Jump to content

Help. Malware and/or hacker got into pc- programs wont help


Recommended Posts

Hi. I have been asking this on some forums but people don't seem to can help me.

My computer has recently gone just weird with all random advertisements, lag(especially when the internet is on) that is near unbearable ..
In the beginning only pc, programs and clicking was lagged, but now also the internet speed is restricted(connection timeouts etc)

So there must be malware, but I cant get any program to find anything.

I started thinking the possibility that someone has gotten on my pc when net started lagging, mouses/keyboard disconnect and programs started to crash and lag ESPECIALLY when im looking for anti-virus help

and I was quite sure of it, when my x-fire(offline but running) starts to give messages to me "xkon3kt has connected" I dont know him and there is no way x-fire sends messages offline. This is starting to creep me out and I could use a help b ecause I am not quite sure what to do now.

I tried to use "netstat -a" in command prompt, but I dont really know what its telling me.

 

 TCP    127.0.0.1:44080        DMG-PC:56283           T
 TCP    127.0.0.1:44080        DMG-PC:56286           T
 TCP    127.0.0.1:44080        DMG-PC:56288           T
 TCP    127.0.0.1:44080        DMG-PC:56290           T
 TCP    127.0.0.1:44080        DMG-PC:56292           T
 TCP    127.0.0.1:44080        DMG-PC:56296           T
 TCP    127.0.0.1:44080        DMG-PC:56298           T
 TCP    127.0.0.1:44080        DMG-PC:56302           T
 TCP    127.0.0.1:44080        DMG-PC:56306           T
 TCP    127.0.0.1:44080        DMG-PC:56310           T
 TCP    127.0.0.1:44080        DMG-PC:56314           T
 TCP    127.0.0.1:44080        DMG-PC:56316           T
 TCP    127.0.0.1:44080        DMG-PC:56320           T
 TCP    127.0.0.1:44080        DMG-PC:56322           T
 TCP    127.0.0.1:44080        DMG-PC:56324           T
 TCP    127.0.0.1:44080        DMG-PC:56326           T
 TCP    127.0.0.1:44080        DMG-PC:56327           T
 TCP    127.0.0.1:44080        DMG-PC:56330           T
 TCP    127.0.0.1:44080        DMG-PC:56334           T
 TCP    127.0.0.1:44080        DMG-PC:56336           T
 TCP    127.0.0.1:44080        DMG-PC:56338           T
 TCP    127.0.0.1:44080        DMG-PC:56340           T
 TCP    127.0.0.1:44080        DMG-PC:56342           T
 TCP    127.0.0.1:44080        DMG-PC:56344           T
 TCP    127.0.0.1:44080        DMG-PC:56346           T
 TCP    127.0.0.1:44080        DMG-PC:56349           T
 TCP    127.0.0.1:44080        DMG-PC:56350           T
 TCP    127.0.0.1:44080        DMG-PC:56355           T
 TCP    127.0.0.1:44080        DMG-PC:56358           T
 TCP    127.0.0.1:44080        DMG-PC:56361           T
 TCP    127.0.0.1:44080        DMG-PC:56363           T
 TCP    127.0.0.1:44080        DMG-PC:56365           T
 TCP    127.0.0.1:44080        DMG-PC:56367           T
 TCP    127.0.0.1:44080        DMG-PC:56369           T
 TCP    127.0.0.1:44080        DMG-PC:56371           T
 TCP    127.0.0.1:44080        DMG-PC:56373           T
 TCP    127.0.0.1:44080        DMG-PC:56375           T
 TCP    127.0.0.1:44080        DMG-PC:56377           T
 TCP    127.0.0.1:44080        DMG-PC:56378           T
 TCP    127.0.0.1:44080        DMG-PC:56379           T
 TCP    127.0.0.1:44080        DMG-PC:56380           T
 TCP    127.0.0.1:44080        DMG-PC:56381           T
 TCP    127.0.0.1:44080        DMG-PC:56388           T
 TCP    127.0.0.1:44080        DMG-PC:56393           T
 TCP    127.0.0.1:44080        DMG-PC:56395           T
 TCP    127.0.0.1:44080        DMG-PC:56399           T
 TCP    127.0.0.1:44080        DMG-PC:56405           T
 TCP    127.0.0.1:44080        DMG-PC:56409           T
 TCP    127.0.0.1:44080        DMG-PC:56411           T
 TCP    127.0.0.1:44080        DMG-PC:56415           T
 TCP    127.0.0.1:44080        DMG-PC:56417           T
 TCP    127.0.0.1:44080        DMG-PC:56419           T
 TCP    127.0.0.1:44080        DMG-PC:56426           T
 TCP    127.0.0.1:44080        DMG-PC:56428           T
 TCP    127.0.0.1:44080        DMG-PC:56432           T
 TCP    127.0.0.1:44080        DMG-PC:56434           T
 TCP    127.0.0.1:44080        DMG-PC:56438           T
 TCP    127.0.0.1:44080        DMG-PC:56440           T
 TCP    127.0.0.1:44080        DMG-PC:56441           T
 TCP    127.0.0.1:44080        DMG-PC:56446           T
 TCP    127.0.0.1:44080        DMG-PC:56448           T
 TCP    127.0.0.1:44080        DMG-PC:56450           T
 TCP    127.0.0.1:44080        DMG-PC:56452           T
 TCP    127.0.0.1:44080        DMG-PC:56454           T
 TCP    127.0.0.1:44080        DMG-PC:56456           T
 TCP    127.0.0.1:44080        DMG-PC:56458           T
 TCP    127.0.0.1:44080        DMG-PC:56460           T
 TCP    127.0.0.1:44080        DMG-PC:56462           T
 TCP    127.0.0.1:44080        DMG-PC:56464           T
 TCP    127.0.0.1:44080        DMG-PC:56466           T
 TCP    127.0.0.1:44080        DMG-PC:56468           T
 TCP    127.0.0.1:44080        DMG-PC:56470           T
 TCP    127.0.0.1:44080        DMG-PC:56472           T
 TCP    127.0.0.1:44080        DMG-PC:56474           T
 TCP    127.0.0.1:44080        DMG-PC:56476           T
 TCP    127.0.0.1:44080        DMG-PC:56478           T
 TCP    127.0.0.1:44080        DMG-PC:56480           T
 TCP    127.0.0.1:44080        DMG-PC:56494           T
 TCP    127.0.0.1:44080        DMG-PC:56496           T
 TCP    127.0.0.1:44080        DMG-PC:56501           T
 TCP    127.0.0.1:44080        DMG-PC:56531           T
 TCP    127.0.0.1:44080        DMG-PC:56533           T
 TCP    127.0.0.1:44080        DMG-PC:56535           T
 TCP    127.0.0.1:44080        DMG-PC:56540           T
 TCP    127.0.0.1:44080        DMG-PC:56544           T
 TCP    127.0.0.1:44080        DMG-PC:56548           T
 TCP    127.0.0.1:44080        DMG-PC:56550           T
 TCP    127.0.0.1:44080        DMG-PC:56552           T
 TCP    127.0.0.1:44080        DMG-PC:56556           T
 TCP    127.0.0.1:44080        DMG-PC:56558           E
 TCP    127.0.0.1:44080        DMG-PC:56566           E
 TCP    127.0.0.1:49156        DMG-PC:5354            E
 TCP    127.0.0.1:49160        DMG-PC:49161           E
 TCP    127.0.0.1:49161        DMG-PC:49160           E
 TCP    127.0.0.1:49162        DMG-PC:49163           E
 TCP    127.0.0.1:49163        DMG-PC:49162           E
 TCP    127.0.0.1:49192        DMG-PC:49193           E
 TCP    127.0.0.1:49193        DMG-PC:49192           E
 TCP    127.0.0.1:49211        DMG-PC:27015           E
 TCP    127.0.0.1:54180        DMG-PC:54181           E
 TCP    127.0.0.1:54181        DMG-PC:54180           E
 TCP    127.0.0.1:56112        DMG-PC:44080           T
 TCP    127.0.0.1:56164        DMG-PC:44080           T
 TCP    127.0.0.1:56201        DMG-PC:44080           T
 TCP    127.0.0.1:56204        DMG-PC:44080           T
 TCP    127.0.0.1:56206        DMG-PC:44080           T
 TCP    127.0.0.1:56212        DMG-PC:44080           T
 TCP    127.0.0.1:56219        DMG-PC:44080           T
 TCP    127.0.0.1:56221        DMG-PC:44080           T
 TCP    127.0.0.1:56231        DMG-PC:44080           T
 TCP    127.0.0.1:56235        DMG-PC:44080           T
 TCP    127.0.0.1:56237        DMG-PC:44080           T
 TCP    127.0.0.1:56243        DMG-PC:44080           T
 TCP    127.0.0.1:56249        DMG-PC:44080           T
 TCP    127.0.0.1:56251        DMG-PC:44080           T
 TCP    127.0.0.1:56255        DMG-PC:44080           T
 TCP    127.0.0.1:56257        DMG-PC:44080           T
 TCP    127.0.0.1:56259        DMG-PC:44080           T
 TCP    127.0.0.1:56273        DMG-PC:44080           T
 TCP    127.0.0.1:56276        DMG-PC:44080           T
 TCP    127.0.0.1:56278        DMG-PC:44080           T
 TCP    127.0.0.1:56294        DMG-PC:44080           T
 TCP    127.0.0.1:56300        DMG-PC:44080           T
 TCP    127.0.0.1:56304        DMG-PC:44080           T
 TCP    127.0.0.1:56308        DMG-PC:44080           T
 TCP    127.0.0.1:56311        DMG-PC:44080           T
 TCP    127.0.0.1:56318        DMG-PC:44080           T
 TCP    127.0.0.1:56332        DMG-PC:44080           T
 TCP    127.0.0.1:56352        DMG-PC:44080           T
 TCP    127.0.0.1:56357        DMG-PC:44080           T
 TCP    127.0.0.1:56391        DMG-PC:44080           T
 TCP    127.0.0.1:56397        DMG-PC:44080           T
 TCP    127.0.0.1:56401        DMG-PC:44080           T
 TCP    127.0.0.1:56403        DMG-PC:44080           T
 TCP    127.0.0.1:56407        DMG-PC:44080           T
 TCP    127.0.0.1:56412        DMG-PC:44080           T
 TCP    127.0.0.1:56421        DMG-PC:44080           T
 TCP    127.0.0.1:56424        DMG-PC:44080           T
 TCP    127.0.0.1:56430        DMG-PC:44080           T
 TCP    127.0.0.1:56436        DMG-PC:44080           T
 TCP    127.0.0.1:56444        DMG-PC:44080           T
 TCP    127.0.0.1:56482        DMG-PC:44080           T
 TCP    127.0.0.1:56484        DMG-PC:44080           T
 TCP    127.0.0.1:56486        DMG-PC:44080           T
 TCP    127.0.0.1:56488        DMG-PC:44080           T
 TCP    127.0.0.1:56490        DMG-PC:44080           T
 TCP    127.0.0.1:56492        DMG-PC:44080           T
 TCP    127.0.0.1:56499        DMG-PC:44080           T
 TCP    127.0.0.1:56511        DMG-PC:44080           T
 TCP    127.0.0.1:56512        DMG-PC:44080           T
 TCP    127.0.0.1:56515        DMG-PC:44080           T
 TCP    127.0.0.1:56517        DMG-PC:44080           T
 TCP    127.0.0.1:56519        DMG-PC:44080           T
 TCP    127.0.0.1:56521        DMG-PC:44080           T
 TCP    127.0.0.1:56523        DMG-PC:44080           T
 TCP    127.0.0.1:56524        DMG-PC:44080           T
 TCP    127.0.0.1:56527        DMG-PC:44080           T
 TCP    127.0.0.1:56529        DMG-PC:44080           T
 TCP    127.0.0.1:56538        DMG-PC:44080           T
 TCP    127.0.0.1:56554        DMG-PC:44080           T
 TCP    127.0.0.1:56558        DMG-PC:44080           E
 TCP    127.0.0.1:56566        DMG-PC:44080           E
 TCP    127.0.0.1:56568        DMG-PC:2559            S
 TCP    192.168.10.41:139      DMG-PC:0               L
 TCP    192.168.10.41:55764    arn02s05-in-f12:https  E
 TCP    192.168.10.41:55908    arn02s05-in-f11:https  E
 TCP    192.168.10.41:56113    cache:http             T
 TCP    192.168.10.41:56132    cache:https            E
 TCP    192.168.10.41:56166    web-vip:http           T
 TCP    192.168.10.41:56167    arn06s02-in-f15:https  E
 TCP    192.168.10.41:56203    93.184.220.111:http    T
 TCP    192.168.10.41:56205    2.21.207.139:http      T
 TCP    192.168.10.41:56207    193-45-10-159:http     T
 TCP    192.168.10.41:56210    lb-in-f84:https        E
 TCP    192.168.10.41:56214    bs:http                T
 TCP    192.168.10.41:56220    193-45-10-162:http     T
 TCP    192.168.10.41:56222    193-45-10-162:http     T
 TCP    192.168.10.41:56232    data107:http           T
 TCP    192.168.10.41:56236    ns2339835:http         T
 TCP    192.168.10.41:56238    ns2339835:http         T
 TCP    192.168.10.41:56244    ns2339312:http         T
 TCP    192.168.10.41:56250    data11:http            T
 TCP    192.168.10.41:56252    data11:http            T
 TCP    192.168.10.41:56256    data110:http           T
 TCP    192.168.10.41:56260    193.229.108.45:http    T
 TCP    192.168.10.41:56266    edge-star-shv-07-ams2:ht
 TCP    192.168.10.41:56274    n1nlhg700c1700:http    T
 TCP    192.168.10.41:56275    arn02s05-in-f12:https  T
 TCP    192.168.10.41:56277    arn02s06-in-f15:http   T
 TCP    192.168.10.41:56279    193-45-10-159:http     T
 TCP    192.168.10.41:56295    12.130.81.228:http     T
 TCP    192.168.10.41:56301    ec2-107-21-123-212:http
 TCP    192.168.10.41:56305    193-45-10-151:http     T
 TCP    192.168.10.41:56309    ec2-54-225-133-14:http
 TCP    192.168.10.41:56313    173:http               T
 TCP    192.168.10.41:56319    74.121.176.40:http     T
 TCP    192.168.10.41:56333    server-54-230-99-245:htt
 TCP    192.168.10.41:56348    edge-star-shv-07-ams2:ht
 TCP    192.168.10.41:56354    ec2-54-235-189-9:http  T
 TCP    192.168.10.41:56359    ec2-54-243-105-127:http
 TCP    192.168.10.41:56387    a23-52-17-224:https    E
 TCP    192.168.10.41:56390    la-in-f95:https        E
 TCP    192.168.10.41:56398    ec2-79-125-110-85:http
 TCP    192.168.10.41:56402    ec2-50-112-162-47:http
 TCP    192.168.10.41:56404    193-45-10-159:http     T
 TCP    192.168.10.41:56408    70.33.182.202:http     T
 TCP    192.168.10.41:56414    ec2-54-236-156-196:http
 TCP    192.168.10.41:56422    www:http               T
 TCP    192.168.10.41:56423    193.229.108.170:https  E
 TCP    192.168.10.41:56437    cache:http             T
 TCP    192.168.10.41:56445    193.229.108.15:http    T
 TCP    192.168.10.41:56483    93.184.220.111:http    T
 TCP    192.168.10.41:56485    93.184.220.111:http    T
 TCP    192.168.10.41:56487    93.184.220.111:http    T
 TCP    192.168.10.41:56489    93.184.220.111:http    T
 TCP    192.168.10.41:56491    93.184.220.111:http    T
 TCP    192.168.10.41:56493    93.184.220.111:http    T
 TCP    192.168.10.41:56498    arn06s01-in-f22:https  E
 TCP    192.168.10.41:56504    arn02s05-in-f11:https  T
 TCP    192.168.10.41:56505    193.229.108.166:https  E
 TCP    192.168.10.41:56506    arn02s05-in-f10:https  E
 TCP    192.168.10.41:56508    arn02s06-in-f15:https  E
 TCP    192.168.10.41:56509    193.229.108.113:https  T
 TCP    192.168.10.41:56510    193.229.108.109:https  E
 TCP    192.168.10.41:56537    arn06s02-in-f29:https  E
 TCP    192.168.10.41:56542    bom04s01-in-f15:https  E
 TCP    192.168.10.41:56543    lhr08s04-in-f15:https  E
 TCP    192.168.10.41:56555    l3:http                T
 TCP    192.168.10.41:56559    193.229.108.15:http    E
 TCP    192.168.10.41:56567    cache:http             E
 TCP    192.168.10.41:64121    91.190.216.62:12350    E
 TCP    192.168.10.41:64180    157.55.235.161:40020   E
 TCP    192.168.10.41:64972    db3msgr5011612:https   E
 TCP    [::]:135               DMG-PC:0               L
 TCP    [::]:445               DMG-PC:0               L
 TCP    [::]:23505             DMG-PC:0               L
 TCP    [::]:44080             DMG-PC:0               L
 TCP    [::]:49152             DMG-PC:0               L
 TCP    [::]:49153             DMG-PC:0               L
 TCP    [::]:49154             DMG-PC:0               L
 TCP    [::]:49155             DMG-PC:0               L
 TCP    [::]:49165             DMG-PC:0               L
 UDP    0.0.0.0:443            *:*
 UDP    0.0.0.0:1900           *:*
 UDP    0.0.0.0:3544           *:*
 UDP    0.0.0.0:5355           *:*
 UDP    0.0.0.0:6771           *:*
 UDP    0.0.0.0:23505          *:*
 UDP    0.0.0.0:31621          *:*
 UDP    0.0.0.0:61527          *:*
 UDP    0.0.0.0:61528          *:*
 UDP    0.0.0.0:61529          *:*
 UDP    0.0.0.0:61530          *:*
 UDP    0.0.0.0:61531          *:*
 UDP    0.0.0.0:61532          *:*
 UDP    0.0.0.0:61533          *:*
 UDP    0.0.0.0:61534          *:*
 UDP    0.0.0.0:61535          *:*
 UDP    0.0.0.0:61536          *:*
 UDP    0.0.0.0:61537          *:*
 UDP    0.0.0.0:61538          *:*
 UDP    0.0.0.0:61539          *:*
 UDP    0.0.0.0:61540          *:*
 UDP    0.0.0.0:61541          *:*
 UDP    0.0.0.0:61542          *:*
 UDP    0.0.0.0:61543          *:*
 UDP    0.0.0.0:61544          *:*
 UDP    0.0.0.0:61545          *:*
 UDP    0.0.0.0:61546          *:*
 UDP    0.0.0.0:64697          *:*
 UDP    127.0.0.1:1900         *:*
 UDP    127.0.0.1:49918        *:*
 UDP    127.0.0.1:53822        *:*
 UDP    127.0.0.1:55495        *:*
 UDP    127.0.0.1:55897        *:*
 UDP    127.0.0.1:55898        *:*
 UDP    127.0.0.1:64689        *:*
 UDP    127.0.0.1:64699        *:*
 UDP    127.0.0.1:64700        *:*
 UDP    127.0.0.1:65130        *:*
 UDP    127.0.0.1:65131        *:*
 UDP    192.168.10.41:137      *:*
 UDP    192.168.10.41:138      *:*
 UDP    192.168.10.41:1900     *:*
 UDP    192.168.10.41:5353     *:*
 UDP    192.168.10.41:49917    *:*
 UDP    192.168.10.41:58795    *:*
 UDP    192.168.10.74:64688    *:*
 UDP    [::]:5355              *:*
 UDP    [::]:23505             *:*
 UDP    [::]:64698             *:*
 UDP    [::1]:1900             *:*
 UDP    [::1]:5353             *:*
 UDP    [::1]:49916            *:*
 UDP    [fe80::29a8:fc8:9415:3158%11]:546  *:*
 UDP    [fe80::29a8:fc8:9415:3158%11]:546  *:*
 UDP    [fe80::29a8:fc8:9415:3158%11]:1900  *:*
 UDP    [fe80::29a8:fc8:9415:3158%11]:49915  *:*

