Infected with Win32:Small-EPJ, Please help

Is this Normal or are all these people attached to my PC

Proto Local Address Foreign Address State
TCP BobandTiffs:3433 localhost:12080 TIME_WAIT
TCP BobandTiffs:3435 localhost:12080 ESTABLISHED
TCP BobandTiffs:3437 localhost:12080 ESTABLISHED
TCP BobandTiffs:3439 localhost:12080 ESTABLISHED
TCP BobandTiffs:3441 localhost:12080 ESTABLISHED
TCP BobandTiffs:3443 localhost:12080 TIME_WAIT
TCP BobandTiffs:3447 localhost:12080 ESTABLISHED
TCP BobandTiffs:3451 localhost:12080 ESTABLISHED
TCP BobandTiffs:3453 localhost:12080 ESTABLISHED
TCP BobandTiffs:3455 localhost:12080 ESTABLISHED
TCP BobandTiffs:3456 localhost:12080 ESTABLISHED
TCP BobandTiffs:3463 localhost:12080 ESTABLISHED
TCP BobandTiffs:3467 localhost:12080 ESTABLISHED
TCP BobandTiffs:3469 localhost:12080 ESTABLISHED
TCP BobandTiffs:3471 localhost:12080 ESTABLISHED
TCP BobandTiffs:3473 localhost:12080 ESTABLISHED
TCP BobandTiffs:3475 localhost:12080 ESTABLISHED
TCP BobandTiffs:3477 localhost:12080 ESTABLISHED
TCP BobandTiffs:3479 localhost:12080 ESTABLISHED
TCP BobandTiffs:3481 localhost:12080 ESTABLISHED
TCP BobandTiffs:3483 localhost:12080 TIME_WAIT
TCP BobandTiffs:3486 localhost:12080 TIME_WAIT
TCP BobandTiffs:3490 localhost:12080 ESTABLISHED
TCP BobandTiffs:3492 localhost:12080 ESTABLISHED
TCP BobandTiffs:3494 localhost:12080 ESTABLISHED
TCP BobandTiffs:3496 localhost:12080 ESTABLISHED
TCP BobandTiffs:3498 localhost:12080 ESTABLISHED
TCP BobandTiffs:3502 localhost:12080 ESTABLISHED
TCP BobandTiffs:12080 localhost:3435 ESTABLISHED
TCP BobandTiffs:12080 localhost:3437 ESTABLISHED
TCP BobandTiffs:12080 localhost:3439 ESTABLISHED
TCP BobandTiffs:12080 localhost:3441 ESTABLISHED
TCP BobandTiffs:12080 localhost:3445 TIME_WAIT
TCP BobandTiffs:12080 localhost:3447 ESTABLISHED
TCP BobandTiffs:12080 localhost:3449 TIME_WAIT
TCP BobandTiffs:12080 localhost:3451 ESTABLISHED
TCP BobandTiffs:12080 localhost:3453 ESTABLISHED
TCP BobandTiffs:12080 localhost:3455 ESTABLISHED
TCP BobandTiffs:12080 localhost:3456 ESTABLISHED
TCP BobandTiffs:12080 localhost:3457 TIME_WAIT
TCP BobandTiffs:12080 localhost:3463 ESTABLISHED
TCP BobandTiffs:12080 localhost:3465 TIME_WAIT
TCP BobandTiffs:12080 localhost:3467 ESTABLISHED
TCP BobandTiffs:12080 localhost:3469 ESTABLISHED
TCP BobandTiffs:12080 localhost:3471 ESTABLISHED
TCP BobandTiffs:12080 localhost:3473 ESTABLISHED
TCP BobandTiffs:12080 localhost:3475 ESTABLISHED
TCP BobandTiffs:12080 localhost:3477 ESTABLISHED
TCP BobandTiffs:12080 localhost:3479 ESTABLISHED
TCP BobandTiffs:12080 localhost:3481 ESTABLISHED
TCP BobandTiffs:12080 localhost:3488 TIME_WAIT
TCP BobandTiffs:12080 localhost:3490 ESTABLISHED
TCP BobandTiffs:12080 localhost:3492 ESTABLISHED
TCP BobandTiffs:12080 localhost:3494 ESTABLISHED
TCP BobandTiffs:12080 localhost:3496 ESTABLISHED
TCP BobandTiffs:12080 localhost:3498 ESTABLISHED
TCP BobandTiffs:12080 localhost:3502 ESTABLISHED
TCP BobandTiffs:3243 elf161.cleannet.orie.cornell.edu:45564 ESTABLI
ED
TCP BobandTiffs:3422 ip-69-22-179-107.nlayer.net:http TIME_WAIT
TCP BobandTiffs:3442 64.79.161.90:http ESTABLISHED
TCP BobandTiffs:3448 ip-69-22-179-81.nlayer.net:http ESTABLISHED
TCP BobandTiffs:3452 ip-69-22-179-81.nlayer.net:http ESTABLISHED
TCP BobandTiffs:3454 ip-69-22-179-107.nlayer.net:http ESTABLISHED
TCP BobandTiffs:3459 d1.ycs.vip.a2s.yahoo.com:http CLOSE_WAIT
TCP BobandTiffs:3460 d1.ycs.vip.a2s.yahoo.com:http CLOSE_WAIT
TCP BobandTiffs:3472 168.143.188.36:http CLOSE_WAIT
TCP BobandTiffs:3474 ip-69-22-179-88.nlayer.net:http ESTABLISHED
TCP BobandTiffs:3476 168.143.188.36:http CLOSE_WAIT
TCP BobandTiffs:3478 ip-69-22-179-88.nlayer.net:http ESTABLISHED
TCP BobandTiffs:3480 69.7.234.203:http ESTABLISHED
TCP BobandTiffs:3482 69.7.234.203:http ESTABLISHED
TCP BobandTiffs:3485 ev1s-209-85-66-221.ev1servers.net:http CLOSE_W
T
TCP BobandTiffs:3491 ip-69-22-179-65.nlayer.net:http ESTABLISHED
TCP BobandTiffs:3493 12.130.81.249:http CLOSE_WAIT
TCP BobandTiffs:3495 130.81.64.45:http CLOSE_WAIT
TCP BobandTiffs:3497 ip-69-22-179-80.nlayer.net:http ESTABLISHED
TCP BobandTiffs:3499 ip-69-22-179-82.nlayer.net:http ESTABLISHED

:\Documents and Settings\Bob>

The logs are clean.

Run ATF Cleaner.

Go to add/remove programs and look for old versions of Java and uninstall them.
The only version that should be there is Java 6 Update 3.

Find and delete these folders:
C:\VundoFix Backups
C:\WINDOWS\SDFIX

You can also get rid of any logs.

If you don't have CCleaner download it HERE
When you open CCleaner look for the Registry tab to the top left. Use the Scan for Issues function. Run it multiple times until it shows no entries to be cleaned.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again


Security tools I suggest, and use myself. (all free)

They give active protection without slowing down your PC.

COMODO BOClean Anti-Malware

WinPatrol 2007

I am honestly not sure. Try looking in the firewall settings and see if you can see if anything is being blocked or not. If it isn't being blocked then I would say it is normal.

Let me know when you get all this done and how things are now.

Just to add the Ccleaner link as you did a little error lol.

Download it HERE.

Regards Jason

Whoops!!

Thanks Jase.

One other thing. I noticed my hard drive light is continually on and processing. SVCHOST.exe is showing as the activity in my firewall. Hopefully all is well. ALso the PC is sluggish. I did install pcillin 14 but no scans are currently on.

Thanks for your tenacity and skill. You have really been a life saver. Are we done? If so thanks again!!

All instances of the svchost.exe are running in the correct location according to HijackThis. Which is C:\WINDOWS\system32\svchost.exe

It is not uncommon to have multiple instances of svchost.exe running but it can also be an indication of a keylogger. But there is a scanner that is good at finding keyloggers.

Download, update and run A-Squared Free

At the main menu, click Scan Now, there will be 4 options, choose Deep Scan.

If malware is found, click the button Remove Selected Malware
If malware is found, select all found and click Quarantine selected objects
Be sure to quarantine anything found before removing it completely until we can have a good look at the log. This is a powerful scanner and it can not distinguish between "good' and "bad."
Click Save Report. Save the report to somewhere convenient, such as your desktop
Add the report as an attachment in your next post.

Ok I will do that but in the meantime internet explorer can't get to a webpage. It simply does not work. I disabled the firewall temporarily. Firefox works perfectly.

Please follow evilfantasys instructions and then we will look into your problem with Internet Explorer.

Regards Jason

This thread is for the use of rlmurray ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.

in the middle of the scan the PC blue screened

you there//the pc is slow sluggish and I running pentium d 2.8 with 2 gig ram

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.

I am puzzled on the blue screen.

We can try to run LSP-Fix. This is used after malware removal in cases like this to basically reset the router.

LSP-Fix

Also look at IEFix

lsp-fix said everything is normal and iefix does not support ie7
update.. deep scan is still running

At around 6PM I will start the scan again with A-Squared Free.
The PC has been sooo sluggish

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.

Reply only when you are done. Take note: please do not repeat post. Thanks.

Regards,
momok

Here is the a squared free report

Here is the a squared free report

a-squared found a few other things. Do you use any remote admin. tools?

Has the computer acted any different since quarantining the items?

yes I did.
Since we ran registry cleaner i can no longer update my virus scan software. Ie7 does not work and msn instant messenger. Outlook is our as well. The registry must of got overwritten and screwed thingsup

Do you have your XP CD to run sfc /scannow? (System File Checker)

That will repair any damaged System files.

http://www.updatexp.com/scannow-sfc.html

that still didn't fix it

Lets try this.

Re-install IE 7.

* First go here to Download IE 7 to the desktop. (don't install it yet)

* Uninstall the version of IE you have installed now, to do so follow these steps:
1 Click Start
2 Click Control Panel
3 Double click Add or Remove Programs
4 Scroll down until you find Internet Explore
5 Then click Change/Remove, and follow the prompts.

** Note: If you are unable to see IE7 in Add or Remove Programs follow these steps:
1 Click Start
2 Click Run
3 Type or copy and paste, into the text box:
%windir%\ie7\spuninst\spuninst.exe
4 Then Press Enter **
* Restart your computer.
* Install the fresh version of Internet Explorer 7.


Then go to http://windowsupdate.microsoft.com/ and check for any updates.


If this does not fix IE the try a Repair Install. http://www.michaelstevenstech.com/XPrepairinstall.htm#RI

good point. I tried that last night and it didn't work.

I am definitely puzzled.