unauthorized remote http connections

I have recently been experiencing occasions where my MCPC (W7 64bit) was not being as responsive as it had in the past. I did some checking with MBAM and several of the McAfee tools but they did not report anything.

However, I did find multiple unauthorized live http connections to my machine (with netstat - a) so I ran the Win Removal steps 1 thru 3. The first program, RogueKiller had some hits. It looks like a well hidden piece of maleware that I will need some help in clearing it up. Would really appreciate a review the attached results. I have not made any changes to the machine per instructions.

I also have two other W7 64 machines on the same home LAN and a Vista 32. All of these are showing the same unauthorized connections. Could this malware be propagating to other machines via the LAN?

 

Thank you for the review. I appreciate that very much!
I am still left with a puzzle as to why & where http connections like these are showing up on my machines:

C:\Windows\system32>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP 192.168.1.187:54027 107.14.45.56:http ESTABLISHED
TCP 192.168.1.187:54165 107.14.45.43:http ESTABLISHED

I see the 'Foreign Addresses' are assigned to Road Runner & we therefore share the same ISP but we are not geographically close to each other.
Any suggestions on where I could start looking for a source?

Once again thank you for volunteering your time to help the community.

 

Today I fired up my XP laptop and found that it was also establishing connections to 107.14.xx.xx locations. I used the system restore to go back to December of last year. The MS automatic updates (36 of them) and McAfee took a chunck of time but after this I see no more of the 107.14.xx.xx connections.
So I now know that some time after December I acquired a back door. Problem is how do I find It? I've run the 5 programs to scan this machine. Since this is the same problem that started this thread. should I start a new thread or not?

 

Still working on it. I'll keep an eye on the laptop and let you know if the issue on that machine is solved. McAfee doesn't appear to have a way of blocking a range of IP addresses like 107.14.xx.xx and as far as I can see my model of Netgear router (N600 WNDR3700V3) does not have this ability either. It gives me a way of putting individual URLs but not ranges of IPs. If you see a way of blocking using my equipment I'll give it a try.

 

I have looked at the manual, in that section. From what I could see there does not appear to be any straight forward method of preventing outgoing and incoming traffic to & from a specific IP range. Any references to write ups would be appreciated.
As a temporary fix i may have to go to each machine and try a PersistentRoute setup (ROUTE ADD).

 

Unfortunately I am not using The SaaS Endpoint, just the McAfee products for home use. Since you have been able to confirm that my problem is not malware related, am going forward to look for other reasons why I these unwanted connections are established to my machines. Be happy to update you if we find the explanation.