Someone trying to hack into my computer.

This IP address is probably your ISP. I assume you use SBC. That address maps to adsl-75-63-51-16.dsl.emhril.sbcglobal.net

Now it appears you have possibly changed ISPs. This one maps to S0106000f66877ad9.cn.shawcable.net

It is quite normal for many ISPs to be testing you connection. You can just block it and also do the same and ignore the logs as long as they are from your ISP. You can also call your ISP and ask them what they are doing/why it is necessary to ease your mind.

 

Okay but that does not change the fact that the first address you list is from them and that is what your firewall was flagging. They probably added some new diagnostic feature.

As far as shawcable, they are a valid company too. Not sure why this would show up unless SBC is somehow getting bandwidth thru them.

 

Let's find out what your PC is running and what your malware status is. Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide


I have a feeling that you may be running a P2P or torrent downloading program and people are connecting to you for downloads.

 

No that is not what it means. It means on 1 in 100 computers ComboFix just will not run for some unknown reason. Please run it it, it often finds things that other scans will not. Attach the log.

You already had Windows Defender installed. It is normal for it to appear in the tray. Perhaps you were previously disabling startups with MSconfig which you should not do as mentioned in step 1 of the READ ME.

You need to cleanup your Desktop ASAP. All of that junk does not belong there and is an invitiation for malware to hide. Also it can slow your PC down. Move everything you really need to a more permanent storage location and delete things you don't need. Try to keep just links/shortcuts to things you use all the time on your Desktop.


I still don't believe you are having major malware issues. I think this may be just a case where you have used P2P and torrent type sharing programs and people have your address now and are trying to link to you for downloading. You should just be telling your software firewall to block these and always do the same and to do it quitely with telling you. This is normal firewall behavior. Do you use a router and does it also have a hardware firewall.


After running ComboFix and attaching your log, please continue on with the below.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

After clicking Fix, exit HJT.



Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.



Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

This is not bad news. This is normal firewall behavior. You just need to set your firewall to block these incoming reports silently. This happens on all PCs and is the purpose of having a firewall.

If you install a router which goes inbetween your DSL Modem and your PC, it would also possibly block some issues before they ever get to your PC.

Your logs are clean. These are not malware issues. It is just normal behavior that happens.

 

You're welcome.


If you are not having any other malware problems, it is time to do our final steps:

1. You can uninstall SUPERAntispyware now
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop & renamed it like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\cf" /u
     • Notes: The space between the cf" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\cf folder from combofix.
3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

It is highly recommended that you totally uninstall ALL of Norton. You probably have a load of excess baggage from them running just to keep their firewall. You should really use another firewall.