Decided to open up the resource monitor today and saw something strange. System (PID 4) establishes low bandwidth (all <1kb/s) connections to random IP addresses. They range anywhere from 1 b/s to 400 b/s, usually all outbound. 0 b down. ALWAYS. It would establish anywhere from 1 to 8 simultaneous connections, which would last for a couple of minutes, then die out. Couple minutes later, it repeats, with new IPs. I can't see anything out of the ordinary in HijackThis logs, and a quick scan by Malwarebytes Antimalware shows nothing. I'm running Win 8 RP x64. What are these things? Has anyone seen this before? A Google search only turns out one relevant result that suggests it may be a worm, but then the HijackThis/Malwarebytes results? I've attached a screenshot.
HijackThis log:
HijackThis log:
Code:
[COLOR=#262626][FONT=Arial]Logfile of Trend Micro HijackThis v2.0.4[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]Scan saved at 6:18:51 PM, on 7/5/2012[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]Platform: Unknown Windows (WinNT 6.02.0208)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]MSIE: Internet Explorer v10.0 (10.00.8400.0000)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]Boot mode: Normal[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]Running processes:[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Roaming\Dropbox\bin\Dropbox.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\Downloads\ProcessExplorer\procexp.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [/FONT][/COLOR][URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
[COLOR=#262626][FONT=Arial]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [/FONT][/COLOR][URL="http://go.microsoft.com/fwlink/p/?LinkId=247820"]Bing[/URL]
[COLOR=#262626][FONT=Arial]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [/FONT][/COLOR][URL="http://go.microsoft.com/fwlink/p/?LinkId=247820"]Bing[/URL]
[COLOR=#262626][FONT=Arial]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [/FONT][/COLOR][URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
[COLOR=#262626][FONT=Arial]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [/FONT][/COLOR][URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
[COLOR=#262626][FONT=Arial]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [/FONT][/COLOR][URL="http://go.microsoft.com/fwlink/p/?LinkId=247820"]Bing[/URL]
[COLOR=#262626][FONT=Arial]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]F2 - REG:system.ini: UserInit=userinit.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O4 - HKCU\..\Run: [Google Update] "C:\Users\candy_000\AppData\Local\Google\Update\GoogleUpdate.exe" /c[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\candy_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Users\candy_000\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O4 - Startup: Dropbox.lnk = C:\Users\candy_000\AppData\Roaming\Dropbox\bin\Dropbox.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O4 - Global Startup: mediaRemap.ahk[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O4 - Global Startup: Scrybe.lnk = ?[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]--[/FONT][/COLOR]
[COLOR=#262626][FONT=Arial]End of file - 6347 bytes[/FONT][/COLOR]
Last edited by a moderator:
My Computer
System One
-
- OS
- Win 8 RP
