Avast "Suspicious Message" Alerts

nikebee

nikebee

nikebee

Soldato
Joined
9 Nov 2004
Posts
13,984
Location
Pembrokeshire
hey all,
got a really weird problem here... i formatted and installed windows earlier today and have only got as far as installing my motherboard, soundcard, and graphics card drivers. i've put firefox on it and ZoneAlarm, Avast and SpyBot and Adaware....

the only other two programs i've put on are LMA 2007 demo and FIFA 2007 demos to give them a go...

but for whatever reason Avast Email scanner is throwing a wobbly, i'm continueally getting "Suspicious Message!" virus alerts with emails being sent out to and from random addresses i've never seen before :confused:

the pc's only been up and running 3 odd hours (well 4 now after trying to work out whats going on) i can't see how the hell it would have a virus already? :confused:

i've scanned with Spybot, Adaware and just finished boot time scan with Avast and all have turned up blanks :(

anyone got any ideas as to what the hell this could be?
i dont particularlly want to format AGAIN :rolleyes:
 
bump anyone got any ideas?

edit here's a log file from hijackthis

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\DOCUME~1\nikebee\LOCALS~1\Temp\windxryc.exe
C:\DOCUME~1\nikebee\LOCALS~1\Temp\winkmcw.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\nikebee\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Click to expand...
nothing seems odd to me :confused:
 
Last edited:
you could have a boot sector virus, which can only be removed by a low-level format and reinstall of windows. A normal format won't do it
 
I know its probably wrong but are you running any download apps like utorrent or something?

Ive just been on the net because AVG kept giving messages that it was connecting to "196-47-4-103.access.uunet.co.za", a quick search on the net advised that it was just a user using a different port on utorrent, but I didnt put the two together for a week or so.

anything listed if you run a netstat -a in a DOS box?
 
BruceLee said:
I know its probably wrong but are you running any download apps like utorrent or something?

Ive just been on the net because AVG kept giving messages that it was connecting to "196-47-4-103.access.uunet.co.za", a quick search on the net advised that it was just a user using a different port on utorrent, but I didnt put the two together for a week or so.

anything listed if you run a netstat -a in a DOS box?
Click to expand...

nope not running any torrents or any p2p... or any other thing like that.
below is what i got from netstat -a


