Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Internet's Getting Hijacked?!

Started by dobbothefop , Nov 09 2007 10:57 AM

  • Please log in to reply

#1
dobbothefop
Posted 09 November 2007 - 10:57 AM

dobbothefop

    New Member

  • Member
  • Pip
  • 5 posts
Hi,
I keep having problems in that my internet seems to be dropping out, but if I run netstat in cmd it comes up with all sorts of wierd connections, namely 'deploy.akamaitechnolgies.net' and 'host-213-160-98-168.tch.telecomplete.net:http'. This keeps completely crippling my internet every few minutes! I have run all the cleaners, avg virus scans, spybot and adaware, none have found anything. Please help!
Below is my netstat log and HijackThis log.


C:\Documents and Settings\Administrator>netstat

Active Connections

Proto Local Address Foreign Address State
TCP ollyp:1040 ollyp:1039 TIME_WAIT
TCP ollyp:1185 ollyp:1186 ESTABLISHED
TCP ollyp:1186 ollyp:1185 ESTABLISHED
TCP ollyp:1187 ollyp:1188 ESTABLISHED
TCP ollyp:1188 ollyp:1187 ESTABLISHED
TCP ollyp:1190 nf-in-f99.google.com:http ESTABLISHED
TCP ollyp:1191 nf-in-f99.google.com:http ESTABLISHED
TCP ollyp:1201 a212-135-93-137.deploy.akamaitechnologies.net:ht
tp ESTABLISHED
TCP ollyp:1209 mail.live.com:http ESTABLISHED
TCP ollyp:1211 213-155-151-87.customer.teliacarrier.com:http E
STABLISHED
TCP ollyp:1213 a212-135-93-137.deploy.akamaitechnologies.net:ht
tp ESTABLISHED
TCP ollyp:1215 a212-135-93-137.deploy.akamaitechnologies.net:ht
tp ESTABLISHED
TCP ollyp:1217 a212-135-93-146.deploy.akamaitechnologies.net:ht
tp ESTABLISHED
TCP ollyp:1221 host-213-160-98-167.tch.telecomplete.net:http E
STABLISHED
TCP ollyp:1222 host-213-160-98-167.tch.telecomplete.net:http E
STABLISHED
TCP ollyp:1225 a212-135-93-146.deploy.akamaitechnologies.net:ht
tp ESTABLISHED
TCP ollyp:1230 host-213-160-98-168.tch.telecomplete.net:http T
IME_WAIT
TCP ollyp:1231 host-213-160-98-168.tch.telecomplete.net:http T
IME_WAIT
TCP ollyp:1232 199.93.57.124:http ESTABLISHED
TCP ollyp:1233 199.93.57.124:http ESTABLISHED
TCP ollyp:1234 help.live.com:http ESTABLISHED
TCP ollyp:1238 209.84.12.124:http ESTABLISHED
TCP ollyp:1242 65.55.197.126:http ESTABLISHED
TCP ollyp:1244 65.55.197.248:http ESTABLISHED
TCP ollyp:1245 65.55.197.126:http ESTABLISHED
TCP ollyp:1247 65.55.197.254:http ESTABLISHED
TCP ollyp:1258 84.53.175.48:http ESTABLISHED
TCP ollyp:1265 213.199.164.14:http ESTABLISHED
TCP ollyp:1268 4.23.54.124:http ESTABLISHED




If I run netstat again a few minutes later, it might be back to just 4 normal connections!!!







Logfile of HijackThis v1.99.1
Scan saved at 17:03:22, on 09/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\hffsrv.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\soundman.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skybroadband.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\Administrator\My Documents\Programs\msconfig.exe /auto
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Hide Files and Folders (HideFilesAndFolders_S) - Unknown owner - C:\WINNT\System32\hffsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe






Thanks for any help!!!

Olly
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP