Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > HijackThis Log Help (Inactive)
Reload this Page Trojan/Malware suspected in openining ports
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


 
 
LinkBack Thread Tools
Old 09-30-2008, 03:09 PM   #1 (permalink)
Registered User
 
Join Date: Sep 2008
Posts: 7
OS: XP


Trojan/Malware suspected in openining ports
Hello,

Just as a habit, I randomly run netstat -a. and one day, I noticed that I had a tons of ports open. I also noticed that a few websites would randomly time out.

I have a pretty fresh version of windows XP with all the updates.
I currently run Panda AV & FW.
Have scanned with webroot, spybot search and destry and adaware. All came up with zero.

First I will post the hijack this log. Then I will show an example of all the ports open on my system. I have taken steps to block various ports on my router, but the malware just circumvents and changes ports.

Hijack this log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:18 PM, on 9/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1218456045377
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6992 bytes


When I first start my PC, here is my netstat -a info

Active Connections

Proto Local Address Foreign Address State
TCP pc_name:epmap pc_name:0 LISTENING
TCP pc_name:microsoft-ds pc_name:0 LISTENING
TCP pc_name:1029 pc_name:0 LISTENING
TCP pc_name:31595 pc_name:0 LISTENING
TCP pc_name:netbios-ssn pc_name:0 LISTENING
TCP pc_name:1030 206.57.28.10:http ESTABLISHED
TCP pc_name:1037 192.168.1.1:5000 CLOSE_WAIT
TCP pc_name:1038 192.168.1.1:5000 ESTABLISHED
UDP pc_name:microsoft-ds *:*
UDP pc_name:isakmp *:*
UDP pc_name:4500 *:*
UDP pc_name:ntp *:*
UDP pc_name:1034 *:*
UDP pc_name:1035 *:*
UDP pc_name:1900 *:*
UDP pc_name:18001 *:*
UDP pc_name:18002 *:*
UDP pc_name:44301 *:*
UDP pc_name:ntp *:*
UDP pc_name:netbios-ns *:*
UDP pc_name:netbios-dgm *:*
UDP pc_name:1033 *:*
UDP pc_name:1900 *:*



After I open IE 7.0, I see the following ports open. (say I just goto google.com)

