WHAT is netbios-ssn & netbios-dgm

[jones23]

a few commands i have never seen before have appeared while doing a netstat in cmd

ever since i have seen this

i have problems with my firefox browser

i cannot use the delete private data option in Tools>delete private in the firefox browser

also a "iaskmp"

alot more highrated hits in zonealarm have been happening

maybe its just a portscanner

[Shadow_Puter_Dude]

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

Quote:

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

[jones23]

I am now Following read & run me procedure

first i will Run hijackthis now

and run it again after i have finished following the procedure

[jones23]

I have run readme

i attached hijack before and after procedure

have labelled

now i am waiting for bitdefender and panda to finish

will post next

if my internet explorer browser is hijacked why would i do a panda scan there or a bitdefender from there???

[Shadow_Puter_Dude]

Quote:

Originally Posted by jones23

if my internet explorer browser is hijacked why would i do a panda scan there or a bitdefender from there???

Because the logs from those 2 scans will show me things that HijackThis doesn't and isn't designed to find.

Your HijackThis log appears to be from Safe Mode, it shows that both AntiVir PersonalEdition and Zone Alarm are installed but not running. I need a log from Normal Mode.

[jones23]

Ok here i have a hijckthis in normal mode

and a bitdefender in normal mode

it found 1 spyware,virus

I am now removing flashget supposedly its detected as a virus

i couldnt upload the bitdefender log ill try in the next post

the log exceeds your limit

[jones23]

i still cannot upload

this is the most recent scan of bitdefender

as it appears
FILE:

"<system>=>HKEY_CLASSES_ROOT\CLSID\{A5366673-E8CA-11D3-9CD9-0090271DO75B"

STATUS:

Detected: FlashGet

and then it was deleted

thats the only one bitdefender can find

I will run another NETSTAT TO SEE IF IT IS GONE

[jones23]

THIS IS MY NETSTAT, I left my computer name blank

XP sP1

C:\Documents and Settings\ME!!!>netstat -a

Active Connections

MY computer NAME GOES before all the BLANK ~> :

Proto Local Address Foreign Address State
TCP :1025 :0 LISTENING
TCP :3008 :0 LISTENING
TCP :3009 :0 LISTENING
TCP :3018 :0 LISTENING
TCP :3026 :0 LISTENING
TCP :3065 :0 LISTENING
TCP :3069 :0 LISTENING
TCP :3071 :0 LISTENING
TCP :18350 :0 LISTENING
TCP :netbios-ssn :0 LISTENING
TCP :3065 a-61-9-209-159.deploy.akamaitechnologies.com:htt
p ESTABLISHED
TCP :3068 a.tribalfusion.com:http TIME_WAIT
TCP :3069 216.239.57.104:http ESTABLISHED
TCP :3071 geek.esselbach.com:http ESTABLISHED
TCP :3072 a-61-9-209-158.deploy.akamaitechnologies.com:htt
p TIME_WAIT
TCP :3073 a-61-9-209-158.deploy.akamaitechnologies.com:htt
p TIME_WAIT
TCP :netbios-ssn :0 LISTENING
TCP :3001 :0 LISTENING
TCP :3002 :0 LISTENING
TCP :3003 :0 LISTENING
TCP :3005 :0 LISTENING
TCP :3005 localhost:3009 ESTABLISHED
TCP :3006 :0 LISTENING
TCP :3006 localhost:3008 ESTABLISHED
TCP :3008 localhost:3006 ESTABLISHED
TCP :3009 localhost:3005 ESTABLISHED
TCP :3018 localhost:18350 ESTABLISHED
TCP :3025 localhost:3026 ESTABLISHED
TCP :3026 localhost:3025 ESTABLISHED
TCP :10025 :0 LISTENING
TCP :10110 :0 LISTENING
TCP :18350 localhost:3018 ESTABLISHED
UDP :isakmp *:*
UDP :3004 *:*
UDP :3029 *:*
UDP :ntp *:*
UDP :netbios-ns *:*
UDP :netbios-dgm *:*
UDP :ntp *:*
UDP :netbios-ns *:*
UDP :netbios-dgm *:*
UDP :ntp *:*

[jones23]

ALso MY FIREFOX

Tools>Clear Private Data function is still unavailable

how can i fix this

[jones23]

Does this mean i am not infected

and can continue

or something else someone is not telling me

:

[Shadow_Puter_Dude]

No, it does not mean you are not infected; in fact you are infected. I did not ask you to install BitDefender, the instructions in our Read Me First are very clear on what must be done and what tools are to be used in what order and what modes. Both of your HijackThis logs clearly show that you have not followed our standard cleaning procedures.

The instrcutions are there so that I am not wasting your time with several posts asking you to run various tools, before I give you specific cleaning instructions. They are also there to keep poster from wasting our time.

I will not give you any further assistance until you have completed our cleaning procedures with out skipping a step, using the tools we specify and you have posted the logs that are required.

Follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

Quote:

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis