
Specs: Windows 64
Can Someone please expain what remote technology is being used in a "Side BY Side" configuration, and what is the purpose of installing a virus protection and malware removal if it makes exceptions for the MALICIOUS jerk that keeps remote administering to my MACHINE.

Please explain how in the world it got on my PERSONAL PC. AND WHY!!! HOW TO FIX IT AND EXPLAIN HOW TO STOP IT!!

I am NOT SUPPOSED TO BE ON a DOMAIN

...but I am a REMOTE download from HELL. A NETBIOS PC ...one would think that would be easy enough to trace ...but I am remoted from a NASTY LOSER and COWARD from HELL THAT HAS TAKEN AWAY ALL OF MY CONTROLS AND ABILITIES FOR FEAR OF GETTING CAUGHT ...BECAUSE IT TURNED OUT I HAD A PRETTY GOOD BRAIN!!! THIS IS SO SICK AND NOT FAIR ....SINCE IT IS MY PC THAT THEY PURPOSELY CRASH and it is NOT FUNNY it IS SAD!!

PLEASE HELP!

For the last three years, My resumes gone now-where, I apparently applied to "Fake" jobs and companies, and to make matters worse, Aside from MY LADDER money they pocketed, and my other online accounts they screwed up,

They took my account off J-DATE, and Pretended that the SIRANO corp was part of that corporation... When it is JDATE is clearly a subsiderary of Match.com.

This is a STALKING NIGHTMARE that shows NO sign of Stopping themselves. They have made it impossible for me to use technology, get a new job and to even get a date. EVERYTHING IS DONE ON-LINE ...this is CRUEL, MALICIOUS and MEAN.

THIS STALKER is SICK and NEEDS to be relinquished from having the ability to INTERFERE in SOMEONE's LIFE LIKE THAT.

THE LOSS of My Civil Rights and Civil Liberties in itself is GROSS NEGLIGENCE. THIS STALKING NASTY FELON NEEDS TO FEEL WHAT THEY MADE ME FEEL FOR THE LAST DECADE of my LIFE ....the VIOLATION, HUMILIATION and LOSS OF PERSON PROPERTY is desqusting , but to continue when there is NOTHING left to STEAL is pouring salt on a wound. THIS JERK NEEDS to be TAUGHT a lesson in PROPER RESPECT and ETTIQUETTE for privacy and LIFE!!!
Thanks to their thread ..and sniffer, I am broke, no job and FRUSTRATED.

IF ANYONE has ANY AMOUNT OF CONSCIOUS or Moral FIBER ...PLEASE HELP ME PUT THIS NIGHTMARE TO REST.

I FOUND THE SNIFFER, the CIPHER and the EIGHT to FOURTEEN OR MORE servers that it is on ...how do I remove it????

BELOW ARE JUST A FEW OF THE SERVERS THAT THE TRACE FROM THE WINS RESOLUTION.


FROM the MIT and CALTECH servers, to the 131.107.255.255 msft.net to the MIcrosoft maintence server, the redmond washington, the IAS server, THE IIS ACCOUNTING server, the GEO 244 ...that is the PHILLIPPINES and A FEW OTHERS including the 169, ... that is the msn, and the 157 netblock, of course the nt202 dev comcast router and MORE!!


...THIS IS THE OLE, OUTLOOK EXPRESS MICROSOFT 1033 TEST TECHNOLOGY NETWORK IN COMBINATION WITH THE MOZZILLA OPEN SOURCE THUNDERBIRD BAT PROJECT!

ANY IDEAS would BE GREATLY APPRECIATED. I HAVE LOST TOO MUCH TIME and ALL OF MY MONEY ....including my 401kS AND BANK ACCOUNTS FOR TOO LONG!!

THANK YOU FOR YOUR HELP.
AND the PFIREwall logs allow the 172 net block tcp and udp ports in! ...WHO OWNS the 172 netblock??

AND one more question ...the time stamp root fake cert ...if it says 2008 or even 1993 that correlates to a real person ...how do we cut that user off?????

THANK YOU AGAIN.

HONEST M!


See More: How to remove Side-By-Side remote Config

Report •


#1
March 20, 2011 at 14:01:45
I was going to tell you how to disjoin the PC from the domain & to run hijack this but after I read that your money was stolen, I suggest that you take the machine to the FBI.

How do you know when a politician is lying? His mouth is moving.


Report •

#2
March 20, 2011 at 14:16:48
Been there done that ....they don't give a crap about me or my Money ...I don't have enough to for them to care and Truthfully, they don't have the software or man-power to give a crap. I tried to physically bring them eight different hard drives as well as snap shots the remote install, but That didn't work. Someone needs a serious talking to up there about TAX PAYING CITIZENS and their CIVIL RIGHTS and LIBERTIES. I even got the ASST ATTORNEY GENERAL's HEAD COMPUTER CRIME GUY's Support, He supported me, But by then I was too busy trying to survive the Poverty Nightmare and Not lose my animals.

The LOCAL POLICE won't touch it ...no collars nothing in it for them!

I LOST EVERYTHING, THERE IS NO JUSTICE for ME, I just want this NIGHTMARE TO BE OVER and MY PRIVACY AND LIFE BACK ...your suggestions would be helpful. I just need a job and my bank account back. Feel free to Track the MALICIOUS REMOTE ADMIN and Teach them NOT to hurt innocent people!!


Report •

#3
March 20, 2011 at 15:01:14
HELP I am IN HELL ...that malicious USER migrated back in ...and NOW I am receiving the Can't open the ACCESS CONTROL EDITOR ERROR and the fake your not logged in as an administrator ...THE WORST PART IS, I AM ON A REMOTE DESKTOP somewhere and the FELONY USER IS USING THE MNMSVC pc anywhere terminal. Where is that terminal physically located ...I am at the POINT where I want either an IMPLOSION, an EXPLOSION, or SOME SORT OF GLOBAL CATASTROPHIE to hit WHERE_EVER that actually terminal is physically located, and for the user to be ELECTROCUTED!!! I AM THAT FRUSTRATED!! THIS IS MY LIFE AND my PC ...CAN SOMEONE PLEASE HELP AND DISLODGE THIS FELONY PRICK FROM MY PC NOW!! I HAVE A RESUME TO GET OUT, AN APPLICATION TO GET SUBMITTED AND WITHOUT BEING ABLE TO INSTALL MY PRINTER, AND THE NECESSARY SOFTWARE IT IS THE SAME AS STEALING FROM ME ...AGAIN ...

I WAS SUPPOSED TO HAVE THE APPLICATION IN FRIDAY, BUT THE FELONY PRICK ATTACHED THOUGHT IT WAS FUNNY ON FRIDAY TO KEEP CRASHING AND NOT ALLOW ME TO INSTALL THE PRINTER AND SOFTWARE. THIS PERSON NEEDS A LESSON IN RIGHT WRONG AND TOO-FAR ...THEY HAVE GONE TOOOOO FARRR!!!

I AM BEGGING FOR SOMEONE WITH THE CONTROLS THEY TOOK FROM ME TO DISLODGE AND TEACH THEM TO DIFFERENCE IN RIGHT AND WRONG. I AM POSTING THE IPV6 CLOUD FELON AND USER ALONG WITH THE GATEWAY ...PLEASE MAKE SURE THAT THEY REALIZE THEIR NASTINESS!!

...and that is how Advanced my skill set is ....anyone want to hire me??? CHECK THIS OUT!!

There NETBIOS computer NAME IS WIN-DC2CHJ022HP
their Encoded URL: Connection-specific DNS Suffix: hsd1.va.comcast.net

THEIR IPV6 Link-local IPv6 Address: fe80::1dfe:5047:ccf7:9925%11
ROUTER: 192.168.1.1
IPv4 DHCP Server: 192.168.1.1
AND THE GATEWAY

IPv4 DNS Servers: 68.87.73.246, 68.87.71.230
IF any IDEAS ....please help!!!!
NetBIOS over Tcpip Enabled: Yes


Report •

Related Solutions

#4
March 20, 2011 at 15:17:25
Run hijack this & post the log. Turn off the caps lock while you're there.

From a command prompt, run netstat -an & post that too.

How do you know when a politician is lying? His mouth is moving.


Report •

#5
March 20, 2011 at 19:21:00
where do I get hijak this and ...I need to find a working scanner driver for an mp160 pixma from canon!! The one I keep getting is being rescripted. MY NETSTAT FROM earlier today is SICK and so is my NETSH dump!

I will past them both below! damn ... MY netstat has been downgraded from the THIRD SHIFT!!! AGAIN!
Earlier today: I do them alot! It sucks to be this Advanced and BE THIS DESTROYED and VIOLATED.
Proto Local Address Foreign Address State
TCP 192.168.1.100:51462 64.4.30.89:http ESTABLISHED
TCP 192.168.1.100:51465 microsoft:http TIME_WAIT
TCP 192.168.1.100:51466 wwwco2vip:http ESTABLISHED
TCP 192.168.1.100:51467 wwwco2vip:http ESTABLISHED
TCP 192.168.1.100:51469 wwwco2vip:http ESTABLISHED
TCP 192.168.1.100:51470 wwwco2vip:http ESTABLISHED
TCP 192.168.1.100:51471 origin-codecs:http ESTABLISHED
TCP 192.168.1.100:51472 65.55.57.251:http ESTABLISHED
TCP 192.168.1.100:51473 199.3.115.75:http TIME_WAIT
TCP 192.168.1.100:51474 a184-84-220-73:http ESTABLISHED
TCP 192.168.1.100:51477 microsoft:http TIME_WAIT
TCP 192.168.1.100:51481 216.66.31.114:http ESTABLISHED
TCP 192.168.1.100:51483 microsoft:http TIME_WAIT
TCP 192.168.1.100:51486 199.3.115.58:http ESTABLISHED
TCP 192.168.1.100:51487 mail1c:http TIME_WAIT

now and it is still blinking\
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:49213 2SCOOPS-PC:49214 ESTABLISHED
TCP 127.0.0.1:49214 2SCOOPS-PC:49213 ESTABLISHED
TCP 127.0.0.1:49216 2SCOOPS-PC:49217 ESTABLISHED
TCP 127.0.0.1:49217 2SCOOPS-PC:49216 ESTABLISHED
TCP 192.168.1.100:49849 64.212.44.73:http TIME_WAIT
TCP 192.168.1.100:49854 a184-86-50-77:http TIME_WAIT
And my WINSICK ,,,PUN INTENDED:

# ----------------------------------
# ISATAP Configuration
# ----------------------------------
pushd interface isatap

popd
# End of ISATAP configuration


\#========================
\# Port Proxy configuration
\#========================
pushd interface portproxy

reset


popd

# End of Port Proxy configuration

# ----------------------------------
# TCP Configuration
# ----------------------------------
pushd interface tcp

reset

set global rss=enabled chimney=disabled autotuninglevel=normal congestionprovide
r=none ecncapability=disabled timestamps=disabled


popd
# End of TCP configuration

# ----------------------------------
# Teredo Configuration
# ----------------------------------
pushd interface teredo
set state servername=teredo.ipv6.microsoft.com.

popd
# End of Teredo configuration

# ----------------------------------
# 6to4 Configuration
# ----------------------------------
pushd interface 6to4

reset

popd
# End of 6to4 configuration


# ------------------------------------
# Bridge configuration (not supported)
# ------------------------------------

# ------------------------------------
# End of Bridge configuration
# ------------------------------------

# ----------------------------------------
# Wired LAN Configuration
# ----------------------------------------
pushd lan


popd

# End of Wired LAN Configuration.


# ==========================================================
# Health Registration Authority configuration
# ==========================================================
pushd nap hra

popd
# End of NAP HRA configuration

# ==========================================================
# Network Access Protection client configuration
# ==========================================================
pushd nap client

# ----------------------------------------------------------
# Trusted server group configuration
# ----------------------------------------------------------

reset trustedservergroup

# ----------------------------------------------------------
# Cryptographic service provider (CSP) configuration
# ----------------------------------------------------------

set csp name = "Microsoft RSA SChannel Cryptographic Provider" keylength = "2048
"

# ----------------------------------------------------------
# Hash algorithm configuration
# ----------------------------------------------------------

set hash oid = "1.3.14.3.2.29"

# ----------------------------------------------------------
# Enforcement configuration
# ----------------------------------------------------------

set enforcement id = "79617" admin = "disable" id = "79618" admin = "disable" id
= "79619" admin = "disable" id = "79621" admin = "disable" id = "79623" admin =
"disable"
# ----------------------------------------------------------
# Tracing configuration
# ----------------------------------------------------------

set tracing state = "disable" level = "basic"

# ----------------------------------------------------------
# User interface configuration
# ----------------------------------------------------------

reset userinterface

popd
# End of NAP client configuration


# -----------------------------------------
# Remote Access Configuration
# -----------------------------------------
pushd ras

set authmode mode = standard
delete authtype type = PAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAPv2
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP
set conf confstate = disabled
set type ipv4rtrtype = lananddd ipv6rtrtype = none rastype = ipv4

set user name = 2 SCOOPS dialin = policy cbpolicy = none
set user name = Administrator dialin = policy cbpolicy = none
set user name = Guest dialin = policy cbpolicy = none


popd

# End of Remote Access configuration.


# -----------------------------------------
# Remote Access Diagnostics Configuration
# -----------------------------------------
pushd ras diagnostics

set rastracing component = * state = disabled

set modemtracing state = disabled

set cmtracing state = disabled

set securityeventlog state = disabled

set loglevel events = warn


popd

# End of Remote Access Diagnostics Configuration.


# -----------------------------------------
# Remote Access IPv6 Configuration
# -----------------------------------------
pushd ras ipv6

set negotiation mode = allow
set access mode = all

popd

# End of Remote Access IPv6 configuration.

# -----------------------------------------
# Remote Access AAAA Configuration
# -----------------------------------------
pushd ras aaaa


popd

# End of Remote Access AAAA configuration.


# -----------------------------------------
# WinHTTP Proxy Configuration
# -----------------------------------------
pushd winhttp

reset proxy

popd

# End of WinHTTP Proxy Configuration

# ----------------------------------------
# Wireless LAN Configuration
# ----------------------------------------
pushd wlan

# Allow filter list
# ----------------------------------------


# Block filter list
# ----------------------------------------


popd
# End of Wireless LAN Configuration

C:\Windows\system32>netsh show helper
Helper GUID DLL Filename Command
-------------------------------------- ------------ -------
{02BC1F81-D927-4EC5-8CBC-8DD65E3E38E8} AUTHFWCFG.DLL advfirewall
{FB10CBCA-5430-46CE-B732-079B4E23BE24} AUTHFWCFG.DLL consec
{35342B49-83B4-4FCC-A90D-278533D5BEA2} AUTHFWCFG.DLL firewall
{4D0FEFCB-8C3E-4CDE-B39B-325933727297} AUTHFWCFG.DLL monitor
{00770721-44EA-11D5-93BA-00B0D022DD1F} HNETMON.DLL bridge
{6DC31EC5-3583-4901-9E28-37C28113656A} DHCPCMONITOR.DLL dhcpclient
{8B3A0D7F-1F30-4402-B753-C4B2C7607C97} FWCFG.DLL firewall
{44F3288B-DBFF-4B31-A86E-633F50D706B3} NSHHTTP.DLL http
{0705ECA1-7AAC-11D2-89DC-006008B0E5B9} IFMON.DLL interface
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL 6to4
{725588AC-7A11-4220-A121-C92C915E8B73} NETIOHLP.DLL ipv4
{500F32FD-7064-476B-8FD6-2171EA46428F} NETIOHLP.DLL ipv6
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D} NETIOHLP.DLL 6to4
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D} NETIOHLP.DLL isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL portproxy
{78197B47-2BEF-49CA-ACEB-D8816371BAA8} NETIOHLP.DLL tcp
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL teredo
{F7E0BC27-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL ipsec
{F7E0BC29-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL dynamic
{F7E0BC28-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL static
{1D8240C7-48B9-47CC-9E40-4F7A0A390E71} DOT3CFG.DLL lan
{00B399EA-447F-4B19-8393-F9D71D7760F9} NAPMONTR.DLL nap
{3F8A1180-FF5D-4B5B-934C-D08DFFBC9CBC} NAPMONTR.DLL client
{B123BAAA-79E9-49FD-AB2C-E87C56CE4CFF} NAPMONTR.DLL hra
{931852E2-597D-40B9-B927-55FFC81A6104} NETIOHLP.DLL netio
{0705ECA2-7AAC-11D2-89DC-006008B0E5B9} RASMONTR.DLL ras
{42E3CC21-098C-11D3-8C4D-00104BCA495B} RASMONTR.DLL aaaa
{90FE6CFC-B6A2-463B-AA12-25E615EC3C66} RASMONTR.DLL diagnostics
{13D12A78-D0FB-11D2-9B76-00104BCA495B} RASMONTR.DLL ip
{36B3EF76-94C1-460F-BD6F-DF0178D90EAC} RASMONTR.DLL ipv6
{592852F7-5F6F-470B-9097-C5D33B612975} RPCNSH.DLL rpc
{C07E293F-9531-4426-8E5C-D7EBBA50F693} RPCNSH.DLL filter
{0BFDC146-56A3-4311-A7D5-7D9953F8326E} WHHELPER.DLL winhttp
{B2C0EEF4-CCE5-4F55-934E-ABF60F3DCF56} WSHELPER.DLL winsock
{D424E730-1DB7-4287-8C9B-0774F5AD0576} WLANCFG.DLL wlan


C:\Windows\system32>
And they keep turning off my FIREWALL!!!

KILL THE CLOUD!!!



Report •

#6
March 20, 2011 at 19:39:34
JUST RAN THE HIJACK THIS... IT WONT LET ME POST LOG ...BUT IT IS UGLY!!!

Report •

#7
March 20, 2011 at 19:41:12
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:40:24 AM, on 3/21/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Windows folder: C:\Windows
System folder: C:\Windows\SYSTEM32
Hosts file: C:\Windows\System32\drivers\etc\hosts

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\2 SCOOPS\Downloads\avg_avct_stb_all_2011_1204_ppc2(2).exe
C:\Users\2SCOOP~1\AppData\Local\Temp\7zS6A59.tmp\avgmfapx.exe
C:\Users\2 SCOOPS\Downloads\HijackThis(2).exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\2 SCOOPS\Downloads\HijackThis(3).exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe (filesize 25088 bytes, MD5 0E135526E9785D085BCD9AEDE6FBCBF9)
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll (filesize 1324032 bytes, MD5 A3C1B75B0156D5B68B271C6FE0A5FDE7)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 4689 bytes


Report •

#8
March 20, 2011 at 19:44:40
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:26 AM, on 3/21/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Windows folder: C:\Windows
System folder: C:\Windows\SYSTEM32
Hosts file: C:\Windows\System32\drivers\etc\hosts

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\2 SCOOPS\Downloads\avg_avct_stb_all_2011_1204_ppc2(2).exe
C:\Users\2SCOOP~1\AppData\Local\Temp\7zS6A59.tmp\avgmfapx.exe
C:\Users\2 SCOOPS\Downloads\HijackThis(2).exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\2 SCOOPS\Downloads\HijackThis(3).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe (filesize 25088 bytes, MD5 0E135526E9785D085BCD9AEDE6FBCBF9)
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll (filesize 1324032 bytes, MD5 A3C1B75B0156D5B68B271C6FE0A5FDE7)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 4656 bytes
End of file - 4337 bytes
End of file - 4689 bytes


NOTE the BYTES sizes from first log to this one ...ran consecutively

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:35:25 AM, on 3/21/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\2 SCOOPS\Downloads\avg_avct_stb_all_2011_1204_ppc2(2).exe
C:\Users\2SCOOP~1\AppData\Local\Temp\7zS6A59.tmp\avgmfapx.exe
C:\Users\2 SCOOPS\Downloads\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 4337 bytes

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:40:24 AM, on 3/21/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Windows folder: C:\Windows
System folder: C:\Windows\SYSTEM32
Hosts file: C:\Windows\System32\drivers\etc\hosts

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Users\2 SCOOPS\Downloads\avg_avct_stb_all_2011_1204_ppc2(2).exe
C:\Users\2SCOOP~1\AppData\Local\Temp\7zS6A59.tmp\avgmfapx.exe
C:\Users\2 SCOOPS\Downloads\HijackThis(2).exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\2 SCOOPS\Downloads\HijackThis(3).exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe (filesize 25088 bytes, MD5 0E135526E9785D085BCD9AEDE6FBCBF9)
O1 - Hosts: ::1 localhost
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll (filesize 1324032 bytes, MD5 A3C1B75B0156D5B68B271C6FE0A5FDE7)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 4689 bytes


Report •

#9
March 21, 2011 at 08:24:16
F2 - REG:system.ini: UserInit=userinit.exe (filesize 25088 bytes, MD5 0E135526E9785D085BCD9AEDE6FBCBF9)

That doesn't need to be in system.ini

I don't see anything else running that would cause all your problems.

