Am having to split my message as too long for forum ... so please see both parts
YES ... I've definately been hijacked .... hopefully the information below can help you advise me what to do ......
Have used TCPView (Thanks.. I didn't know of this utility)
and the results are
aspnet.exe:584 TCP iesf:40000 iesf:0 LISTENING
ctfmon.exe:684 TCP iesf:3068 iesf:0 LISTENING
ctfmon.exe:684 TCP iesf:31909 iesf:0 LISTENING
dnsadm.exe:788 TCP iesf:2200 iesf:0 LISTENING
eventlog.exe:824 TCP iesf:8899 iesf:0 LISTENING
IBackground.exe:1832 TCP iesf:1052 iesf:0 LISTENING
IBackground.exe:1832 TCP iesf:1052 ibackup.com:https CLOSE_WAIT
inetinfo.exe:1272 TCP iesf:ftp iesf:0 LISTENING
inetinfo.exe:1272 TCP iesf:smtp iesf:0 LISTENING
inetinfo.exe:1272 TCP iesf:http iesf:0 LISTENING
inetinfo.exe:1272 TCP iesf:https iesf:0 LISTENING
inetinfo.exe:1272 TCP iesf:1043 iesf:0 LISTENING
inetinfo.exe:1272 TCP iesf:9149 iesf:0 LISTENING
inetinfo.exe:1272 UDP iesf:1044 *:*
inetinfo.exe:1272 UDP iesf:3456 *:*
inetinfo.exe:740 TCP iesf:1028 iesf:0 LISTENING
inetinfo.exe:740 TCP iesf:1032 iesf:0 LISTENING
inetinfo.exe:740 TCP iesf:1036 iesf:0 LISTENING
inetinfo.exe:740 TCP iesf:30001 iesf:0 LISTENING
inetinfo.exe:740 TCP iesf:1027 iesf:0 LISTENING
inetinfo.exe:740 TCP iesf:1027 localhost:1028 ESTABLISHED
inetinfo.exe:740 TCP iesf:1028 localhost:1027 ESTABLISHED
inetinfo.exe:740 TCP iesf:1031 iesf:0 LISTENING
inetinfo.exe:740 TCP iesf:1031 localhost:1032 ESTABLISHED
inetinfo.exe:740 TCP iesf:1032 localhost:1031 ESTABLISHED
inetinfo.exe:740 TCP iesf:1035 iesf:0 LISTENING
inetinfo.exe:740 TCP iesf:1035 localhost:1036 ESTABLISHED
inetinfo.exe:740 TCP iesf:1036 localhost:1035 ESTABLISHED
inetinfo.exe:768 TCP iesf:1026 iesf:0 LISTENING
inetinfo.exe:768 TCP iesf:1030 iesf:0 LISTENING
inetinfo.exe:768 TCP iesf:1034 iesf:0 LISTENING
inetinfo.exe:768 TCP iesf:30003 iesf:0 LISTENING
inetinfo.exe:768 TCP iesf:1025 iesf:0 LISTENING
inetinfo.exe:768 TCP iesf:1025 localhost:1026 ESTABLISHED
inetinfo.exe:768 TCP iesf:1026 localhost:1025 ESTABLISHED
inetinfo.exe:768 TCP iesf:1029 iesf:0 LISTENING
inetinfo.exe:768 TCP iesf:1029 localhost:1030 ESTABLISHED
inetinfo.exe:768 TCP iesf:1030 localhost:1029 ESTABLISHED
inetinfo.exe:768 TCP iesf:1033 iesf:0 LISTENING
inetinfo.exe:768 TCP iesf:1033 localhost:1034 ESTABLISHED
inetinfo.exe:768 TCP iesf:1034 localhost:1033 ESTABLISHED
inetservice.exe:892 TCP iesf:3333 iesf:0 LISTENING
inetservice.exe:892 TCP iesf:4068 iesf:0 LISTENING
inetservice.exe:892 TCP iesf:41909 iesf:0 LISTENING
LSASS.EXE:268 UDP iesf:isakmp *:*
msdtc.exe:1284 TCP iesf:1042 iesf:0 LISTENING
mstask.exe:1064 TCP iesf:1037 iesf:0 LISTENING
scvhost.exe:1056 TCP iesf:8787 iesf:0 LISTENING
sqlservr.exe:992 TCP iesf:ms-sql-s iesf:0 LISTENING
sqlservr.exe:992 UDP iesf:ms-sql-m *:*
svchost.exe:440 TCP iesf:epmap iesf:0 LISTENING
svchost.exe:440 UDP iesf:epmap *:*
System:8 TCP iesf:microsoft-ds iesf:0 LISTENING
System:8 TCP iesf:1045 iesf:0 LISTENING
System:8 TCP iesf:http firewall.conserveschool.org:64038 ESTABLISHED
System:8 TCP iesf:http firewall.conserveschool.org:64040 TIME_WAIT
System:8 TCP iesf:http firewall.conserveschool.org:64052 ESTABLISHED
System:8 TCP iesf:http c-24-14-148-204.hsd1.il.comcast.net:59342 TIME_WAIT
System:8 TCP iesf:http c-24-23-4-210.hsd1.ca.comcast.net:4860 ESTABLISHED
System:8 TCP iesf:http px3so.cg.shawcable.net:49816 ESTABLISHED
System:8 TCP iesf:http 58-186-9-xxx-dynamic.hcm.fpt.vn:17078 ESTABLISHED
System:8 TCP iesf:http 58-186-9-xxx-dynamic.hcm.fpt.vn:17096 ESTABLISHED
System:8 TCP iesf:http pm2-cwco-64-71-208-83.havilandtelco.com:3339 TIME_WAIT
System:8 TCP iesf:http ip68-4-82-226.oc.oc.cox.net:4694 ESTABLISHED
System:8 TCP iesf:http proxy.newingtoncollege.nsw.edu.au:9062 ESTABLISHED
System:8 TCP iesf:http ip70-161-65-125.hr.hr.cox.net:2963 TIME_WAIT
System:8 TCP iesf:http ip70-161-65-125.hr.hr.cox.net:2997 ESTABLISHED
System:8 TCP iesf:http ip70-161-65-125.hr.hr.cox.net:3000 ESTABLISHED
System:8 TCP iesf:http mail.ycis.edu.hk:1164 ESTABLISHED
System:8 TCP iesf:http mtl-a46-041:4914 TIME_WAIT
System:8 TCP iesf:http fj5011.inktomisearch.com:52670 TIME_WAIT
System:8 TCP iesf:http fj5011.inktomisearch.com:54872 TIME_WAIT
System:8 TCP iesf:http bbcache-8.singnet.com.sg:9026 ESTABLISHED
System:8 TCP iesf:http bbcache-9.singnet.com.sg:5862 ESTABLISHED
System:8 TCP iesf:http bbcache-10.singnet.com.sg:53944 TIME_WAIT
System:8 TCP iesf:http bbcache-10.singnet.com.sg:54620 ESTABLISHED
System:8 TCP iesf:http bbcache-11.singnet.com.sg:57310 TIME_WAIT
System:8 TCP iesf:http gw.pool-2.nat.net.kht.ru:4443 ESTABLISHED
System:8 TCP iesf:http gw.pool-2.nat.net.kht.ru:5345 ESTABLISHED
System:8 TCP iesf:http gw.pool-2.nat.net.kht.ru:5948 ESTABLISHED
System:8 TCP iesf:http 195.245.109.122:48225 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48294 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48323 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48488 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48708 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48762 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48882 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48907 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48927 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48930 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48936 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48964 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48966 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:48995 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:49001 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:49008 TIME_WAIT
System:8 TCP iesf:http 195.245.109.122:49015 TIME_WAIT
System:8 TCP iesf:http 202.128.229.45:29675 ESTABLISHED
System:8 TCP iesf:http lj9059.inktomisearch.com:52729 TIME_WAIT
System:8 TCP iesf:http lj9059.inktomisearch.com:52759 TIME_WAIT
System:8 TCP iesf:http lj9115.inktomisearch.com:49744 TIME_WAIT
System:8 TCP iesf:http lj9115.inktomisearch.com:49933 TIME_WAIT
System:8 TCP iesf:http cache-ntc-ac06.proxy.aol.com:44648 TIME_WAIT
System:8 TCP iesf:http 202.163.208.30:2363 ESTABLISHED
System:8 TCP iesf:http 202.163.208.30:2420 ESTABLISHED
System:8 TCP iesf:http 202.163.208.30:2451 ESTABLISHED
System:8 TCP iesf:http proxy5-14.adl2.internode.on.net:18679 ESTABLISHED
System:8 TCP iesf:http proxy5-14.adl2.internode.on.net:19030 ESTABLISHED
System:8 TCP iesf:http proxy6-14.adl2.internode.on.net:18858 ESTABLISHED
System:8 TCP iesf:http proxy7-14.adl2.internode.on.net:23159 ESTABLISHED
System:8 TCP iesf:http 203.210.245.216:57945 ESTABLISHED
System:8 TCP iesf:http 203.210.245.216:51420 ESTABLISHED
System:8 TCP iesf:http adsl.hnpt.com.vn:48634 ESTABLISHED
System:8 TCP iesf:http adsl.hnpt.com.vn:48040 ESTABLISHED
System:8 TCP iesf:http wttaos01.imsbiz.com:57952 TIME_WAIT
System:8 TCP iesf:http pool-71-252-226-75.dllstx.fios.verizon.net:61405 TIME_WAIT
System:8 TCP iesf:http pool-70-107-168-252.ny325.east.verizon.net:4771 ESTABLISHED
System:8 TCP iesf:http 203.210.245.216:40456 ESTABLISHED
System:8 TCP iesf:http adsl.hnpt.com.vn:35946 TIME_WAIT
System:8 TCP iesf:netbios-ssn iesf:0 LISTENING
System:8 UDP iesf:microsoft-ds *:*
System:8 UDP iesf:netbios-ns *:*
System:8 UDP iesf:netbios-dgm *:*
System:8 TCP iesf:http pm2-cwco-64-71-208-83.havilandtelco.com:3405 TIME_WAIT
System:8 TCP iesf:http pool-70-107-168-252.ny325.east.verizon.net:4772 TIME_WAIT
System:8 TCP iesf:http egspd42239.ask.com:41943 TIME_WAIT
System:8 TCP iesf:http adsl.hnpt.com.vn:24114 ESTABLISHED
System:8 TCP iesf:http 203.15.122.35:35745 ESTABLISHED
System:8 TCP iesf:http adsl.hnpt.com.vn:11724 ESTABLISHED
System:8 TCP iesf:http 203.15.122.35:12649 TIME_WAIT
System:8 TCP iesf:http cache6.syd.ops.aspac.uu.net:11525 TIME_WAIT
System:8 TCP iesf:http cache4.syd.ops.aspac.uu.net:28285 ESTABLISHED
System:8 TCP iesf:http 203.15.122.35:52425 ESTABLISHED
System:8 TCP iesf:http 203.15.122.35:34562 ESTABLISHED
System:8 TCP iesf:http 203.15.122.35:21624 ESTABLISHED
System:8 TCP iesf:http 202.138.134.149:49820 TIME_WAIT
System:8 TCP iesf:http pm2-cwco-64-71-208-83.havilandtelco.com:3410 ESTABLISHED
System:8 TCP iesf:http proxy3.utas.edu.au:57172 TIME_WAIT
System:8 TCP iesf:http 70.27.166.146:51393 ESTABLISHED
System:8 TCP iesf:http ip-69-33-143-130.nyc.megapath.net:1174 ESTABLISHED
System:8 TCP iesf:http ip-69-33-143-130.nyc.megapath.net:1173 ESTABLISHED
System:8 TCP iesf:http ip-69-33-143-130.nyc.megapath.net:1172 TIME_WAIT
System:8 TCP iesf:http proxy.newingtoncollege.nsw.edu.au:9087 FIN_WAIT1
Tapii.exe:1092 TCP iesf:1 iesf:0 LISTENING
WinVNC.exe:1180 TCP iesf:5800 iesf:0 LISTENING
WinVNC.exe:1180 TCP iesf:5900 iesf:0 LISTENING
WinVNC.exe:1180 TCP iesf:5900 p627-adslbkksp13.c.csloxinfo.net:1312 ESTABLISHED
===================================
My problem is I do not understand what I'm looking at here.
I do not know how to close/open ports
There is definately something strange going on with the server as my ISP just sent me a warning
I've postered their warning at
http://www.shambles.net/avast/ispwarningmarch06.txtwhich might be helpful to see what the malware? is doing.
In fact my ISP has given me 48 hours to solve this or they are pulling the plug
=====================================