A problem running spybot

nivdr · Nov 23, 2008

I am following the read me first guide but when trying to intsall spybot I get get a message it can not connect to server. I tried downloading updates manually but then it would not run at all. I tried doing it from diffrent networks but it seems the hijack has blocked and changed my connection settings. I am running XP home edition. Please Help. I am completely lost here.

chaslang · Nov 24, 2008

Welcome to Major Geeks!

Just skip Spybot and continue with the rest of the instructions and attach the requested logs whern you finish.

Also explain to us what malware problems you are having.

nivdr · Nov 25, 2008

Thanks for the quick response. I tried to continue with the rest but they would also not work. I'v been trying to repeat running superantispyware and it detects new adware cookies every time. The popup adware usually change but one called internet speed monitor keeps poping. I tried running symantec anti virus I got from work but I can't install updates because the virus blocks it. Also sometimes will redirect searches from google to go.google...
I am currently trying to restore my system through a service of lenovo called lenovo care but I'm not sure the backup is not infected. My biggest problem now I think is releasing the block on internet connection to anti spyware programs. Unfortunately I only have a log file from superantispyware (resons above) but I can probably send a log of Hijack this. Thaks

chaslang · Nov 26, 2008

nivdr said: ↑

I tried to continue with the rest but they would also not work. I'v been trying to repeat running superantispyware and it detects new adware cookies every time.
Click to expand...

Cookies are not problems! Note as stated in the instructions we do not want you to repeat running any scans. We want you to try each step only once and work your way thru all steps. I will post a common boilerplate of instructions we normally give. Some of the notes may help you.

nivdr said: ↑

My biggest problem now I think is releasing the block on internet connection to anti spyware programs. Unfortunately I only have a log file from superantispyware (resons above) but I can probably send a log of Hijack this. Thaks
Click to expand...

We do not need a HijackThis log. Please just follow the guidelines from the below. At a minimum you should be able to get us logs from SUPERAntiSpyware and MGtools.

======================
Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.

Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

nivdr · Nov 27, 2008

O.K
unfortunetly I've already violated some of your rules. I ran superantispyware many times. also when I ran mgtools the second time I did it from my desktop.
I'm posting the first log of superantispyware and the last one by MGtools.
My computer is severly hacked. Cannot access any of the sites that involve malaware removal including your own.
Hope to here from you soon.
Thanks and happy thanks giving

chaslang · Nov 27, 2008

I know we suggested renaming SUPERAntiSpyware, but why would you name it like below?
C:\Program Files\SUPERAntiSpyware\bb9aa054-66e6-4662-82b4-41c6d5166b31.exe

The probable source of your infection is from downloading and installing the below:
"ADOBE PHOTOSHOP 7.0 FULL [RETAIL] +serial"

All of the malware files arrived at the same time. I suggest that you uninstall this immediately.

You need to shutdown the BitTorrent program when not using it an you should not load it at startup. Did you notice that it has opened up literally hundreds of connections into your PC and is slowing you down. Here are the connections seen in your log. The list is so long you will have to scroll to see everything.

Code:

Active Connections
  Proto  Local Address          Foreign Address        State
  TCP    nurit:1516             localhost:1121         CLOSE_WAIT
  TCP    nurit:1516             localhost:1124         CLOSE_WAIT
  TCP    nurit:1516             localhost:1127         CLOSE_WAIT
  TCP    nurit:1516             localhost:1130         CLOSE_WAIT
  TCP    nurit:1516             localhost:1133         CLOSE_WAIT
  TCP    nurit:1516             localhost:1136         CLOSE_WAIT
  TCP    nurit:1516             localhost:1139         CLOSE_WAIT
  TCP    nurit:1516             localhost:1142         CLOSE_WAIT
  TCP    nurit:1516             localhost:1145         CLOSE_WAIT
  TCP    nurit:1516             localhost:1148         CLOSE_WAIT
  TCP    nurit:1516             localhost:1151         CLOSE_WAIT
  TCP    nurit:1516             localhost:1154         CLOSE_WAIT
  TCP    nurit:1516             localhost:1157         CLOSE_WAIT
  TCP    nurit:1516             localhost:1161         CLOSE_WAIT
  TCP    nurit:1516             localhost:1162         CLOSE_WAIT
  TCP    nurit:1516             localhost:1166         CLOSE_WAIT
  TCP    nurit:1516             localhost:1169         CLOSE_WAIT
  TCP    nurit:1516             localhost:1172         CLOSE_WAIT
  TCP    nurit:1516             localhost:1175         CLOSE_WAIT
  TCP    nurit:1516             localhost:1178         CLOSE_WAIT
  TCP    nurit:1516             localhost:1181         CLOSE_WAIT
  TCP    nurit:1516             localhost:1183         CLOSE_WAIT
  TCP    nurit:1516             localhost:1186         CLOSE_WAIT
  TCP    nurit:1516             localhost:1190         CLOSE_WAIT
  TCP    nurit:1516             localhost:1192         CLOSE_WAIT
  TCP    nurit:1516             localhost:1197         CLOSE_WAIT
  TCP    nurit:1516             localhost:1200         CLOSE_WAIT
  TCP    nurit:1516             localhost:1203         CLOSE_WAIT
  TCP    nurit:1516             localhost:1205         CLOSE_WAIT
  TCP    nurit:1516             localhost:1209         CLOSE_WAIT
  TCP    nurit:1516             localhost:1212         CLOSE_WAIT
  TCP    nurit:1516             localhost:1215         CLOSE_WAIT
  TCP    nurit:1516             localhost:1218         CLOSE_WAIT
  TCP    nurit:1516             localhost:1222         CLOSE_WAIT
  TCP    nurit:1516             localhost:1225         CLOSE_WAIT
  TCP    nurit:1516             localhost:1228         CLOSE_WAIT
  TCP    nurit:1516             localhost:1230         CLOSE_WAIT
  TCP    nurit:1516             localhost:1234         CLOSE_WAIT
  TCP    nurit:1516             localhost:1237         CLOSE_WAIT
  TCP    nurit:1516             localhost:1240         CLOSE_WAIT
  TCP    nurit:1516             localhost:1243         CLOSE_WAIT
  TCP    nurit:1516             localhost:1245         CLOSE_WAIT
  TCP    nurit:1516             localhost:1249         CLOSE_WAIT
  TCP    nurit:1516             localhost:1252         CLOSE_WAIT
  TCP    nurit:1516             localhost:1254         CLOSE_WAIT
  TCP    nurit:1516             localhost:1257         CLOSE_WAIT
  TCP    nurit:1516             localhost:1260         CLOSE_WAIT
  TCP    nurit:1516             localhost:1262         CLOSE_WAIT
  TCP    nurit:1516             localhost:1265         CLOSE_WAIT
  TCP    nurit:1516             localhost:1268         CLOSE_WAIT
  TCP    nurit:1516             localhost:1273         CLOSE_WAIT
  TCP    nurit:1516             localhost:1276         CLOSE_WAIT
  TCP    nurit:1516             localhost:1278         CLOSE_WAIT
  TCP    nurit:1516             localhost:1282         CLOSE_WAIT
  TCP    nurit:1516             localhost:1284         CLOSE_WAIT
  TCP    nurit:1516             localhost:1287         CLOSE_WAIT
  TCP    nurit:1516             localhost:1291         CLOSE_WAIT
  TCP    nurit:1516             localhost:1294         CLOSE_WAIT
  TCP    nurit:1516             localhost:1298         CLOSE_WAIT
  TCP    nurit:1516             localhost:1299         CLOSE_WAIT
  TCP    nurit:1516             localhost:1303         CLOSE_WAIT
  TCP    nurit:1516             localhost:1306         CLOSE_WAIT
  TCP    nurit:1516             localhost:1309         CLOSE_WAIT
  TCP    nurit:1516             localhost:1313         CLOSE_WAIT
  TCP    nurit:1516             localhost:1314         CLOSE_WAIT
  TCP    nurit:1516             localhost:1318         CLOSE_WAIT
  TCP    nurit:1516             localhost:1321         CLOSE_WAIT
  TCP    nurit:1516             localhost:1324         CLOSE_WAIT
  TCP    nurit:1516             localhost:1327         CLOSE_WAIT
  TCP    nurit:1516             localhost:1330         CLOSE_WAIT
  TCP    nurit:1516             localhost:1333         CLOSE_WAIT
  TCP    nurit:1516             localhost:1336         CLOSE_WAIT
  TCP    nurit:1516             localhost:1339         CLOSE_WAIT
  TCP    nurit:1516             localhost:1341         CLOSE_WAIT
  TCP    nurit:1516             localhost:1344         CLOSE_WAIT
  TCP    nurit:1516             localhost:1347         CLOSE_WAIT
  TCP    nurit:1516             localhost:1350         CLOSE_WAIT
  TCP    nurit:1516             localhost:1353         CLOSE_WAIT
  TCP    nurit:1516             localhost:1357         CLOSE_WAIT
  TCP    nurit:1516             localhost:1360         CLOSE_WAIT
  TCP    nurit:1516             localhost:1364         CLOSE_WAIT
  TCP    nurit:1516             localhost:1365         CLOSE_WAIT
  TCP    nurit:1516             localhost:1368         CLOSE_WAIT
  TCP    nurit:1516             localhost:1372         CLOSE_WAIT
  TCP    nurit:1516             localhost:1375         CLOSE_WAIT
  TCP    nurit:1516             localhost:1382         CLOSE_WAIT
  TCP    nurit:1516             localhost:1387         CLOSE_WAIT
  TCP    nurit:1516             localhost:1390         CLOSE_WAIT
  TCP    nurit:1516             localhost:1393         CLOSE_WAIT
  TCP    nurit:1516             localhost:1395         CLOSE_WAIT
  TCP    nurit:1516             localhost:1400         CLOSE_WAIT
  TCP    nurit:1516             localhost:1401         CLOSE_WAIT
  TCP    nurit:1516             localhost:1403         CLOSE_WAIT
  TCP    nurit:1516             localhost:1405         CLOSE_WAIT
  TCP    nurit:1516             localhost:1409         CLOSE_WAIT
  TCP    nurit:1516             localhost:1413         CLOSE_WAIT
  TCP    nurit:1516             localhost:1415         CLOSE_WAIT
  TCP    nurit:1516             localhost:1418         CLOSE_WAIT
  TCP    nurit:1516             localhost:1422         CLOSE_WAIT
  TCP    nurit:1516             localhost:1425         CLOSE_WAIT
  TCP    nurit:1516             localhost:1427         CLOSE_WAIT
  TCP    nurit:1516             localhost:1431         CLOSE_WAIT
  TCP    nurit:1516             localhost:ms-sql-m     CLOSE_WAIT
  TCP    nurit:1516             localhost:1437         CLOSE_WAIT
  TCP    nurit:1516             localhost:1439         CLOSE_WAIT
  TCP    nurit:1516             localhost:1443         CLOSE_WAIT
  TCP    nurit:1516             localhost:1446         CLOSE_WAIT
  TCP    nurit:1516             localhost:1449         CLOSE_WAIT
  TCP    nurit:1516             localhost:1452         CLOSE_WAIT
  TCP    nurit:1516             localhost:1455         CLOSE_WAIT
  TCP    nurit:1516             localhost:1458         CLOSE_WAIT
  TCP    nurit:1516             localhost:1461         CLOSE_WAIT
  TCP    nurit:1516             localhost:1463         CLOSE_WAIT
  TCP    nurit:1516             localhost:1466         CLOSE_WAIT
  TCP    nurit:1516             localhost:1469         CLOSE_WAIT
  TCP    nurit:1516             localhost:1472         CLOSE_WAIT
  TCP    nurit:1516             localhost:1473         CLOSE_WAIT
  TCP    nurit:1516             localhost:1475         CLOSE_WAIT
  TCP    nurit:1516             localhost:1478         CLOSE_WAIT
  TCP    nurit:1516             localhost:1495         CLOSE_WAIT
  TCP    nurit:1516             localhost:1498         CLOSE_WAIT
  TCP    nurit:1516             localhost:1501         CLOSE_WAIT
  TCP    nurit:1516             localhost:1505         CLOSE_WAIT
  TCP    nurit:1516             localhost:1508         CLOSE_WAIT
  TCP    nurit:1516             localhost:1511         CLOSE_WAIT
  TCP    nurit:1516             localhost:1514         CLOSE_WAIT
  TCP    nurit:1516             localhost:1518         CLOSE_WAIT
  TCP    nurit:1516             localhost:1521         CLOSE_WAIT
  TCP    nurit:1516             localhost:1523         CLOSE_WAIT
  TCP    nurit:1516             localhost:1528         CLOSE_WAIT
  TCP    nurit:1516             localhost:1531         CLOSE_WAIT
  TCP    nurit:1516             localhost:1534         CLOSE_WAIT
  TCP    nurit:1516             localhost:1547         CLOSE_WAIT
  TCP    nurit:1516             localhost:1550         CLOSE_WAIT
  TCP    nurit:1516             localhost:1553         CLOSE_WAIT
  TCP    nurit:1516             localhost:1556         CLOSE_WAIT
  TCP    nurit:1516             localhost:1559         CLOSE_WAIT
  TCP    nurit:1516             localhost:1562         CLOSE_WAIT
  TCP    nurit:1516             localhost:1565         CLOSE_WAIT
  TCP    nurit:1516             localhost:1569         CLOSE_WAIT
  TCP    nurit:1516             localhost:1571         CLOSE_WAIT
  TCP    nurit:1516             localhost:1574         CLOSE_WAIT
  TCP    nurit:1516             localhost:1576         CLOSE_WAIT
  TCP    nurit:1516             localhost:1578         CLOSE_WAIT
  TCP    nurit:1516             localhost:1596         CLOSE_WAIT
  TCP    nurit:1516             localhost:1600         CLOSE_WAIT
  TCP    nurit:1516             localhost:1603         CLOSE_WAIT
  TCP    nurit:1516             localhost:1606         CLOSE_WAIT
  TCP    nurit:1516             localhost:1609         CLOSE_WAIT
  TCP    nurit:1516             localhost:1612         CLOSE_WAIT
  TCP    nurit:1516             localhost:1615         CLOSE_WAIT
  TCP    nurit:1516             localhost:1618         CLOSE_WAIT
  TCP    nurit:1516             localhost:1621         CLOSE_WAIT
  TCP    nurit:1516             localhost:1624         CLOSE_WAIT
  TCP    nurit:1516             localhost:1627         CLOSE_WAIT
  TCP    nurit:1516             localhost:1630         CLOSE_WAIT
  TCP    nurit:1516             localhost:1633         CLOSE_WAIT
  TCP    nurit:1516             localhost:1636         CLOSE_WAIT
  TCP    nurit:1516             localhost:1639         CLOSE_WAIT
  TCP    nurit:1516             localhost:1642         CLOSE_WAIT
  TCP    nurit:1516             localhost:1645         CLOSE_WAIT
  TCP    nurit:1516             localhost:1648         CLOSE_WAIT
  TCP    nurit:1516             localhost:1651         CLOSE_WAIT
  TCP    nurit:1516             localhost:1654         CLOSE_WAIT
  TCP    nurit:1516             localhost:1658         CLOSE_WAIT
  TCP    nurit:1516             localhost:1661         CLOSE_WAIT
  TCP    nurit:1516             localhost:1664         CLOSE_WAIT
  TCP    nurit:1516             localhost:1667         CLOSE_WAIT
  TCP    nurit:1516             localhost:1670         CLOSE_WAIT
  TCP    nurit:1516             localhost:1673         CLOSE_WAIT
  TCP    nurit:1516             localhost:1676         CLOSE_WAIT
  TCP    nurit:1516             localhost:1679         CLOSE_WAIT
  TCP    nurit:1516             localhost:1682         CLOSE_WAIT
  TCP    nurit:1516             localhost:1685         CLOSE_WAIT
  TCP    nurit:1516             localhost:1688         CLOSE_WAIT
  TCP    nurit:1516             localhost:1691         CLOSE_WAIT
  TCP    nurit:1516             localhost:1695         CLOSE_WAIT
  TCP    nurit:1516             localhost:1698         CLOSE_WAIT
  TCP    nurit:1516             localhost:1718         CLOSE_WAIT
  TCP    nurit:1516             localhost:1734         CLOSE_WAIT
  TCP    nurit:1516             localhost:1738         CLOSE_WAIT
  TCP    nurit:1516             localhost:1741         CLOSE_WAIT
  TCP    nurit:1516             localhost:1743         CLOSE_WAIT
  TCP    nurit:1516             localhost:1746         CLOSE_WAIT
  TCP    nurit:1516             localhost:1750         CLOSE_WAIT
  TCP    nurit:1516             localhost:1753         CLOSE_WAIT
  TCP    nurit:1516             localhost:1755         CLOSE_WAIT
  TCP    nurit:1516             localhost:1759         CLOSE_WAIT
  TCP    nurit:1516             localhost:1762         CLOSE_WAIT
  TCP    nurit:1516             localhost:1764         CLOSE_WAIT
  TCP    nurit:1516             localhost:1768         CLOSE_WAIT
  TCP    nurit:1516             localhost:1771         CLOSE_WAIT
  TCP    nurit:1516             localhost:1774         CLOSE_WAIT
  TCP    nurit:1516             localhost:1780         CLOSE_WAIT
  TCP    nurit:1516             localhost:1783         CLOSE_WAIT
  TCP    nurit:1516             localhost:1786         CLOSE_WAIT
  TCP    nurit:1516             localhost:1789         CLOSE_WAIT
  TCP    nurit:1516             localhost:1792         CLOSE_WAIT
  TCP    nurit:1516             localhost:1795         CLOSE_WAIT
  TCP    nurit:1516             localhost:1798         CLOSE_WAIT
  TCP    nurit:1516             localhost:1801         CLOSE_WAIT
  TCP    nurit:1516             localhost:1814         CLOSE_WAIT
  TCP    nurit:1516             localhost:1817         CLOSE_WAIT
  TCP    nurit:1516             localhost:1820         CLOSE_WAIT
  TCP    nurit:1516             localhost:1823         CLOSE_WAIT
  TCP    nurit:1516             localhost:1826         CLOSE_WAIT
  TCP    nurit:1516             localhost:1829         CLOSE_WAIT
  TCP    nurit:1516             localhost:1832         CLOSE_WAIT
  TCP    nurit:1516             localhost:1840         CLOSE_WAIT
  TCP    nurit:1516             localhost:1843         CLOSE_WAIT
  TCP    nurit:1516             localhost:1846         CLOSE_WAIT
  TCP    nurit:1516             localhost:1850         CLOSE_WAIT
  TCP    nurit:1516             localhost:1853         CLOSE_WAIT
  TCP    nurit:1516             localhost:1856         CLOSE_WAIT
  TCP    nurit:1516             localhost:1859         CLOSE_WAIT
  TCP    nurit:1516             localhost:1862         CLOSE_WAIT
  TCP    nurit:1516             localhost:1865         CLOSE_WAIT
  TCP    nurit:1516             localhost:1868         CLOSE_WAIT
  TCP    nurit:1516             localhost:1871         CLOSE_WAIT
  TCP    nurit:1516             localhost:1874         CLOSE_WAIT
  TCP    nurit:1516             localhost:1877         CLOSE_WAIT
  TCP    nurit:1516             localhost:1881         CLOSE_WAIT
  TCP    nurit:1516             localhost:1885         CLOSE_WAIT
  TCP    nurit:1516             localhost:1886         CLOSE_WAIT
  TCP    nurit:1516             localhost:1888         CLOSE_WAIT
  TCP    nurit:1516             localhost:1893         CLOSE_WAIT
  TCP    nurit:1516             localhost:1896         CLOSE_WAIT
  TCP    nurit:1516             localhost:1899         CLOSE_WAIT
  TCP    nurit:1516             localhost:1902         CLOSE_WAIT
  TCP    nurit:1516             localhost:1904         CLOSE_WAIT
  TCP    nurit:1516             localhost:1907         CLOSE_WAIT
  TCP    nurit:1516             localhost:1911         CLOSE_WAIT
  TCP    nurit:1516             localhost:1914         CLOSE_WAIT
  TCP    nurit:1516             localhost:1917         CLOSE_WAIT
  TCP    nurit:1516             localhost:1920         CLOSE_WAIT
  TCP    nurit:1516             localhost:1923         CLOSE_WAIT
  TCP    nurit:1516             localhost:1926         CLOSE_WAIT
  TCP    nurit:1516             localhost:1929         CLOSE_WAIT
  TCP    nurit:1516             localhost:1932         CLOSE_WAIT
  TCP    nurit:1516             localhost:1935         CLOSE_WAIT
  TCP    nurit:1516             localhost:1938         CLOSE_WAIT
  TCP    nurit:1516             localhost:1941         CLOSE_WAIT
  TCP    nurit:1516             localhost:1943         CLOSE_WAIT
  TCP    nurit:1516             localhost:1946         CLOSE_WAIT
  TCP    nurit:1516             localhost:1949         CLOSE_WAIT
  TCP    nurit:1516             localhost:1951         CLOSE_WAIT
  TCP    nurit:1516             localhost:1955         CLOSE_WAIT
  TCP    nurit:1516             localhost:1959         CLOSE_WAIT
  TCP    nurit:1516             localhost:1961         CLOSE_WAIT
  TCP    nurit:1516             localhost:1964         CLOSE_WAIT
  TCP    nurit:1516             localhost:1968         CLOSE_WAIT
  TCP    nurit:1516             localhost:1971         CLOSE_WAIT
  TCP    nurit:1516             localhost:1973         CLOSE_WAIT
  TCP    nurit:1516             localhost:1977         CLOSE_WAIT
  TCP    nurit:1516             localhost:1980         CLOSE_WAIT
  TCP    nurit:1516             localhost:1983         CLOSE_WAIT
  TCP    nurit:1516             localhost:1986         CLOSE_WAIT
  TCP    nurit:1516             localhost:1989         CLOSE_WAIT
  TCP    nurit:1516             localhost:1992         CLOSE_WAIT
  TCP    nurit:1516             localhost:1995         CLOSE_WAIT
  TCP    nurit:1516             localhost:1998         CLOSE_WAIT
  TCP    nurit:1516             localhost:2001         CLOSE_WAIT
  TCP    nurit:1516             localhost:2004         CLOSE_WAIT
  TCP    nurit:1516             localhost:2007         CLOSE_WAIT
  TCP    nurit:1516             localhost:2010         CLOSE_WAIT
  TCP    nurit:1516             localhost:2013         CLOSE_WAIT
  TCP    nurit:1516             localhost:2016         CLOSE_WAIT
  TCP    nurit:1516             localhost:2019         CLOSE_WAIT
  TCP    nurit:1516             localhost:2042         CLOSE_WAIT
  TCP    nurit:1516             localhost:2045         CLOSE_WAIT
  TCP    nurit:1516             localhost:2048         CLOSE_WAIT
  TCP    nurit:1516             localhost:2051         CLOSE_WAIT
  TCP    nurit:1516             localhost:2054         CLOSE_WAIT
  TCP    nurit:1516             localhost:2056         CLOSE_WAIT
  TCP    nurit:1516             localhost:2059         CLOSE_WAIT
  TCP    nurit:1516             localhost:2061         CLOSE_WAIT
  TCP    nurit:1516             localhost:2067         CLOSE_WAIT
  TCP    nurit:1516             localhost:2068         CLOSE_WAIT
  TCP    nurit:1516             localhost:2072         CLOSE_WAIT
  TCP    nurit:1516             localhost:2075         CLOSE_WAIT
  TCP    nurit:1516             localhost:2077         CLOSE_WAIT
  TCP    nurit:1516             localhost:2081         CLOSE_WAIT
  TCP    nurit:1516             localhost:2084         CLOSE_WAIT
  TCP    nurit:1516             localhost:2086         CLOSE_WAIT
  TCP    nurit:1516             localhost:2089         CLOSE_WAIT
  TCP    nurit:1516             localhost:2090         CLOSE_WAIT
  TCP    nurit:1516             localhost:2092         CLOSE_WAIT
  TCP    nurit:1516             localhost:2097         CLOSE_WAIT
  TCP    nurit:1516             localhost:2100         CLOSE_WAIT
  TCP    nurit:1516             localhost:2106         CLOSE_WAIT
  TCP    nurit:1516             localhost:2109         CLOSE_WAIT
  TCP    nurit:1516             localhost:2112         CLOSE_WAIT
  TCP    nurit:1516             localhost:2114         CLOSE_WAIT
  TCP    nurit:1516             localhost:2118         CLOSE_WAIT
  TCP    nurit:1516             localhost:2120         CLOSE_WAIT
  TCP    nurit:1516             localhost:2124         CLOSE_WAIT
  TCP    nurit:1516             localhost:2127         CLOSE_WAIT
  TCP    nurit:1516             localhost:2129         CLOSE_WAIT
  TCP    nurit:1516             localhost:2133         CLOSE_WAIT
  TCP    nurit:1516             localhost:2136         CLOSE_WAIT
  TCP    nurit:1516             localhost:2139         CLOSE_WAIT
  TCP    nurit:1516             localhost:2141         CLOSE_WAIT
  TCP    nurit:1516             localhost:2145         CLOSE_WAIT
  TCP    nurit:1516             localhost:2147         CLOSE_WAIT
  TCP    nurit:1516             localhost:2149         CLOSE_WAIT
  TCP    nurit:1516             localhost:2152         CLOSE_WAIT
  TCP    nurit:1516             localhost:2155         CLOSE_WAIT
  TCP    nurit:1516             localhost:2158         CLOSE_WAIT
  TCP    nurit:1516             localhost:2160         CLOSE_WAIT
  TCP    nurit:1516             localhost:2163         CLOSE_WAIT
  TCP    nurit:1516             localhost:2166         CLOSE_WAIT
  TCP    nurit:1516             localhost:2172         CLOSE_WAIT
  TCP    nurit:1516             localhost:2175         CLOSE_WAIT
  TCP    nurit:1516             localhost:2192         CLOSE_WAIT
  TCP    nurit:1516             localhost:2196         CLOSE_WAIT
  TCP    nurit:1516             localhost:2200         CLOSE_WAIT
  TCP    nurit:1516             localhost:2221         CLOSE_WAIT
  TCP    nurit:1516             localhost:2246         CLOSE_WAIT
  TCP    nurit:1516             localhost:2249         CLOSE_WAIT
  TCP    nurit:1516             localhost:2252         CLOSE_WAIT
  TCP    nurit:1516             localhost:2255         CLOSE_WAIT
  TCP    nurit:1516             localhost:2258         CLOSE_WAIT
  TCP    nurit:1516             localhost:2262         CLOSE_WAIT
  TCP    nurit:1516             localhost:2265         CLOSE_WAIT
  TCP    nurit:1516             localhost:2268         CLOSE_WAIT
  TCP    nurit:1516             localhost:2271         CLOSE_WAIT
  TCP    nurit:1516             localhost:2274         CLOSE_WAIT
  TCP    nurit:1516             localhost:2278         CLOSE_WAIT
  TCP    nurit:1516             localhost:2279         CLOSE_WAIT
  TCP    nurit:1516             localhost:2283         CLOSE_WAIT
  TCP    nurit:1516             localhost:2286         CLOSE_WAIT
  TCP    nurit:1516             localhost:2289         CLOSE_WAIT
  TCP    nurit:1516             localhost:2292         CLOSE_WAIT
  TCP    nurit:1516             localhost:2295         CLOSE_WAIT
  TCP    nurit:1516             localhost:2298         CLOSE_WAIT
  TCP    nurit:1516             localhost:2301         CLOSE_WAIT
  TCP    nurit:1516             localhost:2304         CLOSE_WAIT
  TCP    nurit:1516             localhost:2307         CLOSE_WAIT
  TCP    nurit:1516             localhost:2310         CLOSE_WAIT
  TCP    nurit:1516             localhost:2313         CLOSE_WAIT
  TCP    nurit:1516             localhost:2316         CLOSE_WAIT
  TCP    nurit:1516             localhost:2319         CLOSE_WAIT
  TCP    nurit:1516             localhost:2322         CLOSE_WAIT
  TCP    nurit:1516             localhost:2326         CLOSE_WAIT
  TCP    nurit:1516             localhost:2341         CLOSE_WAIT
  TCP    nurit:1516             localhost:2350         CLOSE_WAIT
  TCP    nurit:1516             localhost:2355         CLOSE_WAIT
  TCP    nurit:1516             localhost:2358         CLOSE_WAIT
  TCP    nurit:1516             localhost:2361         CLOSE_WAIT
  TCP    nurit:1516             localhost:2364         CLOSE_WAIT
  TCP    nurit:1516             localhost:2366         CLOSE_WAIT
  TCP    nurit:1516             localhost:2369         CLOSE_WAIT
  TCP    nurit:1516             localhost:2373         CLOSE_WAIT
  TCP    nurit:1516             localhost:2375         CLOSE_WAIT
  TCP    nurit:1516             localhost:2379         CLOSE_WAIT
  TCP    nurit:1516             localhost:2382         CLOSE_WAIT
  TCP    nurit:1516             localhost:2385         CLOSE_WAIT
  TCP    nurit:1516             localhost:2388         CLOSE_WAIT
  TCP    nurit:1516             localhost:2391         CLOSE_WAIT
  TCP    nurit:1516             localhost:2394         CLOSE_WAIT
  TCP    nurit:1516             localhost:2397         CLOSE_WAIT
  TCP    nurit:1516             localhost:2400         CLOSE_WAIT
  TCP    nurit:1516             localhost:2403         CLOSE_WAIT
  TCP    nurit:1516             localhost:2406         CLOSE_WAIT
  TCP    nurit:1516             localhost:2409         CLOSE_WAIT
  TCP    nurit:1516             localhost:2412         CLOSE_WAIT
  TCP    nurit:1516             localhost:2415         CLOSE_WAIT
  TCP    nurit:1516             localhost:2418         CLOSE_WAIT
  TCP    nurit:1516             localhost:2421         CLOSE_WAIT
  TCP    nurit:1516             localhost:2424         CLOSE_WAIT
  TCP    nurit:1516             localhost:2427         CLOSE_WAIT
  TCP    nurit:1516             localhost:2430         CLOSE_WAIT
  TCP    nurit:1516             localhost:2433         CLOSE_WAIT
  TCP    nurit:1516             localhost:2454         CLOSE_WAIT
  TCP    nurit:1122             a96-17-110-128.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1125             a96-17-111-51.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1128             ip-72-55-140-126.static.privatedns.com:http  CLOSE_WAIT
  TCP    nurit:1131             a96-17-110-128.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1134             a96-17-110-128.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1137             a96-17-110-128.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1140             a96-17-110-128.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1143             a96-17-110-75.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1146             a96-17-110-75.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1149             a96-17-110-75.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1152             a96-17-110-75.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1155             a96-17-107-154.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1163             a96-17-110-9.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1164             a96-17-110-9.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1167             a96-17-110-128.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1170             a96-17-111-32.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1179             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1184             a96-17-110-9.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1187             a96-17-110-75.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1188             a96-17-110-9.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1193             a96-17-107-154.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1194             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1198             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1201             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1207             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1210             bzq-179-58-84.static.bezeqint.net:http  CLOSE_WAIT
  TCP    nurit:1213             62.189.244.254:http    CLOSE_WAIT
  TCP    nurit:1216             a96-17-111-32.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1219             a96-17-111-32.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1223             62.189.244.254:http    CLOSE_WAIT
  TCP    nurit:1226             a96-17-110-128.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1231             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1232             a96-17-110-128.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1235             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1238             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1241             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1246             a96-17-110-128.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1247             a96-17-110-128.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1258             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1266             a96-17-110-128.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1269             a96-17-110-9.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1271             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1274             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1279             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1280             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1288             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1289             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1292             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1295             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1300             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1301             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1304             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1307             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1310             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1315             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1316             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1319             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1322             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1325             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1328             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1331             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1334             as.total-media.net:http  CLOSE_WAIT
  TCP    nurit:1337             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1342             62.189.244.254:http    CLOSE_WAIT
  TCP    nurit:1345             bzq-179-58-84.static.bezeqint.net:http  CLOSE_WAIT
  TCP    nurit:1348             a96-17-111-32.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1351             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1355             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1358             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1361             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1366             12.129.210.71:http     CLOSE_WAIT
  TCP    nurit:1369             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1373             a96-17-108-41.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1376             194.90.221.218:http    CLOSE_WAIT
  TCP    nurit:1383             12.129.210.71:http     CLOSE_WAIT
  TCP    nurit:1388             a96-17-110-163.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1391             a96-17-110-163.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1396             a96-17-110-163.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1397             a96-17-110-163.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1406             a96-17-111-34.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1407             a96-17-111-34.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1410             a96-17-111-34.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1411             a96-17-110-163.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1419             a96-17-108-115.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1420             a96-17-111-9.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1423             a96-17-110-163.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1428             a96-17-110-160.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1429             a96-17-110-160.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1440             a96-17-110-160.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1441             a96-17-110-160.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1444             a96-17-108-115.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:1447             194.90.221.219:http    CLOSE_WAIT
  TCP    nurit:1450             194.90.221.219:http    CLOSE_WAIT
  TCP    nurit:1453             194.90.221.219:http    CLOSE_WAIT
  TCP    nurit:1456             194.90.221.219:http    CLOSE_WAIT
  TCP    nurit:1459             bzq-179-58-84.static.bezeqint.net:http  CLOSE_WAIT
  TCP    nurit:1464             62.189.244.254:http    CLOSE_WAIT
  TCP    nurit:1467             bzq-179-139-156.static.bezeqint.net:http  CLOSE_WAIT
  TCP    nurit:1470             bzq-179-139-156.static.bezeqint.net:http  CLOSE_WAIT
  TCP    nurit:1496             cf-in-f147.google.com:http  CLOSE_WAIT
  TCP    nurit:1499             cf-in-f147.google.com:http  CLOSE_WAIT
  TCP    nurit:1502             126.114.233.72.static.reverse.ltdomains.com:http  CLOSE_WAIT
