Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware?


  • This topic is locked This topic is locked
3 replies to this topic

#1 ugajimmy

ugajimmy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 24 January 2009 - 09:53 AM

Pasting in additional content from original misposted topic. ~ OB

My windows xp takes a rather long time to load.. and i mean when its loading programs and into windows already.. advertisements randomly pop up when i go to webpages such as <http://mtn5.goole.ws/ac.php?bannerid=6&zoneid=4&target=_blank&withtext=&source=&timeout=0&ct0=.> i've tried fixing this myself but have been unable to.. have scanned with nod32, nothing.. kuporsky or whatnot.. nothing.. adaware.. nothing :\ but clearly there is a problem.

End of added content. ~ OB

running windows xp. boots to windows fine. slow loadup after in windows loading programs. have run full scans with adaware, nod32, and others from their online sites. nothing. ads pop up while running firefox. laptop runs hotter than usual. (fan always on high even when not doing anything). in IE when trying to install flash pops up "cannot create temporary file. perhaps your hard disk is full" (may be unrelated). malware? help?


DDS (Ver_09-01-19.01) - NTFSx86
Run by Administrator at 9:38:54.37 on Sat 01/24/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1608 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Aim6]
uRun: [DriverMax]
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\kus2zoe9.default\
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\kus2zoe9.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 ithsgt;ithsgt;c:\windows\system32\drivers\ithsgt.sys [2008-12-22 162432]
R4 lilsgt;lilsgt;c:\windows\system32\drivers\lilsgt.sys [2008-12-22 12032]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-01-20 15:49 <DIR> --d----- c:\program files\nLite
2009-01-20 15:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-01-15 15:43 <DIR> --d----- C:\old
2009-01-13 07:29 <DIR> --d----- c:\windows\pss
2009-01-13 07:22 <DIR> --d----- c:\windows\system32\appmgmt
2009-01-13 06:53 <DIR> --d----- c:\program files\Innovative Solutions
2009-01-13 06:35 850 a------- c:\windows\system32\ProductTweaks.xml
2009-01-13 06:35 385 a------- c:\windows\system32\user_gensett.xml
2009-01-13 06:30 <DIR> --d----- c:\windows\system32\logs
2009-01-13 06:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-01-13 06:27 <DIR> --d----- c:\program files\common files\BitDefender
2009-01-13 06:07 <DIR> --d----- c:\program files\Trend Micro
2009-01-13 06:02 <DIR> --d----- c:\documents and settings\administrator\.housecall6.6
2009-01-13 05:45 <DIR> --d----- C:\Driver Collector
2009-01-12 07:22 <DIR> --d-h--- c:\program files\Copy of InstallShield Installation Information
2009-01-11 00:16 <DIR> --d----- c:\program files\World of Warcraft Public Test
2009-01-05 15:17 <DIR> --d----- c:\program files\VentSrv
2009-01-02 15:57 <DIR> --d----- c:\docume~1\admini~1\applic~1\OpenOffice.org
2009-01-02 15:50 <DIR> --d----- c:\program files\JRE
2009-01-02 15:50 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-01-02 15:11 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-01-02 15:10 <DIR> --d----- c:\windows\SHELLNEW
2008-12-30 17:53 <DIR> --d----- c:\program files\common files\Logitech
2008-12-30 17:52 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-30 17:42 401 a------- c:\windows\dellstat.ini
2008-12-30 17:35 107,596 a------- C:\toolkit_widget.gif
2008-12-30 17:34 <DIR> --d----- c:\program files\DriverGuide DriverScan
2008-12-30 17:34 <DIR> --d----- c:\documents and settings\administrator\WINDOWS
2008-12-30 17:34 307,200 a------- c:\windows\system32\LEXBCES.EXE
2008-12-30 17:34 201,216 a------- c:\windows\system32\LEXP2P32.DLL
2008-12-30 17:34 197,120 a------- c:\windows\system32\LEX2KUSB.DLL
2008-12-30 17:34 174,592 a------- c:\windows\system32\LEXPPS.EXE
2008-12-30 17:34 147,456 a------- c:\windows\system32\LEXBCE.DLL
2008-12-30 17:34 200,192 a------- c:\windows\system32\LEXLMPM.DLL
2008-12-30 17:25 <DIR> --d----- C:\Dell
2008-12-30 17:22 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2008-12-29 07:06 <DIR> --d----- C:\vcs5BGEffects
2008-12-29 07:05 <DIR> --d----- c:\program files\AV Vcs 6.0 DIAMOND
2008-12-28 16:33 <DIR> --d----- c:\program files\Lavasoft
2008-12-28 16:32 <DIR> --dshr-- C:\resycled
2008-12-27 02:00 25,056 a----r-- c:\windows\system32\Repository.reg
2008-12-27 02:00 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-12-27 02:00 4,658,456 a----r-- c:\windows\system32\drivers\lvuvc.sys
2008-12-27 02:00 490,008 a----r-- c:\windows\system32\LVUI2.dll
2008-12-27 02:00 465,432 a----r-- c:\windows\system32\LVUI2RC.dll
2008-12-27 02:00 416,280 a----r-- c:\windows\system32\lvcodec2.dll
2008-12-27 02:00 195,096 a----r-- c:\windows\system32\lvci11701196.dll
2008-12-27 02:00 66,482 a----r-- c:\windows\system32\lvcoinst.ini
2008-12-27 02:00 41,752 a----r-- c:\windows\system32\drivers\LVUSBSta.sys
2008-12-27 02:00 0 a------- c:\windows\system32\drivers\logiflt.iad
2008-12-27 02:00 23,832 a----r-- c:\windows\system32\drivers\lvuvcflt.sys

