I have done a netstat -an and I see a lot of connections outbound to port 445 which I will post below. I have since installed AVG Antivirus as well as Windows Defender and run full scans with both that have come up empty. I have also run HiJackThis, but I do not see anything jumping out at me, so I kindly request your help =D
also please note that I am able to make connections inbound to the machine, which I am doing currently via remote desktop, so if you see that running, that is because of me.
I am also attempting to run TrojanHunter, but it is hanging on grabbing the updates due to my hosed internet connection. I will post those results as soon as I can.
netstat results:
TCP 10.10.10.10:139 0.0.0.0:0 LISTENING
TCP 10.10.10.10:1026 66.252.19.57:6667 ESTABLISHED
TCP 10.10.10.10:3385 58.140.128.39:445 SYN_SENT
TCP 10.10.10.10:3386 58.234.142.203:445 SYN_SENT
TCP 10.10.10.10:3387 58.140.128.39:445 SYN_SENT
TCP 10.10.10.10:3388 58.128.38.118:445 SYN_SENT
TCP 10.10.10.10:3389 67.135.115.140:4180 ESTABLISHED
TCP 10.10.10.10:3390 58.140.128.39:445 SYN_SENT
TCP 10.10.10.10:3391 58.229.236.1:445 SYN_SENT
TCP 10.10.10.10:3392 58.164.158.231:445 SYN_SENT
TCP 10.10.10.10:3393 58.140.128.39:445 SYN_SENT
TCP 10.10.10.10:3394 58.194.116.144:445 SYN_SENT
TCP 10.10.10.10:3395 58.140.128.39:445 SYN_SENT
TCP 10.10.10.10:3396 58.229.236.1:445 SYN_SENT
TCP 10.10.10.10:3397 58.140.128.39:445 SYN_SENT
TCP 10.10.10.10:3398 58.229.236.1:445 SYN_SENT
TCP 10.10.10.10:3399 58.164.158.231:445 SYN_SENT
TCP 10.10.10.10:3400 58.128.38.118:445 SYN_SENT
TCP 10.10.10.10:3401 58.175.247.153:445 SYN_SENT
TCP 10.10.10.10:3402 58.194.116.144:445 SYN_SENT
TCP 10.10.10.10:3403 58.128.38.118:445 SYN_SENT
TCP 10.10.10.10:3404 58.74.178.13:445 SYN_SENT
TCP 10.10.10.10:3405 58.140.128.39:445 SYN_SENT
TCP 10.10.10.10:3406 58.175.247.153:445 SYN_SENT
TCP 10.10.10.10:3407 58.229.236.1:445 SYN_SENT
TCP 10.10.10.10:3408 58.229.236.1:445 SYN_SENT
TCP 10.10.10.10:3409 58.164.158.231:445 SYN_SENT
TCP 10.10.10.10:3410 58.175.247.153:445 SYN_SENT
TCP 10.10.10.10:3411 58.74.178.13:445 SYN_SENT
TCP 10.10.10.10:3412 58.229.236.1:445 SYN_SENT
TCP 10.10.10.10:3413 58.8.101.116:445 SYN_SENT
TCP 10.10.10.10:3414 58.74.178.13:445 SYN_SENT
TCP 10.10.10.10:3415 58.175.247.153:445 SYN_SENT
TCP 10.10.10.10:3416 58.128.38.118:445 SYN_SENT
TCP 10.10.10.10:3417 58.164.158.231:445 SYN_SENT
TCP 10.10.10.10:3418 58.8.101.116:445 SYN_SENT
TCP 10.10.10.10:3419 58.229.236.1:445 SYN_SENT
TCP 10.10.10.10:3420 58.228.188.60:445 SYN_SENT
TCP 10.10.10.10:3421 58.29.14.108:445 SYN_SENT
TCP 10.10.10.10:3422 58.0.37.213:445 SYN_SENT
TCP 10.10.10.10:4373 10.10.10.20:139 ESTABLISHED
Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 12:04:07 PM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ClearSight\ConverterSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\schost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Documents and Settings\bmbr\Desktop\UniUploader_v2.3.0_No_Installer\UniUploader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series on einstein (from JEZEBEL)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P57 "EPSON Stylus Photo R300 Series on einstein (from JEZEBEL)" /O5 "TS002" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [UniUploader] C:\Documents and Settings\bmbr\Desktop\UniUploader_v2.3.0_No_Installer\UniUploader.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\betsp.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\odsp.dll' missing
O15 - Trusted Zone: http://ceivanet.ceiva.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} - https://anyvpn.ins.c...stauthI/epi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120463366625
O16 - DPF: {9B785917-E16B-4A9F-8E73-9D3346E4F0BC} (DivingPlugInX Control) - http://www.suuntospo.../DivePlugIn.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15016/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{006E40D8-8A5D-4C08-A995-EB0AF7F43D16}: NameServer = 67.135.115.132,67.135.115.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{006E40D8-8A5D-4C08-A995-EB0AF7F43D16}: NameServer = 67.135.115.132,67.135.115.131
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\WINDOWS\system32\iprepair.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ClearSight Reporter Service - Unknown owner - C:\Program Files\ClearSight\ConverterSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Wallpaper - Unknown owner - C:\WINDOWS\schost.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Sign In
Create Account