Active Connections

Proto Local Address Foreign Address State
TCP PC_name:epmap PC_name:0 LISTENING
TCP PC_name:microsoft-ds PC_name:0 LISTENING
TCP PC_name:1030 PC_name:0 LISTENING
TCP PC_name:1831 localhost:31595 TIME_WAIT
TCP PC_name:1832 localhost:31595 TIME_WAIT
TCP PC_name:1966 localhost:31595 TIME_WAIT
TCP PC_name:2089 localhost:31595 ESTABLISHED
TCP PC_name:2098 localhost:31595 ESTABLISHED
TCP PC_name:2102 localhost:31595 ESTABLISHED
TCP PC_name:2113 localhost:31595 ESTABLISHED
TCP PC_name:31595 PC_name:0 LISTENING
TCP PC_name:31595 localhost:1852 TIME_WAIT
TCP PC_name:31595 localhost:1861 TIME_WAIT
TCP PC_name:31595 localhost:1867 TIME_WAIT
TCP PC_name:31595 localhost:1869 TIME_WAIT
TCP PC_name:31595 localhost:1871 TIME_WAIT
TCP PC_name:31595 localhost:1874 TIME_WAIT
TCP PC_name:31595 localhost:1885 TIME_WAIT
TCP PC_name:31595 localhost:1887 TIME_WAIT
TCP PC_name:31595 localhost:1889 TIME_WAIT
TCP PC_name:31595 localhost:1892 TIME_WAIT
TCP PC_name:31595 localhost:1897 TIME_WAIT
TCP PC_name:31595 localhost:1899 TIME_WAIT
TCP PC_name:31595 localhost:1904 TIME_WAIT
TCP PC_name:31595 localhost:1907 TIME_WAIT
TCP PC_name:31595 localhost:1910 TIME_WAIT
TCP PC_name:31595 localhost:1914 TIME_WAIT
TCP PC_name:31595 localhost:1916 TIME_WAIT
TCP PC_name:31595 localhost:1920 TIME_WAIT
TCP PC_name:31595 localhost:1923 TIME_WAIT
TCP PC_name:31595 localhost:1926 TIME_WAIT
TCP PC_name:31595 localhost:1929 TIME_WAIT
TCP PC_name:31595 localhost:1931 TIME_WAIT
TCP PC_name:31595 localhost:1933 TIME_WAIT
TCP PC_name:31595 localhost:1938 TIME_WAIT
TCP PC_name:31595 localhost:1941 TIME_WAIT
TCP PC_name:31595 localhost:1943 TIME_WAIT
TCP PC_name:31595 localhost:1947 TIME_WAIT
TCP PC_name:31595 localhost:1950 TIME_WAIT
TCP PC_name:31595 localhost:1972 TIME_WAIT
TCP PC_name:31595 localhost:1980 TIME_WAIT
TCP PC_name:31595 localhost:1982 TIME_WAIT
TCP PC_name:31595 localhost:1984 TIME_WAIT
TCP PC_name:31595 localhost:1986 TIME_WAIT
TCP PC_name:31595 localhost:1999 TIME_WAIT
TCP PC_name:31595 localhost:2001 TIME_WAIT
TCP PC_name:31595 localhost:2003 TIME_WAIT
TCP PC_name:31595 localhost:2005 TIME_WAIT
TCP PC_name:31595 localhost:2011 TIME_WAIT
TCP PC_name:31595 localhost:2013 TIME_WAIT
TCP PC_name:31595 localhost:2024 TIME_WAIT
TCP PC_name:31595 localhost:2026 TIME_WAIT
TCP PC_name:31595 localhost:2028 TIME_WAIT
TCP PC_name:31595 localhost:2031 TIME_WAIT
TCP PC_name:31595 localhost:2037 TIME_WAIT
TCP PC_name:31595 localhost:2039 TIME_WAIT
TCP PC_name:31595 localhost:2041 TIME_WAIT
TCP PC_name:31595 localhost:2043 TIME_WAIT
TCP PC_name:31595 localhost:2049 TIME_WAIT
TCP PC_name:31595 localhost:2051 TIME_WAIT
TCP PC_name:31595 localhost:2054 TIME_WAIT
TCP PC_name:31595 localhost:2058 TIME_WAIT
TCP PC_name:31595 localhost:2061 TIME_WAIT
TCP PC_name:31595 localhost:2070 TIME_WAIT
TCP PC_name:31595 localhost:2072 TIME_WAIT
TCP PC_name:31595 localhost:2074 TIME_WAIT
TCP PC_name:31595 localhost:2086 TIME_WAIT
TCP PC_name:31595 localhost:2089 ESTABLISHED
TCP PC_name:31595 localhost:2095 TIME_WAIT
TCP PC_name:31595 localhost:2098 ESTABLISHED
TCP PC_name:31595 localhost:2102 ESTABLISHED
TCP PC_name:31595 localhost:2105 TIME_WAIT
TCP PC_name:31595 localhost:2108 TIME_WAIT
TCP PC_name:31595 localhost:2109 TIME_WAIT
TCP PC_name:31595 localhost:2113 ESTABLISHED
TCP PC_name:31595 localhost:2117 TIME_WAIT
TCP PC_name:31595 localhost:2120 TIME_WAIT
TCP PC_name:31595 localhost:2124 TIME_WAIT
TCP PC_name:netbios-ssn PC_name:0 LISTENING
TCP PC_name:1044 8.18.42.89:http CLOSE_WAIT
TCP PC_name:1639 205.203.139.53:http TIME_WAIT
TCP PC_name:1656 205.203.131.98:http TIME_WAIT
TCP PC_name:1660 63-144-121-164.dia.static.qwest.net:http TIME_W
AIT
TCP PC_name:1664 63-144-121-164.dia.static.qwest.net:http TIME_W
AIT
TCP PC_name:1682 205.203.139.53:http TIME_WAIT
TCP PC_name:1694 205.203.139.11:http TIME_WAIT
TCP PC_name:1712 207.46.119.234:http TIME_WAIT
TCP PC_name:1721 69.7.234.203:http TIME_WAIT
TCP PC_name:1739 209-18-43-27.dfw10.tbone.rr.com:http TIME_WAIT
TCP PC_name:1741 209-18-43-65.dfw10.tbone.rr.com:http TIME_WAIT
TCP PC_name:1746 d1.ycs.vip.mud.yahoo.com:http TIME_WAIT
TCP PC_name:1758 209-18-43-27.dfw10.tbone.rr.com:http TIME_WAIT
TCP PC_name:1777 209.62.187.9:http TIME_WAIT
TCP PC_name:1807 bh.contextweb.com:http TIME_WAIT
TCP PC_name:1826 64.79.161.90:http TIME_WAIT
TCP PC_name:1829 205.203.131.55:http TIME_WAIT
TCP PC_name:1836 dal-lv3-n18.panthercdn.com:http TIME_WAIT
TCP PC_name:1840 dal-lv3-n18.panthercdn.com:http CLOSE_WAIT
TCP PC_name:1856 dal-lv3-n18.panthercdn.com:http TIME_WAIT
TCP PC_name:1860 205.203.139.53:http TIME_WAIT
TCP PC_name:1878 dal-lv3-n18.panthercdn.com:http TIME_WAIT
TCP PC_name:1881 ac2.microsoft.com:http TIME_WAIT
TCP PC_name:1902 66.235.142.1:http TIME_WAIT
TCP PC_name:1955 205.203.139.53:http TIME_WAIT
TCP PC_name:1957 205.203.139.53:http TIME_WAIT
TCP PC_name:1968 l1.ycs.vip.mud.yahoo.com:http ESTABLISHED
TCP PC_name:1976 205.203.139.11:http TIME_WAIT
TCP PC_name:1979 205.203.131.98:http TIME_WAIT
TCP PC_name:1994 69.7.234.203:http TIME_WAIT
TCP PC_name:2015 bh.contextweb.com:http TIME_WAIT
TCP PC_name:2018 209-18-43-27.dfw10.tbone.rr.com:http TIME_WAIT
TCP PC_name:2057 209.62.187.9:http TIME_WAIT
TCP PC_name:2065 209.62.187.9:http TIME_WAIT
TCP PC_name:2080 205.203.131.55:http TIME_WAIT
TCP PC_name:2084 l1.ycs.vip.mud.yahoo.com:http ESTABLISHED
TCP PC_name:2090 205.203.139.53:http ESTABLISHED
TCP PC_name:2099 www.ldc.scottrade.wallst.com:http ESTABLISHED
TCP PC_name:2103 205.203.139.53:http ESTABLISHED
TCP PC_name:2114 205.203.131.98:http ESTABLISHED
TCP PC_name:2116 www.sb.marketwatch.com:https ESTABLISHED
UDP PC_name:microsoft-ds *:*
UDP PC_name:isakmp *:*
UDP PC_name:4500 *:*
UDP PC_name:ntp *:*
UDP PC_name:1637 *:*
UDP PC_name:1900 *:*
UDP PC_name:2101 *:*
UDP PC_name:18001 *:*
UDP PC_name:18002 *:*
UDP PC_name:44301 *:*
UDP PC_name:ntp *:*
UDP PC_name:netbios-ns *:*
UDP PC_name:netbios-dgm *:*
UDP PC_name:1900 *:*


I think that is all the important information.

Any help is much appreciated.
Thank you for all your time!
Pansy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 09-30-2008, 03:55 PM   #2 (permalink)
Registered User
 
Join Date: Sep 2008
Posts: 7
OS: XP


Re: Trojan/Malware suspected in openining ports
Another piece of information:
Panda blocks an UdP DoS attack every few hrs.
Pansy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-30-2008, 06:52 PM   #3 (permalink)
Registered User
 
Join Date: Sep 2008
Posts: 7
OS: XP


Re: Trojan/Malware suspected in openining ports
Can I post any more information? Any suggestions on where I should start looking for the problem at?
Pansy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-02-2008, 03:22 PM   #4 (permalink)
Registered User
 
Join Date: Sep 2008
Posts: 7
OS: XP


Re: Trojan/Malware suspected in openining ports
Here is an updated port listing of my PC. Thanks for looking.

Active Connections

Proto Local Address Foreign Address State
TCP pc_name:epmap pc_name:0 LISTENING
TCP pc_name:microsoft-ds pc_name:0 LISTENING
TCP pc_name:1026 pc_name:0 LISTENING
TCP pc_name:1833 localhost:31595 TIME_WAIT
TCP pc_name:1836 localhost:31595 TIME_WAIT
TCP pc_name:1870 localhost:31595 ESTABLISHED
TCP pc_name:1886 localhost:31595 ESTABLISHED
TCP pc_name:1915 localhost:31595 ESTABLISHED
TCP pc_name:1917 localhost:31595 ESTABLISHED
TCP pc_name:1919 localhost:31595 ESTABLISHED
TCP pc_name:1930 localhost:31595 TIME_WAIT
TCP pc_name:1935 localhost:31595 ESTABLISHED
TCP pc_name:1938 localhost:31595 ESTABLISHED
TCP pc_name:1940 localhost:31595 ESTABLISHED
TCP pc_name:31595 pc_name:0 LISTENING
TCP pc_name:31595 localhost:1863 TIME_WAIT
TCP pc_name:31595 localhost:1865 TIME_WAIT
TCP pc_name:31595 localhost:1870 ESTABLISHED
TCP pc_name:31595 localhost:1875 TIME_WAIT
TCP pc_name:31595 localhost:1877 TIME_WAIT
TCP pc_name:31595 localhost:1879 TIME_WAIT
TCP pc_name:31595 localhost:1882 TIME_WAIT
TCP pc_name:31595 localhost:1886 ESTABLISHED
TCP pc_name:31595 localhost:1892 TIME_WAIT
TCP pc_name:31595 localhost:1894 TIME_WAIT
TCP pc_name:31595 localhost:1897 TIME_WAIT
TCP pc_name:31595 localhost:1900 TIME_WAIT
TCP pc_name:31595 localhost:1904 TIME_WAIT
TCP pc_name:31595 localhost:1907 TIME_WAIT
TCP pc_name:31595 localhost:1909 TIME_WAIT
TCP pc_name:31595 localhost:1913 TIME_WAIT
TCP pc_name:31595 localhost:1915 ESTABLISHED
TCP pc_name:31595 localhost:1917 ESTABLISHED
TCP pc_name:31595 localhost:1919 ESTABLISHED
TCP pc_name:31595 localhost:1923 TIME_WAIT
TCP pc_name:31595 localhost:1928 TIME_WAIT
TCP pc_name:31595 localhost:1935 ESTABLISHED
TCP pc_name:31595 localhost:1938 ESTABLISHED
TCP pc_name:31595 localhost:1940 ESTABLISHED
TCP pc_name:netbios-ssn pc_name:0 LISTENING
TCP pc_name:1042 209-18-43-74.dfw10.tbone.rr.com:http CLOSE_WAIT

TCP pc_name:1825 205.203.131.55:http TIME_WAIT
TCP pc_name:1834 205.203.139.53:http TIME_WAIT
TCP pc_name:1837 205.203.139.53:http TIME_WAIT
TCP pc_name:1840 205.203.139.11:http TIME_WAIT
TCP pc_name:1859 69.7.234.203:http TIME_WAIT
TCP pc_name:1871 69.7.234.203:http ESTABLISHED
TCP pc_name:1887 206.132.122.18:http ESTABLISHED
TCP pc_name:1916 205.203.139.53:http ESTABLISHED
TCP pc_name:1918 205.203.139.53:http ESTABLISHED
TCP pc_name:1920 205.203.131.55:http ESTABLISHED
TCP pc_name:1931 he-in-f167.google.com:http TIME_WAIT
TCP pc_name:1936 205.203.131.55:http ESTABLISHED
TCP pc_name:1939 205.203.131.98:http ESTABLISHED
TCP pc_name:1941 205.203.131.98:http ESTABLISHED
UDP pc_name:microsoft-ds *:*
UDP pc_name:isakmp *:*
UDP pc_name:4500 *:*
UDP pc_name:ntp *:*
UDP pc_name:1031 *:*
UDP pc_name:1043 *:*
UDP pc_name:1900 *:*
UDP pc_name:18001 *:*
UDP pc_name:18002 *:*
UDP pc_name:44301 *:*
UDP pc_name:ntp *:*
UDP pc_name:netbios-ns *:*
UDP pc_name:netbios-dgm *:*
UDP pc_name:1900 *:*
Pansy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-02-2008, 03:42 PM   #5 (permalink)
Registered User
 
Join Date: Sep 2008
Posts: 7
OS: XP


Re: Trojan/Malware suspected in openining ports
Another log.

Malwarebytes' Anti-Malware 1.28
Database version: 1226
Windows 5.1.2600 Service Pack 3

10/2/2008 4:41:29 PM
mbam-log-2008-10-02 (16-41-29).txt

Scan type: Full Scan (C:\|)
Objects scanned: 93953
Time elapsed: 9 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Pansy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2008, 08:35 PM   #6 (permalink)
Registered User
 
Join Date: Sep 2008
Posts: 7
OS: XP


Re: Trojan/Malware suspected in openining ports
Wow, either I have a really hard problem or this forum really is backed up :( I am open to any suggestion, no matter if it is shooting from the hip.
Thank you for your time
Pansy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-20-2008, 11:00 AM   #7 (permalink)
Registered User
 
Join Date: Sep 2008
Posts: 7
OS: XP


Re: Trojan/Malware suspected in openining ports
I have been fighting this problem for several weeks now. I even reformated my computer and reinstalled most software. Three days after I reformated, I noticed that I have the same problem again, but even worse.
I am deeply concerned about all the ports that are established with some connection.

Any help would be appreciated.
Thanks


See netstat log below:

Proto Local Address Foreign Address State
TCP PC_name:epmap PC_name:0 LISTENING
TCP PC_name:microsoft-ds PC_name:0 LISTENING
TCP PC_name:1025 PC_name:0 LISTENING
TCP PC_name:1038 localhost:31595 CLOSE_WAIT
TCP PC_name:1041 localhost:31595 ESTABLISHED
TCP PC_name:1043 localhost:31595 ESTABLISHED
TCP PC_name:1052 localhost:31595 TIME_WAIT
TCP PC_name:1054 localhost:31595 ESTABLISHED
TCP PC_name:1060 localhost:31595 ESTABLISHED
TCP PC_name:1067 localhost:31595 ESTABLISHED
TCP PC_name:1070 localhost:31595 ESTABLISHED
TCP PC_name:1074 localhost:31595 ESTABLISHED
TCP PC_name:1088 localhost:31595 TIME_WAIT
TCP PC_name:1097 localhost:31595 ESTABLISHED
TCP PC_name:1100 localhost:31595 ESTABLISHED
TCP PC_name:1123 localhost:31595 ESTABLISHED
TCP PC_name:1139 localhost:31595 ESTABLISHED
TCP PC_name:1146 localhost:31595 ESTABLISHED
TCP PC_name:1173 localhost:31595 ESTABLISHED
TCP PC_name:1174 localhost:31595 ESTABLISHED
TCP PC_name:1183 localhost:31595 ESTABLISHED
TCP PC_name:1200 localhost:31595 ESTABLISHED
TCP PC_name:1208 localhost:31595 ESTABLISHED
TCP PC_name:1230 localhost:31595 ESTABLISHED
TCP PC_name:31595 PC_name:0 LISTENING
TCP PC_name:31595 localhost:1038 FIN_WAIT_2
TCP PC_name:31595 localhost:1041 ESTABLISHED
TCP PC_name:31595 localhost:1043 ESTABLISHED
TCP PC_name:31595 localhost:1047 TIME_WAIT
TCP PC_name:31595 localhost:1054 ESTABLISHED
TCP PC_name:31595 localhost:1058 TIME_WAIT
TCP PC_name:31595 localhost:1060 ESTABLISHED
TCP PC_name:31595 localhost:1063 TIME_WAIT
TCP PC_name:31595 localhost:1064 TIME_WAIT
TCP PC_name:31595 localhost:1067 ESTABLISHED
TCP PC_name:31595 localhost:1070 ESTABLISHED
TCP PC_name:31595 localhost:1074 ESTABLISHED
TCP PC_name:31595 localhost:1081 TIME_WAIT
TCP PC_name:31595 localhost:1085 TIME_WAIT
TCP PC_name:31595 localhost:1090 TIME_WAIT
TCP PC_name:31595 localhost:1092 TIME_WAIT
TCP PC_name:31595 localhost:1097 ESTABLISHED
TCP PC_name:31595 localhost:1100 ESTABLISHED
TCP PC_name:31595 localhost:1102 TIME_WAIT
TCP PC_name:31595 localhost:1104 TIME_WAIT
TCP PC_name:31595 localhost:1112 TIME_WAIT
TCP PC_name:31595 localhost:1115 TIME_WAIT
TCP PC_name:31595 localhost:1120 TIME_WAIT
TCP PC_name:31595 localhost:1123 ESTABLISHED
TCP PC_name:31595 localhost:1128 TIME_WAIT
TCP PC_name:31595 localhost:1130 TIME_WAIT
TCP PC_name:31595 localhost:1134 TIME_WAIT
TCP PC_name:31595 localhost:1137 TIME_WAIT
TCP PC_name:31595 localhost:1139 ESTABLISHED
TCP PC_name:31595 localhost:1146 ESTABLISHED
TCP PC_name:31595 localhost:1149 TIME_WAIT
TCP PC_name:31595 localhost:1152 TIME_WAIT
TCP PC_name:31595 localhost:1154 TIME_WAIT
TCP PC_name:31595 localhost:1156 TIME_WAIT
TCP PC_name:31595 localhost:1158 TIME_WAIT
TCP PC_name:31595 localhost:1165 TIME_WAIT
TCP PC_name:31595 localhost:1168 TIME_WAIT
TCP PC_name:31595 localhost:1171 TIME_WAIT
TCP PC_name:31595 localhost:1173 ESTABLISHED
TCP PC_name:31595 localhost:1174 ESTABLISHED
TCP PC_name:31595 localhost:1177 TIME_WAIT
TCP PC_name:31595 localhost:1181 TIME_WAIT
TCP PC_name:31595 localhost:1183 ESTABLISHED
TCP PC_name:31595 localhost:1189 TIME_WAIT
TCP PC_name:31595 localhost:1191 TIME_WAIT
TCP PC_name:31595 localhost:1195 TIME_WAIT
TCP PC_name:31595 localhost:1198 TIME_WAIT
TCP PC_name:31595 localhost:1200 ESTABLISHED
TCP PC_name:31595 localhost:1204 TIME_WAIT
TCP PC_name:31595 localhost:1206 TIME_WAIT
TCP PC_name:31595 localhost:1208 ESTABLISHED
TCP PC_name:31595 localhost:1214 TIME_WAIT
TCP PC_name:31595 localhost:1217 TIME_WAIT
TCP PC_name:31595 localhost:1220 TIME_WAIT
TCP PC_name:31595 localhost:1224 TIME_WAIT
TCP PC_name:31595 localhost:1226 TIME_WAIT
TCP PC_name:31595 localhost:1230 ESTABLISHED
TCP PC_name:netbios-ssn PC_name:0 LISTENING
TCP PC_name:1031 206.132.122.56:http ESTABLISHED
TCP PC_name:1042 img.fark.com:http ESTABLISHED
TCP PC_name:1044 img.fark.com:http ESTABLISHED
TCP PC_name:1053 208.71.120.23:http TIME_WAIT
TCP PC_name:1055 206.132.122.81:http ESTABLISHED
TCP PC_name:1061 img.fark.com:http ESTABLISHED
TCP PC_name:1068 img.fark.com:http ESTABLISHED
TCP PC_name:1071 img.fark.com:http ESTABLISHED
TCP PC_name:1075 img.fark.com:http ESTABLISHED
TCP PC_name:1098 8.18.42.107:http ESTABLISHED
TCP PC_name:1101 208.71.120.23:http ESTABLISHED
TCP PC_name:1124 208.37.177.42.ptr.us.xo.net:http ESTABLISHED
TCP PC_name:1140 img.fark.com:http ESTABLISHED
TCP PC_name:1147 img.fark.com:http ESTABLISHED
TCP PC_name:1175 8.18.42.72:http ESTABLISHED
TCP PC_name:1176 8.18.42.72:http ESTABLISHED
TCP PC_name:1184 66.151.61.127:http ESTABLISHED
TCP PC_name:1201 tag.contextweb.com:http ESTABLISHED
TCP PC_name:1209 media.contextweb.com:http ESTABLISHED
TCP PC_name:1231 he-in-f164.google.com:http ESTABLISHED
UDP PC_name:microsoft-ds *:*
UDP PC_name:isakmp *:*
UDP PC_name:4500 *:*
UDP PC_name:ntp *:*
UDP PC_name:1037 *:*
UDP PC_name:1900 *:*
UDP PC_name:18001 *:*
UDP PC_name:18002 *:*
UDP PC_name:44301 *:*
UDP PC_name:ntp *:*
UDP PC_name:netbios-ns *:*
UDP PC_name:netbios-dgm *:*
UDP PC_name:1900 *:*
Pansy is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:02 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85