Home > This Log > Hijack This Log (So Confused!)

Hijack This Log (So Confused!)

Contents

Pay very close attention to any DLL and EXE files in the Windows directory. Oh as far as tools, I actually like the ZoneAlarm-recommended "Essential NetTools" ...It has a real-time NetStat with DNS resolution etc that I find invaluable (Axence has one too btw.) This Run your virus checker of choice (e.g. Ash Nallawalla on 25 November 2014 Oh? navigate here

Try this: Right click the Firefox in the ZA program list, open the options and in the first two items listed in the first windows check these and apply and ok. You may need the ZA Technical Support or check with the other vendors of your security setup to find a correct answer. Put it this way: if I use firefox for too long, I cannot even shut-down the process (nor even my computer!) because it has dozens of ESTABLISHED or TIME_WAIT open connections! There maybe a Privacy issue with the router login, so either add manually the router IP and give it all allowed or just disable the Privacy for the duration of the http://www.hijackthis.de/

Hijackthis Log Analyzer

Port firefox.exe, 3636, TCP, 192.168.0.50, 53525, 208.67.216.230, http firefox.exe, 3636, TCP, 192.168.0.50, 53524, 208.67.216.230, http firefox.exe, 3636, TCP, 127.0.0.1, 53522, 127.0.0.1, 53523 firefox.exe, 3636, TCP, 127.0.0.1, 53523, 127.0.0.1, 53522 firefox.exe, 3636, It will launch regedit after they are loaded. Go to the root directory and delete the contents of System Volume Information and Recycle folders. For instance, my main computer gets 192.168.0.95) (Also, this load-balances/backs-up a DSL connection (DSL router in Bridge mode w/PPPoE set on the router) and a CableModem.) Secondary Linksys Wireless; DHCP turned

I.e. The culprit is one of the add-ons that I have not reinstalled. oldsod June 10th, 2008 #10 oldsod View Profile View Forum Posts Private Message Senior Member Join Date Dec 2005 Location Canada Posts 9,004 Re: Help locking down network with too much Hijackthis Download Windows 7 Error code: 2S136/C Contact Us Existing user?

Next! Since I am talking about two physically different machines I can rule out Network adapters. If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. https://forums.techguy.org/threads/hijack-this-log-so-confused.400078/ And it's not a big resource/memory eater like the anti-virus programs you pay for.

My previous observations of the Mozilla browser - Firefox will definitely require outgoing access from the non-route (0.0.0.0) to the internet (as labeled by the ZA), but the actual access is Hijackthis Windows 10 Tech Support Guy is completely free -- paid for by advertisers and donations. No soliciting of any kind. I ran it and obtained the product key and located the Windows DVD.

Hijackthis Download

So this should have been okay. http://www.netmagellan.com/how-i-removed-a-finfisher-finspy-malware-infection-1814.html Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site. Hijackthis Log Analyzer However, some threads were talking about corrupted TCP stacks...) Anyway, I need a break...wow I haven't taken one in a long time! Hijackthis Trend Micro This port is well out of the the "general" (1024-5000) use ports range or for that matter, well out of the usual registered port range (1024 49151)." I was concerned about

Hetzner Online I noticed the connections to 5.49.63.178 and used Whois to learn that it is some German ISP. http://pcialliance.org/this-log/hijack-this-log-plz-have-a-look.html Oldsod. databases) Error Reporting Service - Alerts Microsoft when software fails Fax Service - Send/receive faxes FTP Publishing Service - runs the FTP Server Help and Suport - This will re-activate if oldsodJune 11th, 2008, 07:45 PMJust as readers and members of a forum have favorite posters or reads, so do gurus. Hijackthis Windows 7

Trusted Server is not only the dns and dhcp (as Trusted in the Zones), but it includes the loopback and access to the non-route (0.0.0.0). (One of the reasons why the Summary To summarise, you need three main tools in addition to your main malware/anti-virus defences: TCPView - to see internet connections to strange places and kill the processes Your router's outbound My router is definitely NOT running ZoneAlarm. his comment is here In fact, both Firefox and IE work on a different machine *without* ZA installed.

What's New? How To Use Hijackthis And it always seems to be tied into netstat showing some hanging loopback connections that I cannot disconnect. (Trust me I've reset every network adapter and ipconfig /release 'd etc too...) HiJackThis log with one suspicious entry It didn't look right, as I had no recollection of this site, which is in China.

MikeY XP netstat: Setting environment for using Microsoft Visual Studio 2005 x86 tools.

CCleaner got rid of some debris. Oldsod. image four: http://i236.photobucket.com/albums/ff2/Oldsod/gateway.jpg The MAC of the first router should be seen or recognized in the arp -a command. Hijackthis Bleeping image three: http://i236.photobucket.com/albums/ff2/Oldsod/zadhcp2.jpg Here I illustrate the My Computer and the DHCP server are listed in both the Source and DFestination to faciliatate the incoming and ougoing connection needed between the

address and perhaps this is some form of compensation? Host Name . . . . . . . . . . . . : MikeyBuilt32 Primary Dns Suffix . . . . . . . : Node Type . . In particular, one entry stood out - Trusted Zone: http://software.kuaiche.com. http://pcialliance.org/this-log/hijack-this-log-plz-help.html Still no activity.

Anyway: a) Yes and no. Even for an advanced computer user. I use it myself. Opendns is okay.

However, *then* local 53523 -> goes *back* to remote 53522 on the next line! Still seems kind of weird that Vista is breaking any of the established rules - even for something banal as the browser port useage. Anti-Malware Toolkit After more searching, I found a download tool that has grouped a bunch of tools you can choose to download to assemble your own set of anti-malware tools. You could add a specific dns rule to the expert of the firewall for the dns lookups... [source and destination include both my computer and the opendns.com dns servers (specifically resolver1.opnedns.com

Business (Win Pro and Enterprise): Antivirus: Eset Endpoint Email: Microsoft Office 365 for certified secure email Router/Firewall: Cisco RV Managed Switches: Netgear Business Unchecky: uncheckmarks possibly undesirable programs from installing Windows But it was late and I still received the netstat errors. Disabling a few at a time makes tracking down problems much easier. To start viewing messages, select the forum that you want to visit from the selection below.

Of course i could be wrong and end up retracting this statement. So not a problem at all. often there can be higher ports used by the internet applications and using a range instead of any is a hinderance) "edit addition" If you have disabled the dns client in The actual dhcp rule should look like this with allowing dhcp and dhcp client in both directions between the PC and the Dlink using UDP: image one: http://i236.photobucket.com/albums/ff2/Oldsod/zadhcp5.jpg image two: http://i236.photobucket.com/albums/ff2/Oldsod/zadhcp6.jpg

Back to top #5 Westcam Westcam Topic Starter Members 27 posts OFFLINE Local time:05:25 PM Posted 22 May 2004 - 01:37 AM Looks clean to me! Almost each and every ZA will occasionally see outgoing connections from the non-route address (0.0.0.0) only to the DHCP server and no further - unless the ZA user does have an In fact I'm RD'ed into that old machine right now *just* so I can configure the router from there!) I also added the DNS rules for OpenDNS.