Code: 
   TCP    nikpc:2904             localhost:12025        TIME_WAIT
  TCP    nikpc:2908             localhost:12025        TIME_WAIT
  TCP    nikpc:2910             localhost:12025        TIME_WAIT
  TCP    nikpc:2912             localhost:12025        TIME_WAIT
  TCP    nikpc:2914             localhost:12025        TIME_WAIT
  TCP    nikpc:2916             localhost:12025        TIME_WAIT
  TCP    nikpc:2920             localhost:12025        TIME_WAIT
  TCP    nikpc:2922             localhost:12025        TIME_WAIT
  TCP    nikpc:2924             localhost:12025        TIME_WAIT
  TCP    nikpc:2926             localhost:12025        TIME_WAIT
  TCP    nikpc:2928             localhost:12025        TIME_WAIT
  TCP    nikpc:2931             localhost:12025        TIME_WAIT
  TCP    nikpc:2933             localhost:12025        TIME_WAIT
  TCP    nikpc:2936             localhost:12025        TIME_WAIT
  TCP    nikpc:2938             localhost:12025        TIME_WAIT
  TCP    nikpc:2940             localhost:12025        TIME_WAIT
  TCP    nikpc:2942             localhost:12025        TIME_WAIT
  TCP    nikpc:2944             localhost:12025        TIME_WAIT
  TCP    nikpc:2946             localhost:12025        TIME_WAIT
  TCP    nikpc:2948             localhost:12025        TIME_WAIT
  TCP    nikpc:2950             localhost:12025        TIME_WAIT
  TCP    nikpc:2952             localhost:12025        TIME_WAIT
  TCP    nikpc:2954             localhost:12025        TIME_WAIT
  TCP    nikpc:2956             localhost:12025        TIME_WAIT
  TCP    nikpc:2958             localhost:12025        TIME_WAIT
  TCP    nikpc:2960             localhost:12025        TIME_WAIT
  TCP    nikpc:2962             localhost:12025        TIME_WAIT
  TCP    nikpc:2964             localhost:12025        TIME_WAIT
  TCP    nikpc:2966             localhost:12025        TIME_WAIT
  TCP    nikpc:2968             localhost:12025        TIME_WAIT
  TCP    nikpc:2970             localhost:12025        TIME_WAIT
  TCP    nikpc:2972             localhost:12025        TIME_WAIT
  TCP    nikpc:2974             localhost:12025        TIME_WAIT
  TCP    nikpc:2976             localhost:12025        TIME_WAIT
  TCP    nikpc:2978             localhost:12025        TIME_WAIT
  TCP    nikpc:2980             localhost:12025        TIME_WAIT
  TCP    nikpc:2982             localhost:12025        TIME_WAIT
  TCP    nikpc:2984             localhost:12025        TIME_WAIT
  TCP    nikpc:2986             localhost:12025        TIME_WAIT
  TCP    nikpc:2989             localhost:12025        TIME_WAIT
  TCP    nikpc:2991             localhost:12025        TIME_WAIT
  TCP    nikpc:2993             localhost:12025        TIME_WAIT
  TCP    nikpc:2995             localhost:12025        TIME_WAIT
  TCP    nikpc:2997             localhost:12025        TIME_WAIT
  TCP    nikpc:3001             localhost:12025        TIME_WAIT
  TCP    nikpc:3003             localhost:12025        TIME_WAIT
  TCP    nikpc:3005             localhost:12025        TIME_WAIT
  TCP    nikpc:3007             localhost:12025        TIME_WAIT
  TCP    nikpc:3009             localhost:12025        TIME_WAIT
  TCP    nikpc:3011             localhost:12025        TIME_WAIT
  TCP    nikpc:3013             localhost:12025        TIME_WAIT
  TCP    nikpc:3015             localhost:12025        TIME_WAIT
  TCP    nikpc:3017             localhost:12025        TIME_WAIT
  TCP    nikpc:3019             localhost:12025        TIME_WAIT
  TCP    nikpc:3021             localhost:12025        TIME_WAIT
  TCP    nikpc:3023             localhost:12025        TIME_WAIT
  TCP    nikpc:3025             localhost:12025        TIME_WAIT
  TCP    nikpc:3032             localhost:12025        TIME_WAIT
  TCP    nikpc:3035             localhost:12025        TIME_WAIT
  TCP    nikpc:3037             localhost:12025        TIME_WAIT
  TCP    nikpc:3039             localhost:12025        TIME_WAIT
  TCP    nikpc:3041             localhost:12025        TIME_WAIT
  TCP    nikpc:3043             localhost:12025        TIME_WAIT
  TCP    nikpc:3047             localhost:12025        TIME_WAIT
  TCP    nikpc:3049             localhost:12025        TIME_WAIT
  TCP    nikpc:3051             localhost:12025        TIME_WAIT
  TCP    nikpc:3053             localhost:12025        TIME_WAIT
  TCP    nikpc:3055             localhost:12025        TIME_WAIT
  TCP    nikpc:3057             localhost:12025        TIME_WAIT
  TCP    nikpc:3059             localhost:12025        TIME_WAIT
  TCP    nikpc:3061             localhost:12025        TIME_WAIT
  TCP    nikpc:3063             localhost:12025        TIME_WAIT
  TCP    nikpc:3071             localhost:12025        TIME_WAIT
  TCP    nikpc:3077             localhost:12025        TIME_WAIT
  TCP    nikpc:3081             localhost:12025        TIME_WAIT
  TCP    nikpc:3083             localhost:12025        TIME_WAIT
  TCP    nikpc:3085             localhost:12025        TIME_WAIT
  TCP    nikpc:3087             localhost:12025        TIME_WAIT
  TCP    nikpc:3090             localhost:12025        TIME_WAIT
  TCP    nikpc:3092             localhost:12025        TIME_WAIT
  TCP    nikpc:3094             localhost:12025        TIME_WAIT
  TCP    nikpc:3096             localhost:12025        TIME_WAIT
  TCP    nikpc:3098             localhost:12025        TIME_WAIT
  TCP    nikpc:3100             localhost:12025        TIME_WAIT
  TCP    nikpc:3102             localhost:12025        TIME_WAIT
  TCP    nikpc:3104             localhost:12025        TIME_WAIT
  TCP    nikpc:3106             localhost:12080        ESTABLISHED
  TCP    nikpc:3108             localhost:12025        TIME_WAIT
  TCP    nikpc:3110             localhost:12025        TIME_WAIT
  TCP    nikpc:3112             localhost:12025        TIME_WAIT
  TCP    nikpc:3114             localhost:12025        ESTABLISHED
  TCP    nikpc:3116             localhost:12025        ESTABLISHED
  TCP    nikpc:3118             localhost:12025        ESTABLISHED
  TCP    nikpc:3120             localhost:12025        TIME_WAIT
  TCP    nikpc:3122             localhost:12025        TIME_WAIT
  TCP    nikpc:3124             localhost:12025        TIME_WAIT
  TCP    nikpc:3126             localhost:12025        TIME_WAIT
  TCP    nikpc:3128             localhost:12025        TIME_WAIT
  TCP    nikpc:3130             localhost:12025        ESTABLISHED
  TCP    nikpc:3132             localhost:12025        ESTABLISHED
  TCP    nikpc:3134             localhost:12025        TIME_WAIT
  TCP    nikpc:3136             localhost:12025        TIME_WAIT
  TCP    nikpc:3138             localhost:12025        TIME_WAIT
  TCP    nikpc:3142             localhost:12025        TIME_WAIT
  TCP    nikpc:3144             localhost:12025        TIME_WAIT
  TCP    nikpc:3146             localhost:12025        TIME_WAIT
  TCP    nikpc:3148             localhost:12025        TIME_WAIT
  TCP    nikpc:3150             localhost:12025        TIME_WAIT
  TCP    nikpc:3152             localhost:12025        ESTABLISHED
  TCP    nikpc:3154             localhost:12025        TIME_WAIT
  TCP    nikpc:3156             localhost:12025        ESTABLISHED
  TCP    nikpc:3158             localhost:12025        TIME_WAIT
  TCP    nikpc:3160             localhost:12025        ESTABLISHED
  TCP    nikpc:3162             localhost:12025        ESTABLISHED
  TCP    nikpc:3164             localhost:12080        ESTABLISHED
  TCP    nikpc:3166             localhost:12025        TIME_WAIT
  TCP    nikpc:3168             localhost:12025        TIME_WAIT
  TCP    nikpc:3172             localhost:12025        TIME_WAIT
  TCP    nikpc:3174             localhost:12025        TIME_WAIT
  TCP    nikpc:3176             localhost:12025        TIME_WAIT
  TCP    nikpc:3178             localhost:12025        TIME_WAIT
  TCP    nikpc:3180             localhost:12025        ESTABLISHED
  TCP    nikpc:3182             localhost:12025        TIME_WAIT
  TCP    nikpc:3184             localhost:12025        ESTABLISHED
  TCP    nikpc:3186             localhost:12025        TIME_WAIT
  TCP    nikpc:3188             localhost:12025        ESTABLISHED
  TCP    nikpc:3190             localhost:12025        ESTABLISHED
  TCP    nikpc:3192             localhost:12025        ESTABLISHED
  TCP    nikpc:3194             localhost:12025        ESTABLISHED
  TCP    nikpc:12025            nikpc:0                LISTENING
  TCP    nikpc:12025            localhost:2762         TIME_WAIT
  TCP    nikpc:12025            localhost:2918         TIME_WAIT
  TCP    nikpc:12025            localhost:3114         ESTABLISHED
  TCP    nikpc:12025            localhost:3116         ESTABLISHED
  TCP    nikpc:12025            localhost:3118         ESTABLISHED
  TCP    nikpc:12025            localhost:3130         ESTABLISHED
  TCP    nikpc:12025            localhost:3132         ESTABLISHED
  TCP    nikpc:12025            localhost:3140         TIME_WAIT
  TCP    nikpc:12025            localhost:3152         ESTABLISHED
  TCP    nikpc:12025            localhost:3156         ESTABLISHED
  TCP    nikpc:12025            localhost:3160         ESTABLISHED
  TCP    nikpc:12025            localhost:3162         ESTABLISHED
  TCP    nikpc:12025            localhost:3170         TIME_WAIT
  TCP    nikpc:12025            localhost:3180         ESTABLISHED
  TCP    nikpc:12025            localhost:3184         ESTABLISHED
  TCP    nikpc:12025            localhost:3188         ESTABLISHED
  TCP    nikpc:12025            localhost:3190         ESTABLISHED
  TCP    nikpc:12025            localhost:3192         ESTABLISHED
  TCP    nikpc:12025            localhost:3194         ESTABLISHED
  TCP    nikpc:12080            nikpc:0                LISTENING
  TCP    nikpc:12080            localhost:1363         ESTABLISHED
  TCP    nikpc:12080            localhost:1674         ESTABLISHED
  TCP    nikpc:12080            localhost:1688         ESTABLISHED
  TCP    nikpc:12080            localhost:2138         ESTABLISHED
  TCP    nikpc:12080            localhost:2156         ESTABLISHED
  TCP    nikpc:12080            localhost:2165         ESTABLISHED
  TCP    nikpc:12080            localhost:2657         ESTABLISHED
  TCP    nikpc:12080            localhost:3106         ESTABLISHED
  TCP    nikpc:12080            localhost:3164         ESTABLISHED
  TCP    nikpc:12110            nikpc:0                LISTENING
  TCP    nikpc:12119            nikpc:0                LISTENING
  TCP    nikpc:12143            nikpc:0                LISTENING
  TCP    nikpc:33233            nikpc:0                LISTENING
  TCP    nikpc:netbios-ssn      nikpc:0                LISTENING
  TCP    nikpc:1364             84.53.135.152:http     ESTABLISHED
  TCP    nikpc:1675             84.53.135.152:http     ESTABLISHED
  TCP    nikpc:1687             84.53.135.152:http     TIME_WAIT
  TCP    nikpc:2139             84.53.135.152:http     ESTABLISHED
  TCP    nikpc:2158             84.53.135.137:http     ESTABLISHED
  TCP    nikpc:2166             84.53.135.137:http     ESTABLISHED
  TCP    nikpc:2201             images4.kaspersky-labs.com:http  CLOSE_WAIT
  TCP    nikpc:2513             spf-jail1.us4.outblaze.com:smtp  FIN_WAIT_1
  TCP    nikpc:2653             mail3.go-concepts.com:smtp  TIME_WAIT
  TCP    nikpc:2681             rock.smtp-in.load.com:smtp  TIME_WAIT
  TCP    nikpc:2721             mcgate01.mckennalong.com:smtp  TIME_WAIT
  TCP    nikpc:2728             mail1.go-concepts.com:smtp  TIME_WAIT
  TCP    nikpc:2732             suzie-q.systemtech-hosting.com:http  CLOSE_WAIT
  TCP    nikpc:2734             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2738             mx.lax.untd.com:smtp   TIME_WAIT
  TCP    nikpc:2740             mx3.nyc.com:smtp       TIME_WAIT
  TCP    nikpc:2744             mx1.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:2747             mx.nyc.untd.com:smtp   TIME_WAIT
  TCP    nikpc:2749             smtpin-3001.bay.webtv.net:smtp  TIME_WAIT
  TCP    nikpc:2751             mx2.optonline.net:smtp  TIME_WAIT
  TCP    nikpc:2766             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:2769             mx.lax.untd.com:smtp   TIME_WAIT
  TCP    nikpc:2778             mx.nyc.untd.com:smtp   TIME_WAIT
  TCP    nikpc:2789             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2791             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:2793             pi-mx-vip4.prodigy.net:smtp  FIN_WAIT_1
  TCP    nikpc:2801             xmxpita.excite.com:smtp  TIME_WAIT
  TCP    nikpc:2803             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2809             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2813             mail.global.frontbridge.com:smtp  TIME_WAIT
  TCP    nikpc:2819             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2821             mx.lax.untd.com:smtp   TIME_WAIT
  TCP    nikpc:2823             mx1.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:2825             mx.nyc.untd.com:smtp   TIME_WAIT
  TCP    nikpc:2827             smtpin-3001.bay.webtv.net:smtp  TIME_WAIT
  TCP    nikpc:2831             xmxpita.excite.com:smtp  TIME_WAIT
  TCP    nikpc:2850             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2861             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2865             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:2875             mailin06.sul.t-online.com:smtp  TIME_WAIT
  TCP    nikpc:2884             ff-mx-vip3.prodigy.net:smtp  TIME_WAIT
  TCP    nikpc:2889             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2891             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:2893             pi-mx-vip4.prodigy.net:smtp  FIN_WAIT_1
  TCP    nikpc:2911             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2915             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2925             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2937             mx1.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:2949             pi-mx-vip5.prodigy.net:smtp  TIME_WAIT
  TCP    nikpc:2959             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:2961             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:2963             ya.mx.aol.com:smtp     TIME_WAIT
  TCP    nikpc:2971             mx1.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:2975             tpamail.verizon.com:smtp  TIME_WAIT
  TCP    nikpc:2985             ftwmail7.verizon.com:smtp  TIME_WAIT
  TCP    nikpc:3000             forums.overclockers.co.uk:http  TIME_WAIT
  TCP    nikpc:3002             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:3008             ff-mx-vip3.prodigy.net:smtp  TIME_WAIT
  TCP    nikpc:3010             pi-mx-vip5.prodigy.net:smtp  TIME_WAIT
  TCP    nikpc:3012             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:3014             pi-mx-vip4.prodigy.net:smtp  FIN_WAIT_1
  TCP    nikpc:3018             cuda1-mx.sgi.com:smtp  TIME_WAIT
  TCP    nikpc:3036             mail.choiceone.net:smtp  TIME_WAIT
  TCP    nikpc:3042             mx.usa.net:smtp        TIME_WAIT
  TCP    nikpc:3044             mailw.lix.aon.at:smtp  FIN_WAIT_2
  TCP    nikpc:3046             unknown245.124.65.69.defenderhosting.com:smtp  T
IME_WAIT
  TCP    nikpc:3050             cmail.seanet.com:smtp  TIME_WAIT
  TCP    nikpc:3058             cmail.seanet.com:smtp  TIME_WAIT
  TCP    nikpc:3060             pi-mx-vip5.prodigy.net:smtp  TIME_WAIT
  TCP    nikpc:3084             inbound1.psi.neteu.net:smtp  TIME_WAIT
  TCP    nikpc:3086             mx30.securitysage.com:smtp  TIME_WAIT
  TCP    nikpc:3095             mxl144v3.mxlogic.net:smtp  TIME_WAIT
  TCP    nikpc:3097             *.s8b1.psmtp.com:smtp  TIME_WAIT
  TCP    nikpc:3099             mxl144v3.mxlogic.net:smtp  TIME_WAIT
  TCP    nikpc:3101             mail.ddc.net:smtp      TIME_WAIT
  TCP    nikpc:3103             mxl144v3.mxlogic.net:smtp  TIME_WAIT
  TCP    nikpc:3105             mailstore1.secureserver.net:smtp  TIME_WAIT
  TCP    nikpc:3107             forums.overclockers.co.uk:http  ESTABLISHED
  TCP    nikpc:3109             mail.jgkm.com.119.88.69.in-addr.arpa:smtp  TIME_
WAIT
  TCP    nikpc:3111             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:3113             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:3115             pi-mx-vip4.prodigy.net:smtp  SYN_SENT
  TCP    nikpc:3117             mta-v5.level3.mail.vip.mud.yahoo.com:smtp  ESTAB
LISHED
  TCP    nikpc:3119             mta-v4.level3.mail.vip.mud.yahoo.com:smtp  SYN_S
ENT
  TCP    nikpc:3123             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:3125             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:3131             pi-mx-vip4.prodigy.net:smtp  ESTABLISHED
  TCP    nikpc:3133             mta-v5.level3.mail.vip.mud.yahoo.com:smtp  SYN_S
ENT
  TCP    nikpc:3143             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:3147             pi-mx-vip4.prodigy.net:smtp  TIME_WAIT
  TCP    nikpc:3153             pi-mx-vip5.prodigy.net:smtp  SYN_SENT
  TCP    nikpc:3157             mta-v4.level3.mail.vip.mud.yahoo.com:smtp  ESTAB
LISHED
  TCP    nikpc:3161             mta-v4.level3.mail.vip.mud.yahoo.com:smtp  SYN_S
ENT
  TCP    nikpc:3163             kesha.seanet.com:smtp  SYN_SENT
  TCP    nikpc:3165             chuangtzu.acc.umu.se:http  CLOSE_WAIT
  TCP    nikpc:3173             new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikpc:3175             mx.lax.untd.com:smtp   TIME_WAIT
  TCP    nikpc:3179             mx.nyc.untd.com:smtp   TIME_WAIT
  TCP    nikpc:3181             pi-mx-vip4.prodigy.net:smtp  SYN_SENT
  TCP    nikpc:3185             mta-v5.level3.mail.vip.mud.yahoo.com:smtp  SYN_S
ENT
  TCP    nikpc:3187             rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikpc:3189             kesha.seanet.com:smtp  SYN_SENT
  TCP    nikpc:3191             mx1.earthlink.net:smtp  ESTABLISHED
  TCP    nikpc:3193             mx1.hotpop.com:smtp    SYN_SENT
  TCP    nikpc:3195             mta-v1.level3.mail.vip.re4.yahoo.com:smtp  SYN_S
ENT
  UDP    nikpc:microsoft-ds     *:*
  UDP    nikpc:isakmp           *:*
  UDP    nikpc:1025             *:*
  UDP    nikpc:1026             *:*
  UDP    nikpc:1055             *:*
  UDP    nikpc:1078             *:*
  UDP    nikpc:1081             *:*
  UDP    nikpc:1088             *:*
  UDP    nikpc:1097             *:*
  UDP    nikpc:1107             *:*
  UDP    nikpc:2157             *:*
  UDP    nikpc:2160             *:*
  UDP    nikpc:4500             *:*
  UDP    nikpc:ntp              *:*
  UDP    nikpc:1043             *:*
  UDP    nikpc:1900             *:*
  UDP    nikpc:ntp              *:*
  UDP    nikpc:netbios-ns       *:*
  UDP    nikpc:netbios-dgm      *:*
  UDP    nikpc:1900             *:*

C:\Documents and Settings\nikebee>

and a whole heap more :-/
 
Last edited:
Wow, you have a load of stuff going on there... :eek:

Ive got newsgroups going on, VNC, Firefox, ZonAlarm, AVG etc etc and all I have is the following:

Code: 
Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    kozicka:epmap          kozicka:0              LISTENING
  TCP    kozicka:microsoft-ds   kozicka:0              LISTENING
  TCP    kozicka:990            kozicka:0              LISTENING
  TCP    kozicka:2869           kozicka:0              LISTENING
  TCP    kozicka:5800           kozicka:0              LISTENING
  TCP    kozicka:5900           kozicka:0              LISTENING
  TCP    kozicka:1029           kozicka:0              LISTENING
  TCP    kozicka:1043           kozicka:0              LISTENING
  TCP    kozicka:1056           kozicka:0              LISTENING
  TCP    kozicka:1078           localhost:1079         ESTABLISHED
  TCP    kozicka:1079           localhost:1078         ESTABLISHED
  TCP    kozicka:5679           kozicka:0              LISTENING
  TCP    kozicka:7438           kozicka:0              LISTENING
  TCP    kozicka:10110          kozicka:0              LISTENING
  TCP    kozicka:netbios-ssn    kozicka:0              LISTENING
  TCP    kozicka:2666           news.ams.highwinds-media.com:nntp  ESTABLISHED
  TCP    kozicka:2667           news.ams.highwinds-media.com:nntp  ESTABLISHED
  TCP    kozicka:2668           news.ams.highwinds-media.com:nntp  ESTABLISHED
  TCP    kozicka:2669           news.ams.highwinds-media.com:nntp  ESTABLISHED
  TCP    kozicka:4115           208.65.201.105:http    ESTABLISHED
  TCP    kozicka:4123           64.233.183.104:http    ESTABLISHED
  UDP    kozicka:microsoft-ds   *:*
  UDP    kozicka:isakmp         *:*
  UDP    kozicka:1025           *:*
  UDP    kozicka:1102           *:*
  UDP    kozicka:1103           *:*
  UDP    kozicka:1104           *:*
  UDP    kozicka:1105           *:*
  UDP    kozicka:1106           *:*
  UDP    kozicka:1107           *:*
  UDP    kozicka:1108           *:*
  UDP    kozicka:4500           *:*
  UDP    kozicka:ntp            *:*
  UDP    kozicka:1048           *:*
  UDP    kozicka:1495           *:*
  UDP    kozicka:1900           *:*
  UDP    kozicka:ntp            *:*
  UDP    kozicka:netbios-ns     *:*
  UDP    kozicka:netbios-dgm    *:*
  UDP    kozicka:1900           *:*

I think you've got a bit of a problem but I'm no real expert
 
crazy :-/
as said, there was definately way too much going on there...

well i've just finished my 5th format and install of XP in two days :rolleyes:
it seems to have killed whatever it was that was causing my headaches.

netstat shows the following now...

Code: 
  Proto  Local Address          Foreign Address        State
  TCP    nikspc:epmap           nikspc:0               LISTENING
  TCP    nikspc:microsoft-ds    nikspc:0               LISTENING
  TCP    nikspc:1029            nikspc:0               LISTENING
  TCP    nikspc:1035            localhost:1036         ESTABLISHED
  TCP    nikspc:1036            localhost:1035         ESTABLISHED
  TCP    nikspc:12025           nikspc:0               LISTENING
  TCP    nikspc:12080           nikspc:0               LISTENING
  TCP    nikspc:12110           nikspc:0               LISTENING
  TCP    nikspc:12119           nikspc:0               LISTENING
  TCP    nikspc:12143           nikspc:0               LISTENING
  TCP    nikspc:netbios-ssn     nikspc:0               LISTENING
  UDP    nikspc:microsoft-ds    *:*
  UDP    nikspc:isakmp          *:*
  UDP    nikspc:1025            *:*
  UDP    nikspc:1053            *:*
  UDP    nikspc:1054            *:*
  UDP    nikspc:4500            *:*
  UDP    nikspc:ntp             *:*
  UDP    nikspc:1900            *:*
  UDP    nikspc:ntp             *:*
  UDP    nikspc:netbios-ns      *:*
  UDP    nikspc:netbios-dgm     *:*
  UDP    nikspc:1900            *:*

C:\Documents and Settings\nikebee>
edit:
this is with mobo drivers, graphics card drivers, firefox and avast installed so far anyway.

so whatever it was is either a) gone from the format, or b) hanging around somewhere



shall keep an eye out though, if it comes back i shall post here

thanks for the help/advice anyway :)
 
Last edited:
son-of-a...
its going nuts AGAIN...
Code: 
  TCP    nikspc:1448            localhost:12025        TIME_WAIT
  TCP    nikspc:1457            localhost:12025        TIME_WAIT
  TCP    nikspc:1462            localhost:12025        TIME_WAIT
  TCP    nikspc:1466            localhost:12025        TIME_WAIT
  TCP    nikspc:1468            localhost:12025        TIME_WAIT
  TCP    nikspc:1471            localhost:12025        TIME_WAIT
  TCP    nikspc:1473            localhost:12025        TIME_WAIT
  TCP    nikspc:1477            localhost:12025        TIME_WAIT
  TCP    nikspc:1479            localhost:12025        TIME_WAIT
  TCP    nikspc:1481            localhost:12025        TIME_WAIT
  TCP    nikspc:1493            localhost:12025        TIME_WAIT
  TCP    nikspc:1495            localhost:12025        TIME_WAIT
  TCP    nikspc:1497            localhost:12025        TIME_WAIT
  TCP    nikspc:1502            localhost:12025        TIME_WAIT
  TCP    nikspc:1506            localhost:12025        TIME_WAIT
  TCP    nikspc:1508            localhost:12025        TIME_WAIT
  TCP    nikspc:1511            localhost:12025        TIME_WAIT
  TCP    nikspc:1513            localhost:12025        TIME_WAIT
  TCP    nikspc:1515            localhost:12025        TIME_WAIT
  TCP    nikspc:1517            localhost:12025        TIME_WAIT
  TCP    nikspc:1519            localhost:12025        TIME_WAIT
  TCP    nikspc:1521            localhost:12025        TIME_WAIT
  TCP    nikspc:1523            localhost:12025        TIME_WAIT
  TCP    nikspc:1527            localhost:12025        TIME_WAIT
  TCP    nikspc:1531            localhost:12025        TIME_WAIT
  TCP    nikspc:1535            localhost:12025        TIME_WAIT
  TCP    nikspc:1540            localhost:12025        TIME_WAIT
  TCP    nikspc:1544            localhost:12025        TIME_WAIT
  TCP    nikspc:1546            localhost:12025        TIME_WAIT
  TCP    nikspc:1548            localhost:12025        TIME_WAIT
  TCP    nikspc:1550            localhost:12025        TIME_WAIT
  TCP    nikspc:1552            localhost:12025        TIME_WAIT
  TCP    nikspc:1554            localhost:12025        TIME_WAIT
  TCP    nikspc:1556            localhost:12025        TIME_WAIT
  TCP    nikspc:1558            localhost:12025        TIME_WAIT
  TCP    nikspc:1560            localhost:12025        TIME_WAIT
  TCP    nikspc:1563            localhost:12025        TIME_WAIT
  TCP    nikspc:1570            localhost:12025        TIME_WAIT
  TCP    nikspc:1573            localhost:12025        TIME_WAIT
  TCP    nikspc:1584            localhost:12025        TIME_WAIT
  TCP    nikspc:1592            localhost:12025        TIME_WAIT
  TCP    nikspc:1601            localhost:12025        TIME_WAIT
  TCP    nikspc:1603            localhost:12025        TIME_WAIT
  TCP    nikspc:1605            localhost:12025        TIME_WAIT
  TCP    nikspc:1607            localhost:12025        TIME_WAIT
  TCP    nikspc:1609            localhost:12025        TIME_WAIT
  TCP    nikspc:1613            localhost:12025        TIME_WAIT
  TCP    nikspc:1622            localhost:12025        TIME_WAIT
  TCP    nikspc:1624            localhost:12025        TIME_WAIT
  TCP    nikspc:1627            localhost:12025        TIME_WAIT
  TCP    nikspc:1631            localhost:12025        TIME_WAIT
  TCP    nikspc:1634            localhost:12025        TIME_WAIT
  TCP    nikspc:1636            localhost:12025        TIME_WAIT
  TCP    nikspc:1641            localhost:12025        TIME_WAIT
  TCP    nikspc:1643            localhost:12025        TIME_WAIT
  TCP    nikspc:1645            localhost:12025        TIME_WAIT
  TCP    nikspc:1647            localhost:12025        TIME_WAIT
  TCP    nikspc:1650            localhost:12025        TIME_WAIT
  TCP    nikspc:1652            localhost:12025        TIME_WAIT
  TCP    nikspc:1657            localhost:12025        TIME_WAIT
  TCP    nikspc:1666            localhost:12025        TIME_WAIT
  TCP    nikspc:1671            localhost:12025        TIME_WAIT
  TCP    nikspc:1673            localhost:12025        TIME_WAIT
  TCP    nikspc:1675            localhost:12025        TIME_WAIT
  TCP    nikspc:1677            localhost:12025        TIME_WAIT
  TCP    nikspc:1679            localhost:12025        TIME_WAIT
  TCP    nikspc:1689            localhost:12025        TIME_WAIT
  TCP    nikspc:1691            localhost:12025        TIME_WAIT
  TCP    nikspc:1693            localhost:12025        TIME_WAIT
  TCP    nikspc:1695            localhost:12025        TIME_WAIT
  TCP    nikspc:1700            localhost:12025        TIME_WAIT
  TCP    nikspc:1704            localhost:12025        TIME_WAIT
  TCP    nikspc:1707            localhost:12025        TIME_WAIT
  TCP    nikspc:1713            localhost:12025        TIME_WAIT
  TCP    nikspc:1715            localhost:12025        TIME_WAIT
  TCP    nikspc:1722            localhost:12025        TIME_WAIT
  TCP    nikspc:1724            localhost:12025        TIME_WAIT
  TCP    nikspc:1726            localhost:12025        TIME_WAIT
  TCP    nikspc:1729            localhost:12025        TIME_WAIT
  TCP    nikspc:1731            localhost:12025        TIME_WAIT
  TCP    nikspc:1733            localhost:12025        TIME_WAIT
  TCP    nikspc:1735            localhost:12025        TIME_WAIT
  TCP    nikspc:1739            localhost:12025        TIME_WAIT
  TCP    nikspc:1741            localhost:12025        TIME_WAIT
  TCP    nikspc:1743            localhost:12025        TIME_WAIT
  TCP    nikspc:1745            localhost:12025        TIME_WAIT
  TCP    nikspc:1747            localhost:12025        TIME_WAIT
  TCP    nikspc:1750            localhost:12025        TIME_WAIT
  TCP    nikspc:1752            localhost:12025        ESTABLISHED
  TCP    nikspc:1754            localhost:12025        ESTABLISHED
  TCP    nikspc:1756            localhost:12025        TIME_WAIT
  TCP    nikspc:1758            localhost:12025        TIME_WAIT
  TCP    nikspc:1760            localhost:12025        TIME_WAIT
  TCP    nikspc:1762            localhost:12025        TIME_WAIT
  TCP    nikspc:1766            localhost:12025        TIME_WAIT
  TCP    nikspc:1768            localhost:12025        TIME_WAIT
  TCP    nikspc:1770            localhost:12025        ESTABLISHED
  TCP    nikspc:1772            localhost:12025        TIME_WAIT
  TCP    nikspc:1774            localhost:12025        TIME_WAIT
  TCP    nikspc:1779            localhost:12025        TIME_WAIT
  TCP    nikspc:1782            localhost:12025        ESTABLISHED
  TCP    nikspc:1787            localhost:12025        TIME_WAIT
  TCP    nikspc:1789            localhost:12025        TIME_WAIT
  TCP    nikspc:1793            localhost:12025        TIME_WAIT
  TCP    nikspc:1796            localhost:12025        ESTABLISHED
  TCP    nikspc:1798            localhost:12025        TIME_WAIT
  TCP    nikspc:1800            localhost:12025        ESTABLISHED
  TCP    nikspc:1802            localhost:12025        TIME_WAIT
  TCP    nikspc:1804            localhost:12025        TIME_WAIT
  TCP    nikspc:1806            localhost:12025        ESTABLISHED
  TCP    nikspc:1808            localhost:12025        ESTABLISHED
  TCP    nikspc:1811            localhost:12025        ESTABLISHED
  TCP    nikspc:12025           nikspc:0               LISTENING
  TCP    nikspc:12025           localhost:1243         TIME_WAIT
  TCP    nikspc:12025           localhost:1261         TIME_WAIT
  TCP    nikspc:12025           localhost:1324         TIME_WAIT
  TCP    nikspc:12025           localhost:1336         TIME_WAIT
  TCP    nikspc:12025           localhost:1424         TIME_WAIT
  TCP    nikspc:12025           localhost:1430         TIME_WAIT
  TCP    nikspc:12025           localhost:1436         TIME_WAIT
  TCP    nikspc:12025           localhost:1441         TIME_WAIT
  TCP    nikspc:12025           localhost:1455         TIME_WAIT
  TCP    nikspc:12025           localhost:1475         TIME_WAIT
  TCP    nikspc:12025           localhost:1504         TIME_WAIT
  TCP    nikspc:12025           localhost:1525         TIME_WAIT
  TCP    nikspc:12025           localhost:1618         TIME_WAIT
  TCP    nikspc:12025           localhost:1737         TIME_WAIT
  TCP    nikspc:12025           localhost:1752         ESTABLISHED
  TCP    nikspc:12025           localhost:1754         ESTABLISHED
  TCP    nikspc:12025           localhost:1764         TIME_WAIT
  TCP    nikspc:12025           localhost:1770         ESTABLISHED
  TCP    nikspc:12025           localhost:1782         ESTABLISHED
  TCP    nikspc:12025           localhost:1796         ESTABLISHED
  TCP    nikspc:12025           localhost:1800         ESTABLISHED
  TCP    nikspc:12025           localhost:1806         ESTABLISHED
  TCP    nikspc:12025           localhost:1808         ESTABLISHED
  TCP    nikspc:12025           localhost:1811         ESTABLISHED
  TCP    nikspc:12080           nikspc:0               LISTENING
  TCP    nikspc:12080           localhost:1214         ESTABLISHED
  TCP    nikspc:12110           nikspc:0               LISTENING
  TCP    nikspc:12119           nikspc:0               LISTENING
  TCP    nikspc:12143           nikspc:0               LISTENING
  TCP    nikspc:netbios-ssn     nikspc:0               LISTENING
  TCP    nikspc:1172            server88.appriver.com:smtp  TIME_WAIT
  TCP    nikspc:1190            209.132.212.31:smtp    TIME_WAIT
  TCP    nikspc:1213            66.249.93.147:http     TIME_WAIT
  TCP    nikspc:1215            66.249.93.99:http      ESTABLISHED
  TCP    nikspc:1230            suzie-q.systemtech-hosting.com:http  CLOSE_WAIT
  TCP    nikspc:1232            spgw.dmv.com:smtp      TIME_WAIT
  TCP    nikspc:1234            18.seagull.t.garlic.net:smtp  TIME_WAIT
  TCP    nikspc:1236            mx01.uboot.com:smtp    TIME_WAIT
  TCP    nikspc:1238            barracuda.seark.net:smtp  TIME_WAIT
  TCP    nikspc:1240            cm-ms1.globat.com:smtp  TIME_WAIT
  TCP    nikspc:1251            18.seagull.t.garlic.net:smtp  TIME_WAIT
  TCP    nikspc:1254            mail.cybertrails.com:smtp  TIME_WAIT
  TCP    nikspc:1280            mecca.servint.com:smtp  TIME_WAIT
  TCP    nikspc:1285            hermes.toad.net:smtp   TIME_WAIT
  TCP    nikspc:1287            xmxpita.excite.com:smtp  TIME_WAIT
  TCP    nikspc:1289            smtp.seu.edu.cn:smtp   FIN_WAIT_2
  TCP    nikspc:1293            smtp.greyware.com:smtp  TIME_WAIT
  TCP    nikspc:1297            mail.sflu.com:smtp     TIME_WAIT
  TCP    nikspc:1299            e-post12.km.ru:smtp    TIME_WAIT
  TCP    nikspc:1302            aaron.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikspc:1313            mail.hannover.pelion12.de:smtp  TIME_WAIT
  TCP    nikspc:1331            mail.1stpage.com:smtp  TIME_WAIT
  TCP    nikspc:1333            vpopmx.shasta.com:smtp  TIME_WAIT
  TCP    nikspc:1335            smtpin-3001.bay.webtv.net:smtp  TIME_WAIT
  TCP    nikspc:1339            *.s6a1.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1341            mail.shinbiro.com:smtp  FIN_WAIT_2
  TCP    nikspc:1343            smtp.shockware.com:smtp  TIME_WAIT
  TCP    nikspc:1345            mail.sh163.net:smtp    TIME_WAIT
  TCP    nikspc:1349            *.s6a2.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1351            mrysmtp4.shop.com:smtp  TIME_WAIT
  TCP    nikspc:1353            *.s6b2.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1357            *.s6b1.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1362            e-gate1.ntinet.com:smtp  TIME_WAIT
  TCP    nikspc:1364            *.s6b2.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1366            mx0.servervault.com:smtp  TIME_WAIT
  TCP    nikspc:1374            209-142-2-40.static.stk.inreach.net:smtp  TIME_W
AIT
  TCP    nikspc:1376            mx1.bandwise.com:smtp  TIME_WAIT
  TCP    nikspc:1382            *.s5a1.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1385            smtp.ksolutions.it:smtp  TIME_WAIT
  TCP    nikspc:1387            smtp-neptunas.omnitel.net:smtp  TIME_WAIT
  TCP    nikspc:1389            mr1.ksolutions.it:smtp  TIME_WAIT
  TCP    nikspc:1396            209-142-2-42.static.stk.inreach.net:smtp  TIME_W
AIT
  TCP    nikspc:1398            *.s5b2.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1399            mr2.ksolutions.it:smtp  TIME_WAIT
  TCP    nikspc:1401            smtp.tele.fi:smtp      TIME_WAIT
  TCP    nikspc:1409            *.s5a1.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1411            mx1c2.megamailservers.com:smtp  TIME_WAIT
  TCP    nikspc:1419            *.s5a2.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1423            *.s5b1.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1449            mx11.singnet.com.sg:smtp  FIN_WAIT_1
  TCP    nikspc:1463            mail.keyway.net:smtp   TIME_WAIT
  TCP    nikspc:1469            mailgate1.sitestar.net:smtp  TIME_WAIT
  TCP    nikspc:1472            dogs.sitstay.com:smtp  FIN_WAIT_2
  TCP    nikspc:1474            relay.six.net:smtp     TIME_WAIT
  TCP    nikspc:1480            mail.skate.ru:smtp     TIME_WAIT
  TCP    nikspc:1494            e-post09.km.ru:smtp    TIME_WAIT
  TCP    nikspc:1496            e-post10.km.ru:smtp    TIME_WAIT
  TCP    nikspc:1498            e-post11.km.ru:smtp    TIME_WAIT
  TCP    nikspc:1503            im1.sky.com:smtp       FIN_WAIT_2
  TCP    nikspc:1507            mx.infoave.net:smtp    TIME_WAIT
  TCP    nikspc:1509            relay.cisp.com:smtp    TIME_WAIT
  TCP    nikspc:wins            202.78.116.250:smtp    TIME_WAIT
  TCP    nikspc:1514            relay.cisp.com:smtp    TIME_WAIT
  TCP    nikspc:1516            relay.cisp.com:smtp    TIME_WAIT
  TCP    nikspc:1522            pne-smtpin4-sn1.fre.skanova.net:smtp  TIME_WAIT
  TCP    nikspc:ingreslock      smtp.inet.fi:smtp      TIME_WAIT
  TCP    nikspc:1528            newann.skypoint.net:smtp  TIME_WAIT
  TCP    nikspc:1532            mailhost.slic.com:smtp  TIME_WAIT
  TCP    nikspc:1536            mpls-cmx-06.inet.qwest.net:smtp  TIME_WAIT
  TCP    nikspc:1541            rmail7.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikspc:1545            smtp2.prodigy.net.mx:smtp  TIME_WAIT
  TCP    nikspc:1547            rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikspc:1549            mxs.mail.ru:smtp       TIME_WAIT
  TCP    nikspc:1551            spf-jail2.us4.outblaze.com:smtp  FIN_WAIT_1
  TCP    nikspc:1553            *.s6b1.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1555            dialupmx.connect.com.au:smtp  TIME_WAIT
  TCP    nikspc:1557            mail.smb-law.com:smtp  TIME_WAIT
  TCP    nikspc:1561            pmx4.prismnet.com:smtp  TIME_WAIT
  TCP    nikspc:1564            mail.tramark.net:smtp  TIME_WAIT
  TCP    nikspc:1569            218.184.232.72.reverse.layeredtech.com:http  CLO
SE_WAIT
  TCP    nikspc:1571            mail.tramark.net:smtp  TIME_WAIT
  TCP    nikspc:1574            mx0.mtu.ru:smtp        TIME_WAIT
  TCP    nikspc:1585            pi-mx-vip6.prodigy.net:smtp  TIME_WAIT
  TCP    nikspc:1602            smtp.snowboard.com:smtp  TIME_WAIT
  TCP    nikspc:1604            tpemail.taipei.gov.tw:smtp  TIME_WAIT
  TCP    nikspc:1614            bute.socsci.soton.ac.uk:smtp  TIME_WAIT
  TCP    nikspc:1623            mail.softfornet.com:smtp  TIME_WAIT
  TCP    nikspc:1625            213.185.170.123:smtp   TIME_WAIT
  TCP    nikspc:1632            mailfilter1.intermedia.net:smtp  TIME_WAIT
  TCP    nikspc:1635            mail.solcorp.com:smtp  TIME_WAIT
  TCP    nikspc:1637            excalibur.softline.com:smtp  TIME_WAIT
  TCP    nikspc:1642            rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikspc:1644            smtp.racsa.co.cr:smtp  TIME_WAIT
  TCP    nikspc:1646            edge.tor.soliton.com:smtp  TIME_WAIT
  TCP    nikspc:1648            b.mx.sonic.net:smtp    TIME_WAIT
  TCP    nikspc:1653            sonnet1.sonnet.com:smtp  TIME_WAIT
  TCP    nikspc:1658            mailin.sosbbs.com:smtp  TIME_WAIT
  TCP    nikspc:1667            mx1.pacifier.net:smtp  TIME_WAIT
  TCP    nikspc:1676            sitemail.everyone.net:smtp  TIME_WAIT
  TCP    nikspc:1678            virtual45.eftel.net.au:smtp  TIME_WAIT
  TCP    nikspc:1680            virtual45.eftel.net.au:smtp  TIME_WAIT
  TCP    nikspc:1690            mx.speakeasy.net:smtp  TIME_WAIT
  TCP    nikspc:1696            mail.spidome.net:smtp  TIME_WAIT
  TCP    nikspc:1701            mail.global.frontbridge.com:smtp  TIME_WAIT
  TCP    nikspc:1716            excalibur.softline.com:smtp  TIME_WAIT
  TCP    nikspc:pptp            ocelot.spots.ab.ca:smtp  TIME_WAIT
  TCP    nikspc:1725            spf4-1.us4.outblaze.com:smtp  TIME_WAIT
  TCP    nikspc:1727            mx2.business.mindspring.com:smtp  TIME_WAIT
  TCP    nikspc:1730            mail4.springer-sbm.com:smtp  TIME_WAIT
  TCP    nikspc:1732            relay.cisp.com:smtp    TIME_WAIT
  TCP    nikspc:1734            smtp.rbs.rogers.com:smtp  TIME_WAIT
  TCP    nikspc:1740            ns2.sprintnet.ru:smtp  TIME_WAIT
  TCP    nikspc:1742            relay.cisp.com:smtp    TIME_WAIT
  TCP    nikspc:1744            209.59.210.100:smtp    TIME_WAIT
  TCP    nikspc:1746            aaron.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nikspc:1748            relay.cisp.com:smtp    TIME_WAIT
  TCP    nikspc:1751            mail-gw10.credit-suisse.com:smtp  TIME_WAIT
  TCP    nikspc:1753            ironport.sr.net:smtp   ESTABLISHED
  TCP    nikspc:1755            mail-gw1.credit-suisse.com:smtp  SYN_SENT
  TCP    nikspc:1757            smtp.srtelecom.com:smtp  TIME_WAIT
  TCP    nikspc:1759            *.s5a1.psmtp.com:smtp  TIME_WAIT
  TCP    nikspc:1767            rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nikspc:1769            tpsmtpu02.tele.net:smtp  TIME_WAIT
  TCP    nikspc:1771            vieiscmail01.coltnet.at:smtp  SYN_SENT
  TCP    nikspc:1775            mail.expedient.net:smtp  TIME_WAIT
  TCP    nikspc:1780            stargate1.starhub.net.sg:smtp  LAST_ACK
  TCP    nikspc:1783            mail.starnursery.com:smtp  ESTABLISHED
  TCP    nikspc:1788            mail.micromedic.com:smtp  TIME_WAIT
  TCP    nikspc:1794            mx2.megamailservers.com:smtp  TIME_WAIT
  TCP    nikspc:1797            mx1.megamailservers.com:smtp  ESTABLISHED
  TCP    nikspc:1799            mr2.start.no:smtp      TIME_WAIT
  TCP    nikspc:1801            mail.starwon.com.au:smtp  ESTABLISHED
  TCP    nikspc:1803            mx3.cfu.net:smtp       TIME_WAIT
  TCP    nikspc:1805            mr1.start.no:smtp      TIME_WAIT
  TCP    nikspc:1807            stat.com:smtp          ESTABLISHED
  TCP    nikspc:1809            lazlo.steam.com:smtp   ESTABLISHED
  TCP    nikspc:1812            mail1.ca.com:smtp      ESTABLISHED
  UDP    nikspc:microsoft-ds    *:*
  UDP    nikspc:isakmp          *:*
  UDP    nikspc:1025            *:*
  UDP    nikspc:1047            *:*
  UDP    nikspc:1078            *:*
  UDP    nikspc:1106            *:*
  UDP    nikspc:1383            *:*
  UDP    nikspc:1778            *:*
  UDP    nikspc:4500            *:*
  UDP    nikspc:ntp             *:*
  UDP    nikspc:1900            *:*
  UDP    nikspc:ntp             *:*
  UDP    nikspc:netbios-ns      *:*
  UDP    nikspc:netbios-dgm     *:*
  UDP    nikspc:1900            *:*

C:\Documents and Settings\nikebee>

this is with mobo drivers, graphics card drivers, firefox and avast installed as before.
and i've now got logitech setpoint and logitech gamepad drivers installed.

this just happened out of the blue playing the fifa 2007 demo...
perhaps the demo i've got is cause this :confused:

i'll do a another format of my raptor tomorrow to see if that helps.
i dont particularlly want to wipe my seagate as thats got all my backups, audio and work on it :(
 
hohum said:
What are those two? Both executables, both running from your temporary directory.
Click to expand...
not sure mate, but something is creating randomly generated exe files in there and i can't work out what it is.

and i believe these to be the source of the problems

whatever it is has survived a fair few formats now :-/

edit:
avast's outgoing mail scanner count goes up by the minute... its on 600+ now
:confused:
 
When you install XP, is it from an older CD that isn't SP2 ?

And don't ditch your hard drive !

If you format again, don't have the second drive connected! It contains all your backups yes, but may also contain your problem.

Repartition and full format the drive when you install Windows. Keep the PC unplugged from the internet whilst installing Windows. After the install make sure the first thing you do is either turn on the Windows firewall or confirm that it's already on, don't install a 3rd party firewall first. Only then plug the PC into the internet. Then get Windows XP service pack 2 from Microsoft if it's not already installed. Follow that by getting ALL the critical Microsoft Windows XP updates.

Then you can think about drivers and 3rd party applications. Steer clear of any CD's or backups you may have on CD unless your 100% certain they are clean. Ensure they are clean if your not sure by checking them with your now installed and fully updated antivirus software.

Don't forget to give your second drive a FULL scan the first chance you get.
 
Last edited:
stevechapman said:
It is a Virus' hence the replication of exe files.
Ditch your current HDD and get a new one.
Click to expand...
yep, i know its a virus and nope i'm not going to chuck out my raptor :confused:
ns400r said:
When you install XP, is it from an older CD that isn't SP2 ?

And don't ditch your hard drive !

If you format again, don't have the second drive connected! It contains all your backups yes, but may also contain your problem.

Repartition and full format the drive when you install Windows. Keep the PC unplugged from the internet whilst installing Windows. After the install make sure the first thing you do is either turn on the Windows firewall or confirm that it's already on, don't install a 3rd party firewall first. Only then plug the PC into the internet. Then get Windows XP service pack 2 from Microsoft if it's not already installed. Follow that by getting ALL the critical Microsoft Windows XP updates.

Then you can think about drivers and 3rd party applications. Steer clear of any CD's or backups you may have on CD unless your 100% certain they are clean. Ensure they are clean if your not sure by checking them with your now installed and fully updated antivirus software.

Don't forget to give your second drive a FULL scan the first chance you get.
Click to expand...
thanks for the advice, my cd comes with SP2 on it and the first thing i do(after installing drivers) is update windows. but i'll try it the other way around just to be sure.

i'm going to copy the files i definately need from my second HDD onto another machine tonight and then scan them with AV software and spyware software to make double sure.
i'll then format both drives.
i'll also try unplugging my second HDD and reformat/install windows again tonight.

if whatever it is gets past that i'm going to be a bit lost lol :o
 
backed up what i needed on the second HDD whilst i was at work today
formatted both drives today and installed windows onto my raptor.

thought it was fine, but its back :-/

it started as soon as i installed Logitech SetPoint for my MX1000 mouse :confused:
i can't imagine something like that having anything to do with it though...

i've also got two random exe files created again in my

C:\Documents and Settings\nikebee\Local Settings\Temp

folder

and my netstat-a result gives the following

Code: 
  TCP    nik1:2813              localhost:12025        TIME_WAIT
  TCP    nik1:2815              localhost:12025        TIME_WAIT
  TCP    nik1:2817              localhost:12025        TIME_WAIT
  TCP    nik1:2819              localhost:12025        TIME_WAIT
  TCP    nik1:2821              localhost:12025        TIME_WAIT
  TCP    nik1:2823              localhost:12025        TIME_WAIT
  TCP    nik1:2825              localhost:12025        TIME_WAIT
  TCP    nik1:2827              localhost:12025        TIME_WAIT
  TCP    nik1:2829              localhost:12025        TIME_WAIT
  TCP    nik1:2834              localhost:12025        TIME_WAIT
  TCP    nik1:2836              localhost:12025        TIME_WAIT
  TCP    nik1:2838              localhost:12025        TIME_WAIT
  TCP    nik1:2840              localhost:12025        TIME_WAIT
  TCP    nik1:2842              localhost:12025        TIME_WAIT
  TCP    nik1:2846              localhost:12025        TIME_WAIT
  TCP    nik1:2848              localhost:12025        TIME_WAIT
  TCP    nik1:2850              localhost:12025        TIME_WAIT
  TCP    nik1:2854              localhost:12025        TIME_WAIT
  TCP    nik1:2856              localhost:12025        TIME_WAIT
  TCP    nik1:2858              localhost:12025        TIME_WAIT
  TCP    nik1:2860              localhost:12025        TIME_WAIT
  TCP    nik1:2862              localhost:12025        TIME_WAIT
  TCP    nik1:2864              localhost:12025        TIME_WAIT
  TCP    nik1:2866              localhost:12025        TIME_WAIT
  TCP    nik1:2868              localhost:12025        TIME_WAIT
  TCP    nik1:2871              localhost:12025        TIME_WAIT
  TCP    nik1:2873              localhost:12025        TIME_WAIT
  TCP    nik1:2877              localhost:12025        TIME_WAIT
  TCP    nik1:2879              localhost:12025        TIME_WAIT
  TCP    nik1:2881              localhost:12025        TIME_WAIT
  TCP    nik1:2883              localhost:12025        TIME_WAIT
  TCP    nik1:2885              localhost:12025        TIME_WAIT
  TCP    nik1:2887              localhost:12025        TIME_WAIT
  TCP    nik1:2889              localhost:12025        TIME_WAIT
  TCP    nik1:2891              localhost:12025        TIME_WAIT
  TCP    nik1:2893              localhost:12025        TIME_WAIT
  TCP    nik1:2895              localhost:12025        TIME_WAIT
  TCP    nik1:2897              localhost:12025        TIME_WAIT
  TCP    nik1:2901              localhost:12025        TIME_WAIT
  TCP    nik1:2905              localhost:12025        TIME_WAIT
  TCP    nik1:2907              localhost:12025        TIME_WAIT
  TCP    nik1:2908              localhost:12025        TIME_WAIT
  TCP    nik1:2913              localhost:12025        TIME_WAIT
  TCP    nik1:2915              localhost:12025        TIME_WAIT
  TCP    nik1:2917              localhost:12025        TIME_WAIT
  TCP    nik1:2919              localhost:12025        TIME_WAIT
  TCP    nik1:2921              localhost:12025        TIME_WAIT
  TCP    nik1:2923              localhost:12025        TIME_WAIT
  TCP    nik1:2929              localhost:12025        TIME_WAIT
  TCP    nik1:2933              localhost:12025        TIME_WAIT
  TCP    nik1:2935              localhost:12025        TIME_WAIT
  TCP    nik1:2937              localhost:12025        TIME_WAIT
  TCP    nik1:2939              localhost:12025        TIME_WAIT
  TCP    nik1:2941              localhost:12025        TIME_WAIT
  TCP    nik1:2945              localhost:12025        TIME_WAIT
  TCP    nik1:2947              localhost:12025        TIME_WAIT
  TCP    nik1:2949              localhost:12025        TIME_WAIT
  TCP    nik1:2951              localhost:12025        TIME_WAIT
  TCP    nik1:2953              localhost:12025        TIME_WAIT
  TCP    nik1:2955              localhost:12025        TIME_WAIT
  TCP    nik1:2957              localhost:12025        TIME_WAIT
  TCP    nik1:2959              localhost:12025        TIME_WAIT
  TCP    nik1:2961              localhost:12025        TIME_WAIT
  TCP    nik1:2962              localhost:12025        TIME_WAIT
  TCP    nik1:2965              localhost:12025        TIME_WAIT
  TCP    nik1:2967              localhost:12025        TIME_WAIT
  TCP    nik1:2969              localhost:12025        TIME_WAIT
  TCP    nik1:2971              localhost:12025        TIME_WAIT
  TCP    nik1:2973              localhost:12025        TIME_WAIT
  TCP    nik1:2975              localhost:12025        TIME_WAIT
  TCP    nik1:2977              localhost:12025        TIME_WAIT
  TCP    nik1:2979              localhost:12025        TIME_WAIT
  TCP    nik1:2982              localhost:12025        TIME_WAIT
  TCP    nik1:2985              localhost:12025        TIME_WAIT
  TCP    nik1:2988              localhost:12025        TIME_WAIT
  TCP    nik1:2992              localhost:12025        TIME_WAIT
  TCP    nik1:2994              localhost:12025        TIME_WAIT
  TCP    nik1:2996              localhost:12025        TIME_WAIT
  TCP    nik1:2998              localhost:12025        TIME_WAIT
  TCP    nik1:3002              localhost:12025        TIME_WAIT
  TCP    nik1:3004              localhost:12025        TIME_WAIT
  TCP    nik1:3006              localhost:12025        TIME_WAIT
  TCP    nik1:3007              localhost:12025        TIME_WAIT
  TCP    nik1:3010              localhost:12025        TIME_WAIT
  TCP    nik1:3012              localhost:12025        TIME_WAIT
  TCP    nik1:3014              localhost:12025        TIME_WAIT
  TCP    nik1:3016              localhost:12025        TIME_WAIT
  TCP    nik1:3018              localhost:12025        TIME_WAIT
  TCP    nik1:3020              localhost:12025        TIME_WAIT
  TCP    nik1:3024              localhost:12025        TIME_WAIT
  TCP    nik1:3026              localhost:12025        TIME_WAIT
  TCP    nik1:3028              localhost:12025        TIME_WAIT
  TCP    nik1:3031              localhost:12025        TIME_WAIT
  TCP    nik1:3033              localhost:12025        TIME_WAIT
  TCP    nik1:3035              localhost:12025        TIME_WAIT
  TCP    nik1:3039              localhost:12025        TIME_WAIT
  TCP    nik1:3041              localhost:12025        TIME_WAIT
  TCP    nik1:3043              localhost:12025        TIME_WAIT
  TCP    nik1:3045              localhost:12025        TIME_WAIT
  TCP    nik1:3047              localhost:12025        TIME_WAIT
  TCP    nik1:3049              localhost:12025        TIME_WAIT
  TCP    nik1:3051              localhost:12025        TIME_WAIT
  TCP    nik1:3053              localhost:12025        TIME_WAIT
  TCP    nik1:3057              localhost:12025        TIME_WAIT
  TCP    nik1:3059              localhost:12025        TIME_WAIT
  TCP    nik1:3063              localhost:12025        TIME_WAIT
  TCP    nik1:3065              localhost:12025        TIME_WAIT
  TCP    nik1:3067              localhost:12025        TIME_WAIT
  TCP    nik1:3069              localhost:12025        TIME_WAIT
  TCP    nik1:3071              localhost:12025        TIME_WAIT
  TCP    nik1:3073              localhost:12025        TIME_WAIT
  TCP    nik1:3075              localhost:12025        TIME_WAIT
  TCP    nik1:3077              localhost:12025        TIME_WAIT
  TCP    nik1:3079              localhost:12025        TIME_WAIT
  TCP    nik1:3081              localhost:12025        TIME_WAIT
  TCP    nik1:3085              localhost:12025        TIME_WAIT
  TCP    nik1:3087              localhost:12025        TIME_WAIT
  TCP    nik1:3089              localhost:12025        TIME_WAIT
  TCP    nik1:3091              localhost:12025        TIME_WAIT
  TCP    nik1:3093              localhost:12025        TIME_WAIT
  TCP    nik1:3095              localhost:12025        TIME_WAIT
  TCP    nik1:3097              localhost:12025        TIME_WAIT
  TCP    nik1:3101              localhost:12025        TIME_WAIT
  TCP    nik1:3103              localhost:12025        TIME_WAIT
  TCP    nik1:3105              localhost:12025        TIME_WAIT
  TCP    nik1:3107              localhost:12025        TIME_WAIT
  TCP    nik1:3110              localhost:12025        TIME_WAIT
  TCP    nik1:3112              localhost:12025        TIME_WAIT
  TCP    nik1:3114              localhost:12025        TIME_WAIT
  TCP    nik1:3116              localhost:12025        TIME_WAIT
  TCP    nik1:3119              localhost:12025        TIME_WAIT
  TCP    nik1:3120              localhost:12025        TIME_WAIT
  TCP    nik1:3124              localhost:12025        TIME_WAIT
  TCP    nik1:3126              localhost:12025        TIME_WAIT
  TCP    nik1:3128              localhost:12025        TIME_WAIT
  TCP    nik1:3130              localhost:12025        TIME_WAIT
  TCP    nik1:3132              localhost:12025        TIME_WAIT
  TCP    nik1:3134              localhost:12025        TIME_WAIT
  TCP    nik1:3136              localhost:12025        TIME_WAIT
  TCP    nik1:3138              localhost:12025        TIME_WAIT
  TCP    nik1:3140              localhost:12025        TIME_WAIT
  TCP    nik1:3142              localhost:12025        TIME_WAIT
  TCP    nik1:3144              localhost:12025        TIME_WAIT
  TCP    nik1:3146              localhost:12025        TIME_WAIT
  TCP    nik1:3148              localhost:12025        TIME_WAIT
  TCP    nik1:3150              localhost:12025        TIME_WAIT
  TCP    nik1:3151              localhost:12025        TIME_WAIT
  TCP    nik1:3153              localhost:12025        TIME_WAIT
  TCP    nik1:3155              localhost:12025        TIME_WAIT
  TCP    nik1:3156              localhost:12025        TIME_WAIT
  TCP    nik1:3162              localhost:12025        TIME_WAIT
  TCP    nik1:3164              localhost:12025        TIME_WAIT
  TCP    nik1:3165              localhost:12025        TIME_WAIT
  TCP    nik1:3169              localhost:12025        ESTABLISHED
  TCP    nik1:3171              localhost:12025        TIME_WAIT
  TCP    nik1:3172              localhost:12025        TIME_WAIT
  TCP    nik1:3175              localhost:12025        TIME_WAIT
  TCP    nik1:3178              localhost:12025        TIME_WAIT
  TCP    nik1:3184              localhost:12025        TIME_WAIT
  TCP    nik1:3186              localhost:12025        TIME_WAIT
  TCP    nik1:3188              localhost:12025        TIME_WAIT
  TCP    nik1:3190              localhost:12025        TIME_WAIT
  TCP    nik1:3192              localhost:12025        TIME_WAIT
  TCP    nik1:3196              localhost:12025        TIME_WAIT
  TCP    nik1:3204              localhost:12025        TIME_WAIT
  TCP    nik1:3216              localhost:12025        TIME_WAIT
  TCP    nik1:3218              localhost:12025        TIME_WAIT
  TCP    nik1:3220              localhost:12025        TIME_WAIT
  TCP    nik1:3234              localhost:12025        TIME_WAIT
  TCP    nik1:3239              localhost:12025        TIME_WAIT
  TCP    nik1:3241              localhost:12025        TIME_WAIT
  TCP    nik1:3246              localhost:12025        TIME_WAIT
  TCP    nik1:3249              localhost:12025        TIME_WAIT
  TCP    nik1:3251              localhost:12025        TIME_WAIT
  TCP    nik1:3270              localhost:12025        TIME_WAIT
  TCP    nik1:12025             nik1:0                 LISTENING
  TCP    nik1:12025             localhost:2681         TIME_WAIT
  TCP    nik1:12025             localhost:2701         TIME_WAIT
  TCP    nik1:12025             localhost:2711         TIME_WAIT
  TCP    nik1:12025             localhost:2715         TIME_WAIT
  TCP    nik1:12025             localhost:2719         TIME_WAIT
  TCP    nik1:12025             localhost:2723         TIME_WAIT
  TCP    nik1:12025             localhost:2727         TIME_WAIT
  TCP    nik1:12025             localhost:2730         TIME_WAIT
  TCP    nik1:12025             localhost:2732         TIME_WAIT
  TCP    nik1:12025             localhost:2735         TIME_WAIT
  TCP    nik1:12025             localhost:2746         TIME_WAIT
  TCP    nik1:12025             localhost:2762         TIME_WAIT
  TCP    nik1:12025             localhost:2770         TIME_WAIT
  TCP    nik1:12025             localhost:2844         TIME_WAIT
  TCP    nik1:12025             localhost:2852         TIME_WAIT
  TCP    nik1:12025             localhost:2899         TIME_WAIT
  TCP    nik1:12025             localhost:2903         TIME_WAIT
  TCP    nik1:12025             localhost:2909         TIME_WAIT
  TCP    nik1:12025             localhost:2925         TIME_WAIT
  TCP    nik1:12025             localhost:2927         TIME_WAIT
  TCP    nik1:12025             localhost:2931         TIME_WAIT
  TCP    nik1:12025             localhost:2943         TIME_WAIT
  TCP    nik1:12025             localhost:2990         TIME_WAIT
  TCP    nik1:12025             localhost:3000         TIME_WAIT
  TCP    nik1:12025             localhost:3022         TIME_WAIT
  TCP    nik1:12025             localhost:3037         TIME_WAIT
  TCP    nik1:12025             localhost:3055         TIME_WAIT
  TCP    nik1:12025             localhost:3061         TIME_WAIT
  TCP    nik1:12025             localhost:3083         TIME_WAIT
  TCP    nik1:12025             localhost:3099         TIME_WAIT
  TCP    nik1:12025             localhost:3117         TIME_WAIT
  TCP    nik1:12025             localhost:3169         ESTABLISHED
  TCP    nik1:12025             localhost:3182         TIME_WAIT
  TCP    nik1:12080             nik1:0                 LISTENING
  TCP    nik1:12080             localhost:2641         ESTABLISHED
  TCP    nik1:12080             localhost:2657         ESTABLISHED
  TCP    nik1:12110             nik1:0                 LISTENING
  TCP    nik1:12119             nik1:0                 LISTENING
  TCP    nik1:12143             nik1:0                 LISTENING
  TCP    nik1:netbios-ssn       nik1:0                 LISTENING
  TCP    nik1:1054              192.168.1.66:netbios-ssn  ESTABLISHED
  TCP    nik1:1394              66.249.91.99:http      TIME_WAIT
  TCP    nik1:1401              66.249.91.99:http      TIME_WAIT
  TCP    nik1:2075              218.184.232.72.reverse.layeredtech.com:http  CLO
SE_WAIT
  TCP    nik1:2186              xmxpita.excite.com:smtp  FIN_WAIT_1
  TCP    nik1:2642              64.233.183.103:http    ESTABLISHED
  TCP    nik1:2644              forums.overclockers.co.uk:http  TIME_WAIT
  TCP    nik1:2654              forums.overclockers.co.uk:http  TIME_WAIT
  TCP    nik1:2658              mail.bulldoghome.com:http  ESTABLISHED
  TCP    nik1:2661              suzie-q.systemtech-hosting.com:http  CLOSE_WAIT
  TCP    nik1:2700              64-132-144-195.static.dimenoc.com:smtp  TIME_WAI
T
  TCP    nik1:2704              dd8316.kasserver.com:smtp  TIME_WAIT
  TCP    nik1:2714              mailin.webmailer.de:smtp  TIME_WAIT
  TCP    nik1:2718              193.254.190.139:smtp   TIME_WAIT
  TCP    nik1:2748              p15122063.pureserver.info:smtp  TIME_WAIT
  TCP    nik1:2750              *.s6a1.psmtp.com:smtp  TIME_WAIT
  TCP    nik1:2752              xn.mx.aol.com:smtp     TIME_WAIT
  TCP    nik1:2754              mx1.prserv.net:smtp    TIME_WAIT
  TCP    nik1:2756              *.s6a1.psmtp.com:smtp  TIME_WAIT
  TCP    nik1:2758              yi.mx.aol.com:smtp     TIME_WAIT
  TCP    nik1:2765              xn.mx.aol.com:smtp     TIME_WAIT
  TCP    nik1:2767              xn.mx.aol.com:smtp     TIME_WAIT
  TCP    nik1:2769              rmail.lycosmail.lycos.com:smtp  TIME_WAIT
  TCP    nik1:2776              smtpin-3001.bay.webtv.net:smtp  TIME_WAIT
  TCP    nik1:2780              xmxpita.excite.com:smtp  TIME_WAIT
  TCP    nik1:2784              mx1.prserv.net:smtp    TIME_WAIT
  TCP    nik1:2816              wanamaker.mail.atl.earthlink.net:smtp  TIME_WAIT

  TCP    nik1:2818              *.s6a1.psmtp.com:smtp  TIME_WAIT
  TCP    nik1:2820              mx2.optonline.net:smtp  TIME_WAIT
  TCP    nik1:2847              mx.lax.untd.com:smtp   TIME_WAIT
  TCP    nik1:2867              mx.nyc.untd.com:smtp   TIME_WAIT
  TCP    nik1:2896              www13.macksracks.net:smtp  TIME_WAIT
  TCP    nik1:2924              mx.lax.untd.com:smtp   TIME_WAIT
  TCP    nik1:2934              njdmta04.acml.com:smtp  TIME_WAIT
  TCP    nik1:2948              mx.nyc.untd.com:smtp   TIME_WAIT
  TCP    nik1:2950              email.allmusic.com:smtp  TIME_WAIT
  TCP    nik1:2952              mx02.telus.net:smtp    TIME_WAIT
  TCP    nik1:2963              mx1.earthlink.net:smtp  TIME_WAIT
  TCP    nik1:2972              dmx.n2net.net:smtp     TIME_WAIT
  TCP    nik1:2976              ncrgw1.ncr.com:smtp    TIME_WAIT
  TCP    nik1:2978              new.mail.atl.earthlink.net:smtp  TIME_WAIT
  TCP    nik1:2983              gateway1.worldnet.att.net:smtp  TIME_WAIT
  TCP    nik1:3066              209.213.12.213:smtp    FIN_WAIT_2
  TCP    nik1:3076              yi.mx.aol.com:smtp     TIME_WAIT
  TCP    nik1:3086              *.s6a1.psmtp.com:smtp  TIME_WAIT
  TCP    nik1:3088              mail.cduniverse.com:smtp  TIME_WAIT
  TCP    nik1:3098              gateway1.worldnet.att.net:smtp  TIME_WAIT
  TCP    nik1:3104              mx.lax.untd.com:smtp   TIME_WAIT
  TCP    nik1:3122              atropos-spam3.cleartel.net:smtp  TIME_WAIT
  TCP    nik1:3129              *.s6a1.psmtp.com:smtp  TIME_WAIT
  TCP    nik1:3131              atropos-spam3.cleartel.net:smtp  TIME_WAIT
  TCP    nik1:3133              mx.nyc.untd.com:smtp   TIME_WAIT
  TCP    nik1:3137              clotho-spam1.thebiz.net:smtp  TIME_WAIT
  TCP    nik1:3149              blackbird.world-net.net:smtp  TIME_WAIT
  TCP    nik1:3170              a.mail.crosswind.net:smtp  SYN_SENT
  TCP    nik1:3197              209-142-2-40.static.stk.inreach.net:smtp  TIME_W
AIT
  UDP    nik1:microsoft-ds      *:*
  UDP    nik1:isakmp            *:*
  UDP    nik1:1025              *:*
  UDP    nik1:1071              *:*
  UDP    nik1:1072              *:*
  UDP    nik1:1249              *:*
  UDP    nik1:1252              *:*
  UDP    nik1:1261              *:*
  UDP    nik1:3278              *:*
  UDP    nik1:3281              *:*
  UDP    nik1:3282              *:*
  UDP    nik1:3283              *:*
  UDP    nik1:3284              *:*
  UDP    nik1:3285              *:*
  UDP    nik1:4500              *:*
  UDP    nik1:ntp               *:*
  UDP    nik1:1038              *:*
  UDP    nik1:1900              *:*
  UDP    nik1:ntp               *:*
  UDP    nik1:netbios-ns        *:*
  UDP    nik1:netbios-dgm       *:*
  UDP    nik1:1900              *:*

C:\Documents and Settings\nikebee>


its now however, stopped just for the moment.
netstat-a gives the following
Code: 
C:\Documents and Settings\nikebee>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    nik1:epmap             nik1:0                 LISTENING
  TCP    nik1:microsoft-ds      nik1:0                 LISTENING
  TCP    nik1:2869              nik1:0                 LISTENING
  TCP    nik1:1026              nik1:0                 LISTENING
  TCP    nik1:1093              localhost:1092         TIME_WAIT
  TCP    nik1:12025             nik1:0                 LISTENING
  TCP    nik1:12025             localhost:3535         TIME_WAIT
  TCP    nik1:12080             nik1:0                 LISTENING
  TCP    nik1:12110             nik1:0                 LISTENING
  TCP    nik1:12119             nik1:0                 LISTENING
  TCP    nik1:12143             nik1:0                 LISTENING
  TCP    nik1:netbios-ssn       nik1:0                 LISTENING
  TCP    nik1:1054              192.168.1.66:netbios-ssn  ESTABLISHED
  TCP    nik1:3540              2.13.232.72.reverse.layeredtech.com:http  CLOSE_
WAIT
  TCP    nik1:3544              218.184.232.72.reverse.layeredtech.com:http  CLO
SE_WAIT
  UDP    nik1:microsoft-ds      *:*
  UDP    nik1:isakmp            *:*
  UDP    nik1:1025              *:*
  UDP    nik1:1071              *:*
  UDP    nik1:1072              *:*
  UDP    nik1:1249              *:*
  UDP    nik1:1252              *:*
  UDP    nik1:1261              *:*
  UDP    nik1:4500              *:*
  UDP    nik1:ntp               *:*
  UDP    nik1:1038              *:*
  UDP    nik1:1900              *:*
  UDP    nik1:ntp               *:*
  UDP    nik1:netbios-ns        *:*
  UDP    nik1:netbios-dgm       *:*
  UDP    nik1:1900              *:*

C:\Documents and Settings\nikebee>
much better...
but what are these
TCP nik1:3540 2.13.232.72.reverse.layeredtech.com:http CLOSE_
WAIT
TCP nik1:3544 218.184.232.72.reverse.layeredtech.com:http CLO
SE_WAIT


???
edit:
seems i spoked too soon, it's started up again :rolleyes:
 
Last edited:
You must have infected files in your software collection somewhere. I take it you used drivers e.t.c. you already had. You didn't download new copies of things such as the Logitech stuff?

The two random files are being dropped(created) by whatever tojan/virus/mailer you have picked up. Until you can find out what it is you'll have trouble deleting them.

For testing, do you have a second PC you can put the hard drive into as a slave so that it can be fully virus scanned e.t.c?

And next format, don't install anything you've previously downloaded from the internet. That includes all your spyware and antivirus tools, until they have been fully scanned and checked out.

Remember that some nasty stuff also has the capability to disable anti virus programs and the like.


Nik, please check your Gmail. Don__1
 
Last edited:
BruceLee said:
if you do a netstat -b it will show you the process ID that owns that connection, may point you at the rogue process.

a brief google of reverse.layeredtech.com shows this:

http://www.v7n.com/forums/computers-internet/34380-why-they-scanning-my-site.html

http://www.google.co.uk/search?lr=&ie=UTF-8&oe=UTF-8&q=reverse.layeredtech.com

Not sure if that helps much but it does say that its a problem server/DNS etc
Click to expand...
i'll do a netstat -b the next time i get the problem, interesting reads from google about layeredtech.com

ns400r said:
You must have infected files in your software collection somewhere. I take it you used drivers e.t.c. you already had. You didn't download new copies of things such as the Logitech stuff?

The two random files are being dropped(created) by whatever tojan/virus/mailer you have picked up. Until you can find out what it is you'll have trouble deleting them.

For testing, do you have a second PC you can put the hard drive into as a slave so that it can be fully virus scanned e.t.c?

And next format, don't install anything you've previously downloaded from the internet. That includes all your spyware and antivirus tools, until they have been fully scanned and checked out.

Remember that some nasty stuff also has the capability to disable anti virus programs and the like.


Nik, please check your Gmail. Don__1
Click to expand...
yeah i've got one other PC and also a laptop available in the house. just a bit wary and don't particularly want those two ending up with the same problems i'm getting :o

as for the install, mobo drivers from cd, nvidia drivers were freshly downloaded, avast was also downloaded fresh and my X-Fi was off a cd.
the only thing i didn't download was the SetPoint drivers - these were saved off the second HDD (one without windows installed) before it got wiped.
i've replied to your email, and will do what you asked as soon as the files get generated again :)

cheers for the help so far lads



edit:

just had a quick look with netstat-b before i go to bed.

Code: 
C:\Documents and Settings\nikebee>netstat -b

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    nik1:4397              218.184.232.72.reverse.layeredtech.com:http  CLO
SE_WAIT      256
  [ashDisp.exe]

  TCP    nik1:4399              localhost:4398         TIME_WAIT       0
  TCP    nik1:4401              nf-in-f99.google.com:http  TIME_WAIT       0
  TCP    nik1:4403              nf-in-f104.google.com:http  TIME_WAIT       0
  TCP    nik1:4405              nf-in-f99.google.com:http  TIME_WAIT       0
  TCP    nik1:4407              server.bodhostdns2.com:http  TIME_WAIT       0

C:\Documents and Settings\nikebee>
ashDisp.exe, is part of Avast... hmmm...
 
Last edited:
just a small update...

i haven't had any problems with this in the last 2 days now :confused:
shall keep this thread updated if i get any other issues
 
You must log in or register to reply here.
Back
Top Bottom