Sign In
Create Account
1
I'm pretty sure that's what I'm supposed to call this... I've been fighting with a few different things for the last two weeks now--the antivirus pro stuff, google redirect, exe extension swap, disabled regedit, fake processes in my Temp folder, you name it--and have finally narrowed things down to three remaining hits on malwarebytes, all labeled SKYNET to some degree or another.
I can't get them uninstalled, the file locations go nowhere, and I'm at wits' end. For info's sake, I'm running Vista Home Premium 32-bit and my main browser is google chrome, since Firefox and Internet Explorer began crashing constantly a week ago.
Hijackthis log to follow.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:01 AM, on 9/6/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Glary Utilities\Integrator.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\mIRC\mirc.exe
C:\Users\Sage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sage\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Sage\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://cuddlydemon.deviantart.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell....r/SysProExe.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6731 bytes
-
This topic is locked
Back to top
#2
Posted 06 September 2009 - 10:58 AM
-
- Members
-
- 4 posts
New Member
I forgot to add that MalwareBytes keeps catching IP infections that are located in (I tracked the last few out of curiosity) Balti, Scottsdale, and Shanghai. I don't know if that's actually relevant or just a fluke.
#3
Posted 07 September 2009 - 08:32 PM
-
- Members
-
- 4 posts
New Member
Still needing help, and new symptoms have come up...
I'm getting IP Infection notices constantly, my computer likes to freeze if I try to open something (including task manager or the Start menu) that isn't included in the startup menu, and I have to boot from Last Known Good Configuration if I want it to stop.
This is maddening... Please help me out, guys.
I'm getting IP Infection notices constantly, my computer likes to freeze if I try to open something (including task manager or the Start menu) that isn't included in the startup menu, and I have to boot from Last Known Good Configuration if I want it to stop.
This is maddening... Please help me out, guys.
#4
Posted 08 September 2009 - 01:25 AM
-
- Members
-
- 1 posts
New Member
Sage, on Sep 7 2009, 09:32 PM, said:
Still needing help, and new symptoms have come up...
I'm getting IP Infection notices constantly, my computer likes to freeze if I try to open something (including task manager or the Start menu) that isn't included in the startup menu, and I have to boot from Last Known Good Configuration if I want it to stop.
This is maddening... Please help me out, guys.
I'm getting IP Infection notices constantly, my computer likes to freeze if I try to open something (including task manager or the Start menu) that isn't included in the startup menu, and I have to boot from Last Known Good Configuration if I want it to stop.
This is maddening... Please help me out, guys.
Got the same problem on my daughter's computer. Tried RegAssassIn by Malwarebytes and couldn't delete the "hidden" registry key that was launching the service at bootup.
Will try Dr.Web CureIt scanner next, a Russian AV that is awesome and free, also used by the Russian Defense Ministry!
Check out http://www.bleepingc...opic238639.html
#5
Posted 08 September 2009 - 06:18 AM
-
- Members
-
- 4 posts
New Member
Actually shelled out for a subscription program and ran a few comprehensive scans... Paid program actually removed parts that made it impossible to track the files down. After that first scan/remove, I went into MBAM, found them again, opened the folder, and could actually delete the files manually.
I am optimistic, and although cautiously so, this thread can be deleted.
I am optimistic, and although cautiously so, this thread can be deleted.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