Link to post
Share on other sites

Run the following:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

 

  •  

     

  • Double click on AdwCleaner.exe to run the tool.

     

     

  • Vista/Windows 7/8 users right-click and select Run As Administrator

     

     

  • Click on the Scan button.

     

     

  • AdwCleaner will begin...be patient as the scan may take some time to complete.

     

     

  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.

     

     

  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

     

     

  • Look over the log especially under Files/Folders for any program you want to save.

     

     

  • If there's a program you want to save, just uncheck it from AdwCleaner.

     

     

  • If you're not sure, post the log for review.

     

     

  • If you're ready to clean it all up.....click the Clean button.

     

     

  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.

     

     

  • Copy and paste the contents of that logfile in your next reply.

     

     

  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

     

     

  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine

     

     

  • To restore an item that has been deleted (if necessary):

     

     

  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

     

     

 

 

Next,

 

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

 

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

 

  •  

     

  • Make sure to get the correct version for your system.

     

     

  • Quit all running programs

     

     

  • Please disconnect any USB or external drives from the computer before you run this scan!

     

     

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe

     

     

  • Wait until Prescan has finished...

     

     

  • The following EULA will appear, please select accept

     

     

    RKLicence.png

     

     

  • Ensure MBR scan, Check faked and AntiRootkit are checked

     

     

  • Select Scan

     

     

    RK1A.png

     

     

  • When the scan completes select Report, copy and paste that to your reply.

     

     

    RK2A.png

     

     

  • The log should be found in RKreport[?].txt on your Desktop

     

     

  • Exit/Close RogueKiller

     

     

 

 

Kevin...

fixlist.txt

Link to post
Share on other sites

I wasnt connected when I made this but here is the results. I can try second time connected.

It tells me something too, but I dont see programs that were used by someone according to netstat - in command prompt(x-fire, ituneshelper, firefox, chrome, avira web protect and some aplle product) I cant find them in list. What if this hacker comes back at me?

RKreport0_S_10042013_174803.txt

AdwCleanerS0.txt

Fixlog.txt

Link to post
Share on other sites

It will be beneficial to change your password on your X-Fire account, also iTunes if applicable....

 

Next,

 

Check for proxy server settings in your browser, the following are the most common used.

 

Internet Explorer:

Tools Menu -> Internet Options  -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

Firefox:

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

 

Chrome:

Select -> Tools menu ->  then "Options", then  go to "Change Proxy Settings", then "LAN Settings" , then  take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

 

Safari


Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of the infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

 

When the scan is complete

 

 

If threats were found

 

 

close program

 

copy and paste the report here

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin...

Link to post
Share on other sites

Thanks for very thorough guide. I just wondered if I had to remove the found registry errors in RogueKiller or just the report? I am leaving for weekend now, I can't stay at dorm in the weekends so I probably need to run the tests on sunday and get back to topic. Thanks for all so far, you have helped much :)

Link to post
Share on other sites

Here is the results from all of the tests. I did not remove nothing like you told. I'm just curious what's your opinion, on how I should change my passwords,logins and other personal info(I have used for instance

my mail, one online game, x-fire, student login info etc. Plus me and my friend had planned a trip for next month, the information was on my mailbox at the time of attack, now my friend is a bit on toes and we decided it would be wise to cancel this trip and rebook on better date, I know it's a bit over the top but you can never be to sure who would follow you and whats their motives) since if I do this now(change passwords, make new mailbox etc), the one who is on my pc could see it? What would be your suggestion?

ESET SCAN.txt

checkup.txt

mbam-log-2013-10-04 (21-09-43).txt

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :Filesipconfig /flushdns /cC:\Program Files (x86)\Common Files\DVDVideoSoft\AskTBC:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js    C:\Users\DMG\AppData\Roaming\DeviceDoctorSoftware\DeviceDoctor\updates\1.0.0.1\DeviceDoctor_Setup.exeC:\Users\DMG\Downloads\FreeYouTubeToMP3Converter (1).exeC:\Users\DMG\Downloads\FreeYouTubeToMP3Converter.exeC:\Users\DMG\Downloads\KeyFinderInstaller.exeC:\Users\DMG\Downloads\siw_build_1029.exeC:\Users\DMG\Downloads\Tweak-Me!-1.3.0.0-Setup.exeC:\Users\DMG\Downloads\fit in\FreeYouTubeToMP3Converter.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

Make sure the following two versions are removed when update completes:

 

Java 6 Update 22  
Java 6 Update 31  
 

Post OTM log, let me know if the updates complete. Also let me know if there are any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

I updated now and it seems a success. It couldnt verify which java I was using so I just installed the latest version manually.