  TCP    nurit:1506             cf-in-f147.google.com:http  CLOSE_WAIT
  TCP    nurit:1509             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:wins             83.238.36.72.static.reverse.ltdomains.com:http  CLOSE_WAIT
  TCP    nurit:1515             77.91.229.143:http     CLOSE_WAIT
  TCP    nurit:1519             78.26.179.233:http     CLOSE_WAIT
  TCP    nurit:ingreslock       78.26.179.233:http     CLOSE_WAIT
  TCP    nurit:1525             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1529             83.238.36.72.static.reverse.ltdomains.com:http  CLOSE_WAIT
  TCP    nurit:1532             77.91.229.143:http     CLOSE_WAIT
  TCP    nurit:1535             NET-allocation-00026135.ix.sitestream.net:http  CLOSE_WAIT
  TCP    nurit:1548             78.26.179.244:http     ESTABLISHED
  TCP    nurit:1551             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1554             78.26.179.244:http     ESTABLISHED
  TCP    nurit:1557             78.26.179.244:http     ESTABLISHED
  TCP    nurit:1560             78.26.179.244:http     ESTABLISHED
  TCP    nurit:1563             78.26.179.244:http     ESTABLISHED
  TCP    nurit:1566             78.26.179.244:http     ESTABLISHED
  TCP    nurit:1579             78.26.179.244:http     ESTABLISHED
  TCP    nurit:1597             78.26.179.244:http     ESTABLISHED
  TCP    nurit:1601             Hosting-IGLD-106-245.inter.net.il:http  CLOSE_WAIT
  TCP    nurit:1604             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1607             Hosting-IGLD-106-245.inter.net.il:http  CLOSE_WAIT
  TCP    nurit:1610             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1613             Hosting-IGLD-106-245.inter.net.il:http  CLOSE_WAIT
  TCP    nurit:1616             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1619             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1622             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1625             c18-ad-xw-lb.cnet.com:http  CLOSE_WAIT
  TCP    nurit:1628             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1631             mh-in-f165.google.com:http  CLOSE_WAIT
  TCP    nurit:1635             205.234.175.175:http   CLOSE_WAIT
  TCP    nurit:1637             205.234.175.175:http   CLOSE_WAIT
  TCP    nurit:1643             a96-17-110-50.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1646             cg-in-f165.google.com:http  CLOSE_WAIT
  TCP    nurit:1649             mail.inklineglobal.com:http  CLOSE_WAIT
  TCP    nurit:1652             cf-in-f127.google.com:http  CLOSE_WAIT
  TCP    nurit:1655             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1659             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1665             cg-in-f155.google.com:http  CLOSE_WAIT
  TCP    nurit:1668             mh-in-f165.google.com:http  CLOSE_WAIT
  TCP    nurit:1671             h-64-236-144-228.unassigned.aoltw.net:http  CLOSE_WAIT
  TCP    nurit:1677             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1680             205.234.175.175:http   ESTABLISHED
  TCP    nurit:1683             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1686             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1692             h-64-236-144-228.unassigned.aoltw.net:http  CLOSE_WAIT
  TCP    nurit:1696             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1699             205.234.175.175:http   CLOSE_WAIT
  TCP    nurit:1719             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1739             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1744             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1747             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1748             c18-ad-xw-lb.cnet.com:http  CLOSE_WAIT
  TCP    nurit:1751             mh-in-f165.google.com:http  CLOSE_WAIT
  TCP    nurit:1756             205.234.175.175:http   CLOSE_WAIT
  TCP    nurit:1757             205.234.175.175:http   CLOSE_WAIT
  TCP    nurit:1760             h-64-236-144-228.unassigned.aoltw.net:http  CLOSE_WAIT
  TCP    nurit:1765             cg-in-f165.google.com:http  CLOSE_WAIT
  TCP    nurit:1766             a96-17-110-50.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1769             cf-in-f127.google.com:http  CLOSE_WAIT
  TCP    nurit:1772             titan.********.com:http  CLOSE_WAIT
  TCP    nurit:1775             205.234.175.175:http   CLOSE_WAIT
  TCP    nurit:1781             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1784             83.238.36.72.static.reverse.ltdomains.com:http  CLOSE_WAIT
  TCP    nurit:1787             77.91.229.143:http     CLOSE_WAIT
  TCP    nurit:1790             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1793             77.91.229.143:http     CLOSE_WAIT
  TCP    nurit:1796             Hosting-IGLD-106-245.inter.net.il:http  CLOSE_WAIT
  TCP    nurit:1799             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1802             Hosting-IGLD-106-245.inter.net.il:http  CLOSE_WAIT
  TCP    nurit:1815             Hosting-IGLD-106-245.inter.net.il:http  CLOSE_WAIT
  TCP    nurit:1818             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1821             cf-in-f147.google.com:http  CLOSE_WAIT
  TCP    nurit:1824             Hosting-IGLD-106-245.inter.net.il:http  CLOSE_WAIT
  TCP    nurit:1827             Hosting-IGLD-106-245.inter.net.il:http  CLOSE_WAIT
  TCP    nurit:1830             cf-in-f147.google.com:http  CLOSE_WAIT
  TCP    nurit:1833             126.114.233.72.static.reverse.ltdomains.com:http  CLOSE_WAIT
  TCP    nurit:1841             cf-in-f147.google.com:http  CLOSE_WAIT
  TCP    nurit:1844             cf-in-f147.google.com:http  CLOSE_WAIT
  TCP    nurit:1847             126.114.233.72.static.reverse.ltdomains.com:http  CLOSE_WAIT
  TCP    nurit:1851             cf-in-f147.google.com:http  CLOSE_WAIT
  TCP    nurit:1854             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1857             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1860             geotrust-trustwatch.verisign.net:http  CLOSE_WAIT
  TCP    nurit:1863             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1866             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1869             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1872             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1875             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1878             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1882             nat1270.national-net.com:http  CLOSE_WAIT
  TCP    nurit:1889             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1890             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1891             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1894             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1897             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1900             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1905             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1908             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1909             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1912             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1915             ad1.vip.rm.sk1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1918             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1921             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1924             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1927             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1933             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1936             ad1.vip.rm.sk1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1939             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1944             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1947             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:1952             annymegaadvip1.doubleclick.net:http  CLOSE_WAIT
  TCP    nurit:1953             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1956             207.46.148.34:http     CLOSE_WAIT
  TCP    nurit:1957             a96-17-108-43.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1962             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1965             a96-17-108-11.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1966             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1969             a96-17-110-18.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:1974             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1975             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1978             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1981             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1984             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1987             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1990             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1993             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1996             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:1999             ad1.p1.vip.rm.sp1.yahoo.com:http  CLOSE_WAIT
  TCP    nurit:2002             cf-in-f127.google.com:http  CLOSE_WAIT
  TCP    nurit:2005             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:2008             ad.la.mediaplex.com:http  CLOSE_WAIT
  TCP    nurit:2011             rd.apmebf.com:http     CLOSE_WAIT
  TCP    nurit:2014             ad.la.mediaplex.com:http  CLOSE_WAIT
  TCP    nurit:2017             a96-17-109-91.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2020             fxpweb2.spd.co.il:http  CLOSE_WAIT
  TCP    nurit:2043             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2046             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2049             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2052             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2062             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2063             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2064             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2069             a96-17-108-41.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2070             a96-17-108-41.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2073             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2078             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2079             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2082             a96-17-109-115.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2093             a96-17-108-41.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2094             a96-17-109-115.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2101             a96-17-107-112.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2102             a96-17-108-41.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2103             194.90.221.220:http    CLOSE_WAIT
  TCP    nurit:2107             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2110             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2115             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2116             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2121             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2122             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2125             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2130             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2131             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2134             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2137             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2150             62.189.244.254:http    CLOSE_WAIT
  TCP    nurit:2153             62.189.244.254:http    CLOSE_WAIT
  TCP    nurit:2161             194.90.221.220:http    CLOSE_WAIT
  TCP    nurit:2168             bzq-179-58-84.static.bezeqint.net:http  CLOSE_WAIT
  TCP    nurit:2173             a96-17-111-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2176             a96-17-111-32.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2193             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2197             ip-72-55-140-126.static.privatedns.com:http  CLOSE_WAIT
  TCP    nurit:2201             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2222             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2247             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2250             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2253             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2256             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2259             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2263             194.90.221.220:http    CLOSE_WAIT
  TCP    nurit:2266             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2269             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2272             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2275             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2280             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2281             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2284             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2287             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2290             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2293             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2296             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2299             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2314             62.189.244.254:http    CLOSE_WAIT
  TCP    nurit:2323             a96-17-111-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2327             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2342             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2351             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2356             a96-17-108-34.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:2359             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2362             a96-17-108-34.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2367             a96-17-108-34.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:2371             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2376             a96-17-109-115.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:2377             a96-17-108-34.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:2380             194.90.221.220:http    CLOSE_WAIT
  TCP    nurit:2386             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2389             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2392             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2395             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2398             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2401             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2404             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2407             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2410             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2413             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2416             194.90.221.217:http    CLOSE_WAIT
  TCP    nurit:2425             62.189.244.254:http    CLOSE_WAIT
  TCP    nurit:2428             62.189.244.254:http    CLOSE_WAIT
  TCP    nurit:2434             a96-17-111-34.deploy.akamaitechnologies.com:http  ESTABLISHED
  TCP    nurit:2455             a96-17-109-88.deploy.akamaitechnologies.com:http  CLOSE_WAIT
  TCP    nurit:2467             28-ww2.hoster.com:http  LAST_ACK
  TCP    nurit:2468             28-ww2.hoster.com:http  LAST_ACK
  TCP    nurit:2469             28-ww2.hoster.com:http  CLOSE_WAIT

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iesvcmon] "C:\WINDOWS\system32\iesvcmon.exe"
O4 - HKLM\..\Run: [G4G] C:\WINDOWS\f4f.exe
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetModule29] C:\Program Files\GetModule\GetModule29.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe

And optionally ( but I recommend it ) fix the below
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Do not change any check box options!!
Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

Now click the Execute button.
Click Yes to the prompt to confirm you want to execute.
Click Yes to the Reboot now? question that will appear when Avenger finishes running.
Your PC should reboot, if not, reboot it yourself.
A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\‰\Local Settings\Temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

C:\avenger.txt
C:\MGlogs.zip

Make sure you tell me how things are working now!

nivdr · Nov 28, 2008

Hello
There has been some improvement. I don't get the "internet speed monitor" window anymore but I still cannot use the engine search results. It is still redirected to go.google.com...
I also cannot access all site that post software and help against malaware including majorgeeks.
The files you see that are not deleted by avenger were deleted in fact.
I beleive the malware came with another file not adobe photoshop because I did not intall it. I don't know if it makes any differecne. Anyway it was deleted.
Thank again

nivdr · Nov 29, 2008

Important Update.
I've found a solution to my problem involving a block of antimalware. It comes from this link:
http://www.troublefixers.com/remove...ecom-redirect-virus-removal-tool-for-windows/
This is what they wrote
"Last Method to Remove Go.google.com virus

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.

Then search for “TDSSserv.sys”

Right click on it, and select “Disable”

Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.

Restart your pc.

You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.

Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world

In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update

Thanks Bomp for this useful comment"

I was now able to run spy-bot, mal-ware,combofix and MGtools
These are my last logs
It seems I close to a solution altough can not be truely sure it is gone
Please let me know if you find anything else I should do.
I hope this helps someone in the future

chaslang · Nov 29, 2008

nivdr said: ↑

Important Update.
I've found a solution to my problem involving a block of antimalware. It comes from this link:
Click to expand...

Actually the correct fix was to run our cleaning procedure from beginning to end and in the order specified. You will see that ComboFix and Malwarebytes actually removed many more aspects of the infection which is why they are in the READ & RUN ME. And they have successfully been removing most components of the TDSSserv.sys rootkit infection for months. Sometimes it just requires that installer programs or the installed program file names be changed so that they will run. Or it may also require executing some programs in safe boot mode or with the internet cable disconnected. You actually had multiple infections not just the TDSSserv.sys one which was complicating things.

At anyrate, after running these last scans, your logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /u

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Delete the C:\combofix folder from combofix (if it exists)

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Log in or Sign up

A problem running spybot

nivdr Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

nivdr Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

nivdr Private E-2

Attached Files:

SUPERAntiSpyware_Scan_Log_-_11-23-2008_-_00-09-36.log

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

nivdr Private E-2

Attached Files:

avenger.txt

MGlogs.zip

nivdr Private E-2

Attached Files:

ComboFix.txt

mbam-log-2008-11-28_(22-30-23).txt

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member