Malware Problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by elio_camacho, Apr 1, 2009.

  1. elio_camacho

    elio_camacho Private E-2

    I have a major problem.

    It started by not allowing any outgoing mail via Outlook.

    When I tried to run antimalware software it wouldn't allow it. I was able to get things to run by changing the names.

    Now I can't even log onto the internet. I tried the Search and Destroy winsock repair but no luck.

    Every other computer in the house is fine except mine.
     

    Attached Files:

  2. elio_camacho

    elio_camacho Private E-2

    OK. It says there is a conflict with IP address on another computer in this network.

    I think this is all related but not sure if my DSL box may also be going out.

    Still blocks outoing mail from this computer so I know it isn't my mail server.
     
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean. We just need to do one thing:

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Otherwise I suggest that you check in the software forum for further assistance.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
  4. elio_camacho

    elio_camacho Private E-2

    I know you said my logs are clean but I am still having problems.

    1. I am redirected when I do a search on google and click on a link
    2. The auto select on my pointer alwasy works regardless of how the settings are in computer/tools/folder options

    The problem with not being able to send mail was repaired.

    One more thing. I am still unable to open MalwareBytes and SuperAntispyware with the normal name.

    Can't even install Spyware Doctor...just crashes on install.
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    There is only one thing that shows up in one log and not the others. Let's remove it and then I want you to download the latest version of MGTools and let it overwrite your existing version.

    Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
     
  6. elio_camacho

    elio_camacho Private E-2

    I am sorry I forgot to mention that I already did the fix you requested and received a success.

    Here are the logs. I hope you see something because these redirects are impossible and the pointer thing is killing me.

    Thanks.
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to download the current version of MGtools and run it. You are way out of date. Then attach a new log.
     
  8. elio_camacho

    elio_camacho Private E-2

    Here you go!
     

    Attached Files:

  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download the attached View attachment FindOVL.zip file to your C:\MGtools folder. Then extract the FindOVL.bat file from this ZIP into that same C:\MGtools folder. You must extract the file from the ZIP. DO NOT try to run the batch file from inside of the ZIP file. Now double click on the FindOVL.bat file to run this batch file script. This will search your hard disk for copies a file named overlay.xul. It will create a report.txt log and automatically add it to the C:\MGlogs.zip file. After this finishes running (which may take quite awhile to scan your whole hard disk) please attach the new MGlogs.zip file.
     
    Last edited: Apr 18, 2009
  10. elio_camacho

    elio_camacho Private E-2

    Here you go.

    The text was actually very fast less then a minute. Is that ok?
     

    Attached Files:

  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! You just do not have as many files and folders as some people. The length of time to scan is proportional. ;)

    Find the below file and delete it while all browser windows are closed.
    C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content\overlay.xul

    Then tell me how things are working.
     
  12. elio_camacho

    elio_camacho Private E-2

    Nope.

    Seemed to make it a little better but still redirects.

    There is a file called overlay.js still there.
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay than that was not the problem. Please download this View attachment SJC.zip and save it to your C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content folder. Then extract the two files from the ZIP file. One to restore the overlay.xul file and one to overwrite the overlay.js file.


    Now follow the instructions here: Using GooRedFix Howevver run Part 1 as requested and then immediately attach the Goored.txt log before doing Part 2 Then continue on with Part 2 and then attach the second Goored.txt

    Any change?
     
  14. elio_camacho

    elio_camacho Private E-2

    Number 1
     

    Attached Files:

  15. elio_camacho

    elio_camacho Private E-2

    Number 2

    Sorry no change....still being redirected and the pointer is still impossible.
     

    Attached Files:

  16. elio_camacho

    elio_camacho Private E-2

    There is one other thing I haven't mentioned because I thought it was unrelated.

    I have a website and since this has all started my host keeps being blocking my IP. They can't understand why their firewall keeps getting triggered when I visit my own site.

    Might be my hosts problem but I just thought I would mention it.
     
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are no obvious malware issues remaining but we will dig a little deeper to see if we can find anything hiding. However first an important observation which could be part of the reason for your initial infection. Your PC is not properly protected. You have no antivirus, no antispyware, and are relying of the inadequate Windows firewall.

    Thus before continuing, let's at least get a little better protected before you get infected with more severe malware issues.

    Start by installing AntiVir Personal Edition for antivirus protection. Reboot after installing and make sure you update to current databases.

    What browser are you using when you get redirected? If FireFox, try Internet Explorer and see if it still happens. Also check to see if it happens in safe boot mode.

    Now run the below two scans:

    Running GMER to detect rootkits - attach the log

    Using Dr.Web CureIt - attach the log

    I'm not sure what you are talking about when you say "the pointer is still impossible"?? Are you talking about mouse pointer problems? Please explain in more detail exactly what you are referring too. This may not have anything to do with malware.
     
  18. elio_camacho

    elio_camacho Private E-2

    Installed AntiVir

    Both Firefox and Explorer redirect....

    Can't access internet in Safemode for some reason.

    Gmer Dr Cureit Attached

    The pointer clicks without me clicking it. If I just roll over buttons it selects the object whether I want it to or not.

    Thank you so much.
     

    Attached Files:

  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please download the current version of ComboFix from here: combofix.exe and save it to your Desktop overwriting any previous version you have.



    Now we need to use ComboFix again.
    • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now let's get SUPERAntiSpyware and Malwarebytes updated and run new scans just to be safe.
    • Please uninstall your current version (this is necessary).
    • Then download this SUPERAntiSpyware
    • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    • After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
    • Now run a new full scan of your system. And attach this new log.
    Now run Malwarebytes and click the Update tab. Then click the Check for Updates button so you update to the current version of the program and database. Then run a new scan with it too. Attach the new log.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



    Now attach the below log:
    • C:\ComboFix.txt
    • the new SUPERAntiSpyware and Malwarebytes logs
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: May 9, 2009
  20. elio_camacho

    elio_camacho Private E-2

    The redirect seems to be solved and the pointer also seems to be corrected.

    Thank you so much.

    Attached are the logs.

    I have some lag issues with Vista that have popped up slowly since this all began. During this whole process every now and then I would get a windows error.

    Example....My Printer Drivers have all vanished and I get a Spooler error.

    I believe that some files have become corrupted or deleted due to this malware. I wanted to resolve the malware issues before proceeding with any Vista repairs.

    I am not sure if you guys can help with that in a different section or possibly refer me to another site.

    Thank you again.
     

    Attached Files:

  21. elio_camacho

    elio_camacho Private E-2

    Sorry,

    It wont allow me to edit my previous post.

    I jumped to conclusions, the redirect it gone but the pointer is still a mess. Could be a Vista issue?
     
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Post about these in the Software Forum. The pointer problem you are mentioning, probably belongs in the Software Forum too.

    Your logs show some temp files that I'm concerned about and also I want to double check to make sure the Malwarebytes was really able to remove what if found. Thus, please do the below.

    First run Malwarebytes again, and make sure you first update the database. Then run a new scan and attach this new log.


    Now I want to check for a Master Boot Record problem. Please download the following & save to your Desktop


    GMER's MBR.exe
    • Double click on the MBR.exe file to run it.
    • A log will be produced & saved to the desktop, called MBR.log.
    Now we need to use ComboFix again.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Now open up one and only one FireFox browser. I just want to have one running while MGtools is run.


    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Now attach the below log:
    • the new Malwarebytes log
    • the MBR.log file
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
  23. elio_camacho

    elio_camacho Private E-2

    OK here are the logs....

    No new issues but Vista is still running poorly and I posted in the software section but yet to hear a reply.

    We will see if what happens.

    Let me know if you find anything else.
     

    Attached Files:

  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean so I suggest you continue in the Software Forum. I also suggest that you stop running BitLord and any other programs like it since it could be a cause for poor performance since based on your logs there are lots of connections being made to/from your PC and they are likely due to it being run. Your logs shows all of the below connections which is not normal. You will only see things like this when P2P or torrent downloaders are running. Make sure you use the scroll bar to scroll down so you get a true feeling for just how many connections are in the list.:
    Code:
       Showing TCP and UDP Connections - with netstat -a                           
        ----------------------------------------------------------------------------
    Active Connections
      Proto  Local Address          Foreign Address        State
      TCP    0.0.0.0:135            artistwantab:0         LISTENING
      TCP    0.0.0.0:445            artistwantab:0         LISTENING
      TCP    0.0.0.0:990            artistwantab:0         LISTENING
      TCP    0.0.0.0:2869           artistwantab:0         LISTENING
      TCP    0.0.0.0:5357           artistwantab:0         LISTENING
      TCP    0.0.0.0:16234          artistwantab:0         LISTENING
      TCP    0.0.0.0:49152          artistwantab:0         LISTENING
      TCP    0.0.0.0:49153          artistwantab:0         LISTENING
      TCP    0.0.0.0:49154          artistwantab:0         LISTENING
      TCP    0.0.0.0:49155          artistwantab:0         LISTENING
      TCP    0.0.0.0:49156          artistwantab:0         LISTENING
      TCP    0.0.0.0:49157          artistwantab:0         LISTENING
      TCP    127.0.0.1:5354         artistwantab:0         LISTENING
      TCP    127.0.0.1:5679         artistwantab:0         LISTENING
      TCP    127.0.0.1:7438         artistwantab:0         LISTENING
      TCP    127.0.0.1:27015        artistwantab:0         LISTENING
      TCP    127.0.0.1:57235        artistwantab:57236     ESTABLISHED
      TCP    127.0.0.1:57236        artistwantab:57235     ESTABLISHED
      TCP    127.0.0.1:57247        artistwantab:57248     ESTABLISHED
      TCP    127.0.0.1:57248        artistwantab:57247     ESTABLISHED
      TCP    192.168.1.3:139        artistwantab:0         LISTENING
      TCP    192.168.1.3:49160      72.5.124.55:http       CLOSE_WAIT
      TCP    192.168.1.3:49161      128.241.217.8:http     CLOSE_WAIT
      TCP    192.168.1.3:49274      c-98-209-233-217:58439  ESTABLISHED
      TCP    192.168.1.3:49450      S01060040f4b50c42:50408  ESTABLISHED
      TCP    192.168.1.3:49455      pool-96-252-210-118:55635  ESTABLISHED
      TCP    192.168.1.3:49472      92.17.154.215:6881     ESTABLISHED
      TCP    192.168.1.3:50120      user-5445b699:38222    ESTABLISHED
      TCP    192.168.1.3:50443      cm86:11732             ESTABLISHED
      TCP    192.168.1.3:50589      wnpgmb0516w-ad03-168-199:37960  ESTABLISHED
      TCP    192.168.1.3:51133      static:49200           ESTABLISHED
      TCP    192.168.1.3:51527      c-76-28-143-221:45508  ESTABLISHED
      TCP    192.168.1.3:51621      host86-151-61-50:19231  ESTABLISHED
      TCP    192.168.1.3:51658      cpe-74-72-198-61:51413  ESTABLISHED
      TCP    192.168.1.3:51887      cpc3-wear4-0-0-cust276:14329  ESTABLISHED
      TCP    192.168.1.3:52358      s5592b439:62020        ESTABLISHED
      TCP    192.168.1.3:52639      c-76-29-15-55:29786    ESTABLISHED
      TCP    192.168.1.3:52754      82-170-159-185:51413   ESTABLISHED
      TCP    192.168.1.3:52908      c-65-34-228-72:59545   ESTABLISHED
      TCP    192.168.1.3:53115      user-54424b70:46224    ESTABLISHED
      TCP    192.168.1.3:53546      dsl:57314              ESTABLISHED
      TCP    192.168.1.3:53624      cpe-72-129-82-24:17744  ESTABLISHED
      TCP    192.168.1.3:53639      59.93.161.111:31488    ESTABLISHED
      TCP    192.168.1.3:53983      cust-194-54-189-56:50705  ESTABLISHED
      TCP    192.168.1.3:54015      70:29327               ESTABLISHED
      TCP    192.168.1.3:54173      catv-89-135-151-134:33378  ESTABLISHED
      TCP    192.168.1.3:54272      user-0ccer3p:55956     ESTABLISHED
      TCP    192.168.1.3:54363      ip24-255-174-74:25174  ESTABLISHED
      TCP    192.168.1.3:54525      190:54854              ESTABLISHED
      TCP    192.168.1.3:54570      host86-135-96-119:17469  ESTABLISHED
      TCP    192.168.1.3:54599      p57A5EA9B:8426         ESTABLISHED
      TCP    192.168.1.3:54809      77-102-136-218:21889   ESTABLISHED
      TCP    192.168.1.3:55377      76-14-85-66:43432      ESTABLISHED
      TCP    192.168.1.3:55436      host86-174-25-107:51111  ESTABLISHED
      TCP    192.168.1.3:55451      a83-132-30-126:16997   ESTABLISHED
      TCP    192.168.1.3:55500      78.150.210.83:38292    ESTABLISHED
      TCP    192.168.1.3:55513      94-194-46-241:17190    ESTABLISHED
      TCP    192.168.1.3:55514      host86-154-250-134:58889  LAST_ACK
      TCP    192.168.1.3:55542      5ac2cbf7:39937         ESTABLISHED
      TCP    192.168.1.3:55554      130:25216              LAST_ACK
      TCP    192.168.1.3:55555      c-67-185-239-92:52465  ESTABLISHED
      TCP    192.168.1.3:55571      77.127.139.198:19716   ESTABLISHED
      TCP    192.168.1.3:55623      modemcable099:6013     ESTABLISHED
      TCP    192.168.1.3:55712      host81-159-139-121:42123  FIN_WAIT_1
      TCP    192.168.1.3:55719      blk-138-35-112:65534   LAST_ACK
      TCP    192.168.1.3:55775      24-241-20-214:49987    ESTABLISHED
      TCP    192.168.1.3:55792      n22z167l27:40000       ESTABLISHED
      TCP    192.168.1.3:55803      ool-43559e7c:22346     ESTABLISHED
      TCP    192.168.1.3:55834      JON-PC:21700           ESTABLISHED
      TCP    192.168.1.3:55879      c-98-226-124-47:47073  ESTABLISHED
      TCP    192.168.1.3:55991      ip68-11-148-142:37776  ESTABLISHED
      TCP    192.168.1.3:56044      68.46.65.123:49271     LAST_ACK
      TCP    192.168.1.3:56072      cpe-24-94-26-204:53764  ESTABLISHED
      TCP    192.168.1.3:56140      99-28-74-239:58300     LAST_ACK
      TCP    192.168.1.3:56146      c-71-228-160-168:15884  ESTABLISHED
      TCP    192.168.1.3:56152      d58-105-83-216:45424   LAST_ACK
      TCP    192.168.1.3:56284      ip68-224-63-146:58285  LAST_ACK
      TCP    192.168.1.3:56285      host86-153-51-134:24276  ESTABLISHED
      TCP    192.168.1.3:56386      d205-250-179-158:18874  ESTABLISHED
      TCP    192.168.1.3:56412      ip72-199-244-49:25785  ESTABLISHED
      TCP    192.168.1.3:56413      c-71-195-140-57:57836  LAST_ACK
      TCP    192.168.1.3:56460      190-1-58-244:50246     ESTABLISHED
      TCP    192.168.1.3:56537      59.95.161.236:39240    ESTABLISHED
      TCP    192.168.1.3:56550      crbknf0203w-142162222241:26013  FIN_WAIT_2
      TCP    192.168.1.3:56601      lantash:60927          ESTABLISHED
      TCP    192.168.1.3:56667      cpe-92-37-67-121:24836  ESTABLISHED
      TCP    192.168.1.3:56699      190-176-229-66:46306   ESTABLISHED
      TCP    192.168.1.3:56712      d122-109-192-51:49232  ESTABLISHED
      TCP    192.168.1.3:56734      dsl:48106              LAST_ACK
      TCP    192.168.1.3:56782      92.99.49.146:27384     LAST_ACK
      TCP    192.168.1.3:56932      189105183094:46859     ESTABLISHED
      TCP    192.168.1.3:56993      87.109.237.147:21789   ESTABLISHED
      TCP    192.168.1.3:57011      xb154:6885             ESTABLISHED
      TCP    192.168.1.3:57024      dhcp-0-19-21-53-18-55:14779  ESTABLISHED
      TCP    192.168.1.3:57093      cpe-72-130-200-56:11742  ESTABLISHED
      TCP    192.168.1.3:57112      cpe-69-204-69-174:21173  ESTABLISHED
      TCP    192.168.1.3:57141      123-243-138-199:50079  ESTABLISHED
      TCP    192.168.1.3:57146      c-69-181-82-65:57913   ESTABLISHED
      TCP    192.168.1.3:57160      cpe-74-79-47-189:41145  ESTABLISHED
      TCP    192.168.1.3:57184      117.198.178.119:32218  FIN_WAIT_1
      TCP    192.168.1.3:57208      host81-156-132-86:25064  ESTABLISHED
      TCP    192.168.1.3:57222      cpe-74-69-168-129:36034  ESTABLISHED
      TCP    192.168.1.3:57252      cpe-67-241-246-135:16512  LAST_ACK
      TCP    192.168.1.3:57253      CPE001c1023c1a1-CM001692fa1c50:42145  ESTABLISHED
      TCP    192.168.1.3:57254      S0106001e683d3096:41474  ESTABLISHED
      TCP    192.168.1.3:57262      084202211178:16977     ESTABLISHED
      TCP    192.168.1.3:57287      c-71-200-140-127:64265  LAST_ACK
      TCP    192.168.1.3:57301      188.24.155.67:41085    ESTABLISHED
      TCP    192.168.1.3:57312      24-151-51-227:20204    LAST_ACK
      TCP    192.168.1.3:57334      78.101.115.233:63211   ESTABLISHED
      TCP    192.168.1.3:57367      cpe-76-184-23-73:25489  ESTABLISHED
      TCP    192.168.1.3:57371      host86-132-174-114:56788  FIN_WAIT_2
      TCP    192.168.1.3:57372      201.70.124.55:14867    ESTABLISHED
      TCP    192.168.1.3:57380      d47-69-175-19:64563    ESTABLISHED
      TCP    192.168.1.3:57410      137-158:22295          ESTABLISHED
      TCP    192.168.1.3:57421      host-92-5-56-4:46791   ESTABLISHED
      TCP    192.168.1.3:57434      62-63-47-182:57987     ESTABLISHED
      TCP    192.168.1.3:57439      pool-98-118-4-196:64252  LAST_ACK
      TCP    192.168.1.3:57444      r11kg235:6881          ESTABLISHED
      TCP    192.168.1.3:57468      host-92-11-59-50:60083  ESTABLISHED
      TCP    192.168.1.3:57470      host86-147-167-84:15457  ESTABLISHED
      TCP    192.168.1.3:57478      ip68-2-98-43:6881      TIME_WAIT
      TCP    192.168.1.3:57482      cpe-76-90-191-147:10873  ESTABLISHED
      TCP    192.168.1.3:57485      r74-194-58-117:61404   ESTABLISHED
      TCP    192.168.1.3:57487      c-68-32-133-85:21652   ESTABLISHED
      TCP    192.168.1.3:57492      modemcable106:36935    ESTABLISHED
      TCP    192.168.1.3:57494      adsl-155-203-117:35199  ESTABLISHED
      TCP    192.168.1.3:57519      user-514dc522:17172    ESTABLISHED
      TCP    192.168.1.3:57520      41.178.228.153:25842   LAST_ACK
      TCP    192.168.1.3:57583      45:15484               FIN_WAIT_1
      TCP    192.168.1.3:57609      host86-162-104-74:19582  ESTABLISHED
      TCP    192.168.1.3:57643      S0106001b24bca3a4:34927  ESTABLISHED
      TCP    192.168.1.3:57649      adsl-76-226-4-83:53027  ESTABLISHED
      TCP    192.168.1.3:57653      blk-11-45-115:60173    ESTABLISHED
      TCP    192.168.1.3:57669      cpe-76-168-100-11:29008  ESTABLISHED
      TCP    192.168.1.3:57687      c-69-251-206-100:50427  ESTABLISHED
      TCP    192.168.1.3:57706      dhcp-83-219-119-38:59081  ESTABLISHED
      TCP    192.168.1.3:57707      74-37-92-112:63055     ESTABLISHED
      TCP    192.168.1.3:57708      59.94.182.203:13085    ESTABLISHED
      TCP    192.168.1.3:57721      port0065-acs-adsl:17065  FIN_WAIT_1
      TCP    192.168.1.3:57725      CASA-056E8BD7A9:38961  ESTABLISHED
      TCP    192.168.1.3:57730      20119106051:21991      ESTABLISHED
      TCP    192.168.1.3:57733      adsl146-71:50710       ESTABLISHED
      TCP    192.168.1.3:57743      pool-173-49-14-73:32813  ESTABLISHED
      TCP    192.168.1.3:57755      c-24-99-31-73:45484    ESTABLISHED
      TCP    192.168.1.3:57759      64-17-78-142:57678     ESTABLISHED
      TCP    192.168.1.3:57783      141:41392              ESTABLISHED
      TCP    192.168.1.3:57795      de3-as7379:23400       ESTABLISHED
      TCP    192.168.1.3:57799      ph-173:63654           ESTABLISHED
      TCP    192.168.1.3:57802      24.207.123.137:35536   ESTABLISHED
      TCP    192.168.1.3:57805      ool-4350e280:64273     ESTABLISHED
      TCP    192.168.1.3:57808      c-24-56-205-49:49213   ESTABLISHED
      TCP    192.168.1.3:57811      64-201-203-5:15850     ESTABLISHED
      TCP    192.168.1.3:57816      5ad53388:42097         ESTABLISHED
      TCP    192.168.1.3:57817      186.100.167.169:49689  ESTABLISHED
      TCP    192.168.1.3:57822      49:52501               ESTABLISHED
      TCP    192.168.1.3:57826      220:32524              ESTABLISHED
      TCP    192.168.1.3:57834      87.109.164.181:22826   ESTABLISHED
      TCP    192.168.1.3:57837      bd64c94f:39785         ESTABLISHED
      TCP    192.168.1.3:57841      c-65-34-242-213:32317  ESTABLISHED
      TCP    192.168.1.3:57845      cpe-98-30-71-195:49003  ESTABLISHED
      TCP    192.168.1.3:57848      89.165.143.154:58148   ESTABLISHED
      TCP    192.168.1.3:57849      c-76-16-229-207:48026  ESTABLISHED
      TCP    192.168.1.3:57852      host-87-75-167-182:9695  ESTABLISHED
      TCP    192.168.1.3:57856      5ac2d6b8:58991         ESTABLISHED
      TCP    192.168.1.3:57857      24-176-140-186:44717   ESTABLISHED
      TCP    192.168.1.3:57860      S0106001e336caf22:43584  ESTABLISHED
      TCP    192.168.1.3:57861      pool-74-107-143-239:63993  ESTABLISHED
      TCP    192.168.1.3:57862      TOROON01-1177843783:51413  ESTABLISHED
      TCP    192.168.1.3:57874      77.28.14.168:31365     ESTABLISHED
      TCP    192.168.1.3:57878      d-65-175-239-132:https  ESTABLISHED
      TCP    192.168.1.3:57887      c-24-10-241-159:63535  ESTABLISHED
      TCP    192.168.1.3:57949      118.100.119.56:36736   ESTABLISHED
      TCP    192.168.1.3:57951      p548F5851:55145        ESTABLISHED
      TCP    192.168.1.3:57953      ppp-94-68-167-40:35867  ESTABLISHED
      TCP    192.168.1.3:57955      58:59996               ESTABLISHED
      TCP    192.168.1.3:57956      host-72-51-210-48:23085  ESTABLISHED
      TCP    192.168.1.3:57958      118.38.60.84:49272     ESTABLISHED
      TCP    192.168.1.3:57963      bd66d87c:10591         ESTABLISHED
      TCP    192.168.1.3:57966      92-67:56108            ESTABLISHED
      TCP    192.168.1.3:57967      189107145207:15625     ESTABLISHED
      TCP    192.168.1.3:57976      bd044ede:45262         ESTABLISHED
      TCP    192.168.1.3:57983      mctnnbsa24w-142167037006:28319  ESTABLISHED
      TCP    192.168.1.3:57984      54:34413               ESTABLISHED
      TCP    192.168.1.3:57986      nn:50522               ESTABLISHED
      TCP    192.168.1.3:57987      94:43841               ESTABLISHED
      TCP    192.168.1.3:57990      c-71-193-249-183:64581  ESTABLISHED
      TCP    192.168.1.3:57994      c-68-55-2-43:46977     ESTABLISHED
      TCP    192.168.1.3:58003      pool-173-51-131-38:24377  ESTABLISHED
      TCP    192.168.1.3:58004      bas4-toronto06-1279311269:10424  ESTABLISHED
      TCP    192.168.1.3:58006      24-182-163-143:58865   ESTABLISHED
      TCP    192.168.1.3:58010      host-41:36443          ESTABLISHED
      TCP    192.168.1.3:58014      87:2038                ESTABLISHED
      TCP    192.168.1.3:58025      cpe-65-25-116-12:32108  ESTABLISHED
      TCP    192.168.1.3:58029      c74-196-35-248:60944   ESTABLISHED
      TCP    192.168.1.3:58031      S010600219be81072:39619  ESTABLISHED
      TCP    192.168.1.3:58032      dialup-4:34873         LAST_ACK
      TCP    192.168.1.3:58033      cpc1-basf5-0-0-cust511:8204  ESTABLISHED
      TCP    192.168.1.3:58034      cpe-98-30-42-93:49995  ESTABLISHED
      TCP    192.168.1.3:58038      ip68-5-202-182:13384   ESTABLISHED
      TCP    192.168.1.3:58040      blk-138-16-217:55335   ESTABLISHED
      TCP    192.168.1.3:58043      c-98-199-190-50:61655  ESTABLISHED
      TCP    192.168.1.3:58044      c-76-112-130-79:45682  ESTABLISHED
      TCP    192.168.1.3:58051      ool-457e31bb:6889      ESTABLISHED
      TCP    192.168.1.3:58056      dynamic-acs-24-101-39-146:52115  LAST_ACK
      TCP    192.168.1.3:58057      c-76-99-33-113:10957   ESTABLISHED
      TCP    192.168.1.3:58059      d53-64-95-210:18161    ESTABLISHED
      TCP    192.168.1.3:58063      59.95.5.10:53681       ESTABLISHED
      TCP    192.168.1.3:58068      d149-67-197-38:61071   ESTABLISHED
      TCP    192.168.1.3:58069      71-11-198-167:20564    ESTABLISHED
      TCP    192.168.1.3:58070      c-67-184-65-34:46163   ESTABLISHED
      TCP    192.168.1.3:58080      92-238-255-206:12606   ESTABLISHED
      TCP    192.168.1.3:58085      B013:2710              TIME_WAIT
      TCP    192.168.1.3:58100      bd7940a8:10184         ESTABLISHED
      TCP    192.168.1.3:58102      host-92-11-184-24:6553  ESTABLISHED
      TCP    192.168.1.3:58105      79-76-79-226:19803     ESTABLISHED
      TCP    192.168.1.3:58137      220.85.253.228:13640   ESTABLISHED
      TCP    192.168.1.3:58144      78-56-105-141:16725    ESTABLISHED
      TCP    192.168.1.3:58148      80-186-232-5:61536     ESTABLISHED
      TCP    192.168.1.3:58155      cpe-66-74-135-247:14813  ESTABLISHED
      TCP    192.168.1.3:58158      cm241:12540            ESTABLISHED
      TCP    192.168.1.3:58159      222.73.109.17:8080     TIME_WAIT
      TCP    192.168.1.3:58172      pool-70-105-171-254:51413  ESTABLISHED
      TCP    192.168.1.3:58174      pool-173-59-131-28:58832  ESTABLISHED
      TCP    192.168.1.3:58181      59.96.24.63:10641      ESTABLISHED
      TCP    192.168.1.3:58193      91.191.138.2:http      TIME_WAIT
      TCP    192.168.1.3:58203      91.191.138.5:http      TIME_WAIT
      TCP    192.168.1.3:58205      91.191.138.5:http      TIME_WAIT
      TCP    192.168.1.3:58212      91.191.138.2:http      TIME_WAIT
      TCP    192.168.1.3:58213      221.130.195.237:kerberos  TIME_WAIT
      TCP    192.168.1.3:58214      91.191.138.7:http      TIME_WAIT
      TCP    192.168.1.3:58220      91.191.138.8:http      TIME_WAIT
      TCP    192.168.1.3:58222      91.191.138.5:http      TIME_WAIT
      TCP    192.168.1.3:58233      91.191.138.2:http      TIME_WAIT
      TCP    192.168.1.3:58241      host-209-50-48-13:http  TIME_WAIT
      TCP    192.168.1.3:58242      B013:2710              TIME_WAIT
      TCP    192.168.1.3:58246      77.247.176.154:http    TIME_WAIT
      TCP    192.168.1.3:58248      91.191.138.2:http      TIME_WAIT
      TCP    192.168.1.3:58249      91.191.138.2:http      TIME_WAIT
      TCP    192.168.1.3:58256      91.191.138.4:http      TIME_WAIT
      TCP    192.168.1.3:58262      77.247.176.152:http    TIME_WAIT
      TCP    192.168.1.3:58264      77.247.176.152:http    TIME_WAIT
      TCP    192.168.1.3:58265      202.107.219.5:6969     CLOSING
      TCP    192.168.1.3:58269      77.247.176.152:http    TIME_WAIT
      TCP    192.168.1.3:58274      222.73.109.17:8080     TIME_WAIT
      TCP    192.168.1.3:58277      91.191.138.4:http      TIME_WAIT
      TCP    192.168.1.3:58279      91.191.138.2:http      TIME_WAIT
      TCP    192.168.1.3:58280      91.191.138.6:6969      CLOSING
      TCP    192.168.1.3:58281      91.191.138.6:6969      TIME_WAIT
      TCP    192.168.1.3:58283      host-209-50-48-13:4315  SYN_SENT
      TCP    192.168.1.3:58284      91.191.138.6:http      TIME_WAIT
      TCP    192.168.1.3:58285      B013:2710              SYN_SENT
      TCP    192.168.1.3:58288      91.191.138.6:http      TIME_WAIT
      TCP    192.168.1.3:58290      91.191.138.6:6969      TIME_WAIT
      TCP    192.168.1.3:58292      77.247.176.153:http    SYN_SENT
      TCP    192.168.1.3:58855      cpe-71-72-202-215:22446  ESTABLISHED
      TCP    192.168.1.3:59215      CPE001e8c98aa46-CM0011aec0fbc8:26009  ESTABLISHED
      TCP    192.168.1.3:59546      bas6-montreal45-1176367194:61129  ESTABLISHED
      TCP    192.168.1.3:59807      bl6-79-129:51413       ESTABLISHED
      TCP    192.168.1.3:59938      96.53.226.99:7879      ESTABLISHED
      TCP    192.168.1.3:60506      59.95.6.65:42965       ESTABLISHED
      TCP    192.168.1.3:60690      cust-185-137-108-94:51413  ESTABLISHED
      TCP    192.168.1.3:61860      96.51.248.177:8392     ESTABLISHED
      TCP    192.168.1.3:62386      c-24-30-68-116:34239   ESTABLISHED
      TCP    192.168.1.3:62424      c-76-30-66-77:40007    ESTABLISHED
      TCP    192.168.1.3:62893      host217-42-224-11:63045  ESTABLISHED
      TCP    192.168.1.3:64062      94-168-104-60:18987    ESTABLISHED
      TCP    192.168.1.3:64428      d75-155-113-230:47907  LAST_ACK
      TCP    192.168.1.3:64444      S0106001e5889c807:41868  ESTABLISHED
      TCP    192.168.1.3:64628      77:45682               ESTABLISHED
      TCP    192.168.1.3:64772      76.89.236.153:51413    ESTABLISHED
      TCP    192.168.1.3:64785      zaq771a14ec:23133      ESTABLISHED
      TCP    192.168.1.3:64839      201.163.203.253:3052   ESTABLISHED
      TCP    [::]:135               artistwantab:0         LISTENING
      TCP    [::]:445               artistwantab:0         LISTENING
      TCP    [::]:990               artistwantab:0         LISTENING
      TCP    [::]:2869              artistwantab:0         LISTENING
      TCP    [::]:5357              artistwantab:0         LISTENING
      TCP    [::]:49152             artistwantab:0         LISTENING
      TCP    [::]:49153             artistwantab:0         LISTENING
      TCP    [::]:49154             artistwantab:0         LISTENING
      TCP    [::]:49155             artistwantab:0         LISTENING
      TCP    [::]:49156             artistwantab:0         LISTENING
      TCP    [::]:49157             artistwantab:0         LISTENING
      TCP    [::1]:5679             artistwantab:0         LISTENING
      UDP    0.0.0.0:123            *:*                    
      UDP    0.0.0.0:500            *:*                    
      UDP    0.0.0.0:3702           *:*                    
      UDP    0.0.0.0:3702           *:*                    
      UDP    0.0.0.0:4500           *:*                    
      UDP    0.0.0.0:5355           *:*                    
      UDP    0.0.0.0:16234          *:*                    
      UDP    0.0.0.0:49152          *:*                    
      UDP    0.0.0.0:49154          *:*                    
      UDP    0.0.0.0:53638          *:*                    
      UDP    127.0.0.1:1900         *:*                    
      UDP    127.0.0.1:49265        *:*                    
      UDP    127.0.0.1:50050        *:*                    
      UDP    127.0.0.1:52731        *:*                    
      UDP    127.0.0.1:55714        *:*                    
      UDP    127.0.0.1:62869        *:*                    
      UDP    192.168.1.3:137        *:*                    
      UDP    192.168.1.3:138        *:*                    
      UDP    192.168.1.3:1900       *:*                    
      UDP    192.168.1.3:5353       *:*                    
      UDP    192.168.1.3:49264      *:*                    
      UDP    [::]:123               *:*                    
      UDP    [::]:500               *:*                    
      UDP    [::]:3702              *:*                    
      UDP    [::]:3702              *:*                    
      UDP    [::]:5355              *:*                    
      UDP    [::]:49153             *:*                    
      UDP    [::]:49155             *:*                    
      UDP    [::1]:1900             *:*                    
      UDP    [::1]:49262            *:*                    
      UDP    [fe80::100:7f:fffe%12]:1900  *:*                    
      UDP    [fe80::100:7f:fffe%12]:49263  *:*                    
      UDP    [fe80::39c7:1c04:648d:8d38%17]:1900  *:*                    
      UDP    [fe80::39c7:1c04:648d:8d38%17]:49259  *:*                    
      UDP    [fe80::a55f:2f1c:4c97:7619%11]:1900  *:*                    
      UDP    [fe80::a55f:2f1c:4c97:7619%11]:49260  *:*                    
      UDP    [fe80::bcb1:3148:d291:4a75%10]:1900  *:*                    
      UDP    [fe80::bcb1:3148:d291:4a75%10]:49261  *:*                    
        ----------------------------------------------------------------------------
    Also I suggest that you uninstall A-Squared.

    After uninstalling both of these, then see how things are running.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds