Possibly Hacked?

[strandedthinker]

Im not sure if I was, but this morning I start up trillian and notice someone who uses bsdmail wants to talk to me on msn, so i accept it and he isnt there. Yesterday I was having big problems with the system, lag in internet, lag in system which may have lagged IE. So now Im looking at my incoming acces logfrom linksys and some higher ports have been logged from what looks like roadrunner IP. Heres some of the ports and what not.

61.111.1.99 17300
64.156.39.12 1026
202.108.249.21 1434
194.117.3.34 111
64.158.165.60 1434
64.156.220.155 1434
64.156.39.12 1026
216.41.60.143 1433
140.99.186.4 1108
68.23.127.182 27374
203.136.81.13 1434
66.52.249.70 1026
64.159.93.121 1434
211.151.23.229 1434
209.179.53.43 1434
65.128.200.132 27374
63.205.136.107 3077
192.38.233.143 443
67.169.110.132 27374
216.40.246.25 1377
81.130.125.49 1434
65.59.191.77 1434
217.234.87.103 1433
208.172.64.135 1206
64.74.136.173 12380
64.74.136.18 31071
64.74.136.20 12848
64.74.136.183 23597
64.74.136.74 23603
64.74.136.134 12848
69.25.16.25 23603
64.74.136.125 11569
64.74.136.185 28261
64.74.136.179 14428
64.74.136.133 23653
64.74.136.21 25965
69.25.16.146 12380
69.25.16.88 11569
69.25.16.222 12595
64.74.136.127 24927
64.74.136.152 31071
69.25.17.217 25965
64.74.136.165 28261
64.74.136.45 25965
64.74.136.47 14428
69.25.16.123 12380
69.25.18.23 23600
69.25.16.8 24927
69.25.17.88 24370
69.25.19.129 12380
69.25.18.209 27497
69.25.17.182 29744
69.25.17.100 25965
69.25.16.136 23653
69.25.16.15 11570
69.25.16.178 28530
69.25.17.209 12380
69.25.16.12 12380
69.25.16.225 28261
64.74.136.150 26977
64.74.136.147 25951
62.212.83.156 13404
69.25.16.14 31081
64.74.136.128 31071
69.25.17.158 12380
64.74.138.238 13104
69.25.16.11 23601
64.74.136.175 13108
69.25.16.188 13148
69.25.17.92 13916

Look suspicious? Thanks

[MSgtN]

When in doubt, I always "SCAN"......I would certainly start the computer in safe mode, and scan with the AV (ensuring it's updated with the latest definitions), Spybot and Ad-aware. If you can, let me know what you find...

[strandedthinker]

Norton did its weekly thing friday and everything was AOK, and I never disable it. Im scanning with ad-aware now.

[infernon]

Spybot search and destroy seems to work faster and better for me. You can grab it at download.com. It's also free. I used to use ad-aware (still very cool) until I found this app.

[Status]

http://www.iana.org/assignments/port-numbers
Port listing for just about every app you can think of.

[groovicus]

I'm going to go out on a limb, since your syslog IMHO is fairly worthless. Several of the ports come back as trojans, worms, and viruses.

Would I fall off the limb if I told you to get rid of kazaa, or whatever p2p software you are using? Some versions of kazaa appear to be infected, but I never have figured out if they actually were.

If your antivirus isn't picking up anything, get a second opinion.

[tampabay420]

ooh, nobody said anything about a firewall yet? firewalls help a lot, this way you would know what application/service those IP(s) were attemtping to connect to...

[groovicus]

lol....I figured that went without saying (my bad)

[strandedthinker]

Well I didnt have a firewall up , figured the router would cover me good. But I have blackice now and just got the basic probes

All the scans showed up negative.

Something I didnt tell you: When the computer was laggy norton wasnt autoloading and the option for ti to be loaded was off along with email, reading error

[groovicus]

ok, what scans showed up negative?

At the risk of being redundant....did you make sure all definitions for your spy killers were updated?

Did you try with another AV scanner? It sounds like your Norton may be sick... there was a rumored exploit some time back that was rumored to erase some of Norton's files. I don't know if it is true or not. If you have worms and virii, which, going by the ports you listed above, your spy killers won't get them anyway.

Also, once you think you have your firewall working, go to the following link:
https://grc.com

Run the shield's up probe for common ports. Tweak your firewall, then run again.