Bot net issue please help..

Discussion in 'Malware Help (A Specialist Will Reply)' started by Vhero, Apr 8, 2010.

  1. Vhero

    Vhero Private E-2

    Hello I am being attacked by a botnet I know I am as I get my IP blocked so I installed TCPview and got this result


    Code:
    [System Process]:0    TCP    midgar.cable.virginmedia.net:5002    midgar.cable.virginmedia.net:54793    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3553    161.149.240.178:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3555    216.31.209.17:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3566    m1pismtp01-v01.prod.mesa1.secureserver.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3445    213.249.139.34:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3447    213.249.139.34:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3548    203.106.249.224:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3570    p3pismtp01-v01.prod.phx3.secureserver.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3580    194.98.12.54:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3588    192.35.79.65:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3589    192.35.79.65:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3606    192.31.19.57:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3611    ib1.charter.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3612    ib1.charter.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3613    ib1.charter.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3619    216.146.48.5:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3620    216.146.48.5:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3621    216.146.48.5:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3622    216.146.48.5:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3616    203.252.3.229:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3630    12.181.197.8:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3631    12.181.197.8:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3632    12.181.197.8:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3633    12.181.197.8:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3636    130.127.235.228:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3638    93.17.128.7:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3642    196.40.1.245:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3594    wy-in-f27.1e100.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3652    67.134.221.22:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3660    62.12.22.227:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3640    201.116.60.20:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3678    85.158.139.35:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3646    203.188.238.11:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3717    mx01.windstream.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3720    139.72.159.246:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3724    mail.detroitlions.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3736    204.89.74.141:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3741    193.252.22.185:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3745    65.165.196.20:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3775    84.92.2.97:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3774    63.160.16.199:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3791    lbb.spamh.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3801    194.73.226.91:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3835    67.105.56.74:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3836    213.225.160.159:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3838    202.7.15.86:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3850    196.33.226.7:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3377    207.126.154.10:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3855    76.162.254.116:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3400    s8a1.psmtp.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3401    s8a1.psmtp.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3829    151.190.252.21:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3903    142.139.25.210:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3915    mta-v1.biz.mail.vip.mud.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3898    142.139.25.210:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3899    142.139.25.210:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3924    222.231.35.24:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:sdp-portmapper    mxlb.ispgateway.de:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3937    74.203.250.4:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3947    cluster-j.mailcontrol.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3976    217.79.214.164:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3672    s6b2.psmtp.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3964    65.223.23.132:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3960    208.236.67.234:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3985    202.158.15.115:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4004    206.205.113.166:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4005    smtpserver.switzerland.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4006    smtpserver.switzerland.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4007    smtpserver.switzerland.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4008    smtpserver.switzerland.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4009    smtpserver.switzerland.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4021    199.253.102.51:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4024    67.134.221.22:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4025    server56.appriver.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4029    server110.appriver.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4023    207.114.165.3:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3790    219.64.39.36:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4061    208.83.136.71:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4065    antespam.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4098    205.204.234.89:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4106    63.193.71.16:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4111    119.205.212.219:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4128    63.87.140.21:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4134    63.87.140.21:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4135    63.87.140.21:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4136    63.87.140.21:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3375    mx02.mx-server.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3848    s8b1.psmtp.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4143    196.15.216.3:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3892    209.85.221.35:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4097    76.9.118.168:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4196    62.110.66.211:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4200    205.152.72.21:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4206    smtp.mchsi.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4207    ms3.metlife.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4212    use2.mailhostsxode.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3977    mail-ew0-f4.google.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3982    s5a2.psmtp.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4246    128.23.34.115:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4266    202.131.27.117:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4267    4.59.182.109:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4268    4.59.182.109:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4269    4.59.182.109:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4272    4.59.182.109:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4287    68.232.129.38:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4295    193.252.22.185:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4299    smtpin.ntlworld.virginmedia.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4300    smtpin.ntlworld.virginmedia.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4301    smtpin.ntlworld.virginmedia.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4303    smtpin.ntlworld.virginmedia.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4265    202.131.27.117:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4316    139.78.133.15:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4318    139.78.133.15:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4319    139.78.133.15:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4320    139.78.133.15:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4131    s7a2.psmtp.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4347    wy-in-f27.1e100.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4353    64.168.228.241:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4371    170.225.254.25:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4360    192.197.82.120:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4362    192.197.82.120:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4390    169.151.6.11:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4391    169.151.6.11:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4397    mta-v1.biz.mail.vip.mud.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4401    s5a1.psmtp.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4407    p3pismtp01-v01.prod.phx3.secureserver.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4409    204.254.175.103:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4414    199.212.150.16:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4412    192.5.14.160:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4426    206.190.37.7:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4427    12.184.188.148:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4428    206.190.37.7:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:4436    213.8.192.78:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61388    buffalo.setup:domain    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61389    85.158.136.115:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61395    205.210.223.45:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61396    155.188.168.16:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61406    84.92.2.97:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61407    84.92.2.97:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61408    84.92.2.97:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61409    84.92.2.97:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61410    idcmail-mx1no.cg.shawcable.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61411    159.178.60.249:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61418    80.238.9.246:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61420    70.143.27.114:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61421    70.143.27.114:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61422    70.143.27.114:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61423    70.143.27.114:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61460    193.109.255.147:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61462    207.173.160.49:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61470    208.83.243.182:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61471    208.83.243.182:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61472    208.83.243.182:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61474    208.83.243.182:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61479    195.214.166.169:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:3881    mx6.netlink.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61492    mx1.uk.tiscali.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61494    mx1.uk.tiscali.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61495    mx1.uk.tiscali.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61496    mx1.uk.tiscali.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61512    151.193.220.18:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61513    151.193.220.18:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61514    200.98.199.3:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61515    200.98.199.3:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61516    200.98.199.3:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61532    144.30.6.146:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61536    128.175.1.2:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61537    128.175.1.2:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61523    164.58.189.21:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61567    mx.usc.edu:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61569    mx.usc.edu:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61571    199.128.3.41:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61572    199.128.3.41:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61576    129.123.1.27:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61577    193.40.5.234:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61585    mail-ew0-f4.google.