This is a little far fetched, but with the difficulties you are having compiled with the fact that windows trojans have become better at hiding (where netstat might not be reliable), you might want to try running a port scan from a second system to see what ports your system is listening on from the attackers prospective.