Results 1 to 4 of 4

Thread: Alexa hogging ports

  1. #1
    Junior Member
    Join Date
    Jan 2013
    Posts
    8

    Question Alexa hogging ports

    Folks,

    Please advise. Just found Alexa on many high ports. Spybot doesn't detect it: is Alexa now whitelisted?

    Cannot find any running process, service, BHO or startup that seems to be associated with Alexa. Using netstat to discover the PID, and then TASKKILL /F to kill the PID, I get 'access denied' from Vista even though I'm running the command session in admin mode. What starts Alexa and how can I stop and get rid of it? Why is some thing hogging high ports and communicating without my consent, not classified as a threat?

    Per the instructions I include the DDS and aswMBR logs. Below please find the output of netstat -a | grep alexa.

    Thanks!
    Robert

    netstat -a | grep alexa

    TCP 127.0.0.1:12080 alexa:63716 ESTABLISHED
    TCP 127.0.0.1:12080 alexa:63719 ESTABLISHED
    TCP 127.0.0.1:12080 alexa:63720 ESTABLISHED
    TCP 127.0.0.1:12080 alexa:63722 ESTABLISHED
    TCP 127.0.0.1:12080 alexa:63724 ESTABLISHED
    TCP 127.0.0.1:12080 alexa:63725 ESTABLISHED
    TCP 127.0.0.1:12080 alexa:63737 ESTABLISHED
    TCP 127.0.0.1:27275 alexa:63764 TIME_WAIT
    TCP 127.0.0.1:27275 alexa:63765 TIME_WAIT
    TCP 127.0.0.1:27275 alexa:63766 TIME_WAIT
    TCP 127.0.0.1:27275 alexa:63767 TIME_WAIT
    TCP 127.0.0.1:27275 alexa:63768 TIME_WAIT
    TCP 127.0.0.1:27275 alexa:63769 TIME_WAIT
    TCP 127.0.0.1:27275 alexa:63770 TIME_WAIT
    TCP 127.0.0.1:27275 alexa:63771 FIN_WAIT_2
    TCP 127.0.0.1:49155 alexa:3979 ESTABLISHED
    TCP 127.0.0.1:57765 alexa:57766 ESTABLISHED
    TCP 127.0.0.1:57766 alexa:57765 ESTABLISHED
    TCP 127.0.0.1:57772 alexa:57773 ESTABLISHED
    TCP 127.0.0.1:57773 alexa:57772 ESTABLISHED
    TCP 127.0.0.1:60627 alexa:60630 ESTABLISHED
    TCP 127.0.0.1:60630 alexa:60627 ESTABLISHED
    TCP 127.0.0.1:63710 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63712 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63713 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63715 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63716 alexa:12080 ESTABLISHED
    TCP 127.0.0.1:63718 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63719 alexa:12080 ESTABLISHED
    TCP 127.0.0.1:63720 alexa:12080 ESTABLISHED
    TCP 127.0.0.1:63722 alexa:12080 ESTABLISHED
    TCP 127.0.0.1:63724 alexa:12080 ESTABLISHED
    TCP 127.0.0.1:63725 alexa:12080 ESTABLISHED
    TCP 127.0.0.1:63731 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63732 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63734 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63735 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63736 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63737 alexa:12080 ESTABLISHED
    TCP 127.0.0.1:63739 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63740 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63741 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63742 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63744 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63746 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63749 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63751 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63754 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63759 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63762 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63771 alexa:27275 CLOSE_WAIT
    TCP 127.0.0.1:63773 alexa:21322 TIME_WAIT
    TCP 127.0.0.1:63778 alexa:21322 TIME_WAIT

    =======================================================

    DDS.TXT:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
    Run by robert.wagner at 9:22:30 on 2013-01-23
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.8143.3181 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Program Files (x86)\Digital Line Detect\DLG.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\AESTSr64.exe
    C:\Program Files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
    C:\Windows\SysWOW64\NLSSRV32.EXE
    c:\development\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
    C:\development\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\System32\tcpsvcs.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\Explorer.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\Pidgin\pidgin.exe
    C:\Windows\System32\msdtc.exe
    C:\PROGRA~2\NITROP~1\READER~1\NITROP~2.EXE
    C:\Windows\SysWOW64\msinfo32.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\robert.wagner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\calc.exe
    C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://www.dell.com
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun: [IAStorIcon] "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    LSP: %SystemRoot%\system32\vsocklib.dll
    DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://adc-twvpn-2.oraclevpn.com/CACHE/stc/1/binaries/vpnweb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://ouvpn.us.oracle.com/prx/000/http/localhost/arr_x.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oracleuniversity.webex.com/client/WBXclient-T27L10NSP32EP5-14362/training/ieatgpc1.cab
    TCP: NameServer = 192.168.88.1
    TCP: Interfaces\{013FB573-D233-4B68-B4B1-60DC973EAD98} : DHCPNameServer = 192.168.88.1
    TCP: Interfaces\{7197A0F0-3E16-469D-A5A5-4AC02ED76FCF} : NameServer = 130.35.249.41,138.2.202.15,144.20.190.70
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Notify: SDWinLogon - SDWinLogon.dll
    LSA: Authentication Packages = msv1_0 wvauth
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Notify: igfxcui - igfxdev.dll
    Hosts: 10.196.129.20 vcpdb vcpdb.cloud.osc.oracle.com vcpdb.mvd.com #00:16:3E:16:05:5B
    Hosts: 10.196.129.21 vcpapps vcpapps.cloud.osc.oracle.com vcpapps.mvd.com #00:16:3E:31:1F:58
    Hosts: 10.196.129.22 vcpobiee vcpobiee.cloud.osc.oracle.com vcpobiee.mvd.com #00:16:3E:71:9D:A8
    Hosts: 10.196.129.23 vcpwin08 vcpwin08.cloud.osc.oracle.com vcpwin08.mvd.com #00:16:3E:7C:A4:8F
    Hosts: 10.196.129.24 vcpwin03a vcpwin03a.cloud.osc.oracle.com vcpwin03a.mvd.com #00:16:3E:01:DD:4C
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\robert.wagner\AppData\Roaming\Mozilla\Firefox\Profiles\g5n82lbr.default\
    FF - prefs.js: network.proxy.http - 140.83.186.195
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
    FF - plugin: C:\Users\robert.wagner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\robert.wagner\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Users\robert.wagner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\robert.wagner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 vmci;VMware VMCI Bus Driver;C:\Windows\System32\drivers\vmci.sys [2011-8-8 116336]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-15 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-15 370288]
    R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2012-6-4 224088]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2012-6-4 130904]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d6e898c5\AESTSr64.exe [2011-11-30 89600]
    R2 alssvc64;Ambient Light Sensor;C:\Program Files (x86)\Dell\Ambient Light Sensor\AlsSvc.exe [2008-6-3 569112]
    R2 Array_Utility_Service8.4.0.264;Array Utility Service 8,4,0,264;C:\Program Files\Array Networks\Common\8,4,0,264\arr_isrv.exe [2012-5-29 398768]
    R2 ArraySSL_VPN_Service8.4.0.264;Array SSL VPN Service 8,4,0,264;C:\Program Files\Array Networks\Array SSL VPN\8,4,0,264\arr_srvs.exe [2012-5-29 239024]
    R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-4-19 184656]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-15 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-15 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-15 44808]
    R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-8-6 372512]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-3-24 1039776]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-3-24 31136]
    R2 dcpsysmgrsvc;Dell System Manager Service;C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-8-24 517488]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-7 13336]
    R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-10-9 230408]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-9-13 229392]
    R2 OracleServiceXE;OracleServiceXE;c:\development\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\development\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
    R2 OracleXETNSListener;OracleXETNSListener;C:\development\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2006-2-1 204800]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-12-5 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-12-5 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-12-5 168384]
    R2 SMManager;Smith Micro Connection Manager Service;C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2012-6-19 645088]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-11-30 292864]
    R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;C:\Windows\System32\drivers\ccidflt.sys [2009-11-3 13864]
    R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2011-11-30 38440]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2011-11-30 305152]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2011-11-30 144896]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2012-5-22 147288]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2012-5-22 166232]
    R4 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-10-9 69640]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 ATP;Array Networks SSL VPN Driver;C:\Windows\System32\drivers\atpdrvr.sys [2012-5-29 19968]
    S3 PeerDistSvc;BranchCache;C:\Windows\System32\svchost.exe -k PeerDist [2008-1-20 27648]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 Tomcat6;Apache Tomcat 6.0 Tomcat6;C:\development\tomcat6\bin\Tomcat6.exe [2011-11-28 96256]
    S3 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
    S4 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-11-30 56344]
    S4 MyDesktopWindows;MyDesktopService;C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]
    S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\development\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\development\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
    S4 QOSMyDesktop;QOS MyDesktop;C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]
    S4 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2011-11-30 57344]
    S4 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2011-11-30 80384]
    S4 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2011-11-30 55296]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-12-23 21:50:28 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-12-23 21:50:28 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-12-23 21:50:28 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-12-23 21:50:28 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-12-05 10:45:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-12-05 10:45:28 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
    2012-12-05 10:45:28 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
    2012-12-05 10:45:28 174056 ----a-w- C:\Windows\SysWow64\java.exe
    2012-12-05 10:45:27 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-12-05 10:45:27 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-10-30 23:51:56 59728 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
    2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-10-30 23:51:55 44272 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
    2012-10-30 23:51:55 370288 ----a-w- C:\Windows\System32\drivers\aswSP.sys
    2012-10-30 23:51:53 25232 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
    2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr
    2012-10-30 23:50:59 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe
    2012-10-30 23:50:30 285328 ----a-w- C:\Windows\System32\aswBoot.exe
    .
    ============= FINISH: 9:22:55.05 ===============


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-23 09:24:33
    -----------------------------
    09:24:33.422 OS Version: Windows x64 6.0.6002 Service Pack 2
    09:24:33.422 Number of processors: 2 586 0x170A
    09:24:33.422 ComputerName: PLUMTREE UserName:
    09:24:35.000 Initialize success
    09:24:35.151 AVAST engine defs: 13012300
    09:25:07.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:25:07.150 Disk 0 Vendor: TOSHIBA_ MD00 Size: 238475MB BusType: 8
    09:25:07.176 Disk 0 MBR read successfully
    09:25:07.183 Disk 0 MBR scan
    09:25:07.191 Disk 0 Windows VISTA default MBR code
    09:25:07.198 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    09:25:07.226 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 81920
    09:25:07.244 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 236386 MB offset 4276224
    09:25:08.137 Disk 0 scanning C:\Windows\system32\drivers
    09:25:15.768 Service scanning
    09:25:38.712 Modules scanning
    09:25:38.720 Disk 0 trace - called modules:
    09:25:38.749 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    09:25:39.088 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078cc790]
    09:25:39.096 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80076ab050]
    09:25:41.114 AVAST engine scan C:\Windows
    09:25:43.883 AVAST engine scan C:\Windows\system32
    09:28:59.207 AVAST engine scan C:\Windows\system32\drivers
    09:29:10.285 AVAST engine scan C:\Users\robert.wagner
    09:34:42.146 Disk 0 MBR has been saved successfully to "C:\Users\robert.wagner\Documents\MBR.dat"
    09:34:42.153 The log file has been saved successfully to "C:\Users\robert.wagner\Documents\aswMBR.txt"


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-23 09:24:33
    -----------------------------
    09:24:33.422 OS Version: Windows x64 6.0.6002 Service Pack 2
    09:24:33.422 Number of processors: 2 586 0x170A
    09:24:33.422 ComputerName: PLUMTREE UserName:
    09:24:35.000 Initialize success
    09:24:35.151 AVAST engine defs: 13012300
    09:25:07.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:25:07.150 Disk 0 Vendor: TOSHIBA_ MD00 Size: 238475MB BusType: 8
    09:25:07.176 Disk 0 MBR read successfully
    09:25:07.183 Disk 0 MBR scan
    09:25:07.191 Disk 0 Windows VISTA default MBR code
    09:25:07.198 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    09:25:07.226 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 81920
    09:25:07.244 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 236386 MB offset 4276224
    09:25:08.137 Disk 0 scanning C:\Windows\system32\drivers
    09:25:15.768 Service scanning
    09:25:38.712 Modules scanning
    09:25:38.720 Disk 0 trace - called modules:
    09:25:38.749 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    09:25:39.088 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078cc790]
    09:25:39.096 3 CLASSPNP.SYS[fffffa6000fc7c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80076ab050]
    09:25:41.114 AVAST engine scan C:\Windows
    09:25:43.883 AVAST engine scan C:\Windows\system32
    09:28:59.207 AVAST engine scan C:\Windows\system32\drivers
    09:29:10.285 AVAST engine scan C:\Users\robert.wagner
    09:34:42.146 Disk 0 MBR has been saved successfully to "C:\Users\robert.wagner\Documents\MBR.dat"
    09:34:42.153 The log file has been saved successfully to "C:\Users\robert.wagner\Documents\aswMBR.txt"
    09:35:43.654 Disk 0 MBR has been saved successfully to "C:\Users\robert.wagner\Documents\MBR.dat"
    09:35:43.660 The log file has been saved successfully to "C:\Users\robert.wagner\Documents\aswMBR.txt"
    Last edited by tashi; 2013-01-23 at 21:49. Reason: Copy pasted aswMBR log into topic. ;-)

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi PortalGuy,

    Log looks ok at a glance. Could it be something in AVAST or Oracle on the ports? Is that a workplace machine? Its all local anyway with a 127.0.0.1
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Jan 2013
    Posts
    8

    Default Thanks

    Hadn't a clue that I should be looking at Avast. I will try a clean boot without Avast startup and see what happens.

    Same for Oracle. This is a personal machine, and I'm trying to learn Oracle.

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    At first I thought it may be: avast! WebRep:, but I doubt it now. All those connections are on your own machine, I would suspect its your Oracle software on those ports.
    How Can I Reduce My Risk?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •