interpreting TCPview results

From: "bgreen@xxxxxxxxxxxxxxxxxxxx" <bgreen@xxxxxxxxxxxxxxxxxxxx>
Date: 30 Apr 2006 03:56:29 -0700

I came home after a day away for work, to find my kids had managed to
infect the computer with all sorts of Spyware (Spyfalcon) and viruses
(Boxed.B & BeovenS!generic).

The viruses seemed easy enough to remove (coming back just once)
unlike the Spyware.

I have looked into additional methods to protect my computer - one
option was to try TCPview.
However, I was unsure about the results which seemed very different to
examples I have seen.

I would appreciate comments on the log below.

Bob

alg.exe:180 TCP bob-2lsxdgjcgtb:1031 bob-2lsxdgjcgtb:0 LISTENING
iexplore.exe:1572 UDP bob-2lsxdgjcgtb:1299 *:*
iexplore.exe:1760 UDP bob-2lsxdgjcgtb:1282 *:*
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1025 bob-2lsxdgjcgtb:0 LISTENING
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1026 bob-2lsxdgjcgtb:0 LISTENING
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1027 bob-2lsxdgjcgtb:0 LISTENING
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1025 localhost:1306 ESTABLISHED
iSafe.exe:1420 TCP bob-2lsxdgjcgtb:1027 localhost:1029 ESTABLISHED
lsass.exe:700 UDP bob-2lsxdgjcgtb:isakmp *:*
lsass.exe:700 UDP bob-2lsxdgjcgtb:4500 *:*
msnmsgr.exe:832 UDP bob-2lsxdgjcgtb:1199 *:*
svchost.exe:1052 UDP bob-2lsxdgjcgtb:1047 *:*
svchost.exe:1052 UDP bob-2lsxdgjcgtb:1044 *:*
svchost.exe:1052 UDP bob-2lsxdgjcgtb:1145 *:*
svchost.exe:1136 UDP bob-2lsxdgjcgtb:1900 *:*
svchost.exe:1136 UDP bob-2lsxdgjcgtb:1900 *:*
svchost.exe:928 TCP bob-2lsxdgjcgtb:epmap bob-2lsxdgjcgtb:0 LISTENING
svchost.exe:968 TCP bob-2lsxdgjcgtb:netbios-ssn bob-2lsxdgjcgtb:0 LISTENING
svchost.exe:968 UDP bob-2lsxdgjcgtb:ntp *:*
svchost.exe:968 UDP bob-2lsxdgjcgtb:netbios-ns *:*
svchost.exe:968 UDP bob-2lsxdgjcgtb:ntp *:*
svchost.exe:968 UDP bob-2lsxdgjcgtb:netbios-dgm *:*
System:4 TCP bob-2lsxdgjcgtb:microsoft-ds bob-2lsxdgjcgtb:0 LISTENING
System:4 UDP bob-2lsxdgjcgtb:microsoft-ds *:*
VetMsg.exe:1672 TCP bob-2lsxdgjcgtb:1028 localhost:1025 ESTABLISHED
VetMsg.exe:1672 TCP bob-2lsxdgjcgtb:1029 localhost:1027 ESTABLISHED

.

Follow-Ups:
- Re: interpreting TCPview results
  - From: Duane Arnold
- Re: interpreting TCPview results
  - From: YoKenny

Prev by Date: Re: Uh, excuse me for existing, but I'm still looking for an answer
Next by Date: Re: McAffee Ver10 Logs
Previous by thread: Win32:Host-C is bugging me
Next by thread: Re: interpreting TCPview results
Index(es):
- Date
- Thread

Relevant Pages

Re: interpreting TCPview results
... infect the computer with all sorts of Spyware (Spyfalcon) and viruses ... The viruses seemed easy enough to remove ... As far as TCPView, you're the one who has to make the determination is something running that should not be running or is something connecting out or listening that should not be doing so. ...
(alt.comp.anti-virus)
Re: Supernews... (Mac users)
... Your problem could very well be spyware rather than viruses. ... Spyware does all sorts of interesting things, ...
(rec.food.cooking)
Media Center Software needed to run repair
... I have a customers PC which I need to run a repair on. ... all sorts of viruses and spyware. ...
(microsoft.public.windows.mediacenter)
Re: Iexplorer cpu usage 97% at startup
... If only viruses were the only bad things out there. ... Trojans, spyware, adware and other scumware exists. ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
(microsoft.public.windowsxp.perform_maintain)
Re: Please recommend email software
... I have Outlook set that the preview pane is OFF. ... My ISP scans email for viruses but my AVG software ... >> real time spyware scanning, ...
(alt.sys.pc-clone.dell)