==================== Find3M ====================

2009-01-24 01:11 98,304 a------- c:\windows\DUMP62a2.tmp
2009-01-06 06:16 98,304 a------- c:\windows\DUMP54d6.tmp
2009-01-02 15:16 98,304 a------- c:\windows\DUMP5bfa.tmp
2008-12-22 19:36 162,432 a------- c:\windows\system32\drivers\ithsgt.sys
2008-12-22 19:36 12,032 a------- c:\windows\system32\drivers\lilsgt.sys
2008-12-20 10:41 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-12 21:29 114,048 a------- c:\windows\system32\drivers\snapman.sys
2008-12-12 01:12 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-04 21:46 180,224 a------- c:\windows\system32\xvidvfw.dll
2008-12-04 21:42 815,104 a------- c:\windows\system32\xvidcore.dll
2008-11-12 17:21 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-11-08 12:06 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-05 17:02 319,488 a------- c:\windows\HideWin.exe
2008-11-05 16:23 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 684,032 a------- c:\windows\system32\DivX.dll

============= FINISH: 9:39:04.46 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2008 4:24:29 PM
System Uptime: 1/24/2009 9:23:17 AM (0 hours ago)

Motherboard: Quanta | | 30CB
Processor: Intel® Core™2 Duo CPU T7300 @ 2.00GHz | U2E1 | 1995/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 88.796 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 130.507 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10573055&REV_1007\4&E8B2878&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10573055&REV_1007\4&E8B2878&0&0101
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_30CC103C&REV_01\4&C308017&0&00E5
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_30CC103C&REV_01\4&C308017&0&00E5
Service: RTLE8023xp

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\HPQ0006\4&2FFE84EA&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0006\4&2FFE84EA&0
Service:

==== System Restore Points ===================

RP17: 12/12/2008 1:12:22 AM - SPTD setup V1.56
RP18: 12/12/2008 1:33:44 AM - Installed O&O Defrag Professional.
RP19: 12/12/2008 9:29:40 PM - Installed Acronis Disk Director Suite
RP20: 12/14/2008 5:13:32 AM - System Checkpoint
RP21: 12/14/2008 4:26:02 PM - Installed PlayNC Launcher
RP22: 12/15/2008 4:39:18 AM - Installed Sid Meier's Civilization 4
RP23: 12/15/2008 5:03:33 AM - Configured Sid Meier's Civilization 4
RP24: 12/15/2008 7:27:30 PM - Installed SPOREâ„¢
RP25: 12/16/2008 1:39:41 PM - Removed SPOREâ„¢
RP26: 12/16/2008 2:20:47 PM - Installed Rome - Total War™
RP27: 12/17/2008 4:07:43 PM - Removed Rome - Total War™
RP28: 12/17/2008 6:03:19 PM - Installed AVG 8.0
RP29: 12/17/2008 7:23:48 PM - Removed AVG 8.0
RP30: 12/17/2008 7:27:57 PM - Installed AVG 8.0
RP31: 12/18/2008 6:06:32 PM - Configured Sid Meier's Civilization 4
RP32: 12/18/2008 6:07:27 PM - Installed Sid Meier's Civilization 4 - Warlords
RP33: 12/18/2008 6:13:11 PM - Installed DirectX
RP34: 12/18/2008 6:13:37 PM - Configured Sid Meier's Civilization 4
RP35: 12/18/2008 6:15:19 PM - Configured Sid Meier's Civilization 4 - Warlords
RP36: 12/18/2008 6:16:13 PM - Installed Sid Meier's Civilization 4 - Beyond the Sword
RP37: 12/18/2008 6:23:23 PM - Installed DirectX
RP38: 12/18/2008 6:23:42 PM - Configured Sid Meier's Civilization 4 - Beyond the Sword
RP39: 12/19/2008 4:26:41 AM - Removed Ad-Aware
RP40: 12/20/2008 10:39:04 AM - Installed DirectX
RP41: 12/20/2008 10:39:22 AM - Installed Sid Meier's Civilization IV Colonization
RP42: 12/21/2008 3:16:29 AM - Installed DirectX
RP43: 12/22/2008 12:29:56 AM - Installed DirectX
RP44: 12/22/2008 12:31:55 AM - Installed Windows XP WIC.
RP45: 12/22/2008 12:32:03 AM - Installed %1 %2.
RP46: 12/22/2008 12:32:06 AM - Printer Driver Microsoft XPS Document Writer Installed
RP47: 12/22/2008 7:27:12 PM - Installed Fahrenheit
RP48: 12/23/2008 6:00:53 PM - Installed Sid Meier's Civilization 4
RP49: 12/23/2008 6:31:39 PM - Configured Sid Meier's Civilization 4
RP50: 12/23/2008 11:51:25 PM - Installed Warcraft III 1.22 Patch
RP51: 12/24/2008 12:03:48 AM - Installed Garena
RP52: 12/25/2008 5:48:51 AM - Installed Camtasia Studio 5
RP53: 12/27/2008 1:59:47 AM - Logitech QuickCam v11.70.1196
RP54: 12/28/2008 4:20:31 PM - Installed ESET NOD32 Antivirus
RP55: 12/28/2008 4:29:51 PM - Installed Ad-Aware
RP56: 12/28/2008 4:33:12 PM - Installed Ad-Aware
RP57: 1/13/2009 6:56:23 AM - Removed BitDefender Total Security 2009
RP58: 1/13/2009 7:21:12 AM - Removed Garena
RP59: 1/13/2009 7:21:48 AM - Removed Microsoft Games for Windows - LIVE Redistributable
RP60: 1/13/2009 7:22:30 AM - Removed O&O Defrag Professional.
RP61: 1/13/2009 7:24:28 AM - Removed Warcraft III 1.22 Patch
RP62: 1/13/2009 7:33:06 AM - Installed Windows Defender
RP63: 1/24/2009 2:53:02 AM - Removed Kaspersky Anti-Virus 7.0.
RP64: 1/24/2009 2:54:48 AM - Removed Ventrilo Client
RP65: 1/24/2009 2:55:11 AM - Removed Windows Defender
RP66: 1/24/2009 2:56:26 AM - Removed Fahrenheit
RP67: 1/24/2009 2:57:36 AM - Removed Bonjour
RP68: 1/24/2009 2:57:55 AM - Removed HP Update

==== Installed Programs ======================

µTorrent
Acrobat.com
Acronis Disk Director Suite
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9
AIM 6
Alarm Clock v1.0
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AV Voice Changer Software DIAMOND 6.0
Camtasia Studio 5
DAEMON Tools Toolbar
Dell AIO Printer A960
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DriverGuide DriverScan
DriverMax 4
Fahrenheit
HijackThis 2.0.2
HP Update
IsoBuster 2.5
iTunes
Java™ 6 Update 10
Java™ 6 Update 7
LightScribe System Software 1.10.13.1
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
ManyCam 2.3 (remove only)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.0.5)
MSXML 6.0 Parser (KB925673)
nLite 1.4.9.1
NVIDIA Drivers
NVIDIA PhysX v8.10.13
OpenOffice.org 3.0
PlayNC Launcher
QuickTime
Realtek High Definition Audio Driver
Sid Meier's Civilization 4
Skypeâ„¢ 3.8
Update for Windows XP (KB951072-v2)
Ventrilo Server
Viewpoint Media Player
VobSub v2.23 (Remove Only)
Windows Communication Foundation
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Intel (NETw5x32) net (08/28/2008 12.1.0.14)
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)
Windows Imaging Component
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
World of Warcraft
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

1/20/2009 2:07:58 AM, error: WinDefend [5008] -
1/18/2009 9:14:19 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service usnjsvc with arguments "" in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
1/18/2009 2:59:34 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
1/20/2009 3:14:23 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013E85BC1C7. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/20/2009 5:01:52 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0013E85BC1C7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


also excessive number of open ports and internet connections (this netstat taken when only this window is open in firefox)

Active Connections

Proto Local Address Foreign Address State
TCP devlynsyde:1035 localhost:1036 ESTABLISHED
TCP devlynsyde:1036 localhost:1035 ESTABLISHED
TCP devlynsyde:1043 localhost:1044 ESTABLISHED
TCP devlynsyde:1044 localhost:1043 ESTABLISHED
TCP devlynsyde:2086 67.201.54.151:http FIN_WAIT_1
TCP devlynsyde:2087 67.201.54.151:http FIN_WAIT_1
TCP devlynsyde:2089 67.201.54.151:http FIN_WAIT_1
TCP devlynsyde:2103 67.201.54.151:http FIN_WAIT_1
TCP devlynsyde:2111 204.141.87.10:http TIME_WAIT
TCP devlynsyde:2116 63.135.80.49:http ESTABLISHED
TCP devlynsyde:2117 63.135.80.46:http ESTABLISHED
TCP devlynsyde:2124 216.178.33.52:http ESTABLISHED
TCP devlynsyde:2128 216.178.33.49:http ESTABLISHED
TCP devlynsyde:2136 67.201.54.150:http FIN_WAIT_1
TCP devlynsyde:2137 67.201.54.150:http FIN_WAIT_1
TCP devlynsyde:2138 67.201.54.150:http FIN_WAIT_1
TCP devlynsyde:2139 67.201.54.150:http FIN_WAIT_1
TCP devlynsyde:2141 67.201.54.150:http FIN_WAIT_1
TCP devlynsyde:2142 67.201.54.150:http FIN_WAIT_1
TCP devlynsyde:2145 67.201.54.151:http FIN_WAIT_1
TCP devlynsyde:2146 67.201.54.151:http FIN_WAIT_1
TCP devlynsyde:2173 rover.ebay.com:http ESTABLISHED
TCP devlynsyde:2177 204.141.87.35:http ESTABLISHED
TCP devlynsyde:2196 204.141.87.16:http ESTABLISHED

Furthermore, could not run sfc


Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>sfc /scannow
Windows File Protection could not initiate a scan of protected system files.

The specific error code is 0x000006ba [The RPC server is unavailable.
].

HELP?

Edited by Orange Blossom, 24 January 2009 - 11:02 AM.


BC AdBot (Login to Remove)

 


#2 ugajimmy

ugajimmy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 24 January 2009 - 03:15 PM

no reply and first come first serve.. :\ just format/reinstall or?

#3 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:25 AM

Posted 06 February 2009 - 03:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.
Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scans:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.



* Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.scr
DDS.pif

* Double click on the DDS icon, allow it to run.
* A small box will open, with an explaination about the tool. No input is needed, the scan is running.
* Notepad will open with the results, click no to the Optional_Scan
* Follow the instructions that pop up for posting the results.
* Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

After your response, someone will be with you soon.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:11:25 AM

Posted 18 February 2009 - 05:23 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users