I've noticed some unusual activity.. Any advice you can offer would be greatly appreciated!

-------------------

Proto Local Address Foreign Address State
TCP 127.0.0.1:5357 127.0.0.1:50582 TIME_WAIT
TCP 127.0.0.1:50630 127.0.0.1:8118 SYN_SENT
TCP 127.0.0.1:50631 127.0.0.1:8118 SYN_SENT
TCP 127.0.0.1:50632 127.0.0.1:8118 SYN_SENT
TCP 127.0.0.1:50633 127.0.0.1:8118 SYN_SENT
TCP 192.168.1.1:50603 192.168.1.32:445 SYN_SENT
TCP 192.168.1.1:50608 192.168.1.32:445 SYN_SENT
TCP 192.168.1.1:50609 192.168.1.32:445 SYN_SENT
TCP 192.168.1.1:50610 192.168.1.32:445 SYN_SENT
TCP 192.168.1.1:50613 192.168.1.32:139 SYN_SENT
TCP 192.168.1.155:5357 192.168.1.156:49751 TIME_WAIT
TCP 192.168.1.155:50542 65.31.103.87:49666 TIME_WAIT
TCP 192.168.1.155:50544 68.58.113.120:53011 TIME_WAIT
TCP 192.168.1.155:50545 68.194.10.5:29253 TIME_WAIT
TCP 192.168.1.155:50546 70.243.211.75:53036 TIME_WAIT
TCP 192.168.1.155:50548 66.119.43.30:80 TIME_WAIT
TCP 192.168.1.155:50562 64.7.222.130:80 TIME_WAIT
-----------------------

Cheers,
Dave

Attached Files

	Attach.txt (12.3 KB, 1 views)
	DDS.txt (21.7 KB, 2 views)
	gmer.log (19.7 KB, 1 views)
	mbam-log-2010-09-04 (10-51-18).txt (896 Bytes, 1 views)

Welcome aboard

Your MBAM log says "No action taken".
Please, re-run it and fix all found issues.
Post new log.

Then....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Wow! You're fast!!

Thanks Broni, I'll be back shortly!

OK .......

Sorry, Combofix took ages

Latest Logs..

Attached Files

	mbam-log-2010-09-04 (11-43-13).txt (880 Bytes, 1 views)
	MBRCheck_09.04.10_11.44.40.txt (14.7 KB, 1 views)

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

Hi Broni,

No reboot requested..

Thanks for all your help so far also

Attached Files

combofix.txt (19.8 KB, 1 views)

Looks good

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Thank you - I just tried to PM you, but I have insufficient posts..

Is there another way I can contact you privately please?

Doing this now..

I can PM you and you can reply...
Hold on...

I typed a whole essay and it won't let me reply either! lol

I Pmed you with my email.

No extras.txt was created?

The otl.txt file was too big to cut & paste..

Attached Files

OTL.Txt (159.5 KB, 1 views)

Update your Java version: http://java.com/en/download/index.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java installations...

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

=======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  Code:

  :OTL
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O4 - HKLM..\Run: [Bluetooth Connection Assistant]  File not found
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:A31FAD21
  @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:17F5FD45
  @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:B203B914
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===================================================================

Last scans....

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=======================================================

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

========================================================

Disable your antivirus program.
Go to Kaspersky website and perform an online antivirus scan.

• Disable your active antivirus program.
• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Thanks Broni,

TFC crashed at the end (as it tried to reboot I think), so I ran it again, and it was OK..

I'm not able to run Kaspersky... it tells me that "launch of the java application was interupted"

??

Attached Files

	09042010_143448.log (6.9 KB, 1 views)
	checkup.txt (1.1 KB, 2 views)

1. Update Firefox.

2. Instead of Kaspersky...

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• IMPORTANT! UN-check Remove found threats
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Thanks Broni..

I'm still on the first scan. I'll ba back later

OK
Most likely, tomorrow morning....

No threats found

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.