I was just asking your opinion how I go with changing IF the person has collected my login data(should I use separate pc, network, make new account or change better)

I mean a case where I change my passwords and the hacker could see me doing so

I read this link if it will give more advice

Again, thanks for all so far.

Link to post
Share on other sites

I don't know.. I wanted to know what is the best option of free antiviruses(currently running avira) plus firewall, avira dont come with free firewall so I have windows defender on. What is weird is that windows tells me to "start using antivirus program" but avira is running. When I try to click fix nothing will happen. I remember avira was infected.. I still encounter this weird lag when surfing I had earlier...

Command prompt lines tell me that

 Proto  Paikallinen osoite        Vieras osoite        Tila           PID
 TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       924
 TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
 TCP    0.0.0.0:44080          0.0.0.0:0              LISTENING       2880
 TCP    0.0.0.0:44081          0.0.0.0:0              LISTENING       2880
 TCP    0.0.0.0:49152          0.0.0.0:0              LISTENING       552
 TCP    0.0.0.0:49153          0.0.0.0:0              LISTENING       1012
 TCP    0.0.0.0:49154          0.0.0.0:0              LISTENING       468
 TCP    0.0.0.0:49155          0.0.0.0:0              LISTENING       648
 TCP    0.0.0.0:49174          0.0.0.0:0              LISTENING       640
 TCP    127.0.0.1:44080        127.0.0.1:56181        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56184        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56186        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56199        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56202        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56204        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56206        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56208        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56213        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56252        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56254        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56256        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56258        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56260        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56262        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56264        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:56266        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58284        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58319        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58321        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58323        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58325        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58327        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58329        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58331        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58333        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58335        TIME_WAIT       0
 TCP    127.0.0.1:44080        127.0.0.1:58339        TIME_WAIT       0
 TCP    127.0.0.1:50397        127.0.0.1:50398        ESTABLISHED     4596
 TCP    127.0.0.1:50398        127.0.0.1:50397        ESTABLISHED     4596
 TCP    127.0.0.1:56188        127.0.0.1:44080        TIME_WAIT       0
 TCP    127.0.0.1:56190        127.0.0.1:44080        TIME_WAIT       0
 TCP    127.0.0.1:56192        127.0.0.1:44080        TIME_WAIT       0
 TCP    127.0.0.1:56196        127.0.0.1:44080        TIME_WAIT       0
 TCP    127.0.0.1:56215        127.0.0.1:44080        TIME_WAIT       0
 TCP    127.0.0.1:58337        127.0.0.1:44080        TIME_WAIT       0
 TCP    127.0.0.1:58341        127.0.0.1:44080        TIME_WAIT       0
 TCP    192.168.10.169:139     0.0.0.0:0              LISTENING       4
 TCP    192.168.10.169:56180   192.168.10.1:53        TIME_WAIT       0
 TCP    192.168.10.169:56183   193.229.108.84:443     ESTABLISHED     4596
 TCP    192.168.10.169:56189   93.184.220.111:80      TIME_WAIT       0
 TCP    192.168.10.169:56191   66.33.220.204:80       TIME_WAIT       0
 TCP    192.168.10.169:56193   2.21.207.139:80        TIME_WAIT       0
 TCP    192.168.10.169:56194   173.194.32.47:443      ESTABLISHED     4596
 TCP    192.168.10.169:56195   74.125.143.84:443      ESTABLISHED     4596
 TCP    192.168.10.169:56197   74.125.232.107:443     ESTABLISHED     4596
 TCP    192.168.10.169:56198   193.45.10.159:80       TIME_WAIT       0
 TCP    192.168.10.169:56216   184.173.97.194:80      TIME_WAIT       0
 TCP    192.168.10.169:56218   173.252.107.18:443     ESTABLISHED     4596
 TCP    192.168.10.169:56222   193.45.10.146:443      ESTABLISHED     4596
 TCP    192.168.10.169:56223   193.45.10.146:443      ESTABLISHED     4596
 TCP    192.168.10.169:56225   23.62.98.145:443       ESTABLISHED     4596
 TCP    192.168.10.169:56229   92.123.155.80:443      ESTABLISHED     4596
 TCP    192.168.10.169:56230   92.123.155.66:443      ESTABLISHED     4596
 TCP    192.168.10.169:56234   23.62.98.145:443       ESTABLISHED     4596
 TCP    192.168.10.169:56235   23.62.98.145:443       ESTABLISHED     4596
 TCP    192.168.10.169:56236   193.45.10.146:443      ESTABLISHED     4596
 TCP    192.168.10.169:56237   193.45.10.146:443      ESTABLISHED     4596
 TCP    192.168.10.169:56238   193.45.10.146:443      ESTABLISHED     4596
 TCP    192.168.10.169:56239   193.45.10.146:443      ESTABLISHED     4596
 TCP    192.168.10.169:56241   92.123.155.66:443      ESTABLISHED     4596
 TCP    192.168.10.169:56242   92.123.155.66:443      ESTABLISHED     4596
 TCP    192.168.10.169:56506   23.62.98.120:443       ESTABLISHED     4596
 TCP    192.168.10.169:56684   31.13.64.97:443        ESTABLISHED     4596
 TCP    192.168.10.169:58315   23.62.98.145:443       ESTABLISHED     4596
 TCP    192.168.10.169:58338   192.221.106.126:80     TIME_WAIT       0
 TCP    192.168.10.169:58342   68.232.35.121:80       TIME_WAIT       0
 TCP    [::]:135               [::]:0                 LISTENING       924
 TCP    [::]:445               [::]:0                 LISTENING       4
 TCP    [::]:44080             [::]:0                 LISTENING       2880
 TCP    [::]:49152             [::]:0                 LISTENING       552
 TCP    [::]:49153             [::]:0                 LISTENING       1012
 TCP    [::]:49154             [::]:0                 LISTENING       468
 TCP    [::]:49155             [::]:0                 LISTENING       648
 TCP    [::]:49174             [::]:0                 LISTENING       640
 UDP    0.0.0.0:1234           *:*                                    4352
 UDP    0.0.0.0:5355           *:*                                    1160
 UDP    127.0.0.1:1900         *:*                                    3904
 UDP    127.0.0.1:51181        *:*                                    3904
 UDP    192.168.10.169:137     *:*                                    4
 UDP    192.168.10.169:138     *:*                                    4
 UDP    192.168.10.169:1900    *:*                                    3904
 UDP    192.168.10.169:51180   *:*                                    3904
 UDP    [::]:5355              *:*                                    1160
 UDP    [::1]:1900             *:*                                    3904
 UDP    [::1]:51179            *:*                                    3904
 UDP    [fe80::29a8:fc8:9415:3158%11]:546  *:*
  1012
 UDP    [fe80::29a8:fc8:9415:3158%11]:1900  *:*
   3904
 UDP    [fe80::29a8:fc8:9415:3158%11]:51178  *:*
    3904

 

If I understood correctly. "Established" means that someone else is on my pc/using some of my programs? Am I correct?

I need a good router since im in shared network(dormitory with ~20 using the same network)?

Link to post
Share on other sites

What you see in that list is your PC connecting (Established) or waiting (Listening) to online services for applications and services you have...

 

If you look at these two from your list:

 

TCP    192.168.10.169:56218   173.252.107.18:443     ESTABLISHED     4596

TCP    192.168.10.169:56684   31.13.64.97:443        ESTABLISHED     4596

 

The first set of numbers is you, the second set FaceBook, I have checked all of the other IP`s and none are suspicious, I get no DNS blacklist results

 

Run a Full scan with Malwarebytes and post that log.... Also let me know if you have any other remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

Ok, nice to get that cleared up.. I just looked up several websites on the net that stated "established" means there is someone on my pc, I don't know if they are trolls or just misinformed..

anyway, was it normal that windows tells me to start using virus protection when I have it on? And another thing, I noticed my firefox was out of date, updated it. While I was updating avira notified me it had installed 15 new files, and that's when my computer crashed. BAM. And after installation, I open firefox to get to login page of the school network, it tells me that the sites certificate(or along the lines) is not trusted. It didn't do this on previous version.. Am I just being a little paranoid here?
I will send the logs in the evening..

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.