Overclock.net › Forums › Software, Programming and Coding › Operating Systems › svchost.exe spamming my router
New Posts  All Forums:Forum Nav:

svchost.exe spamming my router

post #1 of 4
Thread Starter 
Lately I have noticed unusual usage on my network connection, and when I open my active connections in Comodo it shows svchost.exe opening 150+ connections to 10.0.0.2:80, my router's login page. Every time it opens a new connection the source port increases by 1, and it does this at about 1 connection/second. After a while the old connections start closing while new ones still open, if that makes sense.

I have MSE installed, and that doesn't detect anything funny in a quick scan. I haven't done a full scan yet.

One other thing I noticed is that the same process (which hosts windows update, along with other things) sometimes seems to download from 165.165.47.9, which is an akamai IP. I know akamai is a mirror for international content in south africa, but I don't know why it downloads from there when there are no updates available for me at the moment.

Is it possible I have a rootkit? I reformatted and reinstalled windows about 2 months ago and haven't downloaded anything dodgy, nor have I used flash drives or cds any time recently.

EDIT: I'm going out now so won't be able to reply for a while.
It plays TF2
(18 items)
 
LG Nexus 5
(12 items)
 
Acer 5745PG
(6 items)
 
CPUMotherboardGraphicsRAM
4790k ASRock Z97 Extreme6 Asus GTX980 Strix 4GB Kingston HyperX Fury Black 2x8GB 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vector 128GB Seagate 2TB  Seagate 500GB 7200.12 Some LG that works properly 
CoolingOSMonitorKeyboard
Corsair H105 Windows 8 Pro 64bit Samsung B2330h MS Digital Media Keyboard 
PowerCaseMouseMouse Pad
CoolerMaster Silent Pro M600 Coolermaster CM690II Advanced Logitech G500s CyberSnipa Something 
AudioAudio
JVC RX700 Creative X-Fi Titanium 
CPUMotherboardGraphicsRAM
Quad-core 2.3 GHz Krait 400 LG Something + Qualcomm MSM8974 Snapdragon 800 Adreno 330 2 GB 
Hard DriveOptical DriveCoolingOS
32 GB internal storage 8MP AutoAwesomeHDRFace + 1MP SelfieMachine Air Android 4.4.2 
MonitorPowerCaseMouse
True HD IPS+ 1080 x 1920 pixels, 4.95 inches Non-removable Li-Po 2300 mAh battery LG Sexybox Capacitive touchscreen 
CPUGraphicsRAMHard Drive
i5 480m @ 2.66GHz GT420M 1GB 4GB DDR3 WD 750GB 
OSMonitor
Windows 7 Professional 64 bit 15" 1366x768 + two point touchscreen 
  hide details  
Reply
It plays TF2
(18 items)
 
LG Nexus 5
(12 items)
 
Acer 5745PG
(6 items)
 
CPUMotherboardGraphicsRAM
4790k ASRock Z97 Extreme6 Asus GTX980 Strix 4GB Kingston HyperX Fury Black 2x8GB 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vector 128GB Seagate 2TB  Seagate 500GB 7200.12 Some LG that works properly 
CoolingOSMonitorKeyboard
Corsair H105 Windows 8 Pro 64bit Samsung B2330h MS Digital Media Keyboard 
PowerCaseMouseMouse Pad
CoolerMaster Silent Pro M600 Coolermaster CM690II Advanced Logitech G500s CyberSnipa Something 
AudioAudio
JVC RX700 Creative X-Fi Titanium 
CPUMotherboardGraphicsRAM
Quad-core 2.3 GHz Krait 400 LG Something + Qualcomm MSM8974 Snapdragon 800 Adreno 330 2 GB 
Hard DriveOptical DriveCoolingOS
32 GB internal storage 8MP AutoAwesomeHDRFace + 1MP SelfieMachine Air Android 4.4.2 
MonitorPowerCaseMouse
True HD IPS+ 1080 x 1920 pixels, 4.95 inches Non-removable Li-Po 2300 mAh battery LG Sexybox Capacitive touchscreen 
CPUGraphicsRAMHard Drive
i5 480m @ 2.66GHz GT420M 1GB 4GB DDR3 WD 750GB 
OSMonitor
Windows 7 Professional 64 bit 15" 1366x768 + two point touchscreen 
  hide details  
Reply
post #2 of 4
Have you tried running Malwarebytes? Windows 7 is more vulnerable that most people think, especially when you don't have the very latest updates.
The Butthurt Box
(21 items)
 
   
CPUMotherboardGraphicsGraphics
Intel Core i5 2500K P67 Professional AMD Radeon HD 6950 unlock NVIDIA GeForce GTX 460 2gb 
RAMRAMHard DriveHard Drive
G.Skill Ripjaws G.Skill Ripjaws Intel X25-V Seagate Barracuda 
Hard DriveOptical DriveOSMonitor
WD Goflex USB 3.0 24x DVD R/W DL Win7 Ultermate 64 Acer 20in 1600x900 
MonitorMonitorMonitorKeyboard
Compaq 20in 1600x900 17in Dell 1280x1024 19in Gateway 1280x1024 Razer Blackwidow mech w/ cherry MX blues 
PowerCaseMouseAudio
Kingwin LZ-750 HAF 932 + sound activated lights Logitech G500 Rosewill USB headset 
CPUMotherboardGraphicsRAM
Pentium 4 3.2ghz w/ HT HP Intel IGP 4gb Mushkin DDR2 
Hard DriveOSPowerCase
80gb sata WinXP Pro HP OEM HP Small form factor 
  hide details  
Reply
The Butthurt Box
(21 items)
 
   
CPUMotherboardGraphicsGraphics
Intel Core i5 2500K P67 Professional AMD Radeon HD 6950 unlock NVIDIA GeForce GTX 460 2gb 
RAMRAMHard DriveHard Drive
G.Skill Ripjaws G.Skill Ripjaws Intel X25-V Seagate Barracuda 
Hard DriveOptical DriveOSMonitor
WD Goflex USB 3.0 24x DVD R/W DL Win7 Ultermate 64 Acer 20in 1600x900 
MonitorMonitorMonitorKeyboard
Compaq 20in 1600x900 17in Dell 1280x1024 19in Gateway 1280x1024 Razer Blackwidow mech w/ cherry MX blues 
PowerCaseMouseAudio
Kingwin LZ-750 HAF 932 + sound activated lights Logitech G500 Rosewill USB headset 
CPUMotherboardGraphicsRAM
Pentium 4 3.2ghz w/ HT HP Intel IGP 4gb Mushkin DDR2 
Hard DriveOSPowerCase
80gb sata WinXP Pro HP OEM HP Small form factor 
  hide details  
Reply
post #3 of 4
Thread Starter 
Okay MSE finished a full scan, nothing found. I'll run malwarebytes tomorrow, I feel like crap now :/ oh and windows = up to date.
It plays TF2
(18 items)
 
LG Nexus 5
(12 items)
 
Acer 5745PG
(6 items)
 
CPUMotherboardGraphicsRAM
4790k ASRock Z97 Extreme6 Asus GTX980 Strix 4GB Kingston HyperX Fury Black 2x8GB 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vector 128GB Seagate 2TB  Seagate 500GB 7200.12 Some LG that works properly 
CoolingOSMonitorKeyboard
Corsair H105 Windows 8 Pro 64bit Samsung B2330h MS Digital Media Keyboard 
PowerCaseMouseMouse Pad
CoolerMaster Silent Pro M600 Coolermaster CM690II Advanced Logitech G500s CyberSnipa Something 
AudioAudio
JVC RX700 Creative X-Fi Titanium 
CPUMotherboardGraphicsRAM
Quad-core 2.3 GHz Krait 400 LG Something + Qualcomm MSM8974 Snapdragon 800 Adreno 330 2 GB 
Hard DriveOptical DriveCoolingOS
32 GB internal storage 8MP AutoAwesomeHDRFace + 1MP SelfieMachine Air Android 4.4.2 
MonitorPowerCaseMouse
True HD IPS+ 1080 x 1920 pixels, 4.95 inches Non-removable Li-Po 2300 mAh battery LG Sexybox Capacitive touchscreen 
CPUGraphicsRAMHard Drive
i5 480m @ 2.66GHz GT420M 1GB 4GB DDR3 WD 750GB 
OSMonitor
Windows 7 Professional 64 bit 15" 1366x768 + two point touchscreen 
  hide details  
Reply
It plays TF2
(18 items)
 
LG Nexus 5
(12 items)
 
Acer 5745PG
(6 items)
 
CPUMotherboardGraphicsRAM
4790k ASRock Z97 Extreme6 Asus GTX980 Strix 4GB Kingston HyperX Fury Black 2x8GB 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vector 128GB Seagate 2TB  Seagate 500GB 7200.12 Some LG that works properly 
CoolingOSMonitorKeyboard
Corsair H105 Windows 8 Pro 64bit Samsung B2330h MS Digital Media Keyboard 
PowerCaseMouseMouse Pad
CoolerMaster Silent Pro M600 Coolermaster CM690II Advanced Logitech G500s CyberSnipa Something 
AudioAudio
JVC RX700 Creative X-Fi Titanium 
CPUMotherboardGraphicsRAM
Quad-core 2.3 GHz Krait 400 LG Something + Qualcomm MSM8974 Snapdragon 800 Adreno 330 2 GB 
Hard DriveOptical DriveCoolingOS
32 GB internal storage 8MP AutoAwesomeHDRFace + 1MP SelfieMachine Air Android 4.4.2 
MonitorPowerCaseMouse
True HD IPS+ 1080 x 1920 pixels, 4.95 inches Non-removable Li-Po 2300 mAh battery LG Sexybox Capacitive touchscreen 
CPUGraphicsRAMHard Drive
i5 480m @ 2.66GHz GT420M 1GB 4GB DDR3 WD 750GB 
OSMonitor
Windows 7 Professional 64 bit 15" 1366x768 + two point touchscreen 
  hide details  
Reply
post #4 of 4
Thread Starter 
Okay here's the log from HijackThis:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:16:02 PM, on 2011/05/21
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\\Program Files (x86)\\MSI Afterburner\\MSIAfterburner.exe
C:\\Fraps\\fraps.exe
D:\\RealTemp\\RealTemp.exe
D:\\Program Files (x86)\\Xfire\\Xfire.exe
D:\\Program Files (x86)\\Steam\\Steam.exe
C:\\Program Files (x86)\\Mumble\\mumble.exe
C:\\Program Files (x86)\\Mozilla Firefox 4.0 Beta 11\\firefox.exe
C:\\Program Files (x86)\\Mozilla Firefox 4.0 Beta 11\\plugin-container.exe
D:\\Users\\Logan\\Documents\\Downloads\\HijackThis.exe
C:\\Windows\\SysWOW64\\NOTEPAD.EXE
C:\\Program Files (x86)\\HostsMan\\hm.exe
C:\\Windows\\SysWOW64\\DllHost.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = 
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = 
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\\PROGRA~2\\MICROS~3\\Office14\\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre6\\bin\\jp2ssv.dll
O4 - HKLM\\..\\Run: [boincmgr] "C:\\Program Files\\BOINC\\boincmgr.exe" /a /s
O4 - HKLM\\..\\Run: [boinctray] "C:\\Program Files\\BOINC\\boinctray.exe"
O4 - HKLM\\..\\Run: [VMware hqtray] "C:\\Program Files (x86)\\VMware\\VMware Player\\hqtray.exe"
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Xfire.lnk = D:\\Program Files (x86)\\Xfire\\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~2\\MICROS~3\\Office14\\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\common files\\microsoft shared\\windows live\\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\vmware\\vmware player\\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\\program files (x86)\\vmware\\vmware player\\vsocklib.dll
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{5E0E120C-DF75-4FE5-90AA-484D08BD6A35}: NameServer = 10.0.0.2
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE14\\MSOXMLMF.DLL
O20 - AppInit_DLLs:  C:\\Windows\\SysWOW64\\guard32.dll
O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\\Program Files\\COMODO\\COMODO Internet Security\\cmdagent.exe
O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\\Program Files (x86)\\Hamachi 2\\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files (x86)\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\\Windows\\system32\
vvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\\Windows\\system32\\PnkBstrA.exe
O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)
O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\\Program Files (x86)\\TeamViewer\\Version6\\TeamViewer_Service.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\\Program Files (x86)\\Toshiba\\Bluetooth Toshiba Stack\\TosBtSrv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-ufad.exe
O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\\Windows\\system32\\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\\Program Files (x86)\\Common Files\\VMware\\USB\\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\\Windows\\system32\\vmnat.exe
O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\\system32\\Wat\\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\\Windows\\system32\\Wat\\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)

--
End of file - 7004 bytes
It plays TF2
(18 items)
 
LG Nexus 5
(12 items)
 
Acer 5745PG
(6 items)
 
CPUMotherboardGraphicsRAM
4790k ASRock Z97 Extreme6 Asus GTX980 Strix 4GB Kingston HyperX Fury Black 2x8GB 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vector 128GB Seagate 2TB  Seagate 500GB 7200.12 Some LG that works properly 
CoolingOSMonitorKeyboard
Corsair H105 Windows 8 Pro 64bit Samsung B2330h MS Digital Media Keyboard 
PowerCaseMouseMouse Pad
CoolerMaster Silent Pro M600 Coolermaster CM690II Advanced Logitech G500s CyberSnipa Something 
AudioAudio
JVC RX700 Creative X-Fi Titanium 
CPUMotherboardGraphicsRAM
Quad-core 2.3 GHz Krait 400 LG Something + Qualcomm MSM8974 Snapdragon 800 Adreno 330 2 GB 
Hard DriveOptical DriveCoolingOS
32 GB internal storage 8MP AutoAwesomeHDRFace + 1MP SelfieMachine Air Android 4.4.2 
MonitorPowerCaseMouse
True HD IPS+ 1080 x 1920 pixels, 4.95 inches Non-removable Li-Po 2300 mAh battery LG Sexybox Capacitive touchscreen 
CPUGraphicsRAMHard Drive
i5 480m @ 2.66GHz GT420M 1GB 4GB DDR3 WD 750GB 
OSMonitor
Windows 7 Professional 64 bit 15" 1366x768 + two point touchscreen 
  hide details  
Reply
It plays TF2
(18 items)
 
LG Nexus 5
(12 items)
 
Acer 5745PG
(6 items)
 
CPUMotherboardGraphicsRAM
4790k ASRock Z97 Extreme6 Asus GTX980 Strix 4GB Kingston HyperX Fury Black 2x8GB 
Hard DriveHard DriveHard DriveOptical Drive
OCZ Vector 128GB Seagate 2TB  Seagate 500GB 7200.12 Some LG that works properly 
CoolingOSMonitorKeyboard
Corsair H105 Windows 8 Pro 64bit Samsung B2330h MS Digital Media Keyboard 
PowerCaseMouseMouse Pad
CoolerMaster Silent Pro M600 Coolermaster CM690II Advanced Logitech G500s CyberSnipa Something 
AudioAudio
JVC RX700 Creative X-Fi Titanium 
CPUMotherboardGraphicsRAM
Quad-core 2.3 GHz Krait 400 LG Something + Qualcomm MSM8974 Snapdragon 800 Adreno 330 2 GB 
Hard DriveOptical DriveCoolingOS
32 GB internal storage 8MP AutoAwesomeHDRFace + 1MP SelfieMachine Air Android 4.4.2 
MonitorPowerCaseMouse
True HD IPS+ 1080 x 1920 pixels, 4.95 inches Non-removable Li-Po 2300 mAh battery LG Sexybox Capacitive touchscreen 
CPUGraphicsRAMHard Drive
i5 480m @ 2.66GHz GT420M 1GB 4GB DDR3 WD 750GB 
OSMonitor
Windows 7 Professional 64 bit 15" 1366x768 + two point touchscreen 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Operating Systems
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › svchost.exe spamming my router