i have a 2003 server that was running just fine until yesterday, when it stopped allowing client remote desktop connections.i can make any remote desktop connection from the server to other computers, but not from other computers to the server.i tried to reach yhe 3389 port in telnet, but with no sucess. user rights are correct, but this isn't a problem since we can't establish any connection. the router isn't the problem since the inside remote desktops are not working as well.all firewalls and antivirus were disabled to try and fix this, but with no sucess. the ports, as i list below, seems to be just fine, so the problem has to be in the server it self. i have all remote services up and running, remote licenses are active and far from expiring. terminal services manager shows no errors, and the event viewer shows no errors as well. remote desktop connections is enabled on "my computer" options, everything is as it was the day before it stopped working.the error that shows when you are trying to establish the connection is :"this computer can't connect to the remote computer. the two computers couldn't connect in the amount of time alloted.try connecting again." all help is valuableActive Connections Proto Local Address Foreign Address State TCP 0.0.0.0:53 0.0.0.0:0 LISTENING TCP 0.0.0.0:88 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:389 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:464 0.0.0.0:0 LISTENING TCP 0.0.0.0:593 0.0.0.0:0 LISTENING TCP 0.0.0.0:636 0.0.0.0:0 LISTENING TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING TCP 0.0.0.0:1037 0.0.0.0:0 LISTENING TCP 0.0.0.0:1043 0.0.0.0:0 LISTENING TCP 0.0.0.0:1049 0.0.0.0:0 LISTENING TCP 0.0.0.0:1361 0.0.0.0:0 LISTENING TCP 0.0.0.0:1398 0.0.0.0:0 LISTENING TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING TCP 0.0.0.0:2002 0.0.0.0:0 LISTENING TCP 0.0.0.0:2976 0.0.0.0:0 LISTENING TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING TCP 0.0.0.0:3372 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:4343 0.0.0.0:0 LISTENING TCP 0.0.0.0:4939 0.0.0.0:0 LISTENING TCP 0.0.0.0:8059 0.0.0.0:0 LISTENING TCP 0.0.0.0:21966 0.0.0.0:0 LISTENING TCP 10.0.0.1:139 0.0.0.0:0 LISTENING TCP 10.0.0.1:139 10.0.0.3:1519 ESTABLISHED TCP 10.0.0.1:389 10.0.0.1:1870 ESTABLISHED TCP 10.0.0.1:389 10.0.0.1:1965 ESTABLISHED TCP 10.0.0.1:1870 10.0.0.1:389 ESTABLISHED TCP 10.0.0.1:1905 77.242.193.149:443 ESTABLISHED TCP 10.0.0.1:1906 77.242.193.149:443 ESTABLISHED TCP 10.0.0.1:1907 77.242.193.149:443 ESTABLISHED TCP 10.0.0.1:1908 77.242.193.149:443 ESTABLISHED TCP 10.0.0.1:1909 77.242.193.149:443 ESTABLISHED TCP 10.0.0.1:1953 92.123.9.83:443 ESTABLISHED TCP 10.0.0.1:1954 92.123.9.83:443 ESTABLISHED TCP 10.0.0.1:1957 92.123.9.83:443 ESTABLISHED TCP 10.0.0.1:1958 92.123.9.83:443 ESTABLISHED TCP 10.0.0.1:1960 92.123.9.83:443 ESTABLISHED TCP 10.0.0.1:1965 10.0.0.1:389 ESTABLISHED TCP 10.0.0.1:1988 77.242.193.149:443 ESTABLISHED TCP 10.0.0.1:2013 77.242.193.149:443 ESTABLISHED TCP 10.0.0.1:2015 77.242.193.149:443 ESTABLISHED TCP 10.0.0.1:2017 77.242.193.149:443 CLOSE_WAIT TCP 10.0.0.1:2095 92.123.9.83:443 ESTABLISHED TCP 10.0.0.1:2301 0.0.0.0:0 LISTENING TCP 10.0.0.1:2311 213.199.167.252:443 TIME_WAIT TCP 10.0.0.1:2314 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2325 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2327 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2329 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2330 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2333 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2334 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2336 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2338 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2339 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2340 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2341 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2342 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2343 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2349 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2350 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2351 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2360 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2361 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2368 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2372 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2379 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2381 0.0.0.0:0 LISTENING TCP 10.0.0.1:2383 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2385 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2388 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2397 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2406 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2416 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2421 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2424 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2427 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2439 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:2449 10.0.0.1:8059 TIME_WAIT TCP 10.0.0.1:3399 0.0.0.0:0 LISTENING TCP 10.0.0.1:8059 10.0.0.1:2314 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2320 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2322 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2323 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2324 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2325 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2326 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2328 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2331 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2332 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2335 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2337 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2340 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2341 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2344 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2345 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2346 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2347 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2348 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2351 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2352 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2353 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2354 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2355 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2356 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2357 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2359 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2361 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2362 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2363 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2365 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2366 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2368 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2369 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2370 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2373 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2374 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2375 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2376 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2377 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2378 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2380 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2382 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2384 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2386 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2387 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2388 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2389 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2390 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2391 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2392 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2393 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2394 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2395 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2396 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2398 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2399 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2400 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2401 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2402 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2403 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2404 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2405 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2406 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2409 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2410 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2411 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2412 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2414 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2415 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2416 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2417 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2418 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2419 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2420 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2422 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2423 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2425 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2426 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2428 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2429 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2430 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2431 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2432 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2433 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2434 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2435 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2436 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2437 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2438 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2440 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2441 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2442 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2443 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2444 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2445 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2446 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2447 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2448 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2449 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.1:2451 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.3:1788 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.4:2533 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.4:2534 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.4:2535 TIME_WAIT TCP 10.0.0.1:8059 10.0.0.4:2536 TIME_WAIT TCP 10.0.0.1:21966 10.0.0.1:2364 TIME_WAIT TCP 10.0.0.1:21966 10.0.0.1:2367 TIME_WAIT TCP 127.0.0.1:389 127.0.0.1:1030 ESTABLISHED TCP 127.0.0.1:389 127.0.0.1:1031 ESTABLISHED TCP 127.0.0.1:389 127.0.0.1:1032 ESTABLISHED TCP 127.0.0.1:389 127.0.0.1:3982 ESTABLISHED TCP 127.0.0.1:1030 127.0.0.1:389 ESTABLISHED TCP 127.0.0.1:1031 127.0.0.1:389 ESTABLISHED TCP 127.0.0.1:1032 127.0.0.1:389 ESTABLISHED TCP 127.0.0.1:1388 0.0.0.0:0 LISTENING TCP 127.0.0.1:1940 127.0.0.1:40000 ESTABLISHED TCP 127.0.0.1:2002 127.0.0.1:4401 ESTABLISHED TCP 127.0.0.1:2301 0.0.0.0:0 LISTENING TCP 127.0.0.1:2381 0.0.0.0:0 LISTENING TCP 127.0.0.1:3982 127.0.0.1:389 ESTABLISHED TCP 127.0.0.1:4401 127.0.0.1:2002 ESTABLISHED TCP 127.0.0.1:6999 0.0.0.0:0 LISTENING TCP 127.0.0.1:40000 0.0.0.0:0 LISTENING TCP 127.0.0.1:40000 127.0.0.1:1940 ESTABLISHED

I know all the ports are opened according to the list you have provided but still i would like you to disable the antivirus and the firewall on the windows 2003 server and also if possible please refer to this article as well http://support.microsoft.com/default.aspx/kb/967680/http://technetfaqs.wordpress.com

i tried disabling the antivirus and firewall, but it didn't work. there was no hardware changes, and nothing was add to the server. the refered article isn't helpful, since it refers to a already established connection.thanks for replying

Make sure terminal server service is running.You might also try;PortQryUI - User Interface for the PortQry Command Line Port Scannerhttp://www.microsoft.com/downloads/details.aspx?familyid=8355E537-1EA6-4569-AABB-F248F4BD91D0&displaylang=enPort Reporter (PortRptr.exe)http://www.microsoft.com/downloads/details.aspx?familyid=69BA779B-BAE9-4243-B9D6-63E62B4BCD2E&displaylang=enRegards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows]

terminal server service is running.portqryui============================================= Starting portqry.exe -n 127.0.0.1 -e 3389 -p BOTH ... Querying target system called: 127.0.0.1 Attempting to resolve IP address to a name... IP address resolved to SERVER.certezza.pt querying... TCP port 3389 (ms-wbt-server service): LISTENING UDP port 3389 (unknown service): NOT LISTENINGportqry.exe -n 127.0.0.1 -e 3389 -p BOTH exits with return code 0x00000001.Port Reporter Version 1.01 Log File Process detail log System Date: Thu Jan 28 15:50:49 2010 Local computer name: SERVER Operating System: Windows Server 2003 ====================================================== Log number: 1 Log entry below recorded at: 10/1/28,15:50:57 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:3538 Port Statistics TCP mappings: 4UDP mappings: 0 TCP ports in a TIME WAIT state: 4 = 100.00% Could not access module information for this process ====================================================== Log number: 2 Log entry below recorded at: 10/1/28,15:51:9 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:1962 Port Statistics TCP mappings: 5UDP mappings: 0 TCP ports in a TIME WAIT state: 5 = 100.00% Could not access module information for this process ====================================================== Log number: 3 Log entry below recorded at: 10/1/28,15:51:21 ====================================================== Process ID: 788 (svchost.exe) User context: NT AUTHORITY\NETWORK SERVICE Service Name: RpcSsDisplay Name: Remote Procedure Call (RPC)Service Type: runs in its own process PID Port Local IP State Remote IP:Port788 TCP 135 0.0.0.0 LISTENING 0.0.0.0788 TCP 593 0.0.0.0 LISTENING 0.0.0.0788 TCP 135 10.0.0.1 ESTABLISHED 10.0.0.1:1772 Port Statistics TCP mappings: 3UDP mappings: 0 TCP ports in a LISTENING state: 2 = 66.67%TCP ports in a ESTABLISHED state: 1 = 33.33% Loaded modules:C:\WINDOWS\system32\svchost.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)c:\windows\system32\rpcss.dll (0x7FD80000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)c:\windows\system32\WS2_32.dll (0x71C00000)c:\windows\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\xpsp2res.dll (0x006C0000)C:\WINDOWS\system32\rsaenh.dll (0x68000000)C:\WINDOWS\system32\PSAPI.DLL (0x76B70000)C:\WINDOWS\system32\mswsock.dll (0x71B20000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\NTMARTA.DLL (0x77E00000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\SAMLIB.dll (0x7E020000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000) ====================================================== Log number: 4 Log entry below recorded at: 10/1/28,15:51:21 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:1962 Port Statistics TCP mappings: 8UDP mappings: 0 TCP ports in a TIME WAIT state: 8 = 100.00% Could not access module information for this process ====================================================== Log number: 5 Log entry below recorded at: 10/1/28,15:51:21 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:1962 Port Statistics TCP mappings: 8UDP mappings: 0 TCP ports in a TIME WAIT state: 8 = 100.00% Could not access module information for this process ====================================================== Log number: 6 Log entry below recorded at: 10/1/28,15:51:21 ====================================================== Process ID: 4 (System) System Process PID Port Local IP State Remote IP:Port4 TCP 445 0.0.0.0 LISTENING 0.0.0.04 TCP 1723 0.0.0.0 LISTENING 0.0.0.04 TCP 139 10.0.0.1 LISTENING 0.0.0.04 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.3:35204 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.4:33624 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.5:46224 TCP 445 10.0.0.1 ESTABLISHED 10.0.0.1:17764 TCP 1776 10.0.0.1 ESTABLISHED 10.0.0.1:4454 UDP 445 0.0.0.0 *:*4 UDP 1701 0.0.0.0 *:*4 UDP 137 10.0.0.1 *:*4 UDP 138 10.0.0.1 *:* Port Statistics TCP mappings: 8UDP mappings: 4 TCP ports in a LISTENING state: 3 = 37.50%TCP ports in a ESTABLISHED state: 5 = 62.50% Could not access module information for this process ====================================================== Log number: 7 Log entry below recorded at: 10/1/28,15:51:21 ====================================================== Process ID: 452 (lsass.exe) User context: NT AUTHORITY\SYSTEM Service Name: kdcDisplay Name: Kerberos Key Distribution CenterService Type: shares a process with other services Service Name: NetlogonDisplay Name: Net LogonService Type: shares a process with other services Service Name: PolicyAgentDisplay Name: IPSEC ServicesService Type: shares a process with other services Service Name: ProtectedStorageDisplay Name: Protected Storage Service Name: SamSsDisplay Name: Security Accounts ManagerService Type: shares a process with other services PID Port Local IP State Remote IP:Port452 TCP 88 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 0.0.0.0 LISTENING 0.0.0.0452 TCP 464 0.0.0.0 LISTENING 0.0.0.0452 TCP 636 0.0.0.0 LISTENING 0.0.0.0452 TCP 1025 0.0.0.0 LISTENING 0.0.0.0452 TCP 1027 0.0.0.0 LISTENING 0.0.0.0452 TCP 3268 0.0.0.0 LISTENING 0.0.0.0452 TCP 3269 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:1568452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:4595452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:1773452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:2551452 TCP 1772 10.0.0.1 ESTABLISHED 10.0.0.1:135452 TCP 1773 10.0.0.1 ESTABLISHED 10.0.0.1:1025452 TCP 2551 10.0.0.1 ESTABLISHED 10.0.0.1:1025452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1030452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1031452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1032452 UDP 500 0.0.0.0 *:*452 UDP 4500 0.0.0.0 *:*452 UDP 88 10.0.0.1 *:*452 UDP 389 10.0.0.1 *:*452 UDP 464 10.0.0.1 *:*452 UDP 1412 127.0.0.1 *:* Port Statistics TCP mappings: 18UDP mappings: 6 TCP ports in a LISTENING state: 8 = 44.44%TCP ports in a ESTABLISHED state: 10 = 55.56% Loaded modules:C:\WINDOWS\system32\lsass.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\LSASRV.dll (0x4AB70000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\SAMSRV.dll (0x741D0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000)C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)C:\WINDOWS\system32\SAMLIB.dll (0x7E020000)C:\WINDOWS\system32\MPR.dll (0x71BD0000)C:\WINDOWS\system32\NTDSAPI.dll (0x766F0000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\msprivs.dll (0x74130000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\msv1_0.dll (0x76C90000)C:\WINDOWS\system32\iphlpapi.dll (0x76CF0000)C:\WINDOWS\system32\PSAPI.DLL (0x76B70000)C:\WINDOWS\system32\netlogon.dll (0x74250000)C:\WINDOWS\system32\w32time.dll (0x76710000)C:\WINDOWS\system32\msvcp60.dll (0x009C0000)C:\WINDOWS\system32\USERENV.dll (0x76920000)C:\WINDOWS\system32\AUTHZ.dll (0x76C40000)C:\WINDOWS\system32\schannel.dll (0x76750000)C:\WINDOWS\system32\CRYPT32.dll (0x761B0000)C:\WINDOWS\system32\wdigest.dll (0x74100000)C:\WINDOWS\system32\rsaenh.dll (0x68000000)C:\WINDOWS\system32\NTDSA.dll (0x720E0000)C:\WINDOWS\system32\NTDSATQ.dll (0x71FD0000)C:\WINDOWS\system32\MSWSOCK.dll (0x71B20000)C:\WINDOWS\system32\ESENT.dll (0x4B180000)C:\WINDOWS\system32\setupapi.dll (0x770E0000)C:\WINDOWS\system32\ntdsmsg.dll (0x5F1D0000)C:\WINDOWS\system32\ws03res.dll (0x10000000)C:\WINDOWS\system32\ntdsbsrv.dll (0x76030000)C:\WINDOWS\system32\WSOCK32.dll (0x71BB0000)C:\WINDOWS\system32\VSSAPI.DLL (0x5B890000)C:\WINDOWS\system32\ATL.DLL (0x76A80000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\KDCSVC.dll (0x63A80000)C:\WINDOWS\system32\RASSFM.dll (0x5D9F0000)C:\WINDOWS\system32\scecli.dll (0x760F0000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\pwdssp.dll (0x5DEB0000)C:\WINDOWS\system32\msapsspc.dll (0x71E00000)C:\WINDOWS\system32\MSVCRT40.dll (0x78080000)C:\WINDOWS\system32\NTDSKCC.dll (0x720A0000)C:\WINDOWS\system32\W32TOPL.dll (0x71F30000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000)C:\WINDOWS\system32\security.dll (0x71F60000)C:\WINDOWS\system32\dssenh.dll (0x68100000)C:\WINDOWS\system32\ipsecsvc.dll (0x7FE40000)C:\WINDOWS\system32\oakley.DLL (0x4A630000)C:\WINDOWS\system32\WINIPSEC.DLL (0x740F0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\pstorsvc.dll (0x74120000)C:\WINDOWS\system32\psbase.dll (0x74140000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\xpsp2res.dll (0x066D0000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\es.dll (0x77930000)C:\WINDOWS\system32\MPRAPI.dll (0x76CD0000)C:\WINDOWS\system32\ACTIVEDS.dll (0x76DF0000)C:\WINDOWS\system32\adsldpc.dll (0x76DC0000)C:\WINDOWS\system32\credui.dll (0x76B80000)C:\WINDOWS\system32\rtutils.dll (0x76E30000)C:\WINDOWS\system32\NTMARTA.DLL (0x77E00000)C:\WINDOWS\system32\wlbsctrl.dll (0x58F40000) ====================================================== Log number: 8 Log entry below recorded at: 10/1/28,15:51:22 ====================================================== Process ID: 452 (lsass.exe) User context: NT AUTHORITY\SYSTEM Service Name: kdcDisplay Name: Kerberos Key Distribution CenterService Type: shares a process with other services Service Name: NetlogonDisplay Name: Net LogonService Type: shares a process with other services Service Name: PolicyAgentDisplay Name: IPSEC ServicesService Type: shares a process with other services Service Name: ProtectedStorageDisplay Name: Protected Storage Service Name: SamSsDisplay Name: Security Accounts ManagerService Type: shares a process with other services PID Port Local IP State Remote IP:Port452 TCP 88 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 0.0.0.0 LISTENING 0.0.0.0452 TCP 464 0.0.0.0 LISTENING 0.0.0.0452 TCP 636 0.0.0.0 LISTENING 0.0.0.0452 TCP 1025 0.0.0.0 LISTENING 0.0.0.0452 TCP 1027 0.0.0.0 LISTENING 0.0.0.0452 TCP 3268 0.0.0.0 LISTENING 0.0.0.0452 TCP 3269 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:1568452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:4595452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:1773452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:2551452 TCP 1772 10.0.0.1 ESTABLISHED 10.0.0.1:135452 TCP 1773 10.0.0.1 ESTABLISHED 10.0.0.1:1025452 TCP 2551 10.0.0.1 ESTABLISHED 10.0.0.1:1025452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1030452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1031452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1032452 UDP 500 0.0.0.0 *:*452 UDP 4500 0.0.0.0 *:*452 UDP 88 10.0.0.1 *:*452 UDP 389 10.0.0.1 *:*452 UDP 464 10.0.0.1 *:*452 UDP 1412 127.0.0.1 *:* Port Statistics TCP mappings: 18UDP mappings: 6 TCP ports in a LISTENING state: 8 = 44.44%TCP ports in a ESTABLISHED state: 10 = 55.56% Loaded modules:C:\WINDOWS\system32\lsass.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\LSASRV.dll (0x4AB70000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\SAMSRV.dll (0x741D0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000)C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)C:\WINDOWS\system32\SAMLIB.dll (0x7E020000)C:\WINDOWS\system32\MPR.dll (0x71BD0000)C:\WINDOWS\system32\NTDSAPI.dll (0x766F0000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\msprivs.dll (0x74130000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\msv1_0.dll (0x76C90000)C:\WINDOWS\system32\iphlpapi.dll (0x76CF0000)C:\WINDOWS\system32\PSAPI.DLL (0x76B70000)C:\WINDOWS\system32\netlogon.dll (0x74250000)C:\WINDOWS\system32\w32time.dll (0x76710000)C:\WINDOWS\system32\msvcp60.dll (0x009C0000)C:\WINDOWS\system32\USERENV.dll (0x76920000)C:\WINDOWS\system32\AUTHZ.dll (0x76C40000)C:\WINDOWS\system32\schannel.dll (0x76750000)C:\WINDOWS\system32\CRYPT32.dll (0x761B0000)C:\WINDOWS\system32\wdigest.dll (0x74100000)C:\WINDOWS\system32\rsaenh.dll (0x68000000)C:\WINDOWS\system32\NTDSA.dll (0x720E0000)C:\WINDOWS\system32\NTDSATQ.dll (0x71FD0000)C:\WINDOWS\system32\MSWSOCK.dll (0x71B20000)C:\WINDOWS\system32\ESENT.dll (0x4B180000)C:\WINDOWS\system32\setupapi.dll (0x770E0000)C:\WINDOWS\system32\ntdsmsg.dll (0x5F1D0000)C:\WINDOWS\system32\ws03res.dll (0x10000000)C:\WINDOWS\system32\ntdsbsrv.dll (0x76030000)C:\WINDOWS\system32\WSOCK32.dll (0x71BB0000)C:\WINDOWS\system32\VSSAPI.DLL (0x5B890000)C:\WINDOWS\system32\ATL.DLL (0x76A80000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\KDCSVC.dll (0x63A80000)C:\WINDOWS\system32\RASSFM.dll (0x5D9F0000)C:\WINDOWS\system32\scecli.dll (0x760F0000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\pwdssp.dll (0x5DEB0000)C:\WINDOWS\system32\msapsspc.dll (0x71E00000)C:\WINDOWS\system32\MSVCRT40.dll (0x78080000)C:\WINDOWS\system32\NTDSKCC.dll (0x720A0000)C:\WINDOWS\system32\W32TOPL.dll (0x71F30000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000)C:\WINDOWS\system32\security.dll (0x71F60000)C:\WINDOWS\system32\dssenh.dll (0x68100000)C:\WINDOWS\system32\ipsecsvc.dll (0x7FE40000)C:\WINDOWS\system32\oakley.DLL (0x4A630000)C:\WINDOWS\system32\WINIPSEC.DLL (0x740F0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\pstorsvc.dll (0x74120000)C:\WINDOWS\system32\psbase.dll (0x74140000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\xpsp2res.dll (0x066D0000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\es.dll (0x77930000)C:\WINDOWS\system32\MPRAPI.dll (0x76CD0000)C:\WINDOWS\system32\ACTIVEDS.dll (0x76DF0000)C:\WINDOWS\system32\adsldpc.dll (0x76DC0000)C:\WINDOWS\system32\credui.dll (0x76B80000)C:\WINDOWS\system32\rtutils.dll (0x76E30000)C:\WINDOWS\system32\NTMARTA.DLL (0x77E00000)C:\WINDOWS\system32\wlbsctrl.dll (0x58F40000) ====================================================== Log number: 9 Log entry below recorded at: 10/1/28,15:51:22 ====================================================== Process ID: 452 (lsass.exe) User context: NT AUTHORITY\SYSTEM Service Name: kdcDisplay Name: Kerberos Key Distribution CenterService Type: shares a process with other services Service Name: NetlogonDisplay Name: Net LogonService Type: shares a process with other services Service Name: PolicyAgentDisplay Name: IPSEC ServicesService Type: shares a process with other services Service Name: ProtectedStorageDisplay Name: Protected Storage Service Name: SamSsDisplay Name: Security Accounts ManagerService Type: shares a process with other services PID Port Local IP State Remote IP:Port452 TCP 88 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 0.0.0.0 LISTENING 0.0.0.0452 TCP 464 0.0.0.0 LISTENING 0.0.0.0452 TCP 636 0.0.0.0 LISTENING 0.0.0.0452 TCP 1025 0.0.0.0 LISTENING 0.0.0.0452 TCP 1027 0.0.0.0 LISTENING 0.0.0.0452 TCP 3268 0.0.0.0 LISTENING 0.0.0.0452 TCP 3269 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:1568452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:4595452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:1773452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:2551452 TCP 1772 10.0.0.1 ESTABLISHED 10.0.0.1:135452 TCP 1773 10.0.0.1 ESTABLISHED 10.0.0.1:1025452 TCP 2551 10.0.0.1 ESTABLISHED 10.0.0.1:1025452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1030452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1031452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1032452 UDP 500 0.0.0.0 *:*452 UDP 4500 0.0.0.0 *:*452 UDP 88 10.0.0.1 *:*452 UDP 389 10.0.0.1 *:*452 UDP 464 10.0.0.1 *:*452 UDP 1412 127.0.0.1 *:* Port Statistics TCP mappings: 18UDP mappings: 6 TCP ports in a LISTENING state: 8 = 44.44%TCP ports in a ESTABLISHED state: 10 = 55.56% Loaded modules:C:\WINDOWS\system32\lsass.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\LSASRV.dll (0x4AB70000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\SAMSRV.dll (0x741D0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000)C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)C:\WINDOWS\system32\SAMLIB.dll (0x7E020000)C:\WINDOWS\system32\MPR.dll (0x71BD0000)C:\WINDOWS\system32\NTDSAPI.dll (0x766F0000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\msprivs.dll (0x74130000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\msv1_0.dll (0x76C90000)C:\WINDOWS\system32\iphlpapi.dll (0x76CF0000)C:\WINDOWS\system32\PSAPI.DLL (0x76B70000)C:\WINDOWS\system32\netlogon.dll (0x74250000)C:\WINDOWS\system32\w32time.dll (0x76710000)C:\WINDOWS\system32\msvcp60.dll (0x009C0000)C:\WINDOWS\system32\USERENV.dll (0x76920000)C:\WINDOWS\system32\AUTHZ.dll (0x76C40000)C:\WINDOWS\system32\schannel.dll (0x76750000)C:\WINDOWS\system32\CRYPT32.dll (0x761B0000)C:\WINDOWS\system32\wdigest.dll (0x74100000)C:\WINDOWS\system32\rsaenh.dll (0x68000000)C:\WINDOWS\system32\NTDSA.dll (0x720E0000)C:\WINDOWS\system32\NTDSATQ.dll (0x71FD0000)C:\WINDOWS\system32\MSWSOCK.dll (0x71B20000)C:\WINDOWS\system32\ESENT.dll (0x4B180000)C:\WINDOWS\system32\setupapi.dll (0x770E0000)C:\WINDOWS\system32\ntdsmsg.dll (0x5F1D0000)C:\WINDOWS\system32\ws03res.dll (0x10000000)C:\WINDOWS\system32\ntdsbsrv.dll (0x76030000)C:\WINDOWS\system32\WSOCK32.dll (0x71BB0000)C:\WINDOWS\system32\VSSAPI.DLL (0x5B890000)C:\WINDOWS\system32\ATL.DLL (0x76A80000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\KDCSVC.dll (0x63A80000)C:\WINDOWS\system32\RASSFM.dll (0x5D9F0000)C:\WINDOWS\system32\scecli.dll (0x760F0000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\pwdssp.dll (0x5DEB0000)C:\WINDOWS\system32\msapsspc.dll (0x71E00000)C:\WINDOWS\system32\MSVCRT40.dll (0x78080000)C:\WINDOWS\system32\NTDSKCC.dll (0x720A0000)C:\WINDOWS\system32\W32TOPL.dll (0x71F30000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000)C:\WINDOWS\system32\security.dll (0x71F60000)C:\WINDOWS\system32\dssenh.dll (0x68100000)C:\WINDOWS\system32\ipsecsvc.dll (0x7FE40000)C:\WINDOWS\system32\oakley.DLL (0x4A630000)C:\WINDOWS\system32\WINIPSEC.DLL (0x740F0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\pstorsvc.dll (0x74120000)C:\WINDOWS\system32\psbase.dll (0x74140000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\xpsp2res.dll (0x066D0000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\es.dll (0x77930000)C:\WINDOWS\system32\MPRAPI.dll (0x76CD0000)C:\WINDOWS\system32\ACTIVEDS.dll (0x76DF0000)C:\WINDOWS\system32\adsldpc.dll (0x76DC0000)C:\WINDOWS\system32\credui.dll (0x76B80000)C:\WINDOWS\system32\rtutils.dll (0x76E30000)C:\WINDOWS\system32\NTMARTA.DLL (0x77E00000)C:\WINDOWS\system32\wlbsctrl.dll (0x58F40000) ====================================================== Log number: 10 Log entry below recorded at: 10/1/28,15:51:22 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:1962 Port Statistics TCP mappings: 8UDP mappings: 0 TCP ports in a TIME WAIT state: 8 = 100.00% Could not access module information for this process ====================================================== Log number: 11 Log entry below recorded at: 10/1/28,15:51:22 ====================================================== Process ID: 4 (System) System Process PID Port Local IP State Remote IP:Port4 TCP 445 0.0.0.0 LISTENING 0.0.0.04 TCP 1723 0.0.0.0 LISTENING 0.0.0.04 TCP 139 10.0.0.1 LISTENING 0.0.0.04 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.3:35204 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.4:33624 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.5:46224 TCP 445 10.0.0.1 ESTABLISHED 10.0.0.1:17764 TCP 1776 10.0.0.1 ESTABLISHED 10.0.0.1:4454 UDP 445 0.0.0.0 *:*4 UDP 1701 0.0.0.0 *:*4 UDP 137 10.0.0.1 *:*4 UDP 138 10.0.0.1 *:* Port Statistics TCP mappings: 8UDP mappings: 4 TCP ports in a LISTENING state: 3 = 37.50%TCP ports in a ESTABLISHED state: 5 = 62.50% Could not access module information for this process ====================================================== Log number: 12 Log entry below recorded at: 10/1/28,15:51:27 ====================================================== Process ID: 2348 (spools12.exe) User context: NT AUTHORITY\SYSTEM Service Name: SkServerDisplay Name: Snake SockProxy ServiceService Type: runs in its own process PID Port Local IP State Remote IP:Port2348 TCP 3389 0.0.0.0 LISTENING 0.0.0.02348 TCP 3389 10.0.0.1 FIN WAIT-2 85.245.235.48:4680 Port Statistics TCP mappings: 2UDP mappings: 0 TCP ports in a LISTENING state: 1 = 50.00%TCP ports in a FIN WAIT-2 state: 1 = 50.00% Loaded modules:C:\Documents and Settings\Administrator\spools12.exe (0x00400000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\user32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\MFC42.DLL (0x73EB0000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\WININET.dll (0x403F0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\Normaliz.dll (0x00630000)C:\WINDOWS\system32\urlmon.dll (0x6F350000)C:\WINDOWS\system32\iertutil.dll (0x40A90000)C:\WINDOWS\system32\WSOCK32.dll (0x71BB0000)C:\WINDOWS\system32\ODBC32.dll (0x48890000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll (0x77530000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\system32\comdlg32.dll (0x762B0000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\odbcint.dll (0x00A40000)C:\WINDOWS\system32\mswsock.dll (0x71B20000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000) ====================================================== Log number: 13 Log entry below recorded at: 10/1/28,15:51:27 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1811 Port Statistics TCP mappings: 11UDP mappings: 0 TCP ports in a TIME WAIT state: 11 = 100.00% Could not access module information for this process ====================================================== Log number: 14 Log entry below recorded at: 10/1/28,15:51:27 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1811 Port Statistics TCP mappings: 11UDP mappings: 0 TCP ports in a TIME WAIT state: 11 = 100.00% Could not access module information for this process ====================================================== Log number: 15 Log entry below recorded at: 10/1/28,15:51:27 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1811 Port Statistics TCP mappings: 11UDP mappings: 0 TCP ports in a TIME WAIT state: 11 = 100.00% Could not access module information for this process ====================================================== Log number: 16 Log entry below recorded at: 10/1/28,15:51:28 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1816 Port Statistics TCP mappings: 12UDP mappings: 0 TCP ports in a TIME WAIT state: 12 = 100.00% Could not access module information for this process ====================================================== Log number: 17 Log entry below recorded at: 10/1/28,15:51:28 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17570 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:34990 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35040 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1817 Port Statistics TCP mappings: 13UDP mappings: 0 TCP ports in a TIME WAIT state: 13 = 100.00% Could not access module information for this process ====================================================== Log number: 18 Log entry below recorded at: 10/1/28,15:51:34 ====================================================== Process ID: 1780 (mstsc.exe) User context: CERTEZZA\Administrator Process doesn't appear to be a service PID Port Local IP State Remote IP:Port1780 TCP 1779 10.0.0.1 CLOSE WAIT 10.0.0.1:3389 Port Statistics TCP mappings: 1UDP mappings: 0 TCP ports in a CLOSE WAIT state: 1 = 100.00% Loaded modules:C:\WINDOWS\system32\mstsc.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\COMCTL32.dll (0x77420000)C:\WINDOWS\system32\WSOCK32.dll (0x71BB0000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\comdlg32.dll (0x762B0000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\MSCTF.dll (0x4B3C0000)C:\WINDOWS\system32\ws03res.dll (0x10000000)C:\WINDOWS\system32\apphelp.dll (0x75E60000)C:\WINDOWS\system32\msctfime.ime (0x4DC30000)C:\WINDOWS\system32\mstscax.dll (0x4B690000)C:\WINDOWS\system32\WINSPOOL.DRV (0x73070000)C:\WINDOWS\system32\CRYPT32.dll (0x761B0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000)C:\WINDOWS\system32\WINMM.dll (0x76AA0000)C:\WINDOWS\system32\UxTheme.dll (0x71B70000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\browseui.dll (0x75EB0000)C:\WINDOWS\System32\mswsock.dll (0x71B20000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000) ====================================================== Log number: 19 Log entry below recorded at: 10/1/28,15:51:34 ====================================================== Process ID: 2348 (spools12.exe) User context: NT AUTHORITY\SYSTEM Service Name: SkServerDisplay Name: Snake SockProxy ServiceService Type: runs in its own process PID Port Local IP State Remote IP:Port2348 TCP 3389 0.0.0.0 LISTENING 0.0.0.02348 TCP 3389 10.0.0.1 FIN WAIT-2 10.0.0.1:17792348 TCP 3389 10.0.0.1 FIN WAIT-2 85.245.235.48:4680 Port Statistics TCP mappings: 3UDP mappings: 0 TCP ports in a LISTENING state: 1 = 33.33%TCP ports in a FIN WAIT-2 state: 2 = 66.67% Loaded modules:C:\Documents and Settings\Administrator\spools12.exe (0x00400000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\user32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\MFC42.DLL (0x73EB0000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\WININET.dll (0x403F0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\Normaliz.dll (0x00630000)C:\WINDOWS\system32\urlmon.dll (0x6F350000)C:\WINDOWS\system32\iertutil.dll (0x40A90000)C:\WINDOWS\system32\WSOCK32.dll (0x71BB0000)C:\WINDOWS\system32\ODBC32.dll (0x48890000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78FCF8D0\COMCTL32.dll (0x77530000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\system32\comdlg32.dll (0x762B0000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\odbcint.dll (0x00A40000)C:\WINDOWS\system32\mswsock.dll (0x71B20000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000) ====================================================== Log number: 20 Log entry below recorded at: 10/1/28,15:51:44 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 13UDP mappings: 0 TCP ports in a TIME WAIT state: 13 = 100.00% Could not access module information for this process ====================================================== Log number: 21 Log entry below recorded at: 10/1/28,15:52:24 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 18UDP mappings: 0 TCP ports in a TIME WAIT state: 18 = 100.00% Could not access module information for this process ====================================================== Log number: 22 Log entry below recorded at: 10/1/28,15:52:24 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 18UDP mappings: 0 TCP ports in a TIME WAIT state: 18 = 100.00% Could not access module information for this process ====================================================== Log number: 23 Log entry below recorded at: 10/1/28,15:52:24 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 18UDP mappings: 0 TCP ports in a TIME WAIT state: 18 = 100.00% Could not access module information for this process ====================================================== Log number: 24 Log entry below recorded at: 10/1/28,15:52:24 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service.

PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 18UDP mappings: 0 TCP ports in a TIME WAIT state: 18 = 100.00% Could not access module information for this process ====================================================== Log number: 25 Log entry below recorded at: 10/1/28,15:52:24 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 18UDP mappings: 0 TCP ports in a TIME WAIT state: 18 = 100.00% Could not access module information for this process ====================================================== Log number: 26 Log entry below recorded at: 10/1/28,15:52:25 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 25UDP mappings: 0 TCP ports in a TIME WAIT state: 25 = 100.00% Could not access module information for this process ====================================================== Log number: 27 Log entry below recorded at: 10/1/28,15:52:25 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 25UDP mappings: 0 TCP ports in a TIME WAIT state: 25 = 100.00% Could not access module information for this process ====================================================== Log number: 28 Log entry below recorded at: 10/1/28,15:52:25 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 25UDP mappings: 0 TCP ports in a TIME WAIT state: 25 = 100.00% Could not access module information for this process ====================================================== Log number: 29 Log entry below recorded at: 10/1/28,15:52:25 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 25UDP mappings: 0 TCP ports in a TIME WAIT state: 25 = 100.00% Could not access module information for this process ====================================================== Log number: 30 Log entry below recorded at: 10/1/28,15:52:25 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 25UDP mappings: 0 TCP ports in a TIME WAIT state: 25 = 100.00% Could not access module information for this process ====================================================== Log number: 31 Log entry below recorded at: 10/1/28,15:52:25 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 25UDP mappings: 0 TCP ports in a TIME WAIT state: 25 = 100.00% Could not access module information for this process ====================================================== Log number: 32 Log entry below recorded at: 10/1/28,15:52:25 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 25UDP mappings: 0 TCP ports in a TIME WAIT state: 25 = 100.00% Could not access module information for this process ====================================================== Log number: 33 Log entry below recorded at: 10/1/28,15:52:26 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1772 10.0.0.1 TIME WAIT 10.0.0.1:1350 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35880 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35900 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35910 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 30UDP mappings: 0 TCP ports in a TIME WAIT state: 30 = 100.00% Could not access module information for this process ====================================================== Log number: 34 Log entry below recorded at: 10/1/28,15:52:26 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1772 10.0.0.1 TIME WAIT 10.0.0.1:1350 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35880 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35900 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35910 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 30UDP mappings: 0 TCP ports in a TIME WAIT state: 30 = 100.00% Could not access module information for this process ====================================================== Log number: 35 Log entry below recorded at: 10/1/28,15:52:26 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1772 10.0.0.1 TIME WAIT 10.0.0.1:1350 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35880 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35900 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35910 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 30UDP mappings: 0 TCP ports in a TIME WAIT state: 30 = 100.00% Could not access module information for this process ====================================================== Log number: 36 Log entry below recorded at: 10/1/28,15:52:26 ====================================================== Process ID: 0 (System Idle) System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1772 10.0.0.1 TIME WAIT 10.0.0.1:1350 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35880 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35900 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35910 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 30UDP mappings: 0 TCP ports in a TIME WAIT state: 30 = 100.00% Could not access module information for this process ====================================================== Log number: 37 Log entry below recorded at: 10/1/28,15:52:27 ====================================================== Process ID: 0 (System Idle)

System Idle Process Note: Ports that are still active but no longer have an associated PID are reported as belonging to the System Idle Process by the Port Reporter service. PID Port Local IP State Remote IP:Port0 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17740 TCP 389 10.0.0.1 TIME WAIT 10.0.0.1:17750 TCP 1772 10.0.0.1 TIME WAIT 10.0.0.1:1350 TCP 1775 10.0.0.1 TIME WAIT 10.0.0.1:3890 TCP 1776 10.0.0.1 TIME WAIT 10.0.0.1:4450 TCP 3389 10.0.0.1 TIME WAIT 85.245.235.48:46800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35380 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35760 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35770 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35780 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35790 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35800 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35810 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35820 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35830 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35840 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35850 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35860 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35870 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35880 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35890 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35900 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35910 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.3:35920 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.5:19620 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18090 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18100 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18110 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18160 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:18170 TCP 8059 10.0.0.1 TIME WAIT 10.0.0.6:1826 Port Statistics TCP mappings: 31UDP mappings: 0 TCP ports in a TIME WAIT state: 31 = 100.00% Could not access module information for this process ====================================================== Log number: 38 Log entry below recorded at: 10/1/28,15:52:35 ====================================================== Process ID: 4 (System) System Process PID Port Local IP State Remote IP:Port4 TCP 445 0.0.0.0 LISTENING 0.0.0.04 TCP 1723 0.0.0.0 LISTENING 0.0.0.04 TCP 139 10.0.0.1 LISTENING 0.0.0.04 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.3:35204 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.4:33624 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.5:46224 TCP 445 10.0.0.1 ESTABLISHED 10.0.0.4:35314 UDP 445 0.0.0.0 *:*4 UDP 1701 0.0.0.0 *:*4 UDP 137 10.0.0.1 *:*4 UDP 138 10.0.0.1 *:* Port Statistics TCP mappings: 7UDP mappings: 4 TCP ports in a LISTENING state: 3 = 42.86%TCP ports in a ESTABLISHED state: 4 = 57.14% Could not access module information for this process ====================================================== Log number: 39 Log entry below recorded at: 10/1/28,15:52:36 ====================================================== Process ID: 788 (svchost.exe) User context: NT AUTHORITY\NETWORK SERVICE Service Name: RpcSsDisplay Name: Remote Procedure Call (RPC)Service Type: runs in its own process PID Port Local IP State Remote IP:Port788 TCP 135 0.0.0.0 LISTENING 0.0.0.0788 TCP 593 0.0.0.0 LISTENING 0.0.0.0788 TCP 135 10.0.0.1 ESTABLISHED 10.0.0.1:1790 Port Statistics TCP mappings: 3UDP mappings: 0 TCP ports in a LISTENING state: 2 = 66.67%TCP ports in a ESTABLISHED state: 1 = 33.33% Loaded modules:C:\WINDOWS\system32\svchost.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)c:\windows\system32\rpcss.dll (0x7FD80000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)c:\windows\system32\WS2_32.dll (0x71C00000)c:\windows\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\xpsp2res.dll (0x006C0000)C:\WINDOWS\system32\rsaenh.dll (0x68000000)C:\WINDOWS\system32\PSAPI.DLL (0x76B70000)C:\WINDOWS\system32\mswsock.dll (0x71B20000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\NTMARTA.DLL (0x77E00000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\SAMLIB.dll (0x7E020000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000) ====================================================== Log number: 40 Log entry below recorded at: 10/1/28,15:52:36 ====================================================== Process ID: 452 (lsass.exe) User context: NT AUTHORITY\SYSTEM Service Name: kdcDisplay Name: Kerberos Key Distribution CenterService Type: shares a process with other services Service Name: NetlogonDisplay Name: Net LogonService Type: shares a process with other services Service Name: PolicyAgentDisplay Name: IPSEC ServicesService Type: shares a process with other services Service Name: ProtectedStorageDisplay Name: Protected Storage Service Name: SamSsDisplay Name: Security Accounts ManagerService Type: shares a process with other services PID Port Local IP State Remote IP:Port452 TCP 88 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 0.0.0.0 LISTENING 0.0.0.0452 TCP 464 0.0.0.0 LISTENING 0.0.0.0452 TCP 636 0.0.0.0 LISTENING 0.0.0.0452 TCP 1025 0.0.0.0 LISTENING 0.0.0.0452 TCP 1027 0.0.0.0 LISTENING 0.0.0.0452 TCP 3268 0.0.0.0 LISTENING 0.0.0.0452 TCP 3269 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:1568452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:4595452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:1773452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:1791452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:2551452 TCP 1773 10.0.0.1 ESTABLISHED 10.0.0.1:1025452 TCP 2551 10.0.0.1 ESTABLISHED 10.0.0.1:1025452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1030452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1031452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1032452 UDP 500 0.0.0.0 *:*452 UDP 4500 0.0.0.0 *:*452 UDP 88 10.0.0.1 *:*452 UDP 389 10.0.0.1 *:*452 UDP 464 10.0.0.1 *:*452 UDP 1412 127.0.0.1 *:* Port Statistics TCP mappings: 18UDP mappings: 6 TCP ports in a LISTENING state: 8 = 44.44%TCP ports in a ESTABLISHED state: 10 = 55.56% Loaded modules:C:\WINDOWS\system32\lsass.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\LSASRV.dll (0x4AB70000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\SAMSRV.dll (0x741D0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000)C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)C:\WINDOWS\system32\SAMLIB.dll (0x7E020000)C:\WINDOWS\system32\MPR.dll (0x71BD0000)C:\WINDOWS\system32\NTDSAPI.dll (0x766F0000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\msprivs.dll (0x74130000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\msv1_0.dll (0x76C90000)C:\WINDOWS\system32\iphlpapi.dll (0x76CF0000)C:\WINDOWS\system32\PSAPI.DLL (0x76B70000)C:\WINDOWS\system32\netlogon.dll (0x74250000)C:\WINDOWS\system32\w32time.dll (0x76710000)C:\WINDOWS\system32\msvcp60.dll (0x009C0000)C:\WINDOWS\system32\USERENV.dll (0x76920000)C:\WINDOWS\system32\AUTHZ.dll (0x76C40000)C:\WINDOWS\system32\schannel.dll (0x76750000)C:\WINDOWS\system32\CRYPT32.dll (0x761B0000)C:\WINDOWS\system32\wdigest.dll (0x74100000)C:\WINDOWS\system32\rsaenh.dll (0x68000000)C:\WINDOWS\system32\NTDSA.dll (0x720E0000)C:\WINDOWS\system32\NTDSATQ.dll (0x71FD0000)C:\WINDOWS\system32\MSWSOCK.dll (0x71B20000)C:\WINDOWS\system32\ESENT.dll (0x4B180000)C:\WINDOWS\system32\setupapi.dll (0x770E0000)C:\WINDOWS\system32\ntdsmsg.dll (0x5F1D0000)C:\WINDOWS\system32\ws03res.dll (0x10000000)C:\WINDOWS\system32\ntdsbsrv.dll (0x76030000)C:\WINDOWS\system32\WSOCK32.dll (0x71BB0000)C:\WINDOWS\system32\VSSAPI.DLL (0x5B890000)C:\WINDOWS\system32\ATL.DLL (0x76A80000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\KDCSVC.dll (0x63A80000)C:\WINDOWS\system32\RASSFM.dll (0x5D9F0000)C:\WINDOWS\system32\scecli.dll (0x760F0000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\pwdssp.dll (0x5DEB0000)C:\WINDOWS\system32\msapsspc.dll (0x71E00000)C:\WINDOWS\system32\MSVCRT40.dll (0x78080000)C:\WINDOWS\system32\NTDSKCC.dll (0x720A0000)C:\WINDOWS\system32\W32TOPL.dll (0x71F30000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000)C:\WINDOWS\system32\security.dll (0x71F60000)C:\WINDOWS\system32\dssenh.dll (0x68100000)C:\WINDOWS\system32\ipsecsvc.dll (0x7FE40000)C:\WINDOWS\system32\oakley.DLL (0x4A630000)C:\WINDOWS\system32\WINIPSEC.DLL (0x740F0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\pstorsvc.dll (0x74120000)C:\WINDOWS\system32\psbase.dll (0x74140000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\xpsp2res.dll (0x066D0000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\es.dll (0x77930000)C:\WINDOWS\system32\MPRAPI.dll (0x76CD0000)C:\WINDOWS\system32\ACTIVEDS.dll (0x76DF0000)C:\WINDOWS\system32\adsldpc.dll (0x76DC0000)C:\WINDOWS\system32\credui.dll (0x76B80000)C:\WINDOWS\system32\rtutils.dll (0x76E30000)C:\WINDOWS\system32\NTMARTA.DLL (0x77E00000)C:\WINDOWS\system32\wlbsctrl.dll (0x58F40000) ====================================================== Log number: 41 Log entry below recorded at: 10/1/28,15:52:36 ====================================================== Process ID: 1616 (Dfssvc.exe) User context: NT AUTHORITY\SYSTEM Service Name: DfsDisplay Name: Distributed File SystemService Type: runs in its own process PID Port Local IP State Remote IP:Port1616 TCP 1790 10.0.0.1 ESTABLISHED 10.0.0.1:1351616 TCP 1791 10.0.0.1 ESTABLISHED 10.0.0.1:10251616 UDP 1216 127.0.0.1 *:* Port Statistics TCP mappings: 2UDP mappings: 1 TCP ports in a ESTABLISHED state: 2 = 100.00% Loaded modules:C:\WINDOWS\system32\Dfssvc.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)C:\WINDOWS\system32\ACTIVEDS.dll (0x76DF0000)C:\WINDOWS\system32\adsldpc.dll (0x76DC0000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\credui.dll (0x76B80000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\ATL.DLL (0x76A80000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\CLUSAPI.dll (0x74DE0000)C:\WINDOWS\system32\NTDSAPI.dll (0x766F0000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\RESUTILS.dll (0x74EF0000)C:\WINDOWS\system32\USERENV.dll (0x76920000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\mswsock.dll (0x71B20000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\adsldp.dll (0x712D0000)C:\WINDOWS\system32\SXS.DLL (0x75DA0000) ====================================================== Log number: 42 Log entry below recorded at: 10/1/28,15:52:36 ====================================================== Process ID: 1616 (Dfssvc.exe) User context: NT AUTHORITY\SYSTEM Service Name: DfsDisplay Name: Distributed File SystemService Type: runs in its own process PID Port Local IP State Remote IP:Port1616 TCP 1790 10.0.0.1 ESTABLISHED 10.0.0.1:1351616 TCP 1791 10.0.0.1 ESTABLISHED 10.0.0.1:10251616 UDP 1216 127.0.0.1 *:* Port Statistics TCP mappings: 2UDP mappings: 1 TCP ports in a ESTABLISHED state: 2 = 100.00% Loaded modules:C:\WINDOWS\system32\Dfssvc.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)C:\WINDOWS\system32\ACTIVEDS.dll (0x76DF0000)C:\WINDOWS\system32\adsldpc.dll (0x76DC0000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\credui.dll (0x76B80000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\ATL.DLL (0x76A80000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\CLUSAPI.dll (0x74DE0000)C:\WINDOWS\system32\NTDSAPI.dll (0x766F0000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\RESUTILS.dll (0x74EF0000)C:\WINDOWS\system32\USERENV.dll (0x76920000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\mswsock.dll (0x71B20000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\adsldp.dll (0x712D0000)C:\WINDOWS\system32\SXS.DLL (0x75DA0000) ====================================================== Log number: 43 Log entry below recorded at: 10/1/28,15:52:47 ====================================================== Process ID: 4 (System) System Process PID Port Local IP State Remote IP:Port4 TCP 445 0.0.0.0 LISTENING 0.0.0.04 TCP 1723 0.0.0.0 LISTENING 0.0.0.04 TCP 139 10.0.0.1 LISTENING 0.0.0.04 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.3:35204 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.4:33624 TCP 139 10.0.0.1 ESTABLISHED 10.0.0.5:46224 TCP 445 10.0.0.1 ESTABLISHED 10.0.0.3:36024 UDP 445 0.0.0.0 *:*4 UDP 1701 0.0.0.0 *:*4 UDP 137 10.0.0.1 *:*4 UDP 138 10.0.0.1 *:* Port Statistics TCP mappings: 7UDP mappings: 4 TCP ports in a LISTENING state: 3 = 42.86%TCP ports in a ESTABLISHED state: 4 = 57.14% Could not access module information for this process ====================================================== Log number: 44 Log entry below recorded at: 10/1/28,15:53:23 ====================================================== Process ID: 452 (lsass.exe) User context: NT AUTHORITY\SYSTEM Service Name: kdcDisplay Name: Kerberos Key Distribution CenterService Type: shares a process with other services Service Name: NetlogonDisplay Name: Net LogonService Type: shares a process with other services Service Name: PolicyAgentDisplay Name: IPSEC ServicesService Type: shares a process with other services Service Name: ProtectedStorageDisplay Name: Protected Storage Service Name: SamSsDisplay Name: Security Accounts ManagerService Type: shares a process with other services PID Port Local IP State Remote IP:Port452 TCP 88 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 0.0.0.0 LISTENING 0.0.0.0452 TCP 464 0.0.0.0 LISTENING 0.0.0.0452 TCP 636 0.0.0.0 LISTENING 0.0.0.0452 TCP 1025 0.0.0.0 LISTENING 0.0.0.0452 TCP 1027 0.0.0.0 LISTENING 0.0.0.0452 TCP 3268 0.0.0.0 LISTENING 0.0.0.0452 TCP 3269 0.0.0.0 LISTENING 0.0.0.0452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:1568452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:1798452 TCP 389 10.0.0.1 ESTABLISHED 10.0.0.1:4595452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:1791452 TCP 1025 10.0.0.1 ESTABLISHED 10.0.0.1:2551452 TCP 2551 10.0.0.1 ESTABLISHED 10.0.0.1:1025452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1030452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1031452 TCP 389 127.0.0.1 ESTABLISHED 127.0.0.1:1032452 UDP 500 0.0.0.0 *:*452 UDP 4500 0.0.0.0 *:*452 UDP 88 10.0.0.1 *:*452 UDP 389 10.0.0.1 *:*452 UDP 464 10.0.0.1 *:*452 UDP 1412 127.0.0.1 *:* Port Statistics TCP mappings: 17UDP mappings: 6 TCP ports in a LISTENING state: 8 = 47.06%TCP ports in a ESTABLISHED state: 9 = 52.94% Loaded modules:C:\WINDOWS\system32\lsass.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\LSASRV.dll (0x4AB70000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\SAMSRV.dll (0x741D0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000)C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)C:\WINDOWS\system32\SAMLIB.dll (0x7E020000)C:\WINDOWS\system32\MPR.dll (0x71BD0000)C:\WINDOWS\system32\NTDSAPI.dll (0x766F0000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\system32\msprivs.dll (0x74130000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\msv1_0.dll (0x76C90000)C:\WINDOWS\system32\iphlpapi.dll (0x76CF0000)C:\WINDOWS\system32\PSAPI.DLL (0x76B70000)C:\WINDOWS\system32\netlogon.dll (0x74250000)C:\WINDOWS\system32\w32time.dll (0x76710000)C:\WINDOWS\system32\msvcp60.dll (0x009C0000)C:\WINDOWS\system32\USERENV.dll (0x76920000)C:\WINDOWS\system32\AUTHZ.dll (0x76C40000)C:\WINDOWS\system32\schannel.dll (0x76750000)C:\WINDOWS\system32\CRYPT32.dll (0x761B0000)C:\WINDOWS\system32\wdigest.dll (0x74100000)C:\WINDOWS\system32\rsaenh.dll (0x68000000)C:\WINDOWS\system32\NTDSA.dll (0x720E0000)C:\WINDOWS\system32\NTDSATQ.dll (0x71FD0000)C:\WINDOWS\system32\MSWSOCK.dll (0x71B20000)C:\WINDOWS\system32\ESENT.dll (0x4B180000)C:\WINDOWS\system32\setupapi.dll (0x770E0000)C:\WINDOWS\system32\ntdsmsg.dll (0x5F1D0000)C:\WINDOWS\system32\ws03res.dll (0x10000000)C:\WINDOWS\system32\ntdsbsrv.dll (0x76030000)C:\WINDOWS\system32\WSOCK32.dll (0x71BB0000)C:\WINDOWS\system32\VSSAPI.DLL (0x5B890000)C:\WINDOWS\system32\ATL.DLL (0x76A80000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\KDCSVC.dll (0x63A80000)C:\WINDOWS\system32\RASSFM.dll (0x5D9F0000)C:\WINDOWS\system32\scecli.dll (0x760F0000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\system32\pwdssp.dll (0x5DEB0000)C:\WINDOWS\system32\msapsspc.dll (0x71E00000)C:\WINDOWS\system32\MSVCRT40.dll (0x78080000)C:\WINDOWS\system32\NTDSKCC.dll (0x720A0000)C:\WINDOWS\system32\W32TOPL.dll (0x71F30000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000)C:\WINDOWS\system32\security.dll (0x71F60000)C:\WINDOWS\system32\dssenh.dll (0x68100000)C:\WINDOWS\system32\ipsecsvc.dll (0x7FE40000)C:\WINDOWS\system32\oakley.DLL (0x4A630000)C:\WINDOWS\system32\WINIPSEC.DLL (0x740F0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\pstorsvc.dll (0x74120000)C:\WINDOWS\system32\psbase.dll (0x74140000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\xpsp2res.dll (0x066D0000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\es.dll (0x77930000)C:\WINDOWS\system32\MPRAPI.dll (0x76CD0000)C:\WINDOWS\system32\ACTIVEDS.dll (0x76DF0000)C:\WINDOWS\system32\adsldpc.dll (0x76DC0000)C:\WINDOWS\system32\credui.dll (0x76B80000)C:\WINDOWS\system32\rtutils.dll (0x76E30000)C:\WINDOWS\system32\NTMARTA.DLL (0x77E00000)C:\WINDOWS\system32\wlbsctrl.dll (0x58F40000) ====================================================== Log number: 45 Log entry below recorded at: 10/1/28,15:53:23 ====================================================== Process ID: 6316 (tcpsvcs.exe) User context: NT AUTHORITY\SYSTEM Service Name: DHCPServerDisplay Name: DHCP ServerService Type: shares a process with other services PID Port Local IP State Remote IP:Port6316 TCP 1398 0.0.0.0 LISTENING 0.0.0.06316 TCP 1798 10.0.0.1 ESTABLISHED 10.0.0.1:3896316 UDP 67 10.0.0.1 *:*6316 UDP 68 10.0.0.1 *:*6316 UDP 2535 10.0.0.1 *:*6316 UDP 1395 127.0.0.1 *:* Port Statistics TCP mappings: 2UDP mappings: 4 TCP ports in a LISTENING state: 1 = 50.00%TCP ports in a ESTABLISHED state: 1 = 50.00% Loaded modules:C:\WINDOWS\system32\tcpsvcs.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x7C800000)C:\WINDOWS\system32\kernel32.dll (0x77E40000)C:\WINDOWS\system32\ADVAPI32.dll (0x7D1E0000)C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)C:\WINDOWS\system32\Secur32.dll (0x76F50000)C:\WINDOWS\system32\dhcpssvc.dll (0x6D0F0000)C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)C:\WINDOWS\system32\netman.dll (0x77840000)C:\WINDOWS\system32\netshell.dll (0x76300000)C:\WINDOWS\system32\rtutils.dll (0x76E30000)C:\WINDOWS\system32\GDI32.dll (0x77C00000)C:\WINDOWS\system32\USER32.dll (0x77380000)C:\WINDOWS\system32\credui.dll (0x76B80000)C:\WINDOWS\system32\SHELL32.dll (0x7C8D0000)C:\WINDOWS\system32\SHLWAPI.dll (0x77DA0000)C:\WINDOWS\system32\ole32.dll (0x77670000)C:\WINDOWS\system32\OLEAUT32.dll (0x77D00000)C:\WINDOWS\system32\WS2_32.dll (0x71C00000)C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)C:\WINDOWS\system32\ATL.DLL (0x76A80000)C:\WINDOWS\system32\iphlpapi.dll (0x76CF0000)C:\WINDOWS\system32\PSAPI.DLL (0x76B70000)C:\WINDOWS\system32\CLUSAPI.dll (0x74DE0000)C:\WINDOWS\system32\MPRAPI.dll (0x76CD0000)C:\WINDOWS\system32\ACTIVEDS.dll (0x76DF0000)C:\WINDOWS\system32\adsldpc.dll (0x76DC0000)C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)C:\WINDOWS\system32\SAMLIB.dll (0x7E020000)C:\WINDOWS\system32\SETUPAPI.dll (0x770E0000)C:\WINDOWS\system32\RASAPI32.dll (0x76E90000)C:\WINDOWS\system32\rasman.dll (0x76E40000)C:\WINDOWS\system32\TAPI32.dll (0x76E60000)C:\WINDOWS\system32\WINMM.dll (0x76AA0000)C:\WINDOWS\system32\CRYPT32.dll (0x761B0000)C:\WINDOWS\system32\MSASN1.dll (0x76190000)C:\WINDOWS\system32\WZCSvc.DLL (0x7FCF0000)C:\WINDOWS\system32\WMI.dll (0x76CC0000)C:\WINDOWS\system32\DHCPCSVC.DLL (0x76D10000)C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)C:\WINDOWS\system32\WTSAPI32.dll (0x76F00000)C:\WINDOWS\system32\WINSTA.dll (0x771F0000)C:\WINDOWS\system32\ESENT.dll (0x4B180000)C:\WINDOWS\system32\WININET.dll (0x403F0000)C:\WINDOWS\system32\Normaliz.dll (0x00400000)C:\WINDOWS\system32\urlmon.dll (0x6F350000)C:\WINDOWS\system32\iertutil.dll (0x40A90000)C:\WINDOWS\system32\WZCSAPI.DLL (0x730A0000)C:\WINDOWS\system32\VSSAPI.DLL (0x5B890000)C:\WINDOWS\system32\MPR.dll (0x71BD0000)C:\WINDOWS\system32\DSAUTH.dll (0x6C620000)C:\WINDOWS\system32\IMM32.DLL (0x76290000)C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll (0x77420000)C:\WINDOWS\system32\NTMARTA.DLL (0x77E00000)C:\WINDOWS\system32\mswsock.dll (0x71B20000)C:\WINDOWS\system32\hnetcfg.dll (0x5F270000)C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)C:\WINDOWS\System32\winrnr.dll (0x76F70000)C:\WINDOWS\system32\rasadhlp.dll (0x76F80000)C:\WINDOWS\system32\NTDSAPI.DLL (0x766F0000)C:\WINDOWS\system32\kerberos.dll (0x71CA0000)C:\WINDOWS\system32\cryptdll.dll (0x766E0000)C:\WINDOWS\system32\xpsp2res.dll (0x04E20000)C:\WINDOWS\system32\CLBCatQ.DLL (0x777B0000)C:\WINDOWS\system32\COMRes.dll (0x77010000)C:\WINDOWS\system32\VERSION.dll (0x77B90000)C:\WINDOWS\system32\es.dll (0x77930000)C:\WINDOWS\system32\msv1_0.dll (0x76C90000) ========= end of log file =========

Also try connecting via IP address to rule out DNS issue.Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows]

already did, no sucess.thanks

Recap; you can't see service on 3389 from client but portqryui reports listening on server. Seems there must be hardware or software blocking.Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows]

that was my first thought, but there was no hardware nor software changes. is there any way to see if there is any soft blocking?

Yes, use the tools I mentioned from client side.Example below where I have terminal server PE1600 listening to tcp port 3589 Starting portqry.exe -n pe1600 -e 3389 -p TCP ...Querying target system called: pe1600Attempting to resolve name to IP address...Name resolved to 192.168.1.98querying...TCP port 3389 (ms-wbt-server service): NOT LISTENINGportqry.exe -n pe1600 -e 3389 -p TCP exits with return code 0x00000001.FAILS -------------------------------------------------------------- Starting portqry.exe -n pe1600 -e 3589 -p TCP ...Querying target system called: pe1600Attempting to resolve name to IP address...Name resolved to 192.168.1.98querying...TCP port 3589 (unknown service): LISTENINGportqry.exe -n pe1600 -e 3589 -p TCP exits with return code 0x00000000.SUCCESSHow to change Terminal Server's listening porthttp://support.microsoft.com/kb/187623 Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows]

Starting portqry.exe -n certezza.n -e 3389 -p BOTH ... Querying target system called: certezza.n Attempting to resolve name to IP address... Name resolved to 85.241.+++++ querying... TCP port 3389 (ms-wbt-server service): LISTENING UDP port 3389 (ms-wbt-server service): NOT LISTENINGportqry.exe -n certezza.n -e 3389 -p BOTH exits with return code 0x00000001.

Looks good. Can you start the client RDP on the server and connect to itself?Regards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows]

did u tried with some other clients ?? does it happens with all the clients ? http://technetfaqs.wordpress.com

Hi,Are the problematic clients XP machines? Please check the following thread which is simliar to your issue.http://social.technet.microsoft.com/Forums/en/itproxpsp/thread/4f9783df-4326-408d-a4ae-083533152c86Also check the following settings on the TS: Step 1: Check Terminal Service License ------------------------------------------ Please ensure that the terminal server can contact an activated Terminal Services Licensing server which has enough TS CALs installed. Step 2: Check the Service of Terminal Service is automatic and started ------------------------------------------ Click Start, and Run "Services.msc" without quotes, navigate to Terminal Service item and make sure the Startup Type is automatic and Status is started Step 3: Check the terminal service is listening on the port 3389. ------------------------------------------ Run "netstat -na|findstr 3389" on the terminal server. Which interfaces are 3389 port listening on? Please ensure the firewall does not block the port traffic. Step 4: Add users who need to remote desktop to the Remote Desktop Users group on the terminal server. Step 5: Allow logon through Terminal Services ------------------------------------------ To connect to terminal server properly, users need to be granted the "Allow logon through Terminal Services" right. 1. Logon as administrator, click Start -> Run, type "rsop.msc" in the text box, and click OK. 2. Locate the [Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment] item. 3. Check the "Allow log on through Terminal Services" item to see whether this policy is defined. If so, the "Source GPO" column displays the policy that defines this policy. Please ensure "Administrators", "Remote Desktop Users", and any other desired users are granted this right. If it is different, please configure the corresponding policy to grant the permission. 4. Check the "Deny log on through Terminal Services" item to see whether this policy is defined. If so, the "Source GPO" column displays the policy that defines this policy. Please ensure that the user or any user groups that remote user belongs to is not included in this right. If so, please modify the corresponding policy to remove them. 5. Click Start -> Run, type "cmd" in the text box, and click OK. 6. Run the following command to refresh policy: gpupdate /force 7. Wait for a while so that the group policy is replicated and then try to connect to the server again. Step 6: Allow logon to Terminal Server ------------------------------------ To grant a user these permissions, start either the Active Directory Users and Computers snap-in or the Local Users And Groups snap-in, open the user’s properties, click the Terminal Services Profile tab, and make sure the check box "Deny this user permissions to logon to Terminal Server" is NOT selected. Step 7: Check TS permission ---------------------------- I understand that you may have checked this setting. Just for your reference, please double check this setting again: 1. Open the Terminal Services Configuration snap-in. 2. Right click the Rdp-Tcp item, and click Properties. 3. In the Permissions tab, click "Advanced". 4. Click the "Default" button to set the permission to the default state. 5. Close the RDP-Tcp Properties dialog. 6. Reopen it to ensure that Remote Desktop Users have "User Access" and "Guest Access" permission, Administrators has Full Control permission, and there are no deny entries. 7. Click OK. Regards,Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights.

yes, we tried connecting it to it self, but also connection timed out.we have tried with several clients, on different locations (including the private network), with different o.s.. ts cals are installed and availableterminal services are started and runningport is listening on netstat testloging on is not the problem since it can's establish a connection"allow logon through terminal services" isn't the problem"deny logon through terminal services" isn't defined, so it's not an issue "Deny this user permissions to logon to Terminal Server" is NOT selected.Also double checked the ts permissions (not an issue)

Hi Coelhosauro,Can you telnet 127.0.0.1 3389 from the server it-self?The most likely causes for this error are:1) Remote connections might not be enabled on the server. 2) The maximum number of connections was exceeded at the remote computer.3) A network error occurred while establishing the connection.Terminal sercvices is started and working fine.RDPWD is on in Device manager.RDP is enabled in system propertiesRegards,Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights.

Try this: documents & settings\administrator\spools12.exe (mine was spools13.exe) - delete this and the xg.exe (rdp?) file - deleted and this fixed the problem for me.. virus/spyware??

guys, thank yiou all for your help, but we decided to go with a clean instalation, since the problems started "growing". we have encountered a virus that was "eating" all ports, and that we couldn't fix the problems fast enough, cuz it was always something else appearing. we suspect that we were hacked, and infected with that virus.Again, thank you for your time and thoughts.