Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Virus? Slowing things down?


  • Please log in to reply
1 reply to this topic

#1 gwoiler

gwoiler

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 31 December 2009 - 01:08 PM

Dear Forum

OK... I just read the advice in here about the procedure I should follow and I see I have not folloed it. SORRY! OK... Here is some more info....

This is a Sony laptop with XP home service pack 3. The original problem started with the CPU going 100% all the time. Services... or processes showed an HP Imaging quick start running. I researched it and saw that it could be a virus but it apeared to be OK. I uninstalled the HP imaging software because it was not needed. The computer seemed fine. A day later when turning it on showed the wireless activity icon lit up most the time and that is where I am now. I am hoping someone here can help before I decide to do a full re-install of the OS. The rest of this post is from before I read all the procedures requested.

-------------------------------------------------------------------------------------
My laptop is constantly busy with internet communications of some sort. The icon for wireless in the sys tray is lit up most the time. TCPView shows that there is constant activity with services.exe on 20 to 50 or more lines coming and going in vrious states of activity and they first appear, try to establish themselves, then many send something, and then they close. I have run combofix.exe, malewarebytes, AVG, AVAST, and have some log files to present here. I do not know what to do next.
-------------------------------------------------------------------------------------

Attached Files


Edited by gwoiler, 31 December 2009 - 02:13 PM.


BC AdBot (Login to Remove)

 


#2 gwoiler

gwoiler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 31 December 2009 - 07:51 PM

Hi All.... Well.... I know everyone is busy, and it is New Years Eve.... but I have to get something done with this computer and I can't wait a long time to do it. So rather than figure out why a program or process is using services.exe and exercising my internet connection with 20-70 [who knows] connections at the same time, I will re-install XP to be able to get productive. I ran Process Explorer and it looks like svhost.exe is a sub event under services. When I have the wireless disabled, there is no "services.exe." It looks like this:

alg.exe:2468 TCP 127.0.0.1:1115 0.0.0.0:0 LISTENING
AppleMobileDeviceService.exe:180 TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
lsass.exe:776 UDP 0.0.0.0:500 *:*
lsass.exe:776 UDP 0.0.0.0:4500 *:*
spoolsv.exe:1720 UDP 0.0.0.0:1028 *:*
svchost.exe:1032 UDP 127.0.0.1:123 *:*
svchost.exe:1032 UDP 127.0.0.1:1117 *:*
svchost.exe:1032 UDP 0.0.0.0:1116 *:*
svchost.exe:1032 UDP 127.0.0.1:35226 *:*
svchost.exe:1496 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
svchost.exe:1496 UDP 127.0.0.1:1900 *:*
svchost.exe:992 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
System:4 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
System:4 UDP 0.0.0.0:445 *:*
VCSW.exe:688 TCP 0.0.0.0:51493 0.0.0.0:0 LISTENING
VCSW.exe:688 UDP 0.0.0.0:51493 *:*

And, immediately after connecting the internet, this is what TCPView looks like. I wonder what the SYN_SENT means?

[System Process]:0 TCP 127.0.0.1:34377 127.0.0.1:2869 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34383 65.254.254.50:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34408 75.180.132.244:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34396 206.222.171.20:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34426 193.252.22.142:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34424 146.201.3.232:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34445 208.44.232.46:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34476 167.230.105.46:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34412 67.28.113.136:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34419 212.114.171.19:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34466 162.112.41.112:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34487 199.64.220.25:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34493 115.118.161.115:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34477 130.154.3.161:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34557 67.231.144.29:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34547 200.76.98.76:25 TIME_WAIT
[System Process]:0 TCP 192.168.0.12:34575 75.180.133.40:25 TIME_WAIT
alg.exe:2468 TCP 127.0.0.1:1115 0.0.0.0:0 LISTENING
AppleMobileDeviceService.exe:180 TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
lsass.exe:776 UDP 0.0.0.0:500 *:*
lsass.exe:776 UDP 0.0.0.0:4500 *:*
services.exe:764 TCP 192.168.0.12:34388 68.250.79.131:25 CLOSING
services.exe:764 TCP 192.168.0.12:34380 194.61.230.128:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34413 209.85.222.8:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34410 74.55.2.34:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34390 216.75.196.129:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34440 78.159.112.62:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34465 206.239.166.13:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34474 203.83.193.135:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34473 87.236.241.204:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34453 207.191.226.16:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34454 207.191.226.16:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34464 208.84.64.201:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34478 96.56.145.170:25 FIN_WAIT1
services.exe:764 TCP 192.168.0.12:34488 85.33.2.53:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34489 85.33.2.53:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34490 65.91.51.163:25 CLOSING
services.exe:764 TCP 192.168.0.12:34492 80.90.80.91:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34495 216.97.227.65:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34503 209.85.222.4:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34499 216.178.7.253:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34511 209.85.216.68:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34508 173.15.18.185:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34497 213.145.97.134:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34509 199.171.54.203:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34513 200.189.226.67:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34533 137.204.230.5:25 CLOSING
services.exe:764 TCP 192.168.0.12:34530 213.245.2.2:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34531 213.245.2.2:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34532 119.63.209.149:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34519 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34520 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34521 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34522 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34523 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34524 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34525 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34550 208.65.145.2:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34546 13.8.138.217:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34540 212.227.136.50:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34542 69.178.5.252:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34543 193.231.173.10:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34544 193.231.173.10:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34541 216.32.180.22:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34545 72.32.252.25:25 LAST_ACK
services.exe:764 TCP 192.168.0.12:34538 80.232.168.199:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34539 80.232.168.199:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34536 216.82.254.51:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34537 216.82.254.51:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34548 200.76.98.76:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34549 200.76.98.76:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34566 200.59.205.50:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34551 135.196.189.193:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34553 212.254.193.191:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34568 213.245.2.2:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34552 200.45.191.213:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34556 129.187.228.56:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34565 4.79.122.67:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34560 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34561 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34562 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34563 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34564 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34558 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34559 205.188.109.56:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34570 64.18.4.13:25 FIN_WAIT2
services.exe:764 TCP 192.168.0.12:34569 144.191.154.58:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34555 66.70.227.64:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34567 208.65.144.2:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34577 193.252.22.186:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34581 209.85.216.68:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34582 194.217.242.9:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34578 85.62.80.130:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34571 61.151.251.2:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34579 74.205.1.134:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34580 216.135.56.35:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34572 64.18.4.10:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34573 64.18.4.10:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34576 64.18.6.10:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34574 98.100.211.248:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34602 79.137.225.32:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34589 188.94.13.136:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34585 66.219.160.203:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34600 206.212.240.2:25 SYN_SENT
services.exe:764 TCP 192.168.0.12:34592 64.191.223.42:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34588 204.14.1.13:25 ESTABLISHED
services.exe:764 TCP 192.168.0.12:34583 208.65.145.3:25 ESTABLISHED
spoolsv.exe:1720 UDP 0.0.0.0:1028 *:*
svchost.exe:1032 UDP 127.0.0.1:123 *:*
svchost.exe:1032 UDP 127.0.0.1:1117 *:*
svchost.exe:1032 UDP 0.0.0.0:1116 *:*
svchost.exe:1032 UDP 192.168.0.12:123 *:*
svchost.exe:1032 TCP 127.0.0.1:34375 127.0.0.1:2869 ESTABLISHED
svchost.exe:1312 UDP 0.0.0.0:52394 *:*
svchost.exe:1312 UDP 0.0.0.0:28055 *:*
svchost.exe:1312 UDP 0.0.0.0:21728 *:*
svchost.exe:1312 UDP 0.0.0.0:42789 *:*
svchost.exe:1312 UDP 0.0.0.0:17597 *:*
svchost.exe:1312 UDP 0.0.0.0:56639 *:*
svchost.exe:1312 UDP 0.0.0.0:1740 *:*
svchost.exe:1312 UDP 0.0.0.0:40991 *:*
svchost.exe:1312 UDP 0.0.0.0:4956 *:*
svchost.exe:1312 UDP 0.0.0.0:17739 *:*
svchost.exe:1312 UDP 0.0.0.0:55520 *:*
svchost.exe:1496 TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
svchost.exe:1496 UDP 127.0.0.1:1900 *:*
svchost.exe:1496 UDP 192.168.0.12:1900 *:*
svchost.exe:992 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
System:4 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
System:4 UDP 0.0.0.0:445 *:*
System:4 TCP 192.168.0.12:139 0.0.0.0:0 LISTENING
System:4 UDP 192.168.0.12:137 *:*
System:4 UDP 192.168.0.12:138 *:*
System:4 TCP 127.0.0.1:2869 127.0.0.1:34375 ESTABLISHED
VCSW.exe:688 TCP 0.0.0.0:51493 0.0.0.0:0 LISTENING
VCSW.exe:688 UDP 0.0.0.0:51493 *:*
VCSW.exe:688 UDP 192.168.0.12:1900 *:*


Happy New Year!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users