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61574    35.8.53.4:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61588    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61591    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61592    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61593    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61594    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61595    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61596    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61597    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61598    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61599    relay.verizon.net:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61601    195.76.6.225:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61604    193.239.211.211:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61609    203.47.192.197:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61611    80.12.242.9:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61613    216.91.135.134:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:icslap    buffalo.setup:3513    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:5002    midgar.cable.virginmedia.net:61673    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61643    203.216.243.170:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61645    mta-v2.mail.vip.ukl.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61646    mta-v2.mail.vip.ukl.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61647    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61648    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61649    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61650    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61652    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61653    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61656    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61657    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61659    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61662    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61663    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61665    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61666    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61667    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61668    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61669    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61670    mta-v2.mail.vip.ac4.yahoo.com:smtp    TIME_WAIT    
[System Process]:0    TCP    midgar.cable.virginmedia.net:61677    buffalo.setup:49152    TIME_WAIT    
AppleMobileDeviceService.exe:2020    TCP    Midgar:27015    localhost:1029    ESTABLISHED    
AppleMobileDeviceService.exe:2020    TCP    Midgar:27015    Midgar:0    LISTENING    
avgemc.exe:2920    TCP    Midgar:10110    Midgar:0    LISTENING    
DkService.exe:4476    TCP    Midgar:31038    Midgar:0    LISTENING    
DkService.exe:4476    TCPV6    midgar:31038    midgar:0    LISTENING    
firefox.exe:9668    TCP    Midgar:4293    localhost:4294    ESTABLISHED    
firefox.exe:9668    TCP    Midgar:4294    localhost:4293    ESTABLISHED    
firefox.exe:9668    TCP    Midgar:4341    localhost:4342    ESTABLISHED    
firefox.exe:9668    TCP    Midgar:4342    localhost:4341    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:4346    66.102.9.99:http    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:4348    lm-in-f106.1e100.net:http    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:61434    209.85.229.101:http    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:61446    zobacz.colocated.redunix.net:http    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:61448    209.85.227.138:http    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:61469    209.123.109.175:http    CLOSE_WAIT    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:61529    81.176.69.85:http    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:61539    81.176.69.85:http    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:61540    81.176.69.85:http    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:61541    81.176.69.85:http    ESTABLISHED    
firefox.exe:9668    TCP    midgar.cable.virginmedia.net:61542    81.176.69.85:http    ESTABLISHED    
iTunesHelper.exe:2024    TCP    Midgar:1029    localhost:27015    ESTABLISHED    
javaw.exe:7948    TCP    midgar.cable.virginmedia.net:19461    ez-in-f82.1e100.net:http    CLOSE_WAIT    
javaw.exe:7948    UDP    Midgar:ssdp    *:*        
lsass.exe:544    TCP    Midgar:1027    Midgar:0    LISTENING    
lsass.exe:544    TCPV6    midgar:1027    midgar:0    LISTENING    
mDNSResponder.exe:2068    TCP    Midgar:5354    Midgar:0    LISTENING    
mDNSResponder.exe:2068    UDP    midgar.cable.virginmedia.net:5353    *:*        
mDNSResponder.exe:2068    UDP    Midgar:57505    *:*        
mDNSResponder.exe:2068    UDPV6    [0:0:0:0:0:0:0:1]:5353    *:*        
mDNSResponder.exe:2068    UDPV6    midgar:57506    *:*        
openvpnas.exe:2212    TCP    Midgar:895    Midgar:0    LISTENING    
openvpnas.exe:2212    TCP    Midgar:895    localhost:1092    ESTABLISHED    
openvpntray.exe:5408    TCP    Midgar:1092    localhost:895    ESTABLISHED    
PnkBstrA.exe:2444    UDP    Midgar:44301    *:*        
PnkBstrB.exe:2540    UDP    Midgar:45301    *:*        
services.exe:532    TCP    Midgar:1030    Midgar:0    LISTENING    
services.exe:532    TCP    midgar.cable.virginmedia.net:49198    rr.esams.wikimedia.org:http    CLOSE_WAIT    
services.exe:532    TCPV6    midgar:1030    midgar:0    LISTENING    
services.exe:532    TCP    midgar.cable.virginmedia.net:3883    mx6.netlink.com:smtp    FIN_WAIT2    
services.exe:532    TCP    midgar.cable.virginmedia.net:3890    209.85.221.35:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:3891    209.85.221.35:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:3893    209.85.221.35:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:3894    209.85.221.35:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:4178    209.85.221.35:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:4276    194.82.58.39:smtp    FIN_WAIT2    
services.exe:532    TCP    midgar.cable.virginmedia.net:4307    156.63.54.129:smtp    FIN_WAIT2    
services.exe:532    TCP    midgar.cable.virginmedia.net:4325    extmail.optusnet.com.au:smtp    FIN_WAIT1    
services.exe:532    TCP    midgar.cable.virginmedia.net:4331    publicms1.mail2world.com:smtp    FIN_WAIT1    
services.exe:532    TCP    midgar.cable.virginmedia.net:4332    publicms1.mail2world.com:smtp    FIN_WAIT1    
services.exe:532    TCP    midgar.cable.virginmedia.net:4389    publicms1.mail2world.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:4415    publicms1.mail2world.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61393    s6a1.psmtp.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61398    p2.nsm.ctmail.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61419    69.30.71.244:smtp    CLOSING    
services.exe:532    TCP    midgar.cable.virginmedia.net:61443    205.242.229.77:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61445    205.242.229.77:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61447    205.242.229.77:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61453    mu-in-f27.1e100.net:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61458    s200a2.psmtp.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61466    216.163.188.57:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61467    eforwardct.name-services.com:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61475    mail-pz0-f8.google.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61482    81.93.76.9:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61489    vip-us-br-mx.terra.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61493    66.93.166.150:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61502    fk-in-f114.1e100.net:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61521    204.11.111.50:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61522    204.11.111.50:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61526    38.112.130.3:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61530    200.1.109.122:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61549    156.63.54.129:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61553    130.219.35.107:smtp    CLOSING    
services.exe:532    TCP    midgar.cable.virginmedia.net:61559    32.97.182.142:smtp    FIN_WAIT1    
services.exe:532    TCP    midgar.cable.virginmedia.net:61563    publicms1.mail2world.com:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61568    publicms1.mail2world.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61570    publicms1.mail2world.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61573    216.34.181.68:smtp    CLOSING    
services.exe:532    TCP    midgar.cable.virginmedia.net:61579    137.28.1.180:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61590    s9b2.psmtp.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61600    207.141.187.20:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61605    209.175.16.22:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61614    209.240.204.26:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61615    209.240.204.26:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61617    122.99.88.2:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61624    194.109.24.139:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61625    194.109.24.139:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61626    194.109.24.139:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61628    203.120.68.52:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61629    203.91.208.3:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61630    64.12.90.65:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61631    207.32.22.59:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61633    68.16.29.18:smtp    LAST_ACK    
services.exe:532    TCP    midgar.cable.virginmedia.net:61634    s6a1.psmtp.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61635    s6a1.psmtp.com:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61636    207.115.36.146:smtp    ESTABLISHED    
services.exe:532    TCP    midgar.cable.virginmedia.net:61637    72.34.54.48:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61638    216.11.243.118:smtp    SYN_SENT    
services.exe:532    TCP    midgar.cable.virginmedia.net:61639    216.11.243.118:smtp    SYN_SENT    
sidebar.exe:2236    UDP    Midgar:52395    *:*        
svchost.exe:1032    TCP    Midgar:epmap    Midgar:0    LISTENING    
svchost.exe:1032    TCPV6    midgar:135    midgar:0    LISTENING    
svchost.exe:1092    TCP    Midgar:1026    Midgar:0    LISTENING    
svchost.exe:1092    TCPV6    midgar:1026    midgar:0    LISTENING    
svchost.exe:1092    UDPV6    [fe80:0:0:0:486b:e59b:9821:12ac]:546    *:*        
svchost.exe:1092    UDPV6    [fe80:0:0:0:486b:e59b:9821:12ac]:546    *:*        
svchost.exe:1204    TCP    Midgar:1028    Midgar:0    LISTENING    
svchost.exe:1204    UDP    Midgar:isakmp    *:*        
svchost.exe:1204    UDP    Midgar:ipsec-msft    *:*        
svchost.exe:1204    TCPV6    midgar:1028    midgar:0    LISTENING    
svchost.exe:1204    UDPV6    midgar:500    *:*        
svchost.exe:1204    UDPV6    midgar:4500    *:*        
svchost.exe:1388    UDP    Midgar:ws-discovery    *:*        
svchost.exe:1388    UDP    Midgar:ws-discovery    *:*        
svchost.exe:1388    UDP    Midgar:62725    *:*        
svchost.exe:1388    UDPV6    midgar:3702    *:*        
svchost.exe:1388    UDPV6    midgar:3702    *:*        
svchost.exe:1388    UDPV6    midgar:62726    *:*        
svchost.exe:1388    TCPV6    [0:0:0:0:0:0:0:1]:61680    [0:0:0:0:0:0:0:1]:0    ESTABLISHED    
svchost.exe:1512    UDP    Midgar:llmnr    *:*        
svchost.exe:1512    UDPV6    midgar:5355    *:*        
svchost.exe:2116    UDP    Midgar:ssdp    *:*        
svchost.exe:2116    UDP    midgar.cable.virginmedia.net:ssdp    *:*        
svchost.exe:2116    UDP    Midgar:ws-discovery    *:*        
svchost.exe:2116    UDP    Midgar:ws-discovery    *:*        
svchost.exe:2116    UDP    Midgar:57507    *:*        
svchost.exe:2116    UDP    midgar.cable.virginmedia.net:63183    *:*        
svchost.exe:2116    UDP    Midgar:63184    *:*        
svchost.exe:2116    UDPV6    [0:0:0:0:0:0:0:1]:1900    *:*        
svchost.exe:2116    UDPV6    [fe80:0:0:0:486b:e59b:9821:12ac]:1900    *:*        
svchost.exe:2116    UDPV6    midgar:3702    *:*        
svchost.exe:2116    UDPV6    midgar:3702    *:*        
svchost.exe:2116    UDPV6    midgar:57508    *:*        
svchost.exe:2116    UDPV6    [fe80:0:0:0:486b:e59b:9821:12ac]:63284    *:*        
svchost.exe:2116    UDPV6    [0:0:0:0:0:0:0:1]:63285    *:*        
SYSTEM:4    TCP    midgar.cable.virginmedia.net:netbios-ssn    Midgar:0    LISTENING    
SYSTEM:4    TCP    midgar.cable.virginmedia.net:microsoft-ds    192.168.11.4:1028    ESTABLISHED    
SYSTEM:4    TCP    Midgar:microsoft-ds    Midgar:0    LISTENING    
SYSTEM:4    TCP    Midgar:icslap    Midgar:0    LISTENING    
SYSTEM:4    TCP    Midgar:wsd    Midgar:0    LISTENING    
SYSTEM:4    UDP    midgar.cable.virginmedia.net:netbios-ns    *:*        
SYSTEM:4    UDP    midgar.cable.virginmedia.net:netbios-dgm    *:*        
SYSTEM:4    TCPV6    midgar:445    midgar:0    LISTENING    
SYSTEM:4    TCPV6    midgar:2869    midgar:0    LISTENING    
SYSTEM:4    TCPV6    midgar:5357    midgar:0    LISTENING    
SYSTEM:4    TCP    midgar.cable.virginmedia.net:61675    cosmos:netbios-ssn    ESTABLISHED    
SYSTEM:4    TCPV6    [0:0:0:0:0:0:0:1]:5357    [0:0:0:0:0:0:0:1]:0    ESTABLISHED    
wininit.exe:424    TCP    Midgar:1025    Midgar:0    LISTENING    
wininit.exe:424    TCPV6    midgar:1025    midgar:0    LISTENING
    Sorry about the long result. I tried spybot S&D, AVG, Housecall and adaware and none could find the problem its really starting to annoy me. please can somebody help. I also ran the miscrosoft scanner/cleaner and that found nothing..

    My hijack log is here

    Edit by chaslang: Inline and Incomplete HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.


    my svchost in task manager is open like 20 times if thats any help..
     
    Last edited by a moderator: Apr 9, 2010
    Vhero, Apr 8, 2010
    #1
  2. Vhero

    Vhero Private E-2

    not bumping here but avast(trying everything) found this file to be threatening grglahfb.sys in system32/drivers and claims to have blocked it but I still have the problems. I cannot remove that file whatever I try (even in safe mode). Also superantispyware found nothing.
     
    Vhero, Apr 9, 2010
    #2
  3. Vhero

    Vhero Private E-2

    update: using killbox i tried to replace but didnt work
     
    Last edited: Apr 9, 2010
    Vhero, Apr 9, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Every post bumps you. Intentional or not. See: Don't Bump! It Only Hurts You!!!


    Please read ALL of this message including the notes before doing anything.

    Please follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide


    and attach the requested logs when you finish these instructions.
    • **** If something does not run, write down the info to explain to us later but keep on going. ****
    • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
    4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    chaslang, Apr 9, 2010
    #4
  5. Vhero

    Vhero Private E-2

    Cannot run bootrepeal errorcode = 0x0 even after dragging slider to full disk access. Hope you can help me. Also wouldn't bump as much if you allowed edit after a certain amount of time. Also even though malwarebytes anti malware claimed to have removed it grglahfb.sys in system32/drivers is still there. I think this is the problem..
     

    Attached Files:

    Vhero, Apr 10, 2010
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Standard forum policy only allows you to edit for 5 minutes. This was put in place for legal as well as other reasons. Some people were known to come back days or weeks later editing out things out of there threads to make it look like they did not say certain things. While 5 minutes seems a little short anything too much longer could be too late since someone could already be in the act of responding to your thread. We just suggest that people proof read before they post ;) Since after the 5 minute timer, a new post is required. Note that the effect bumping your own thread after 30 minutes to an hour is not really a problem since the net cost is only about 30 minutes to an hour more delay. It is when people bump their thread with useless info (like "Any ideas" or simply "Anyone" ) after a day or more that it is an issue for the user doing the bumping. The net effect could be a couple days more delay. And if they do the same thing again, it becomes another couple days.

    We don't say "Don't Bump" because it hurts us! It hurts the person doing the bumping.;)

    You did not run Step 6 of the READ & RUN ME to disable your Disk Emulation Software as required. You need to do this now. Then you need to put ComboFix.exe directly on your Desktop as was requested. You put it in a folder that is on your Desktop. Some of our instructions will not work if you don't follow the steps as we request. Delete the below:

    c:\users\Mark\Desktop\fix pc\ComboFix.exe

    And then download the current version of ComboFix and save it as below:

    c:\users\Mark\Desktop\ComboFix.exe


    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 11, 2010
    #6
  7. Vhero

    Vhero Private E-2

    TCP view is no longer going bananas and the file has vanished thankyou very much I will remove myself from spamhaus project and hopefully wont get readded now. Though avastsvc is still sending out a lot of strange connections.
     

    Attached Files:

    Last edited: Apr 12, 2010
    Vhero, Apr 12, 2010
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs appear to be clean, but I suggest that you delete the below which should not be in your system32 folder:
    Code:
    2010-03-08 15:37 . 2010-03-08 15:37 2407792 ----a-w- c:\windows\system32\pbsvc_heroes.exe
    Are you currently having any malware problems?
     
    chaslang, Apr 13, 2010
    #8
  9. Vhero

    Vhero Private E-2

    No and spamhaus project has not re-added me since so I think its finally gone thankyou again for the help I really appreciate it. I have removed the file you quoted. That file was from Battlefield heroes but not sure if it should have been there so I have removed plus I no longer play anyways so no problems :).

    You have been so helpful and I cant say thankyou enough I was 1 day off a re-install before you finally posted. I have removed all software now and installed Virgins own branded anti-virus-/anti-malware software which I believe is based on Kaspersky. Hopefully that will stop it happeneing again in the future. I guess AVG paid wasn't enough.. Will never recommend that software again.

    I got the full edition of this http://www.virginmedia.com/myvirginmedia/security/find-out-more/ free with my 50meg.. Removed everything else so they don't clash.
     
    Vhero, Apr 14, 2010
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.
    Okay but let me give you our final instructions anyway since this is really how the cleanup should have been perform.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Apr 15, 2010
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds