Windows 8 and 8.1 Forums


System establishing low bandwidth connections to random IP addresses?

  1. #1


    Posts : 1
    Win 8 RP

    System establishing low bandwidth connections to random IP addresses?


    Decided to open up the resource monitor today and saw something strange. System (PID 4) establishes low bandwidth (all <1kb/s) connections to random IP addresses. They range anywhere from 1 b/s to 400 b/s, usually all outbound. 0 b down. ALWAYS. It would establish anywhere from 1 to 8 simultaneous connections, which would last for a couple of minutes, then die out. Couple minutes later, it repeats, with new IPs. I can't see anything out of the ordinary in HijackThis logs, and a quick scan by Malwarebytes Antimalware shows nothing. I'm running Win 8 RP x64. What are these things? Has anyone seen this before? A Google search only turns out one relevant result that suggests it may be a worm, but then the HijackThis/Malwarebytes results? I've attached a screenshot.

    Click image for larger version

    HijackThis log:

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:18:51 PM, on 7/5/2012
    Platform: Unknown Windows (WinNT 6.02.0208)
    MSIE: Internet Explorer v10.0 (10.00.8400.0000)
    Boot mode: Normal
    
    Running processes:
    C:\Users\candy_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Users\candy_000\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
    C:\Users\candy_000\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
    C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
    C:\Users\candy_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Users\candy_000\Downloads\ProcessExplorer\procexp.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\candy_000\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\candy_000\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\candy_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Users\candy_000\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = C:\Users\candy_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: mediaRemap.ahk
    O4 - Global Startup: Scrybe.lnk = ?
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 6347 bytes
    Last edited by Brink; 05 Jul 2012 at 19:42. Reason: code box

      My System SpecsSystem Spec

  2. #2


    Try a "whois" search on the IP Adresses. (Whois doesn't like IE10!)
      My System SpecsSystem Spec

  3. #3


    I like infosniper to look up IP's
      My System SpecsSystem Spec

  4. #4


    Posts : 5,360
    7/8/ubuntu/Linux Deepin


    Infosniper thinks I am in the East end.
      My System SpecsSystem Spec

System establishing low bandwidth connections to random IP addresses?
Related Threads
Hi all, I'm considering an 8.1 system, but I see that I have to establish a Windows Live Account for the OS to function properly. Here's my dilemma - If I use the native Windows 8.1 Mail Client, will my email be local (on my HDD/SSD) (which is what I want) or in the cloud - just want to be sure...
Earlier today, the quality of my internet connection dropped suddenly. Then, I checked my Task Manager and it says I'm downloading constantly at 2.1 Mbps, what is basically all the bandwidth I have. Then, I check the Resource Monitor and it only reports the use of some bytes per second of...
Who's using all the bandwidth? in Network & Sharing
I share an internet connection with several other people. This means that if one person is downloading a heavy amount, the rest suffer from basically unusably slow internet speeds. As it stands currently, short of going around the house and asking each person individually if they are the one...
Limited bandwidth allowance in Installation & Setup
My monthly bandwidth allowance is only 10 gb (live in backwoods cell data only). I have two desktops running windows 8 To download from the store would basically use up all my bandwidth for a month if it worked first try. Or cost me about $120 in over usage. Does anyone know if the...
Hi, I have been unable to load Facebook from my new windows 8 laptop for quite a while now. At times, it will work randomly for a little while and then when I try go on it again, it won't load. I've tried it in Chrome, Internet Explorer and Firefox and it still doesn't work. I have disabled...
Bandwidth limit on processes. in Network & Sharing
Hey. I am downloading games for different services. But I like to to play games while downloading but the ping is high. I have tried netbalancer but the free limit is too low and paying for such software is dump so are there any free software to controll bandwidth?
As i start win 8 bandwidth keeps consumed for almost 10-15 minutes. I have windows updates off, and all other software updates on manual. Yet cant figure out wats consuming the bandwidth on start up. Here the network connections shown on dumeter. ...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook