PCGalOfCal
asked on
Malwarebytes blocks ip address from Futre Ads LLC
I have a client running Malwarebytes Pro. It keeps popping up constantly blocking differant ip addresses. When I google the addresses they all come back as from a company in California named "Future Ads LLC". Can anyone tell me why these outgoing requests are happening? I've looked around in programs and ad-ins but I'm not seeing anything that seems to be related to this company.
Thank You.
Thank You.
They publish some game aps like "PlaySushi". The aps apparently "phone home" and might be causing popups.
Run TcpView on the affected machine(s) to determine the process initiating the requests. If the process ends up being a browser, run Hijackthis and post the report here. You'll want to look at the BHO and toolbar items.
try running rubotted from trend micro.
ASKER
Rubotted has not picked up anything. I uninstall sendori. The TCPView software does not pick up or show any of the ip's that Malwarebytes is blocking.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:27 PM, on 11/8/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\sc hedhlp.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams .exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.ex e
C:\Program Files (x86)\Sendori\SendoriTray. exe
C:\Program Files (x86)\Seagate\DiscWizard\D iscWizardM onitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper. exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EX E
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Users\Michaels\AppData\ Local\Temp \Temp1_TCP View.zip\T cpview.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThi s.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank. htm
R1 - HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\In ternet Explorer\Toolbar,LinksFold erName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files (x86)\Yahoo!\Companion\Ins talls\cpn\ yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\Program Files (x86)\Yahoo!\Companion\Ins talls\cpn\ yt.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1 CB625CD9E5 2} - C:\Program Files\Classic Shell\ClassicExplorer32.dl l
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.d ll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4 BE0154331A 4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O2 - BHO: DVDVideoSoft.WebPageAdjust er - {EE932B49-D5C0-4D19-A3DA-C E0849258DE 6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IED ownloadMen uAndBtns.d ll (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-8 6F7AC24508 1} - C:\Program Files (x86)\Yahoo!\Companion\Ins talls\cpn\ YTSingleIn stance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files (x86)\Yahoo!\Companion\Ins talls\cpn\ yt.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D 3CE461D631 0} - C:\Program Files\Classic Shell\ClassicExplorer32.dl l
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.d ll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeA RM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe "
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\ RoxWatchTr ay12OEM.ex e"
O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray. exe"
O4 - HKLM\..\Run: [SMessaging] C:\Users\Michaels\AppData\ Local\Stro ngvault Online Backup\SMessaging.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\D iscWizardM onitor.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe " -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper. exe"
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams .exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.d aemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_clien t.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.ex e
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_52 9C7B36B0CD E3028A1873 4CA053869F ] "C:\Program Files (x86)\Google\Chrome\Applic ation\chro me.exe" --no-startup-window
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivatio nApp.exe" -deviceID "CN338B3J7205KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKUS\S-1-5-21-2205873783-2 995129172- 3348172197 -1004\..\R unOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LogMeInRemoteUser')
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1 \Office12\ EXCEL.EXE/ 3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins \freeytvdo wnloader.h tm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins \freeytmp3 downloader .htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWri terShortcu ts.dll,-10 04 - {219C3416-8CB2-491a-A3C7-D 9FCDDC9D60 0} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserE xtension.d ll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWri terShortcu ts.dll,-10 03 - {219C3416-8CB2-491a-A3C7-D 9FCDDC9D60 0} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserE xtension.d ll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-3 1557124ADA 2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-3 1557124ADA 2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B 56B1A53B9B 3} - C:\Program Files\Classic Shell\ClassicExplorer32.dl l
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3 C9C571A826 3} - C:\PROGRA~2\MICROS~1\Offic e12\REFIEB AR.DLL
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-C E0849258DE 6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IED ownloadMen uAndBtns.d ll (file missing)
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-C E0849258DE 6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IED ownloadMen uAndBtns.d ll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor i.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor i.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor i.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor i.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor i.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\T cpip\..\{B FE1E4A2-24 B6-4A7C-8E FF-F6E304D B2499}: NameServer = 192.168.1.254
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-8 3F89B8E632 4} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProto colHandler .dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc .exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc ) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macrom ed\Flash\F lashPlayer UpdateServ ice.exe
O23 - Service: @%SystemRoot%\system32\Alg .exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.ex e (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS ervice.exe
O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.e xe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde r.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService. exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelC pHeciSvc.e xe
O23 - Service: @%SystemRoot%\system32\efs svc.dll,-1 00 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass. exe (file missing)
O23 - Service: @%systemroot%\system32\fxs resm.dll,- 118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc .exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\Google Update.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\Google Update.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass. exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\l btserv.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuard ianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint. exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn. exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler .exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.e xe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc. exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc. exe (file missing)
O23 - Service: @%SystemRoot%\System32\net logon.dll, -102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass. exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\ RoxMediaDB 12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\ RoxWatch12 OEM.exe
O23 - Service: @%systemroot%\system32\Loc ator.exe,- 2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locato r.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sam srv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass. exe (file missing)
O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Serv ice.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\sc hedul2.exe
O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
O23 - Service: @%SystemRoot%\system32\snm ptrap.exe, -3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptr ap.exe (file missing)
O23 - Service: @%systemroot%\system32\spo olsv.exe,- 1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spools v.exe (file missing)
O23 - Service: @%SystemRoot%\system32\spp svc.exe,-1 01 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc .exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0 detect.exe ,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Det ect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vau ltsvc.dll, -1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass. exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds .exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.ex e (file missing)
O23 - Service: @%systemroot%\system32\vss vc.exe,-10 2 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc. exe (file missing)
O23 - Service: @%systemroot%\system32\wbe ngine.exe, -104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengi ne.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbe m\wmiapsrv .exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\W miApSrv.ex e (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13668 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:27 PM, on 11/8/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\sc
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.ex
C:\Program Files (x86)\Sendori\SendoriTray.
C:\Program Files (x86)\Seagate\DiscWizard\D
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EX
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Users\Michaels\AppData\
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThi
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R0 - HKCU\Software\Microsoft\In
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4
O2 - BHO: DVDVideoSoft.WebPageAdjust
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-8
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeA
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\
O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.
O4 - HKLM\..\Run: [SMessaging] C:\Users\Michaels\AppData\
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\D
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.d
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.ex
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_52
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivatio
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKUS\S-1-5-21-2205873783-2
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWri
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWri
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-3
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-3
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-C
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-C
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor
O10 - Unknown file in Winsock LSP: c:\windows\system32\sendor
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\T
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-8
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc
O23 - Service: @%SystemRoot%\system32\Alg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.e
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponde
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelC
O23 - Service: @%SystemRoot%\system32\efs
O23 - Service: @%systemroot%\system32\fxs
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\Google
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\Google
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\l
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuard
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.e
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.
O23 - Service: @%SystemRoot%\System32\net
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\
O23 - Service: @%systemroot%\system32\Loc
O23 - Service: @%SystemRoot%\system32\sam
O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Serv
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files (x86)\Common Files\Seagate\Schedule2\sc
O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
O23 - Service: @%SystemRoot%\system32\snm
O23 - Service: @%systemroot%\system32\spo
O23 - Service: @%SystemRoot%\system32\spp
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0
O23 - Service: @%SystemRoot%\system32\vau
O23 - Service: @%SystemRoot%\system32\vds
O23 - Service: @%systemroot%\system32\vss
O23 - Service: @%systemroot%\system32\wbe
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310
O23 - Service: @%Systemroot%\system32\wbe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13668 bytes
Try disabling Malwarebytes temporarily, so TcpView can identify the process.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'll try that, probably tomorrow. I was going to open a ticket with Malwarebytes and see if they could help as well but I will try you're suggestion first. Thank You.
ASKER
I'm resetting tcp and winsock but the remote pc needs to restart. No one is on the other end and my problem is the pc is set to startup with boot options. I set this via command prompt using the command bcdedit /sec {bootmgr} displaybootmenu yes
Now I can't figure out how to remove this so it boots up in normal mode. I tried the same command with "no" instead of yes but it doesn't like it. ???
Now I can't figure out how to remove this so it boots up in normal mode. I tried the same command with "no" instead of yes but it doesn't like it. ???
ASKER
NEVERMIND. I got it turned off and to boot in normal mode.
ASKER
Nice FutureTech, it worked. That was a pain in my rear. Can you tell me why your fix worked? Short and Sweet? Or give a link? I'd like to understand what was happening.
Thank You!
Thank You!
Hint: Potentially a malicious/interfering Winsock LSP. The reset command removes the reference.
PCGalOfCal - the above expert is absolutely correct. It's only from pulling my hair out for many years and encountering this same kind of thing. When all else fails with internet connections, the tcp/ip reset and winsock reset seem to do it.
Glad I could help :)
Glad I could help :)
ASKER
Thank You!
ASKER
It was ok for a few hours and it's doing it again. I'll try fixing the suspicious hijackthis entries and run some other malware and/or virus scans tomorrow.
ASKER
It ended up working after all. Without me doing anything extra. For some reason a few pop ups occurred but then it was and has been fine since. So resetting tcp and winsock worked.