I would delete all toolbars & anti virus programs but that's about it.

From a command prompt run netstat -an & post the output.

How do you know when a politician is lying? His mouth is moving.


Report •

#10
March 21, 2011 at 13:03:05
Dude:
I am not on (or I am NOT supposed to be on a network)
I am supposed to be a private citizen in her own home, or a house that someone allows me to live in, because I am homeless and should have ONE connection in and out! I can't even install my own printer ....remember what you see is not always what is, especially after someone embeds or re-writes crap. Like the jerk did to my safe mode ...it is more like remote felony control mode ...trust me ...I don't lie!
C:\Windows\system32>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:49157 2SCOOPS-PC:49158 ESTABLISHED
TCP 127.0.0.1:49158 2SCOOPS-PC:49157 ESTABLISHED
TCP 127.0.0.1:49160 2SCOOPS-PC:49161 ESTABLISHED
TCP 127.0.0.1:49161 2SCOOPS-PC:49160 ESTABLISHED
TCP 192.168.1.100:49482 ec2-50-17-230-28:http ESTABLISHED
TCP 192.168.1.100:49485 a96-17-160-73:http ESTABLISHED
TCP 192.168.1.100:49488 a96-6-45-8:http ESTABLISHED
TCP 192.168.1.100:49498 a96-6-45-26:http ESTABLISHED
TCP 192.168.1.100:49499 iad04s01-in-f149:http ESTABLISHED
TCP 192.168.1.100:49500 iad04s01-in-f148:http ESTABLISHED
TCP 192.168.1.100:49504 iad04s01-in-f167:http ESTABLISHED
TCP 192.168.1.100:49505 a96-6-46-121:http ESTABLISHED
TCP 192.168.1.100:49506 a96-6-45-41:http ESTABLISHED
TCP 192.168.1.100:49508 iad04s01-in-f154:http ESTABLISHED
TCP 192.168.1.100:49510 at-atwola-adcom-dtc:http TIME_WAIT
TCP 192.168.1.100:49511 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49512 anrtx-dtc-a:http ESTABLISHED
TCP 192.168.1.100:49513 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49521 ec2-184-73-242-121:http TIME_WAIT
TCP 192.168.1.100:49522 ec2-50-16-222-12:http ESTABLISHED
TCP 192.168.1.100:49523 venise:http TIME_WAIT
TCP 192.168.1.100:49524 a184-51-240-74:http TIME_WAIT
TCP 192.168.1.100:49526 mpr1:http TIME_WAIT
TCP 192.168.1.100:49529 iad04s01-in-f157:http ESTABLISHED
TCP 192.168.1.100:49542 64.236.79.229:http TIME_WAIT
TCP 192.168.1.100:49546 venise:http TIME_WAIT
TCP 192.168.1.100:49569 64.236.79.229:http TIME_WAIT
TCP 192.168.1.100:49571 ads-pd04:http TIME_WAIT
TCP 192.168.1.100:49573 mpr1:http TIME_WAIT
TCP 192.168.1.100:49575 venise:http TIME_WAIT
TCP 192.168.1.100:49596 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49599 mpr1:http TIME_WAIT
TCP 192.168.1.100:49601 venise:http TIME_WAIT
TCP 192.168.1.100:49606 91.103.142.129:http ESTABLISHED
TCP 192.168.1.100:49615 mpr1:http TIME_WAIT
TCP 192.168.1.100:49617 venise:http TIME_WAIT
TCP 192.168.1.100:49621 host:http TIME_WAIT
TCP 192.168.1.100:49631 host:http TIME_WAIT
TCP 192.168.1.100:49637 a96-6-45-56:http ESTABLISHED
TCP 192.168.1.100:49638 iad04s01-in-f165:http ESTABLISHED
TCP 192.168.1.100:49644 iad04s01-in-f157:http TIME_WAIT
TCP 192.168.1.100:49645 91.103.142.129:http TIME_WAIT
TCP 192.168.1.100:49647 ar:http TIME_WAIT
TCP 192.168.1.100:49648 a96-17-151-48:http ESTABLISHED
TCP 192.168.1.100:49649 a96-17-151-48:http ESTABLISHED
TCP 192.168.1.100:49652 a96-6-45-67:http ESTABLISHED
TCP 192.168.1.100:49655 at-atwola-adcom-dtc:http TIME_WAIT
TCP 192.168.1.100:49656 venise:http TIME_WAIT
TCP 192.168.1.100:49660 ec2-184-73-242-121:http TIME_WAIT
TCP 192.168.1.100:49661 a184-51-240-74:http ESTABLISHED
TCP 192.168.1.100:49662 mpr1:http TIME_WAIT
TCP 192.168.1.100:49663 ec2-184-72-139-165:http TIME_WAIT
TCP 192.168.1.100:49664 64:http TIME_WAIT
TCP 192.168.1.100:49668 64:http TIME_WAIT
TCP 192.168.1.100:49671 64:http TIME_WAIT
TCP 192.168.1.100:49672 64:http TIME_WAIT
TCP 192.168.1.100:49673 64:http TIME_WAIT
TCP 192.168.1.100:49674 64:http TIME_WAIT
TCP 192.168.1.100:49675 64:http TIME_WAIT
TCP 192.168.1.100:49676 64:http TIME_WAIT
TCP 192.168.1.100:49677 64:http TIME_WAIT
TCP 192.168.1.100:49678 64:http TIME_WAIT
TCP 192.168.1.100:49679 ar:http TIME_WAIT
TCP 192.168.1.100:49681 64:http TIME_WAIT

C:\Windows\system32>

THAT IS REALLY SICK!!!


Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:49157 2SCOOPS-PC:49158 ESTABLISHED
TCP 127.0.0.1:49158 2SCOOPS-PC:49157 ESTABLISHED
TCP 127.0.0.1:49160 2SCOOPS-PC:49161 ESTABLISHED
TCP 127.0.0.1:49161 2SCOOPS-PC:49160 ESTABLISHED
TCP 192.168.1.100:49482 ec2-50-17-230-28:http ESTABLISHED
TCP 192.168.1.100:49485 a96-17-160-73:http ESTABLISHED
TCP 192.168.1.100:49488 a96-6-45-8:http ESTABLISHED
TCP 192.168.1.100:49498 a96-6-45-26:http ESTABLISHED
TCP 192.168.1.100:49499 iad04s01-in-f149:http ESTABLISHED
TCP 192.168.1.100:49500 iad04s01-in-f148:http ESTABLISHED
TCP 192.168.1.100:49504 iad04s01-in-f167:http ESTABLISHED
TCP 192.168.1.100:49505 a96-6-46-121:http ESTABLISHED
TCP 192.168.1.100:49506 a96-6-45-41:http ESTABLISHED
TCP 192.168.1.100:49508 iad04s01-in-f154:http ESTABLISHED
TCP 192.168.1.100:49510 at-atwola-adcom-dtc:http TIME_WAIT
TCP 192.168.1.100:49511 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49512 anrtx-dtc-a:http ESTABLISHED
TCP 192.168.1.100:49513 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49521 ec2-184-73-242-121:http TIME_WAIT
TCP 192.168.1.100:49522 ec2-50-16-222-12:http ESTABLISHED
TCP 192.168.1.100:49523 venise:http TIME_WAIT
TCP 192.168.1.100:49524 a184-51-240-74:http TIME_WAIT
TCP 192.168.1.100:49526 mpr1:http TIME_WAIT
TCP 192.168.1.100:49529 iad04s01-in-f157:http ESTABLISHED

popd

# End of Wired LAN Configuration.


# ==========================================================
# Health Registration Authority configuration
# ==========================================================
pushd nap hra

popd
# End of NAP HRA configuration

# ==========================================================
# Network Access Protection client configuration
# ==========================================================
pushd nap client

# ----------------------------------------------------------
# Trusted server group configuration
# ----------------------------------------------------------

reset trustedservergroup

# ----------------------------------------------------------
# Cryptographic service provider (CSP) configuration
# ----------------------------------------------------------

set csp name = "Microsoft RSA SChannel Cryptographic Provider" keylength = "2048
"

# ----------------------------------------------------------
# Hash algorithm configuration
# ----------------------------------------------------------

set hash oid = "1.3.14.3.2.29"

# ----------------------------------------------------------
# Enforcement configuration
# ----------------------------------------------------------

set enforcement id = "79617" admin = "disable" id = "79618" admin = "disable" id
= "79619" admin = "disable" id = "79621" admin = "disable" id = "79623" admin =
"disable"
# ----------------------------------------------------------
# Tracing configuration
# ----------------------------------------------------------

set tracing state = "disable" level = "basic"

# ----------------------------------------------------------
# User interface configuration
# ----------------------------------------------------------

reset userinterface

popd
# End of NAP client configuration


# -----------------------------------------
# Remote Access Configuration
# -----------------------------------------
pushd ras

set authmode mode = standard
delete authtype type = PAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAPv2
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP
set conf confstate = disabled
set type ipv4rtrtype = lananddd ipv6rtrtype = none rastype = ipv4

set user name = 2 SCOOPS dialin = policy cbpolicy = none
set user name = Administrator dialin = policy cbpolicy = none
set user name = Guest dialin = policy cbpolicy = none


popd

# End of Remote Access configuration.


# -----------------------------------------
# Remote Access Diagnostics Configuration
# -----------------------------------------
pushd ras diagnostics

set rastracing component = * state = disabled

set modemtracing state = disabled

set cmtracing state = disabled

set securityeventlog state = disabled

set loglevel events = warn


popd

# End of Remote Access Diagnostics Configuration.


# -----------------------------------------
# Remote Access IPv6 Configuration
# -----------------------------------------
pushd ras ipv6

set negotiation mode = allow
set access mode = all

popd

# End of Remote Access IPv6 configuration.

# -----------------------------------------
# Remote Access AAAA Configuration
# -----------------------------------------
pushd ras aaaa


popd

# End of Remote Access AAAA configuration.


# -----------------------------------------
# WinHTTP Proxy Configuration
# -----------------------------------------
pushd winhttp

reset proxy

popd

# End of WinHTTP Proxy Configuration

# ----------------------------------------
# Wireless LAN Configuration
# ----------------------------------------
pushd wlan

# Allow filter list
# ----------------------------------------


# Block filter list
# ----------------------------------------


popd
# End of Wireless LAN Configuration

C:\Windows\system32>NETSH SHOW HELPER
Helper GUID DLL Filename Command
-------------------------------------- ------------ -------
{02BC1F81-D927-4EC5-8CBC-8DD65E3E38E8} AUTHFWCFG.DLL advfirewall
{FB10CBCA-5430-46CE-B732-079B4E23BE24} AUTHFWCFG.DLL consec
{35342B49-83B4-4FCC-A90D-278533D5BEA2} AUTHFWCFG.DLL firewall
{4D0FEFCB-8C3E-4CDE-B39B-325933727297} AUTHFWCFG.DLL monitor
{00770721-44EA-11D5-93BA-00B0D022DD1F} HNETMON.DLL bridge
{6DC31EC5-3583-4901-9E28-37C28113656A} DHCPCMONITOR.DLL dhcpclient
{8B3A0D7F-1F30-4402-B753-C4B2C7607C97} FWCFG.DLL firewall
{44F3288B-DBFF-4B31-A86E-633F50D706B3} NSHHTTP.DLL http
{0705ECA1-7AAC-11D2-89DC-006008B0E5B9} IFMON.DLL interface
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL 6to4
{725588AC-7A11-4220-A121-C92C915E8B73} NETIOHLP.DLL ipv4
{500F32FD-7064-476B-8FD6-2171EA46428F} NETIOHLP.DLL ipv6
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D} NETIOHLP.DLL 6to4
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D} NETIOHLP.DLL isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL portproxy
{78197B47-2BEF-49CA-ACEB-D8816371BAA8} NETIOHLP.DLL tcp
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL teredo
{F7E0BC27-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL ipsec
{F7E0BC29-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL dynamic
{F7E0BC28-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL static
{1D8240C7-48B9-47CC-9E40-4F7A0A390E71} DOT3CFG.DLL lan
{00B399EA-447F-4B19-8393-F9D71D7760F9} NAPMONTR.DLL nap
{3F8A1180-FF5D-4B5B-934C-D08DFFBC9CBC} NAPMONTR.DLL client
{B123BAAA-79E9-49FD-AB2C-E87C56CE4CFF} NAPMONTR.DLL hra
{931852E2-597D-40B9-B927-55FFC81A6104} NETIOHLP.DLL netio
{0705ECA2-7AAC-11D2-89DC-006008B0E5B9} RASMONTR.DLL ras
{42E3CC21-098C-11D3-8C4D-00104BCA495B} RASMONTR.DLL aaaa
{90FE6CFC-B6A2-463B-AA12-25E615EC3C66} RASMONTR.DLL diagnostics
{13D12A78-D0FB-11D2-9B76-00104BCA495B} RASMONTR.DLL ip
{36B3EF76-94C1-460F-BD6F-DF0178D90EAC} RASMONTR.DLL ipv6
{592852F7-5F6F-470B-9097-C5D33B612975} RPCNSH.DLL rpc
{C07E293F-9531-4426-8E5C-D7EBBA50F693} RPCNSH.DLL filter
{0BFDC146-56A3-4311-A7D5-7D9953F8326E} WHHELPER.DLL winhttp
{B2C0EEF4-CCE5-4F55-934E-ABF60F3DCF56} WSHELPER.DLL winsock
{D424E730-1DB7-4287-8C9B-0774F5AD0576} WLANCFG.DLL wlan


C:\Windows\system32>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:49157 2SCOOPS-PC:49158 ESTABLISHED
TCP 127.0.0.1:49158 2SCOOPS-PC:49157 ESTABLISHED
TCP 127.0.0.1:49160 2SCOOPS-PC:49161 ESTABLISHED
TCP 127.0.0.1:49161 2SCOOPS-PC:49160 ESTABLISHED
TCP 192.168.1.100:49482 ec2-50-17-230-28:http ESTABLISHED
TCP 192.168.1.100:49485 a96-17-160-73:http ESTABLISHED
TCP 192.168.1.100:49488 a96-6-45-8:http ESTABLISHED
TCP 192.168.1.100:49498 a96-6-45-26:http ESTABLISHED
TCP 192.168.1.100:49499 iad04s01-in-f149:http ESTABLISHED
TCP 192.168.1.100:49500 iad04s01-in-f148:http ESTABLISHED
TCP 192.168.1.100:49504 iad04s01-in-f167:http ESTABLISHED
TCP 192.168.1.100:49505 a96-6-46-121:http ESTABLISHED
TCP 192.168.1.100:49506 a96-6-45-41:http ESTABLISHED
TCP 192.168.1.100:49508 iad04s01-in-f154:http ESTABLISHED
TCP 192.168.1.100:49510 at-atwola-adcom-dtc:http TIME_WAIT
TCP 192.168.1.100:49511 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49512 anrtx-dtc-a:http ESTABLISHED
TCP 192.168.1.100:49513 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49521 ec2-184-73-242-121:http TIME_WAIT
TCP 192.168.1.100:49522 ec2-50-16-222-12:http ESTABLISHED
TCP 192.168.1.100:49523 venise:http TIME_WAIT
TCP 192.168.1.100:49524 a184-51-240-74:http TIME_WAIT
TCP 192.168.1.100:49526 mpr1:http TIME_WAIT
TCP 192.168.1.100:49529 iad04s01-in-f157:http ESTABLISHED
TCP 192.168.1.100:49542 64.236.79.229:http TIME_WAIT
TCP 192.168.1.100:49546 venise:http TIME_WAIT
TCP 192.168.1.100:49569 64.236.79.229:http TIME_WAIT
TCP 192.168.1.100:49571 ads-pd04:http TIME_WAIT
TCP 192.168.1.100:49573 mpr1:http TIME_WAIT
TCP 192.168.1.100:49575 venise:http TIME_WAIT
TCP 192.168.1.100:49596 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49599 mpr1:http TIME_WAIT
TCP 192.168.1.100:49601 venise:http TIME_WAIT
TCP 192.168.1.100:49606 91.103.142.129:http ESTABLISHED
TCP 192.168.1.100:49615 mpr1:http TIME_WAIT
TCP 192.168.1.100:49617 venise:http TIME_WAIT
TCP 192.168.1.100:49621 host:http TIME_WAIT
TCP 192.168.1.100:49631 host:http TIME_WAIT
TCP 192.168.1.100:49637 a96-6-45-56:http ESTABLISHED
TCP 192.168.1.100:49638 iad04s01-in-f165:http ESTABLISHED
TCP 192.168.1.100:49644 iad04s01-in-f157:http TIME_WAIT
TCP 192.168.1.100:49645 91.103.142.129:http TIME_WAIT
TCP 192.168.1.100:49647 ar:http TIME_WAIT
TCP 192.168.1.100:49648 a96-17-151-48:http ESTABLISHED
TCP 192.168.1.100:49649 a96-17-151-48:http ESTABLISHED
TCP 192.168.1.100:49652 a96-6-45-67:http ESTABLISHED
TCP 192.168.1.100:49655 at-atwola-adcom-dtc:http TIME_WAIT
TCP 192.168.1.100:49656 venise:http TIME_WAIT
TCP 192.168.1.100:49660 ec2-184-73-242-121:http TIME_WAIT
TCP 192.168.1.100:49661 a184-51-240-74:http ESTABLISHED
TCP 192.168.1.100:49662 mpr1:http TIME_WAIT
TCP 192.168.1.100:49663 ec2-184-72-139-165:http TIME_WAIT
TCP 192.168.1.100:49664 64:http TIME_WAIT
TCP 192.168.1.100:49668 64:http TIME_WAIT
TCP 192.168.1.100:49671 64:http TIME_WAIT
TCP 192.168.1.100:49672 64:http TIME_WAIT
TCP 192.168.1.100:49673 64:http TIME_WAIT
TCP 192.168.1.100:49674 64:http TIME_WAIT
TCP 192.168.1.100:49675 64:http TIME_WAIT
TCP 192.168.1.100:49676 64:http TIME_WAIT
TCP 192.168.1.100:49677 64:http TIME_WAIT
TCP 192.168.1.100:49678 64:http TIME_WAIT
TCP 192.168.1.100:49679 ar:http TIME_WAIT
TCP 192.168.1.100:49681 64:http TIME_WAIT

C:\Windows\system32>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:49157 2SCOOPS-PC:49158 ESTABLISHED
TCP 127.0.0.1:49158 2SCOOPS-PC:49157 ESTABLISHED
TCP 127.0.0.1:49160 2SCOOPS-PC:49161 ESTABLISHED
TCP 127.0.0.1:49161 2SCOOPS-PC:49160 ESTABLISHED
TCP 192.168.1.100:49682 74.125.226.175:http TIME_WAIT
TCP 192.168.1.100:49683 vw-in-f113:http TIME_WAIT

C:\Windows\system32>who is the vw loser and why am on on the 4 instead of the upgraded 5 series ...this crap needs to end ...whose NETWORK is this???

KILL IT!


Report •

#11
March 21, 2011 at 13:09:00
I can't install my printer scanner ....I am supposed to get an application, was supposed get an application back to a company last friday. I am really annoyed, I downloaded the software and re-installed it 10 times, because some of the STUPIDITY of this NETWORK is hiding in the LAN-MAN print services and drivers, some JERK won't let it install. THIS IS SO disgusting and sick, I just want someone HURT for what they have done to ME and MY LIFE ....it is like I DON't MATTER!

Report •

#12
March 21, 2011 at 13:36:34
You didn't put the -an switches.

netstat -an is the command with the same spacing.

Reboot first & don't open any windows before you run it.

I don't like all those high ports that I see.

Also, if you right click on mycomputer, left click on properties & go to computer name, does it say that you are on a domain or workgroup?

How do you know when a politician is lying? His mouth is moving.


Report •

#13
March 21, 2011 at 13:43:24
popd
# End of NAP HRA configuration

# ==========================================================
# Network Access Protection client configuration
# ==========================================================
pushd nap client

# ----------------------------------------------------------
# Trusted server group configuration
# ----------------------------------------------------------

reset trustedservergroup

# ----------------------------------------------------------
# Cryptographic service provider (CSP) configuration
# ----------------------------------------------------------

set csp name = "Microsoft RSA SChannel Cryptographic Provider" keylength = "2048
"

# ----------------------------------------------------------
# Hash algorithm configuration
# ----------------------------------------------------------

set hash oid = "1.3.14.3.2.29"

# ----------------------------------------------------------
# Enforcement configuration
# ----------------------------------------------------------

set enforcement id = "79617" admin = "disable" id = "79618" admin = "disable" id
= "79619" admin = "disable" id = "79621" admin = "disable" id = "79623" admin =
"disable"
# ----------------------------------------------------------
# Tracing configuration
# ----------------------------------------------------------

set tracing state = "disable" level = "basic"

# ----------------------------------------------------------
# User interface configuration
# ----------------------------------------------------------

reset userinterface

popd
# End of NAP client configuration


# -----------------------------------------
# Remote Access Configuration
# -----------------------------------------
pushd ras

set authmode mode = standard
delete authtype type = PAP
delete authtype type = MD5CHAP
delete authtype type = MSCHAP
delete authtype type = MSCHAPv2
delete authtype type = EAP
add authtype type = MSCHAPv2
delete link type = SWC
delete link type = LCP
add link type = SWC
add link type = LCP
delete multilink type = MULTI
delete multilink type = BACP
add multilink type = MULTI
add multilink type = BACP
set conf confstate = disabled
set type ipv4rtrtype = lananddd ipv6rtrtype = none rastype = ipv4

set user name = 2 SCOOPS dialin = policy cbpolicy = none
set user name = Administrator dialin = policy cbpolicy = none
set user name = Guest dialin = policy cbpolicy = none


popd

# End of Remote Access configuration.


# -----------------------------------------
# Remote Access Diagnostics Configuration
# -----------------------------------------
pushd ras diagnostics

set rastracing component = * state = disabled

set modemtracing state = disabled

set cmtracing state = disabled

set securityeventlog state = disabled

set loglevel events = warn


popd

# End of Remote Access Diagnostics Configuration.


# -----------------------------------------
# Remote Access IPv6 Configuration
# -----------------------------------------
pushd ras ipv6

set negotiation mode = allow
set access mode = all

popd

# End of Remote Access IPv6 configuration.

# -----------------------------------------
# Remote Access AAAA Configuration
# -----------------------------------------
pushd ras aaaa


popd

# End of Remote Access AAAA configuration.


# -----------------------------------------
# WinHTTP Proxy Configuration
# -----------------------------------------
pushd winhttp

reset proxy

popd

# End of WinHTTP Proxy Configuration

# ----------------------------------------
# Wireless LAN Configuration
# ----------------------------------------
pushd wlan

# Allow filter list
# ----------------------------------------


# Block filter list
# ----------------------------------------


popd
# End of Wireless LAN Configuration

C:\Windows\system32>NETSH SHOW HELPER
Helper GUID DLL Filename Command
-------------------------------------- ------------ -------
{02BC1F81-D927-4EC5-8CBC-8DD65E3E38E8} AUTHFWCFG.DLL advfirewall
{FB10CBCA-5430-46CE-B732-079B4E23BE24} AUTHFWCFG.DLL consec
{35342B49-83B4-4FCC-A90D-278533D5BEA2} AUTHFWCFG.DLL firewall
{4D0FEFCB-8C3E-4CDE-B39B-325933727297} AUTHFWCFG.DLL monitor
{00770721-44EA-11D5-93BA-00B0D022DD1F} HNETMON.DLL bridge
{6DC31EC5-3583-4901-9E28-37C28113656A} DHCPCMONITOR.DLL dhcpclient
{8B3A0D7F-1F30-4402-B753-C4B2C7607C97} FWCFG.DLL firewall
{44F3288B-DBFF-4B31-A86E-633F50D706B3} NSHHTTP.DLL http
{0705ECA1-7AAC-11D2-89DC-006008B0E5B9} IFMON.DLL interface
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL 6to4
{725588AC-7A11-4220-A121-C92C915E8B73} NETIOHLP.DLL ipv4
{500F32FD-7064-476B-8FD6-2171EA46428F} NETIOHLP.DLL ipv6
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D} NETIOHLP.DLL 6to4
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D} NETIOHLP.DLL isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL portproxy
{78197B47-2BEF-49CA-ACEB-D8816371BAA8} NETIOHLP.DLL tcp
{1C151866-F35B-4780-8CD2-E1924E9F03E1} NETIOHLP.DLL teredo
{F7E0BC27-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL ipsec
{F7E0BC29-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL dynamic
{F7E0BC28-BA6E-4145-A123-012F1922F3F1} NSHIPSEC.DLL static
{1D8240C7-48B9-47CC-9E40-4F7A0A390E71} DOT3CFG.DLL lan
{00B399EA-447F-4B19-8393-F9D71D7760F9} NAPMONTR.DLL nap
{3F8A1180-FF5D-4B5B-934C-D08DFFBC9CBC} NAPMONTR.DLL client
{B123BAAA-79E9-49FD-AB2C-E87C56CE4CFF} NAPMONTR.DLL hra
{931852E2-597D-40B9-B927-55FFC81A6104} NETIOHLP.DLL netio
{0705ECA2-7AAC-11D2-89DC-006008B0E5B9} RASMONTR.DLL ras
{42E3CC21-098C-11D3-8C4D-00104BCA495B} RASMONTR.DLL aaaa
{90FE6CFC-B6A2-463B-AA12-25E615EC3C66} RASMONTR.DLL diagnostics
{13D12A78-D0FB-11D2-9B76-00104BCA495B} RASMONTR.DLL ip
{36B3EF76-94C1-460F-BD6F-DF0178D90EAC} RASMONTR.DLL ipv6
{592852F7-5F6F-470B-9097-C5D33B612975} RPCNSH.DLL rpc
{C07E293F-9531-4426-8E5C-D7EBBA50F693} RPCNSH.DLL filter
{0BFDC146-56A3-4311-A7D5-7D9953F8326E} WHHELPER.DLL winhttp
{B2C0EEF4-CCE5-4F55-934E-ABF60F3DCF56} WSHELPER.DLL winsock
{D424E730-1DB7-4287-8C9B-0774F5AD0576} WLANCFG.DLL wlan


C:\Windows\system32>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:49157 2SCOOPS-PC:49158 ESTABLISHED
TCP 127.0.0.1:49158 2SCOOPS-PC:49157 ESTABLISHED
TCP 127.0.0.1:49160 2SCOOPS-PC:49161 ESTABLISHED
TCP 127.0.0.1:49161 2SCOOPS-PC:49160 ESTABLISHED
TCP 192.168.1.100:49482 ec2-50-17-230-28:http ESTABLISHED
TCP 192.168.1.100:49485 a96-17-160-73:http ESTABLISHED
TCP 192.168.1.100:49488 a96-6-45-8:http ESTABLISHED
TCP 192.168.1.100:49498 a96-6-45-26:http ESTABLISHED
TCP 192.168.1.100:49499 iad04s01-in-f149:http ESTABLISHED
TCP 192.168.1.100:49500 iad04s01-in-f148:http ESTABLISHED
TCP 192.168.1.100:49504 iad04s01-in-f167:http ESTABLISHED
TCP 192.168.1.100:49505 a96-6-46-121:http ESTABLISHED
TCP 192.168.1.100:49506 a96-6-45-41:http ESTABLISHED
TCP 192.168.1.100:49508 iad04s01-in-f154:http ESTABLISHED
TCP 192.168.1.100:49510 at-atwola-adcom-dtc:http TIME_WAIT
TCP 192.168.1.100:49511 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49512 anrtx-dtc-a:http ESTABLISHED
TCP 192.168.1.100:49513 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49521 ec2-184-73-242-121:http TIME_WAIT
TCP 192.168.1.100:49522 ec2-50-16-222-12:http ESTABLISHED
TCP 192.168.1.100:49523 venise:http TIME_WAIT
TCP 192.168.1.100:49524 a184-51-240-74:http TIME_WAIT
TCP 192.168.1.100:49526 mpr1:http TIME_WAIT
TCP 192.168.1.100:49529 iad04s01-in-f157:http ESTABLISHED
TCP 192.168.1.100:49542 64.236.79.229:http TIME_WAIT
TCP 192.168.1.100:49546 venise:http TIME_WAIT
TCP 192.168.1.100:49569 64.236.79.229:http TIME_WAIT
TCP 192.168.1.100:49571 ads-pd04:http TIME_WAIT
TCP 192.168.1.100:49573 mpr1:http TIME_WAIT
TCP 192.168.1.100:49575 venise:http TIME_WAIT
TCP 192.168.1.100:49596 qy-in-f102:http ESTABLISHED
TCP 192.168.1.100:49599 mpr1:http TIME_WAIT
TCP 192.168.1.100:49601 venise:http TIME_WAIT
TCP 192.168.1.100:49606 91.103.142.129:http ESTABLISHED
TCP 192.168.1.100:49615 mpr1:http TIME_WAIT
TCP 192.168.1.100:49617 venise:http TIME_WAIT
TCP 192.168.1.100:49621 host:http TIME_WAIT
TCP 192.168.1.100:49631 host:http TIME_WAIT
TCP 192.168.1.100:49637 a96-6-45-56:http ESTABLISHED
TCP 192.168.1.100:49638 iad04s01-in-f165:http ESTABLISHED
TCP 192.168.1.100:49644 iad04s01-in-f157:http TIME_WAIT
TCP 192.168.1.100:49645 91.103.142.129:http TIME_WAIT
TCP 192.168.1.100:49647 ar:http TIME_WAIT
TCP 192.168.1.100:49648 a96-17-151-48:http ESTABLISHED
TCP 192.168.1.100:49649 a96-17-151-48:http ESTABLISHED
TCP 192.168.1.100:49652 a96-6-45-67:http ESTABLISHED
TCP 192.168.1.100:49655 at-atwola-adcom-dtc:http TIME_WAIT
TCP 192.168.1.100:49656 venise:http TIME_WAIT
TCP 192.168.1.100:49660 ec2-184-73-242-121:http TIME_WAIT
TCP 192.168.1.100:49661 a184-51-240-74:http ESTABLISHED
TCP 192.168.1.100:49662 mpr1:http TIME_WAIT
TCP 192.168.1.100:49663 ec2-184-72-139-165:http TIME_WAIT
TCP 192.168.1.100:49664 64:http TIME_WAIT
TCP 192.168.1.100:49668 64:http TIME_WAIT
TCP 192.168.1.100:49671 64:http TIME_WAIT
TCP 192.168.1.100:49672 64:http TIME_WAIT
TCP 192.168.1.100:49673 64:http TIME_WAIT
TCP 192.168.1.100:49674 64:http TIME_WAIT
TCP 192.168.1.100:49675 64:http TIME_WAIT
TCP 192.168.1.100:49676 64:http TIME_WAIT
TCP 192.168.1.100:49677 64:http TIME_WAIT
TCP 192.168.1.100:49678 64:http TIME_WAIT
TCP 192.168.1.100:49679 ar:http TIME_WAIT
TCP 192.168.1.100:49681 64:http TIME_WAIT

C:\Windows\system32>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:49157 2SCOOPS-PC:49158 ESTABLISHED
TCP 127.0.0.1:49158 2SCOOPS-PC:49157 ESTABLISHED
TCP 127.0.0.1:49160 2SCOOPS-PC:49161 ESTABLISHED
TCP 127.0.0.1:49161 2SCOOPS-PC:49160 ESTABLISHED
TCP 192.168.1.100:49682 74.125.226.175:http TIME_WAIT
TCP 192.168.1.100:49683 vw-in-f113:http TIME_WAIT

C:\Windows\system32>netstat

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:49157 2SCOOPS-PC:49158 ESTABLISHED
TCP 127.0.0.1:49158 2SCOOPS-PC:49157 ESTABLISHED
TCP 127.0.0.1:49160 2SCOOPS-PC:49161 ESTABLISHED
TCP 127.0.0.1:49161 2SCOOPS-PC:49160 ESTABLISHED
TCP 192.168.1.100:49815 customersat3:http ESTABLISHED
TCP 192.168.1.100:49821 a184-51-157-56:http ESTABLISHED

C:\Windows\system32>
note: in my registry, the local host is actually coded from the felony network ...I read the programming, and the w3.org fake driver is also an embedded program hidden in a driver.sys file which in my system is an executable file, along with the embedded type font drivers and dll's that run as executable apps. and we all thought that it was nipped in the bud from the patchs for the .txt files. Unfortunately, the colors along with symbols and characters are also enbedded with crap ....especially if they are .txt but saved as UNICODED. instead of ansi!
BANK on it. (however the cipher to the code is hidden in the table text service in the simplified chinese text and ime's! ) BANK ON THAT TOO!!!

THE CRUELEST FONT on my system is the segoeui along with the times new roman cruel loser. The small fonts are an msn nusance and they partner with the YAHOO cruel cookie monster. I HAVE LIVED THIS NIGHTMARE FOR TOO LONG. SOME JERK by the name of DAVE CHEVEZ needs a wakeup call and I need for this crap to stop YESTERDAY!!


Report •

#14
March 21, 2011 at 14:01:23
netstat -an Why aren't you using the -an switch?

How do you know when a politician is lying? His mouth is moving.


Report •


Ask Question